Home Explore Help
Sign In
getty
/
lament-configuration
1
0
Fork 0
Files Issues 3 Pull Requests 0 Wiki
Browse Source

Do not bother with passwords in the encrypted payload

Getty Ritter 4 years ago
parent
a48d5661d3
commit
224d60a801
3 changed files with 9 additions and 11 deletions
Unified View Show Diff Stats
  1. 1 1
      lc/request.py
  2. 8 9
      lc/web.py
  3. 0 1
      tests/routes.py

+ 1 - 1
lc/request.py
View File 

@@ -35,7 +35,7 @@ class User(Request):
 
         return cls(name=form["username"], password=form["password"],)
 
         return cls(name=form["username"], password=form["password"],)
 
 
 
     def to_token(self) -> str:
 
     def to_token(self) -> str:
 
-        return c.serializer.dumps({"name": self.name, "password": self.password,})
 
+        return c.serializer.dumps({"name": self.name})
 
 
 
 
 
 @dataclass_json
 
 @dataclass_json

+ 8 - 9
lc/web.py
View File 

@@ -34,17 +34,15 @@ class Endpoint:
 
         # if that exists and we can deserialize it, then make sure
 
         # if that exists and we can deserialize it, then make sure
 
         # it contains a valid user password, too
 
         # it contains a valid user password, too
 
         if token and (payload := c.serializer.loads(token)):
 
         if token and (payload := c.serializer.loads(token)):
 
-            if "name" not in payload or "password" not in payload:
 
+            if "name" not in payload:
 
                 return
 
                 return
 
 
 
             try:
 
             try:
 
                 u = m.User.by_slug(payload["name"])
 
                 u = m.User.by_slug(payload["name"])
 
+                self.user = u
 
             except e.LCException:
 
             except e.LCException:
 
                 return
 
                 return
 
 
 
-            if u.authenticate(payload["password"]):
 
-                self.user = u
 
-
 
     def api_ok(self, redirect: str, data: dict = {"status": "ok"}) -> ApiOK:
 
     def api_ok(self, redirect: str, data: dict = {"status": "ok"}) -> ApiOK:
 
         if flask.request.content_type == "application/x-www-form-urlencoded":
 
         if flask.request.content_type == "application/x-www-form-urlencoded":
 
             raise e.LCRedirect(redirect)
 
             raise e.LCRedirect(redirect)
 
@@ -122,11 +120,12 @@ class Endpoint:
 
         try:
 
         try:
 
             return self.html(*args, **kwargs)
 
             return self.html(*args, **kwargs)
 
         except e.LCException as exn:
 
         except e.LCException as exn:
 
-            page = render("main", v.Page(
 
-                title="error",
 
-                content=f"shit's fucked yo: {exn}",
 
-                user=self.user,
 
-            ))
 
+            page = render(
 
+                "main",
 
+                v.Page(
 
+                    title="error", content=f"shit's fucked yo: {exn}", user=self.user,
 
+                ),
 
+            )
 
             return (page, exn.http_code())
 
             return (page, exn.http_code())
 
         except e.LCRedirect as exn:
 
         except e.LCRedirect as exn:
 
             return flask.redirect(exn.to_path())
 
             return flask.redirect(exn.to_path())

+ 0 - 1
tests/routes.py
View File 

@@ -30,7 +30,6 @@ class TestRoutes:
 
         assert result.status == "200 OK"
 
         assert result.status == "200 OK"
 
         decoded_token = c.serializer.loads(result.json["token"])
 
         decoded_token = c.serializer.loads(result.json["token"])
 
         assert decoded_token["name"] == username
 
         assert decoded_token["name"] == username
 
-        assert decoded_token["password"] == password
 
 
 
     def test_failed_api_login(self):
 
     def test_failed_api_login(self):
 
         username = "gdritter"
 
         username = "gdritter"