Mercurial > p > roundup > code
comparison roundup/password.py @ 5630:07abc8d36940
Add etag support to rest interface to prevent multiple users from
overwriting other users changes.
All GET requests for an object (issue, user, keyword etc.) or a
property of an object (e.g the title of an issue) return the etag for
the object in the ETag header as well as the @etag field in the
returned object.
All requests that change existing objects (DELETE, PUT or PATCH)
require:
1 A request include an ETag header with the etag value retrieved
for the object.
2 A submits a form that includes the field @etag that must have
the value retrieved for the object.
If an etag is not supplied by one of these methods, or any supplied
etag does not match the etag calculated at the time the DELETE, PUT or
PATCH request is made, HTTP error 412 (Precondition Failed) is
returned and no change is made. At that time the client code should
retrieve the object again, reconcile the changes and can try to send a
new update.
The etag is the md5 hash of the representation (repr()) of the object
retrieved from the database.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Fri, 01 Mar 2019 22:57:07 -0500 |
| parents | 11a1afa3cba4 |
| children | 6c3826600610 |
comparison
equal
deleted
inserted
replaced
| 5624:b3618882f906 | 5630:07abc8d36940 |
|---|---|
| 292 else: | 292 else: |
| 293 self.scheme = self.default_scheme | 293 self.scheme = self.default_scheme |
| 294 self.password = None | 294 self.password = None |
| 295 self.plaintext = None | 295 self.plaintext = None |
| 296 | 296 |
| 297 def __repr__(self): | |
| 298 return self.__str__() | |
| 299 | |
| 297 def needs_migration(self): | 300 def needs_migration(self): |
| 298 """ Password has insecure scheme or other insecure parameters | 301 """ Password has insecure scheme or other insecure parameters |
| 299 and needs migration to new password scheme | 302 and needs migration to new password scheme |
| 300 """ | 303 """ |
| 301 if self.scheme in self.deprecated_schemes: | 304 if self.scheme in self.deprecated_schemes: |
