Fix #40 Auth token verification now uses session from request handler

- This is very difficult to reproduce, so changing the request handler (which is currently the only caller of User.verify_auth_token()) to send its own session when calling is a best guess at solving this.
dropbox · Apr 13, 2015 · 1e7d821 · 1e7d821
1 parent d2a1f8a
commit 1e7d821
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 4 deletions.
diff --git a/nsot/handlers/util.py b/nsot/handlers/util.py
@@ -164,7 +164,9 @@ def get_current_user(self):
         if auth_token is None:
             raise exc.Unauthorized('Missing Required argument: auth_token')
 
-        user = models.User.verify_auth_token(email, auth_token)
+        user = models.User.verify_auth_token(
+            email, auth_token, session=self.session
+        )
 
         # If user is bad this time, it's an invalid login
         if user is None:

diff --git a/nsot/models.py b/nsot/models.py
@@ -297,13 +297,17 @@ def verify_secret_key(self, secret_key):
 
     @classmethod
     def verify_auth_token(cls, email, auth_token,
-                          expiration=None):
+                          expiration=None, session=None):
         """Verify token and return a User object."""
         if expiration is None:
             expiration = settings.auth_token_expiry
 
         # First we lookup the user by email
-        user = User.query().filter_by(email=email).scalar()
+        if session is None:
+            query = User.query()
+        else:
+            query = session.query(User)
+        user = query.filter_by(email=email).scalar()
 
         if user is None:
             log.debug('Invalid user when verifying token')

diff --git a/nsot/version.py b/nsot/version.py
@@ -1 +1 @@
-__version__ = "0.5.1"
+__version__ = "0.5.2"