Skip to content
Browse files

fixed anon-session bug

  • Loading branch information...
1 parent aa057d8 commit c99395231982a182adb645ea7628ece5a5ded0f5 Jeremy Olmsted-Thompson committed Aug 12, 2012
Showing with 3 additions and 3 deletions.
  1. +1 −1 toto/mongodbconnection.py
  2. +1 −1 toto/mysqldbconnection.py
  3. +1 −1 toto/redisconnection.py
View
2 toto/mongodbconnection.py
@@ -68,7 +68,7 @@ def create_session(self, user_id=None, password=None):
if not user_id:
user_id = ''
account = user_id and self.db.accounts.find_one({'user_id': user_id})
- if user_id and not account or not secret.verify_password(password, account['password']):
+ if user_id and (not account or not secret.verify_password(password, account['password'])):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
session_id = base64.b64encode(uuid.uuid4().bytes, '-_')[:-2]
self.db.sessions.remove({'user_id': user_id, 'expires': {'$lt': time()}})
View
2 toto/mysqldbconnection.py
@@ -94,7 +94,7 @@ def create_session(self, user_id=None, password=None):
user_id = ''
user_id = user_id.lower()
account = user_id and self.db.get("select * from account where user_id = %s", user_id)
- if user_id and not account or not secret.verify_password(password, account['password']):
+ if user_id and (not account or not secret.verify_password(password, account['password'])):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
session_id = base64.b64encode(uuid.uuid4().bytes, '-_')[:-2]
self.db.execute("delete from session where account_id = %s and expires <= %s", account['account_id'], time())
View
2 toto/redisconnection.py
@@ -65,7 +65,7 @@ def create_session(self, user_id=None, password=None):
user_id = ''
account_key = _account_key(user_id)
account = user_id and password and self.db.hmget(account_key, 'user_id', 'password')
- if user_id and account[0] != user_id or not secret.verify_password(password, account[1]):
+ if user_id and (account[0] != user_id or not secret.verify_password(password, account[1])):
raise TotoException(ERROR_USER_NOT_FOUND, "Invalid user ID or password")
session_id = base64.b64encode(uuid.uuid4().bytes, '-_')[:-2]
ttl = (user_id and self.session_ttl or self.anon_session_ttl)

0 comments on commit c993952

Please sign in to comment.
Something went wrong with that request. Please try again.