From 5dafb9d201a286a42e1f9125e92ce1a27e60046f Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Fri, 25 Oct 2019 14:18:29 +0100 Subject: [PATCH] Remove salts dictionary --- daemon.py | 12 +++++------- person.py | 7 +------ 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/daemon.py b/daemon.py index 36175755..95014064 100644 --- a/daemon.py +++ b/daemon.py @@ -2814,7 +2814,6 @@ class PubServer(BaseHTTPRequestHandler): if self.server.tokens.get(loginNickname): del self.server.tokensLookup[self.server.tokens[loginNickname]] del self.server.tokens[loginNickname] - del self.server.salts[loginNickname] self.send_response(303) self.send_header('Content-Length', '0') self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict') @@ -2835,14 +2834,14 @@ class PubServer(BaseHTTPRequestHandler): self.send_response(303) # This produces a deterministic token based on nick+password+salt saltFilename=self.server.baseDir+'/accounts/'+loginNickname+'@'+self.server.domain+'/.salt' + salt=createPassword(32) if os.path.isfile(saltFilename): with open(saltFilename, 'r') as fp: - self.server.salts[loginNickname] = fp.read() + salt = fp.read() else: - self.server.salts[loginNickname]=createPassword(32) with open(saltFilename, 'w') as fp: - fp.write(self.server.salts[loginNickname]) - self.server.tokens[loginNickname]=sha256((loginNickname+loginPassword+self.server.salts[loginNickname]).encode('utf-8')).hexdigest() + fp.write(salt) + self.server.tokens[loginNickname]=sha256((loginNickname+loginPassword+salt).encode('utf-8')).hexdigest() self.server.tokensLookup[self.server.tokens[loginNickname]]=loginNickname self.send_header('Set-Cookie', 'epicyon='+self.server.tokens[loginNickname]+'; SameSite=Strict') self.send_header('Location', '/users/'+loginNickname+'/inbox') @@ -3140,7 +3139,7 @@ class PubServer(BaseHTTPRequestHandler): if '@' in nickname: nickname=nickname.split('@')[0] if moderationButton=='suspend': - suspendAccount(self.server.baseDir,nickname,self.server.salts) + suspendAccount(self.server.baseDir,nickname) if moderationButton=='unsuspend': unsuspendAccount(self.server.baseDir,nickname) if moderationButton=='block': @@ -4128,7 +4127,6 @@ def runDaemon(projectVersion, \ httpd.allowDeletion=allowDeletion httpd.lastLoginTime=0 httpd.maxReplies=maxReplies - httpd.salts={} httpd.tokens={} httpd.tokensLookup={} httpd.instanceOnlySkillsSearch=instanceOnlySkillsSearch diff --git a/person.py b/person.py index 8a2868d8..0f413cfd 100644 --- a/person.py +++ b/person.py @@ -566,11 +566,8 @@ def unsuspendAccount(baseDir: str,nickname: str) -> None: suspendedFile.write(suspended) suspendedFile.close() -def suspendAccount(baseDir: str,nickname: str,salts: {}) -> None: +def suspendAccount(baseDir: str,nickname: str) -> None: """Suspends the given account - This also changes the salt used by the authentication token - so that the person can't continue to use the system without - going through the login screen """ # Don't suspend the admin adminNickname=getConfigParam(baseDir,'admin') @@ -597,13 +594,11 @@ def suspendAccount(baseDir: str,nickname: str,salts: {}) -> None: if suspendedFile: suspendedFile.write(nickname+'\n') suspendedFile.close() - salts[nickname]=createPassword(32) else: suspendedFile=open(suspendedFilename,'w+') if suspendedFile: suspendedFile.write(nickname+'\n') suspendedFile.close() - salts[nickname]=createPassword(32) def canRemovePost(baseDir: str,nickname: str,domain: str,port: int,postId: str) -> bool: """Returns true if the given post can be removed