y to i

pybossa/encryption.py

@@ -16,7 +16,7 @@ def __init__(self, key, iv_length=12, tag_length=16):
         strings with the following structure:
 
         - the first byte of the string is the lenght of the IV in bytes
-        - the remaining is the concatenation of IV + cyphertext + tag
+        - the remaining is the concatenation of IV + ciphertext + tag
 
         @param key: the secret key, unhashed
         @param iv_length: length of the initialization vector. Only needed for
@@ -34,7 +34,7 @@ def _hash_key(key):
         _hash.update(key)
         return _hash.digest()
 
-    def get_cypher(self, iv, tag=None):
+    def get_cipher(self, iv, tag=None):
         backend = default_backend()
         mode = modes.GCM(iv, tag)
         algo = algorithms.AES(self.key)
@@ -45,25 +45,25 @@ def encrypt(self, string):
         @param string: a byte string to encrypt
         """
         iv = os.urandom(self.iv_length)
-        encryptor = self.get_cypher(iv).encryptor()
+        encryptor = self.get_cipher(iv).encryptor()
         ct = encryptor.update(string) + encryptor.finalize()
         tag = encryptor.tag
         encrypted = six.int2byte(self.iv_length) + iv + ct + tag
         return base64.b64encode(encrypted)
 
-    def _split_cyphertext(self, string):
+    def _split_ciphertext(self, string):
         iv_length = six.byte2int(string[0])
         iv = string[1:iv_length + 1]
-        cyphertext = string[iv_length + 1:-self.tag_length]
+        ciphertext = string[iv_length + 1:-self.tag_length]
         tag = string[-self.tag_length:]
-        return iv, cyphertext, tag
+        return iv, ciphertext, tag
 
     def decrypt(self, string):
         '''
         @param string: expected to be base64 encoded.
         Return a byte string
         '''
         decoded = base64.b64decode(string)
-        iv, cyphertext, tag = self._split_cyphertext(decoded)
-        decryptor = self.get_cypher(iv, tag).decryptor()
-        return decryptor.update(cyphertext) + decryptor.finalize()
+        iv, ciphertext, tag = self._split_ciphertext(decoded)
+        decryptor = self.get_cipher(iv, tag).decryptor()
+        return decryptor.update(ciphertext) + decryptor.finalize()

pybossa/view/fileproxy.py

@@ -30,17 +30,13 @@
 from pybossa.sched import has_lock
 
 
-
 blueprint = Blueprint('files', __name__)
 
 
-SIGNATURE_MAX_AGE = 5 * 60
-
-
-def check_allowed(user_id, task_id, project_id, file_url):
+def check_allowed(user_id, task_id, project, file_url):
     task = task_repo.get_task(task_id)
 
-    if not task or task.project_id != project_id:
+    if not task or task.project_id != project['id']:
         raise BadRequest('Task does not exist')
 
     if file_url not in task.info.values():
@@ -49,13 +45,11 @@ def check_allowed(user_id, task_id, project_id, file_url):
     if current_user.admin:
         return True
 
-    project = get_project_data(task.project_id)
-    timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL)
-
-    if has_lock(task_id, user_id, timeout):
+    if has_lock(task_id, user_id,
+                project['info'].get('timeout', ContributionsGuard.STAMP_TTL)):
         return True
 
-    if user_id in project.owners_ids:
+    if user_id in project['owners_ids']:
         return True
 
     raise Forbidden('FORBIDDEN')
@@ -69,10 +63,14 @@ def encrypted_file(store, bucket, project_id, path):
     signature = request.args.get('task-signature')
     if not signature:
         raise Forbidden('FORBIDDEN')
-    payload = signer.loads(signature, max_age=SIGNATURE_MAX_AGE)
+
+    project = get_project_data(project_id)
+    timeout = project['info'].get('timeout', ContributionsGuard.STAMP_TTL)
+
+    payload = signer.loads(signature, max_age=timeout)
     task_id = payload['task_id']
 
-    check_allowed(current_user.id, task_id, project_id, request.path)
+    check_allowed(current_user.id, task_id, project, request.path)
 
     ## download file
     try: