From ef4e07054a743977aab8cecc35366b959938c751 Mon Sep 17 00:00:00 2001 From: Blake DeMarcy Date: Thu, 27 Apr 2017 19:31:19 -0500 Subject: [PATCH] lowercase all hashes --- server.py | 4 ++-- src/db.py | 4 +++- src/schema.py | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/server.py b/server.py index 842a9b3..ea341d6 100644 --- a/server.py +++ b/server.py @@ -59,7 +59,7 @@ def api_method(function): if not user: raise BBJUserError("User %s is not registered" % username) - elif auth != user["auth_hash"]: + elif auth.lower() != user["auth_hash"].lower(): raise BBJException(5, "Invalid authorization key for user.") # api_methods may choose to bind a usermap into the thread_data @@ -233,7 +233,7 @@ class API(object): """ validate(args, ["target_user", "target_hash"]) user = db.user_resolve(database, args["target_user"], return_false=False) - return args["target_hash"] == user["auth_hash"] + return args["target_hash"].lower() == user["auth_hash"].lower() @api_method diff --git a/src/db.py b/src/db.py index 37dd159..d77b2ca 100644 --- a/src/db.py +++ b/src/db.py @@ -338,7 +338,7 @@ def user_register(connection, user_name, auth_hash): raise BBJUserError("Username already registered") scheme = schema.user_internal( - uuid1().hex, user_name, auth_hash, + uuid1().hex, user_name, auth_hash.lower(), "", "", 0, False, time()) connection.execute(""" @@ -391,6 +391,8 @@ def user_update(connection, user_object, parameters): # bool(0) == False hur hur hurrrrrr ::drools:: if value == 0 or value: validate([(key, value)]) + if key == "auth_hash": + value = value.lower() user_object[key] = value values = ordered_keys(user_object, diff --git a/src/schema.py b/src/schema.py index aedb765..39c67bf 100644 --- a/src/schema.py +++ b/src/schema.py @@ -83,7 +83,7 @@ def user_internal( return { "user_id": user_id, "user_name": user_name, - "auth_hash": auth_hash, + "auth_hash": auth_hash.lower(), "quip": quip, "bio": bio, "color": color,