Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix login. See: #11 and #8

TODO: Update login from client and user creation
  • Loading branch information...
commit 1f2d479d0ea2204632c9e4302884da5d263b96fe 1 parent 452668f
Jens Diemer authored
88 weave/decorators.py
View
@@ -22,6 +22,7 @@
from datetime import datetime
import base64
+import hashlib
import pprint
try:
@@ -46,15 +47,15 @@
logger = Logging.get_logger()
-def _fix_username(username):
- if len(username) <= 30:
- return username
-
- new_username = username[:30]
-
- logger.warn("Username %r cut to %r" % (username, new_username))
-
- return new_username
+#def _fix_username(username):
+# if len(username) <= 30:
+# return username
+#
+# new_username = username[:30]
+#
+# logger.warn("Username %r cut to %r" % (username, new_username))
+#
+# return new_username
def view_or_basicauth(view, request, test_func, realm="", *args, **kwargs):
@@ -95,10 +96,10 @@ def view_or_basicauth(view, request, test_func, realm="", *args, **kwargs):
username, password = base64.b64decode(auth_data).split(':')
- username = _fix_username(username)
- if len(username) > 30:
- logger.error("Username %r is longer than 30 characters!" % username)
- return HttpResponseBadRequest()
+# username = _fix_username(username)
+# if len(username) > 30:
+# logger.error("Username %r is longer than 30 characters!" % username)
+# return HttpResponseBadRequest()
if len(password) > 256:
logger.error("Password %r is longer than 256 characters!" % password)
@@ -201,10 +202,31 @@ def your_view(request, username):
def wrapper(request, *args, **kwargs):
# Test if username argument matches logged in user.
# Weave uses lowercase usernames inside the URL!!!
- if request.user.username != kwargs[key]:
- logger.debug("Logged in user %s does not match %s from URL." % (request.user.username, kwargs[key]))
- raise PermissionDenied("Username from HTTP authentication does not match URL!")
- return func(request, *args, **kwargs)
+
+ url_username = kwargs[key].lower()
+ logger.debug("Raw userdata from url: %r" % url_username)
+
+ if request.user.username.lower() == url_username:
+ # XXX obsolete weave 1.0 API ?
+ logger.debug("Plaintext username %r from url is ok." % url_username)
+ return func(request, *args, **kwargs)
+
+ if not len(url_username) == 32:
+ msg = "Wrong length of url userdata: %i" % len(url_username)
+ logger.debug(msg + "(should be 32 characters long)")
+ raise PermissionDenied(msg)
+
+ # check new API
+ email = request.user.email
+ sha1 = hashlib.sha1(email).digest()
+ base32encode = base64.b32encode(sha1).lower()
+ if url_username.startswith(base32encode):
+ logger.debug("Email hash %r from url is ok." % url_username)
+ return func(request, *args, **kwargs)
+
+ logger.debug("Url userdata %r doesn't fit to user %s" % (url_username, request.user.username))
+ raise PermissionDenied("URL userdata doesn't fit to user from HTTP authentication.")
+
return wrapper
@@ -307,19 +329,19 @@ def wrapper(request, *args, **kwargs):
-def fix_username(func):
- """
- Work-a-round for sync in Firefox v4
- see: https://github.com/jedie/django-sync-server/issues/8
-
- Firefox v4 doesn't use a username anymore. It send a SHA1 from the
- user email as the username.
- Here we use only the first 30 characters of the username, because the
- django user model allows only a username with a length of 30 characters.
- """
- @wraps(func)
- def wrapper(request, *args, **kwargs):
- if "username" in kwargs:
- kwargs["username"] = _fix_username(kwargs["username"])
- return func(request, *args, **kwargs)
- return wrapper
+#def fix_username(func):
+# """
+# Work-a-round for sync in Firefox v4
+# see: https://github.com/jedie/django-sync-server/issues/8
+#
+# Firefox v4 doesn't use a username anymore. It send a SHA1 from the
+# user email as the username.
+# Here we use only the first 30 characters of the username, because the
+# django user model allows only a username with a length of 30 characters.
+# """
+# @wraps(func)
+# def wrapper(request, *args, **kwargs):
+# if "username" in kwargs:
+# kwargs["username"] = _fix_username(kwargs["username"])
+# return func(request, *args, **kwargs)
+# return wrapper
2  weave/views/misc.py
View
@@ -20,7 +20,7 @@
logger = Logging.get_logger()
@debug_sync_request
-@weave_assert_version('1.0')
+@weave_assert_version('1.1')
@csrf_exempt
def captcha(request, version):
if settings.WEAVE.DONT_USE_CAPTCHA == True:
8 weave/views/sync.py
View
@@ -26,16 +26,15 @@
from weave.models import Collection, Wbo
from weave.utils import limit_wbo_queryset, weave_timestamp
from weave.decorators import weave_assert_username, weave_assert_version, \
- logged_in_or_basicauth, weave_render_response, fix_username, debug_sync_request
+ logged_in_or_basicauth, weave_render_response, debug_sync_request
from weave import Logging
logger = Logging.get_logger()
@debug_sync_request
-@fix_username
@logged_in_or_basicauth
-@weave_assert_version('1.0')
+@weave_assert_version('1.1')
Jens Diemer Owner
jedie added a note

This must be ["1.0", "1.1"] to support old firefox sync

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@weave_assert_username
@csrf_exempt
@weave_render_response
@@ -51,9 +50,8 @@ def info(request, version, username, timestamp):
@debug_sync_request
-@fix_username
@logged_in_or_basicauth
-@weave_assert_version('1.0')
+@weave_assert_version('1.1')
@weave_assert_username
@csrf_exempt
@weave_render_response
12 weave/views/user.py
View
@@ -26,14 +26,13 @@
# django-sync-server own stuff
from weave import Logging
from weave import constants
-from weave.decorators import logged_in_or_basicauth, weave_assert_version, \
- fix_username, debug_sync_request
+from weave.decorators import logged_in_or_basicauth, weave_assert_version, debug_sync_request
logger = Logging.get_logger()
@debug_sync_request
-@weave_assert_version('1.0')
+@weave_assert_version('1.1')
@logged_in_or_basicauth
@csrf_exempt
def password(request):
@@ -77,8 +76,7 @@ def password_reset(request):
@debug_sync_request
-@weave_assert_version('1.0')
-@fix_username
+@weave_assert_version('1.1')
@csrf_exempt
def node(request, version, username):
"""
@@ -96,7 +94,6 @@ def node(request, version, username):
@debug_sync_request
-@fix_username
@csrf_exempt
def register_check(request, username):
"""
@@ -113,8 +110,7 @@ def register_check(request, username):
return HttpResponse(constants.ERR_UID_OR_EMAIL_IN_USE)
-@weave_assert_version('1.0')
-@fix_username
+@weave_assert_version('1.1')
@csrf_exempt
def exists(request, version, username):
"""
Jens Diemer

This must be ["1.0", "1.1"] to support old firefox sync

Please sign in to comment.
Something went wrong with that request. Please try again.