Mercurial > p > roundup > code
changeset 2169:12cd4fa91eb7
OTK generation was busted (thanks Stuart D. Gathman)
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Wed, 31 Mar 2004 23:08:39 +0000 |
| parents | 7e595abb781e |
| children | 0def552122af |
| files | CHANGES.txt doc/index.txt roundup/backends/sessions_dbm.py roundup/backends/sessions_rdbms.py roundup/cgi/actions.py |
| diffstat | 5 files changed, 21 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/CHANGES.txt Wed Mar 31 23:08:08 2004 +0000 +++ b/CHANGES.txt Wed Mar 31 23:08:39 2004 +0000 @@ -7,6 +7,7 @@ - MultiMapping deviated from the Zope C implementation in a number of places (thanks Toby Sargeant) - MySQL and Postgresql use BOOL/BOOLEAN for Boolean types +- OTK generation was busted (thanks Stuart D. Gathman) 2004-03-27 0.7.0b2
--- a/doc/index.txt Wed Mar 31 23:08:08 2004 +0000 +++ b/doc/index.txt Wed Mar 31 23:08:39 2004 +0000 @@ -79,6 +79,7 @@ Jeff Epler, Tom Epperly, Hernan Martinez Foffani, +Stuart D. Gathman, Ajit George, Frank Gibbons, Johannes Gijsbers,
--- a/roundup/backends/sessions_dbm.py Wed Mar 31 23:08:08 2004 +0000 +++ b/roundup/backends/sessions_dbm.py Wed Mar 31 23:08:39 2004 +0000 @@ -1,4 +1,4 @@ -#$Id: sessions_dbm.py,v 1.4 2004-03-26 23:56:11 richard Exp $ +#$Id: sessions_dbm.py,v 1.5 2004-03-31 23:08:38 richard Exp $ """This module defines a very basic store that's used by the CGI interface to store session and one-time-key information. @@ -22,6 +22,13 @@ # ensure files are group readable and writable os.umask(0002) + def exists(self, infoid): + db = self.opendb('c') + try: + return db.has_key(infoid) + finally: + db.close() + def clear(self): path = os.path.join(self.dir, self.name) if os.path.exists(path):
--- a/roundup/backends/sessions_rdbms.py Wed Mar 31 23:08:08 2004 +0000 +++ b/roundup/backends/sessions_rdbms.py Wed Mar 31 23:08:39 2004 +0000 @@ -1,4 +1,4 @@ -#$Id: sessions_rdbms.py,v 1.1 2004-03-18 01:58:45 richard Exp $ +#$Id: sessions_rdbms.py,v 1.2 2004-03-31 23:08:39 richard Exp $ """This module defines a very basic store that's used by the CGI interface to store session and one-time-key information. @@ -21,6 +21,12 @@ def clear(self): self.cursor.execute('delete from %ss'%self.name) + def exists(self, infoid): + n = self.name + self.cursor.execute('select count(*) from %ss where %s_key=%s'%(n, + n, self.db.arg), (infoid,)) + return self.cursor.fetchone()[0] + _marker = [] def get(self, infoid, value, default=_marker): n = self.name
--- a/roundup/cgi/actions.py Wed Mar 31 23:08:08 2004 +0000 +++ b/roundup/cgi/actions.py Wed Mar 31 23:08:39 2004 +0000 @@ -1,4 +1,4 @@ -#$Id: actions.py,v 1.21 2004-03-30 06:43:08 richard Exp $ +#$Id: actions.py,v 1.22 2004-03-31 23:08:39 richard Exp $ import re, cgi, StringIO, urllib, Cookie, time, random @@ -723,6 +723,7 @@ elif isinstance(proptype, hyperdb.Password): props[propname] = str(value) otks = self.db.getOTKManager() + otk = ''.join([random.choice(chars) for x in range(32)]) while otks.exists(otk): otk = ''.join([random.choice(chars) for x in range(32)]) otks.set(otk, **props) @@ -744,8 +745,8 @@ """ % {'name': props['username'], 'tracker': tracker_name, 'url': self.base, 'otk': otk, 'tracker_email': tracker_email} - if not self.client.standard_message([props['address']], subject, body, - tracker_email): + if not self.client.standard_message([props['address']], subject, + body, tracker_email): return # commit changes to the database