From 309fffda580c947f5be9ec292ee13fdcd6889013 Mon Sep 17 00:00:00 2001 From: ffiordalisi Date: Fri, 31 Aug 2018 10:18:42 -0400 Subject: [PATCH] y to i --- pybossa/encryption.py | 18 +++++++++--------- pybossa/view/fileproxy.py | 24 +++++++++++------------- 2 files changed, 20 insertions(+), 22 deletions(-) diff --git a/pybossa/encryption.py b/pybossa/encryption.py index 27e3c0633f..d566c63566 100644 --- a/pybossa/encryption.py +++ b/pybossa/encryption.py @@ -16,7 +16,7 @@ def __init__(self, key, iv_length=12, tag_length=16): strings with the following structure: - the first byte of the string is the lenght of the IV in bytes - - the remaining is the concatenation of IV + cyphertext + tag + - the remaining is the concatenation of IV + ciphertext + tag @param key: the secret key, unhashed @param iv_length: length of the initialization vector. Only needed for @@ -34,7 +34,7 @@ def _hash_key(key): _hash.update(key) return _hash.digest() - def get_cypher(self, iv, tag=None): + def get_cipher(self, iv, tag=None): backend = default_backend() mode = modes.GCM(iv, tag) algo = algorithms.AES(self.key) @@ -45,18 +45,18 @@ def encrypt(self, string): @param string: a byte string to encrypt """ iv = os.urandom(self.iv_length) - encryptor = self.get_cypher(iv).encryptor() + encryptor = self.get_cipher(iv).encryptor() ct = encryptor.update(string) + encryptor.finalize() tag = encryptor.tag encrypted = six.int2byte(self.iv_length) + iv + ct + tag return base64.b64encode(encrypted) - def _split_cyphertext(self, string): + def _split_ciphertext(self, string): iv_length = six.byte2int(string[0]) iv = string[1:iv_length + 1] - cyphertext = string[iv_length + 1:-self.tag_length] + ciphertext = string[iv_length + 1:-self.tag_length] tag = string[-self.tag_length:] - return iv, cyphertext, tag + return iv, ciphertext, tag def decrypt(self, string): ''' @@ -64,6 +64,6 @@ def decrypt(self, string): Return a byte string ''' decoded = base64.b64decode(string) - iv, cyphertext, tag = self._split_cyphertext(decoded) - decryptor = self.get_cypher(iv, tag).decryptor() - return decryptor.update(cyphertext) + decryptor.finalize() + iv, ciphertext, tag = self._split_ciphertext(decoded) + decryptor = self.get_cipher(iv, tag).decryptor() + return decryptor.update(ciphertext) + decryptor.finalize() diff --git a/pybossa/view/fileproxy.py b/pybossa/view/fileproxy.py index 61ebdfa45f..de849aa3d1 100644 --- a/pybossa/view/fileproxy.py +++ b/pybossa/view/fileproxy.py @@ -30,17 +30,13 @@ from pybossa.sched import has_lock - blueprint = Blueprint('files', __name__) -SIGNATURE_MAX_AGE = 5 * 60 - - -def check_allowed(user_id, task_id, project_id, file_url): +def check_allowed(user_id, task_id, project, file_url): task = task_repo.get_task(task_id) - if not task or task.project_id != project_id: + if not task or task.project_id != project['id']: raise BadRequest('Task does not exist') if file_url not in task.info.values(): @@ -49,13 +45,11 @@ def check_allowed(user_id, task_id, project_id, file_url): if current_user.admin: return True - project = get_project_data(task.project_id) - timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL) - - if has_lock(task_id, user_id, timeout): + if has_lock(task_id, user_id, + project['info'].get('timeout', ContributionsGuard.STAMP_TTL)): return True - if user_id in project.owners_ids: + if user_id in project['owners_ids']: return True raise Forbidden('FORBIDDEN') @@ -69,10 +63,14 @@ def encrypted_file(store, bucket, project_id, path): signature = request.args.get('task-signature') if not signature: raise Forbidden('FORBIDDEN') - payload = signer.loads(signature, max_age=SIGNATURE_MAX_AGE) + + project = get_project_data(project_id) + timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL) + + payload = signer.loads(signature, max_age=timeout) task_id = payload['task_id'] - check_allowed(current_user.id, task_id, project_id, request.path) + check_allowed(current_user.id, task_id, project, request.path) ## download file try: