Security fixes (hopefully)

This commit is contained in:
Patrick_Pluto 2024-09-25 09:45:04 +02:00
parent e31c7de7ab
commit 5d8a90e5a2

View file

@ -5,6 +5,13 @@ import json
class DB: class DB:
def __init__(self): def __init__(self):
self.database = {} self.database = {}
self.emails = []
def ensure_username(self, data):
if hasattr(data, 'username'):
return data.get['username']
elif hasattr(data, 'email'):
return self.emails[data.get['username']]
@staticmethod @staticmethod
def hash_password(password): def hash_password(password):
@ -15,12 +22,30 @@ class DB:
def add_user(self, data): def add_user(self, data):
username = data.get['username'] username = data.get['username']
password = data.get['password'] password = data.get['password']
email = data.get['email']
hashed_password = self.hash_password(password) hashed_password = self.hash_password(password)
user_data = {"hashed_password": hashed_password} user_data = {"hashed_password": hashed_password}
self.database[username] = user_data if username not in self.database:
self.database[username] = user_data
self.emails[email] = username
return True
return False
def delete_user(self, data):
username = self.ensure_username(data)
data = data.get['data']
if not self.check_credentials(data):
return False
del self.database[username]
for i in self.emails:
if i == username:
del i
self.save_database()
return True
def change_data(self, data): def change_data(self, data):
username = data.get['username'] username = self.ensure_username(data)
data = data.get['data'] data = data.get['data']
if not self.check_credentials(data): if not self.check_credentials(data):
return False return False
@ -30,7 +55,7 @@ class DB:
return True return True
def update_password(self, data): def update_password(self, data):
username = data.get['username'] username = self.ensure_username(data)
new_password = data.get['new_password'] new_password = data.get['new_password']
if not self.check_credentials(data): if not self.check_credentials(data):
return False return False
@ -41,7 +66,7 @@ class DB:
return True return True
def check_credentials(self, data): def check_credentials(self, data):
username = data.get['username'] username = self.ensure_username(data)
password = data.get['password'] password = data.get['password']
if username not in self.database: if username not in self.database:
return False return False
@ -51,7 +76,7 @@ class DB:
return stored_hashed_password == entered_hashed_password return stored_hashed_password == entered_hashed_password
def get_data(self, data): def get_data(self, data):
username = data.get['username'] username = self.ensure_username(data)
if not self.check_credentials(data): if not self.check_credentials(data):
return None return None