Mercurial > p > roundup > code
annotate roundup/cgi/timestamp.py @ 7211:506c86823abb
Add config argument to more password.Password invocations.
The work done to allow password_pbkdf2_default_rounds to be overridden
for testing requires that calls to password.Password include a config
argument.
This was needed because using the real value more than quadrupled
testing runtime.
However there are still a few places where config was not being set
when Password was called. I think this fixes all of the ones that are
called from a function that have access to a db.config object.
The remaining ones all call Password(encrypted=x). This results in
Password.unpack() being called. If x is not a propertly formatted
password string ("{scheme}...", it calls encodePassword. It then
should end up raising the ConfigNotSet exception. This is
probably what we want as it means the shape of "x" is not correct.
I don't understand why Password.unpack() attempts to encrypt the value
of encrypted if it doesn't match the right form. According to codecov,
this encryption branch is being used, so somewhere x is of the wrong
form. Hmmm....
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 04 Mar 2023 00:17:26 -0500 |
| parents | 5ec3171580a6 |
| children | 07ce4e4110f5 |
| rev | line source |
|---|---|
|
5975
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
1 '''Set of functions of adding/checking timestamp to be used to limit |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
2 form submission for cgi actions. |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
3 ''' |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
4 |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
5 import time, struct, binascii, base64 |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
6 from roundup.cgi.exceptions import FormError |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
7 from roundup.i18n import _ |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
8 from roundup.anypy.strings import b2s, s2b |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
9 |
|
6045
5ec3171580a6
flake whitespace changes.
John Rouillard <rouilj@ieee.org>
parents:
5975
diff
changeset
|
10 |
|
5975
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
11 def pack_timestamp(): |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
12 return b2s(base64.b64encode(struct.pack("i", int(time.time()))).strip()) |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
13 |
|
6045
5ec3171580a6
flake whitespace changes.
John Rouillard <rouilj@ieee.org>
parents:
5975
diff
changeset
|
14 |
|
5975
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
15 def unpack_timestamp(s): |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
16 try: |
|
6045
5ec3171580a6
flake whitespace changes.
John Rouillard <rouilj@ieee.org>
parents:
5975
diff
changeset
|
17 timestamp = struct.unpack("i", base64.b64decode(s2b(s)))[0] |
|
5ec3171580a6
flake whitespace changes.
John Rouillard <rouilj@ieee.org>
parents:
5975
diff
changeset
|
18 except (struct.error, binascii.Error, TypeError): |
|
5975
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
19 raise FormError(_("Form is corrupted.")) |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
20 return timestamp |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
21 |
|
6045
5ec3171580a6
flake whitespace changes.
John Rouillard <rouilj@ieee.org>
parents:
5975
diff
changeset
|
22 |
|
5975
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
23 class Timestamped: |
|
6045
5ec3171580a6
flake whitespace changes.
John Rouillard <rouilj@ieee.org>
parents:
5975
diff
changeset
|
24 def timecheck(self, field, delay): |
|
5975
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
25 try: |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
26 created = unpack_timestamp(self.form[field].value) |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
27 except KeyError: |
|
6045
5ec3171580a6
flake whitespace changes.
John Rouillard <rouilj@ieee.org>
parents:
5975
diff
changeset
|
28 raise FormError(_("Form is corrupted, missing: %s." % field)) |
|
5975
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
29 if time.time() - created < delay: |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
30 raise FormError(_("Responding to form too quickly.")) |
|
59842a3e8108
issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
31 return True |