forked from React-Group/interstellar_ai
Security fixes (hopefully)
This commit is contained in:
Patrick_Pluto
parent
e31c7de7ab
commit
5d8a90e5a2
1 changed files with 30 additions and 5 deletions
35
py/db.py
35
py/db.py
|
|
@ -5,6 +5,13 @@ import json
|
||||||
class DB:
|
class DB:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.database = {}
|
self.database = {}
|
||||||
|
self.emails = []
|
||||||
|
|
||||||
|
def ensure_username(self, data):
|
||||||
|
if hasattr(data, 'username'):
|
||||||
|
return data.get['username']
|
||||||
|
elif hasattr(data, 'email'):
|
||||||
|
return self.emails[data.get['username']]
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def hash_password(password):
|
def hash_password(password):
|
||||||
|
|
@ -15,12 +22,30 @@ class DB:
|
||||||
def add_user(self, data):
|
def add_user(self, data):
|
||||||
username = data.get['username']
|
username = data.get['username']
|
||||||
password = data.get['password']
|
password = data.get['password']
|
||||||
|
email = data.get['email']
|
||||||
hashed_password = self.hash_password(password)
|
hashed_password = self.hash_password(password)
|
||||||
user_data = {"hashed_password": hashed_password}
|
user_data = {"hashed_password": hashed_password}
|
||||||
self.database[username] = user_data
|
if username not in self.database:
|
||||||
|
self.database[username] = user_data
|
||||||
|
self.emails[email] = username
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
def delete_user(self, data):
|
||||||
|
username = self.ensure_username(data)
|
||||||
|
data = data.get['data']
|
||||||
|
if not self.check_credentials(data):
|
||||||
|
return False
|
||||||
|
|
||||||
|
del self.database[username]
|
||||||
|
for i in self.emails:
|
||||||
|
if i == username:
|
||||||
|
del i
|
||||||
|
self.save_database()
|
||||||
|
return True
|
||||||
|
|
||||||
def change_data(self, data):
|
def change_data(self, data):
|
||||||
username = data.get['username']
|
username = self.ensure_username(data)
|
||||||
data = data.get['data']
|
data = data.get['data']
|
||||||
if not self.check_credentials(data):
|
if not self.check_credentials(data):
|
||||||
return False
|
return False
|
||||||
|
|
@ -30,7 +55,7 @@ class DB:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def update_password(self, data):
|
def update_password(self, data):
|
||||||
username = data.get['username']
|
username = self.ensure_username(data)
|
||||||
new_password = data.get['new_password']
|
new_password = data.get['new_password']
|
||||||
if not self.check_credentials(data):
|
if not self.check_credentials(data):
|
||||||
return False
|
return False
|
||||||
|
|
@ -41,7 +66,7 @@ class DB:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def check_credentials(self, data):
|
def check_credentials(self, data):
|
||||||
username = data.get['username']
|
username = self.ensure_username(data)
|
||||||
password = data.get['password']
|
password = data.get['password']
|
||||||
if username not in self.database:
|
if username not in self.database:
|
||||||
return False
|
return False
|
||||||
|
|
@ -51,7 +76,7 @@ class DB:
|
||||||
return stored_hashed_password == entered_hashed_password
|
return stored_hashed_password == entered_hashed_password
|
||||||
|
|
||||||
def get_data(self, data):
|
def get_data(self, data):
|
||||||
username = data.get['username']
|
username = self.ensure_username(data)
|
||||||
if not self.check_credentials(data):
|
if not self.check_credentials(data):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue