mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove salts dictionary

main2
Bob Mottram 2019-10-25 14:18:29 +01:00
parent 1cafe0c8dd
commit 5dafb9d201
2 changed files with 6 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
daemon.py
View File

@ -2814,7 +2814,6 @@ class PubServer(BaseHTTPRequestHandler):
if self.server.tokens.get(loginNickname): if self.server.tokens.get(loginNickname):
del self.server.tokensLookup[self.server.tokens[loginNickname]] del self.server.tokensLookup[self.server.tokens[loginNickname]]
del self.server.tokens[loginNickname] del self.server.tokens[loginNickname]
del self.server.salts[loginNickname]
self.send_response(303) self.send_response(303)
self.send_header('Content-Length', '0') self.send_header('Content-Length', '0')
self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict') self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict')
@ -2835,14 +2834,14 @@ class PubServer(BaseHTTPRequestHandler):
self.send_response(303) self.send_response(303)
# This produces a deterministic token based on nick+password+salt # This produces a deterministic token based on nick+password+salt
saltFilename=self.server.baseDir+'/accounts/'+loginNickname+'@'+self.server.domain+'/.salt' saltFilename=self.server.baseDir+'/accounts/'+loginNickname+'@'+self.server.domain+'/.salt'
salt=createPassword(32)
if os.path.isfile(saltFilename): if os.path.isfile(saltFilename):
with open(saltFilename, 'r') as fp: with open(saltFilename, 'r') as fp:
self.server.salts[loginNickname] = fp.read() salt = fp.read()
else: else:
self.server.salts[loginNickname]=createPassword(32)
with open(saltFilename, 'w') as fp: with open(saltFilename, 'w') as fp:
fp.write(self.server.salts[loginNickname]) fp.write(salt)
self.server.tokens[loginNickname]=sha256((loginNickname+loginPassword+self.server.salts[loginNickname]).encode('utf-8')).hexdigest() self.server.tokens[loginNickname]=sha256((loginNickname+loginPassword+salt).encode('utf-8')).hexdigest()
self.server.tokensLookup[self.server.tokens[loginNickname]]=loginNickname self.server.tokensLookup[self.server.tokens[loginNickname]]=loginNickname
self.send_header('Set-Cookie', 'epicyon='+self.server.tokens[loginNickname]+'; SameSite=Strict') self.send_header('Set-Cookie', 'epicyon='+self.server.tokens[loginNickname]+'; SameSite=Strict')
self.send_header('Location', '/users/'+loginNickname+'/inbox') self.send_header('Location', '/users/'+loginNickname+'/inbox')
@ -3140,7 +3139,7 @@ class PubServer(BaseHTTPRequestHandler):
if '@' in nickname: if '@' in nickname:
nickname=nickname.split('@')[0] nickname=nickname.split('@')[0]
if moderationButton=='suspend': if moderationButton=='suspend':
suspendAccount(self.server.baseDir,nickname,self.server.salts) suspendAccount(self.server.baseDir,nickname)
if moderationButton=='unsuspend': if moderationButton=='unsuspend':
unsuspendAccount(self.server.baseDir,nickname) unsuspendAccount(self.server.baseDir,nickname)
if moderationButton=='block': if moderationButton=='block':
@ -4128,7 +4127,6 @@ def runDaemon(projectVersion, \
httpd.allowDeletion=allowDeletion httpd.allowDeletion=allowDeletion
httpd.lastLoginTime=0 httpd.lastLoginTime=0
httpd.maxReplies=maxReplies httpd.maxReplies=maxReplies
httpd.salts={}
httpd.tokens={} httpd.tokens={}
httpd.tokensLookup={} httpd.tokensLookup={}
httpd.instanceOnlySkillsSearch=instanceOnlySkillsSearch httpd.instanceOnlySkillsSearch=instanceOnlySkillsSearch

7
person.py
View File

@ -566,11 +566,8 @@ def unsuspendAccount(baseDir: str,nickname: str) -> None:
suspendedFile.write(suspended) suspendedFile.write(suspended)
suspendedFile.close() suspendedFile.close()
def suspendAccount(baseDir: str,nickname: str,salts: {}) -> None: def suspendAccount(baseDir: str,nickname: str) -> None:
"""Suspends the given account """Suspends the given account
This also changes the salt used by the authentication token
so that the person can't continue to use the system without
going through the login screen
""" """
# Don't suspend the admin # Don't suspend the admin
adminNickname=getConfigParam(baseDir,'admin') adminNickname=getConfigParam(baseDir,'admin')
@ -597,13 +594,11 @@ def suspendAccount(baseDir: str,nickname: str,salts: {}) -> None:
if suspendedFile: if suspendedFile:
suspendedFile.write(nickname+'\n') suspendedFile.write(nickname+'\n')
suspendedFile.close() suspendedFile.close()
salts[nickname]=createPassword(32)
else: else:
suspendedFile=open(suspendedFilename,'w+') suspendedFile=open(suspendedFilename,'w+')
if suspendedFile: if suspendedFile:
suspendedFile.write(nickname+'\n') suspendedFile.write(nickname+'\n')
suspendedFile.close() suspendedFile.close()
salts[nickname]=createPassword(32)
def canRemovePost(baseDir: str,nickname: str,domain: str,port: int,postId: str) -> bool: def canRemovePost(baseDir: str,nickname: str,domain: str,port: int,postId: str) -> bool:
"""Returns true if the given post can be removed """Returns true if the given post can be removed