From c9071f8c4b5594c9ae312e3e0b24e457486287e2 Mon Sep 17 00:00:00 2001 From: richard Date: Wed, 31 Mar 2004 23:08:39 +0000 Subject: [PATCH] OTK generation was busted (thanks Stuart D. Gathman) git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@2239 57a73879-2fb5-44c3-a270-3262357dd7e2 --- CHANGES.txt | 1 + doc/index.txt | 1 + roundup/backends/sessions_dbm.py | 9 ++++++++- roundup/backends/sessions_rdbms.py | 8 +++++++- roundup/cgi/actions.py | 7 ++++--- 5 files changed, 21 insertions(+), 5 deletions(-) diff --git a/CHANGES.txt b/CHANGES.txt index 7865084..b48d2d2 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -7,6 +7,7 @@ Fixed: - MultiMapping deviated from the Zope C implementation in a number of places (thanks Toby Sargeant) - MySQL and Postgresql use BOOL/BOOLEAN for Boolean types +- OTK generation was busted (thanks Stuart D. Gathman) 2004-03-27 0.7.0b2 diff --git a/doc/index.txt b/doc/index.txt index 0860ac5..c5d4355 100644 --- a/doc/index.txt +++ b/doc/index.txt @@ -79,6 +79,7 @@ Paul F. Dubois, Jeff Epler, Tom Epperly, Hernan Martinez Foffani, +Stuart D. Gathman, Ajit George, Frank Gibbons, Johannes Gijsbers, diff --git a/roundup/backends/sessions_dbm.py b/roundup/backends/sessions_dbm.py index 33d204f..2405a5c 100644 --- a/roundup/backends/sessions_dbm.py +++ b/roundup/backends/sessions_dbm.py @@ -1,4 +1,4 @@ -#$Id: sessions_dbm.py,v 1.4 2004-03-26 23:56:11 richard Exp $ +#$Id: sessions_dbm.py,v 1.5 2004-03-31 23:08:38 richard Exp $ """This module defines a very basic store that's used by the CGI interface to store session and one-time-key information. @@ -22,6 +22,13 @@ class BasicDatabase: # ensure files are group readable and writable os.umask(0002) + def exists(self, infoid): + db = self.opendb('c') + try: + return db.has_key(infoid) + finally: + db.close() + def clear(self): path = os.path.join(self.dir, self.name) if os.path.exists(path): diff --git a/roundup/backends/sessions_rdbms.py b/roundup/backends/sessions_rdbms.py index 7ee3bc1..3e0f579 100644 --- a/roundup/backends/sessions_rdbms.py +++ b/roundup/backends/sessions_rdbms.py @@ -1,4 +1,4 @@ -#$Id: sessions_rdbms.py,v 1.1 2004-03-18 01:58:45 richard Exp $ +#$Id: sessions_rdbms.py,v 1.2 2004-03-31 23:08:39 richard Exp $ """This module defines a very basic store that's used by the CGI interface to store session and one-time-key information. @@ -21,6 +21,12 @@ class BasicDatabase: def clear(self): self.cursor.execute('delete from %ss'%self.name) + def exists(self, infoid): + n = self.name + self.cursor.execute('select count(*) from %ss where %s_key=%s'%(n, + n, self.db.arg), (infoid,)) + return self.cursor.fetchone()[0] + _marker = [] def get(self, infoid, value, default=_marker): n = self.name diff --git a/roundup/cgi/actions.py b/roundup/cgi/actions.py index 7bd678d..df368eb 100755 --- a/roundup/cgi/actions.py +++ b/roundup/cgi/actions.py @@ -1,4 +1,4 @@ -#$Id: actions.py,v 1.21 2004-03-30 06:43:08 richard Exp $ +#$Id: actions.py,v 1.22 2004-03-31 23:08:39 richard Exp $ import re, cgi, StringIO, urllib, Cookie, time, random @@ -723,6 +723,7 @@ class RegisterAction(Action): elif isinstance(proptype, hyperdb.Password): props[propname] = str(value) otks = self.db.getOTKManager() + otk = ''.join([random.choice(chars) for x in range(32)]) while otks.exists(otk): otk = ''.join([random.choice(chars) for x in range(32)]) otks.set(otk, **props) @@ -744,8 +745,8 @@ reply's additional "Re:" is ok), """ % {'name': props['username'], 'tracker': tracker_name, 'url': self.base, 'otk': otk, 'tracker_email': tracker_email} - if not self.client.standard_message([props['address']], subject, body, - tracker_email): + if not self.client.standard_message([props['address']], subject, + body, tracker_email): return # commit changes to the database -- 2.30.2