almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-05-05 20:51:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

format code

Browse source
This commit is contained in:
Glandos 2021-07-17 23:14:46 +02:00
parent d9a4389d42
commit bbcc233cda
4 changed files with 15 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ihatemoney/api/common.py
View file

@ -35,7 +35,9 @@ def need_auth(f):
auth_token = auth_header.split(" ")[1] auth_token = auth_header.split(" ")[1]
except IndexError: except IndexError:
abort(401) abort(401)
project_id = Project.verify_token(auth_token, token_type="auth", project_id=project_id) project_id = Project.verify_token(
auth_token, token_type="auth", project_id=project_id
)
if auth_token and project_id: if auth_token and project_id:
project = Project.query.get(project_id) project = Project.query.get(project_id)
if project: if project:

9
ihatemoney/models.py
View file

@ -367,7 +367,8 @@ class Project(db.Model):
:param token: Serialized TimedJsonWebToken :param token: Serialized TimedJsonWebToken
:param token_type: Either "auth" for authentication (invalidated when project code changed), :param token_type: Either "auth" for authentication (invalidated when project code changed),
or "reset" for password reset (invalidated after expiration) or "reset" for password reset (invalidated after expiration)
:param project_id: Project ID. Used for token_type "auth" to use the password as serializer secret key. :param project_id: Project ID. Used for token_type "auth" to use the password as serializer
secret key.
:param max_age: Token expiration time (in seconds). Only used with token_type "reset" :param max_age: Token expiration time (in seconds). Only used with token_type "reset"
""" """
loads_kwargs = {} loads_kwargs = {}
@ -378,7 +379,7 @@ class Project(db.Model):
loads_kwargs["max_age"] = max_age loads_kwargs["max_age"] = max_age
else: else:
project = Project.query.get(project_id) project = Project.query.get(project_id)
password = project.password if project is not None else '' password = project.password if project is not None else ""
serializer = URLSafeSerializer( serializer = URLSafeSerializer(
current_app.config["SECRET_KEY"] + password, salt=token_type current_app.config["SECRET_KEY"] + password, salt=token_type
) )
@ -390,7 +391,9 @@ class Project(db.Model):
return None return None
data_project = data.get("project_id") data_project = data.get("project_id")
return data_project if project_id is None or data_project == project_id else None return (
data_project if project_id is None or data_project == project_id else None
)
def __str__(self): def __str__(self):
return self.name return self.name

4
ihatemoney/tests/api_test.py
View file

@ -213,7 +213,9 @@ class APITestCase(IhatemoneyTestCase):
"/api/projects/raclette/token", headers=self.get_auth("raclette") "/api/projects/raclette/token", headers=self.get_auth("raclette")
) )
decoded_resp = json.loads(resp.data.decode("utf-8")) decoded_resp = json.loads(resp.data.decode("utf-8"))
resp = self.client.get(f"/authenticate?token={decoded_resp['token']}&project_id=raclette") resp = self.client.get(
f"/authenticate?token={decoded_resp['token']}&project_id=raclette"
)
# Test that we are redirected. # Test that we are redirected.
self.assertEqual(302, resp.status_code) self.assertEqual(302, resp.status_code)

4
ihatemoney/web.py
View file

@ -206,7 +206,9 @@ def authenticate(project_id=None):
# Try to get project_id from token first # Try to get project_id from token first
token = request.args.get("token") token = request.args.get("token")
if token: if token:
project_id = Project.verify_token(token, token_type="auth", project_id=project_id) project_id = Project.verify_token(
token, token_type="auth", project_id=project_id
)
token_auth = True token_auth = True
else: else:
token_auth = False token_auth = False