Let login take username.

This cuts back on unnecessary sql selects.
This commit is contained in:
voussoir 2020-09-17 21:02:55 -07:00
parent 14a2014c68
commit 838982b6c3
3 changed files with 5 additions and 9 deletions

View file

@ -103,7 +103,6 @@ Here is a brief overview of the project to help you learn your way around:
### To do list
- Make the wording between "new", "create", "add"; and "remove", "delete" more consistent.
- User account system, permission levels, private pages.
- Debate whether the `UserMixin.login` method should accept usernames or I should standardize the usage of IDs only internally.
- Ability to access user photos by user's ID, not just username.
- Replace columns like area, ratio, bitrate by using expression indices or views (`width * height` etc).
- Add a `Photo.merge` to combine duplicate entries.

View file

@ -1300,20 +1300,18 @@ class PDBUserMixin:
yield from self.get_things('user')
@decorators.required_feature('user.login')
def login(self, user_id, password):
def login(self, username=None, id=None, *, password):
'''
Return the User object for the user if the credentials are correct.
'''
user_row = self.sql_select_one('SELECT * FROM users WHERE id == ?', [user_id])
if user_row is None:
try:
user = self.get_user(username=username, id=id)
except exceptions.NoSuchUser:
raise exceptions.WrongLogin()
if not isinstance(password, bytes):
password = password.encode('utf-8')
user = self.get_cached_instance('user', user_row)
success = bcrypt.checkpw(password, user.password_hash)
if not success:
raise exceptions.WrongLogin()

View file

@ -64,8 +64,7 @@ def post_login():
# information (user exists) leak via response time?
# Currently I think not, because they can check if the account
# page 404s anyway.
user = common.P.get_user(username=username)
user = common.P.login(user.id, password)
user = common.P.login(username=username, password=password)
except (etiquette.exceptions.NoSuchUser, etiquette.exceptions.WrongLogin):
exc = etiquette.exceptions.WrongLogin()
response = etiquette.jsonify.exception(exc)