Mercurial > p > roundup > code
diff roundup/cgi/actions.py @ 6823:fe0091279f50
Refactor session db logging and key generation for sessions/otks
While I was working on the redis sessiondb stuff, I noticed that
log_wanrning, get_logger ... was duplicated. Also there was code to
generate a unique key for otks that was duplicated.
Changes:
creating new sessions_common.py and SessionsCommon class to provide
methods:
log_warning, log_info, log_debug, get_logger, getUniqueKey
getUniqueKey method is closer to the method used to make
session keys in client.py.
sessions_common.py now report when random_.py chooses a weak
random number generator. Removed same from rest.py.
get_logger reconciles all logging under
roundup.hyperdb.backends.<name of BasicDatabase class>
some backends used to log to root logger.
have BasicDatabase in other sessions_*.py modules inherit from
SessionCommon.
change logging to use log_* methods.
In addition:
remove unused imports reported by flake8 and other formatting
changes
modify actions.py, rest.py, templating.py to use getUniqueKey
method.
add tests for new methods
test_redis_session.py
swap out ModuleNotFoundError for ImportError to prevent crash in
python2 when redis is not present.
allow injection of username:password or just password into redis
connection URL. set pytest_redis_pw envirnment variable to password
or user:password when running test.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 07 Aug 2022 01:51:11 -0400 |
| parents | 3f60a71b0812 |
| children | 075d8c6626b0 |
line wrap: on
line diff
--- a/roundup/cgi/actions.py Sun Aug 07 01:26:30 2022 -0400 +++ b/roundup/cgi/actions.py Sun Aug 07 01:51:11 2022 -0400 @@ -10,7 +10,7 @@ from roundup.exceptions import Reject, RejectRaw from roundup.anypy import urllib_ from roundup.anypy.strings import StringIO -import roundup.anypy.random_ as random_ + from roundup.anypy.html import html_escape @@ -23,10 +23,6 @@ 'ConfRegoAction', 'RegisterAction', 'LoginAction', 'LogoutAction', 'NewItemAction', 'ExportCSVAction', 'ExportCSVWithIdAction'] -# used by a couple of routines -chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' - - class Action: def __init__(self, client): self.client = client @@ -1005,9 +1001,8 @@ return # generate the one-time-key and store the props for later - otk = ''.join([random_.choice(chars) for x in range(32)]) - while otks.exists(otk): - otk = ''.join([random_.choice(chars) for x in range(32)]) + otk = otks.getUniqueKey(length=32) + otks.set(otk, uid=uid, uaddress=address) otks.commit() @@ -1150,9 +1145,7 @@ elif isinstance(proptype, hyperdb.Password): user_props[propname] = str(value) otks = self.db.getOTKManager() - otk = ''.join([random_.choice(chars) for x in range(32)]) - while otks.exists(otk): - otk = ''.join([random_.choice(chars) for x in range(32)]) + otk = otks.getUniqueKey(length=32) otks.set(otk, **user_props) # send the email