voussoir/etiquette
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Let login take username.

Browse source 
This cuts back on unnecessary sql selects.
This commit is contained in:
voussoir 2020-09-17 21:02:55 -07:00
parent 14a2014c68
commit 838982b6c3
3 changed files with 5 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -103,7 +103,6 @@ Here is a brief overview of the project to help you learn your way around:
### To do list ### To do list
- Make the wording between "new", "create", "add"; and "remove", "delete" more consistent. - Make the wording between "new", "create", "add"; and "remove", "delete" more consistent.
- User account system, permission levels, private pages. - User account system, permission levels, private pages.
- Debate whether the `UserMixin.login` method should accept usernames or I should standardize the usage of IDs only internally.
- Ability to access user photos by user's ID, not just username. - Ability to access user photos by user's ID, not just username.
- Replace columns like area, ratio, bitrate by using expression indices or views (`width * height` etc). - Replace columns like area, ratio, bitrate by using expression indices or views (`width * height` etc).
- Add a `Photo.merge` to combine duplicate entries. - Add a `Photo.merge` to combine duplicate entries.

10
etiquette/photodb.py
View file

@ -1300,20 +1300,18 @@ class PDBUserMixin:
yield from self.get_things('user') yield from self.get_things('user')
@decorators.required_feature('user.login') @decorators.required_feature('user.login')
def login(self, user_id, password): def login(self, username=None, id=None, *, password):
''' '''
Return the User object for the user if the credentials are correct. Return the User object for the user if the credentials are correct.
''' '''
user_row = self.sql_select_one('SELECT * FROM users WHERE id == ?', [user_id]) try:
user = self.get_user(username=username, id=id)
if user_row is None: except exceptions.NoSuchUser:
raise exceptions.WrongLogin() raise exceptions.WrongLogin()
if not isinstance(password, bytes): if not isinstance(password, bytes):
password = password.encode('utf-8') password = password.encode('utf-8')
user = self.get_cached_instance('user', user_row)
success = bcrypt.checkpw(password, user.password_hash) success = bcrypt.checkpw(password, user.password_hash)
if not success: if not success:
raise exceptions.WrongLogin() raise exceptions.WrongLogin()

3
frontends/etiquette_flask/backend/endpoints/user_endpoints.py
View file

@ -64,8 +64,7 @@ def post_login():
# information (user exists) leak via response time? # information (user exists) leak via response time?
# Currently I think not, because they can check if the account # Currently I think not, because they can check if the account
# page 404s anyway. # page 404s anyway.
user = common.P.get_user(username=username) user = common.P.login(username=username, password=password)
user = common.P.login(user.id, password)
except (etiquette.exceptions.NoSuchUser, etiquette.exceptions.WrongLogin): except (etiquette.exceptions.NoSuchUser, etiquette.exceptions.WrongLogin):
exc = etiquette.exceptions.WrongLogin() exc = etiquette.exceptions.WrongLogin()
response = etiquette.jsonify.exception(exc) response = etiquette.jsonify.exception(exc)