From 45d36a7a972673ac145fc7679153771a2506f3b5 Mon Sep 17 00:00:00 2001 From: jdoe0 Date: Fri, 2 Aug 2013 10:57:55 +0700 Subject: [PATCH] Moved the implementation of sqlite-based authentication to DatabaseAuthSyncApp --- AnkiServer/apps/sync_app.py | 42 ++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/AnkiServer/apps/sync_app.py b/AnkiServer/apps/sync_app.py index a0c17d9..d373f26 100644 --- a/AnkiServer/apps/sync_app.py +++ b/AnkiServer/apps/sync_app.py @@ -120,24 +120,7 @@ class SyncApp(object): Override this to change how users are authenticated. """ - conn = sqlite3.connect(self.auth_db_path) - cursor = conn.cursor() - param = (username,) - - cursor.execute("SELECT hash FROM auth WHERE user=?", param) - - db_ret = cursor.fetchone() - - if db_ret != None: - db_hash = str(db_ret[0]) - - salt = db_hash[-16:] - - hashobj = hashlib.sha256() - - hashobj.update(username+password+salt) - - return (db_ret != None and hashobj.hexdigest()+salt == db_hash) + return False def username2dirname(self, username): """ @@ -313,9 +296,30 @@ class SyncApp(object): return Response(status='200 OK', content_type='text/plain', body='Anki Sync Server') +class DatabaseAuthSyncApp(SyncApp): + def authenticate(self, username, password): + """Returns True if this username is allowed to connect with this password. False otherwise.""" + + conn = sqlite3.connect(self.auth_db_path) + cursor = conn.cursor() + param = (username,) + + cursor.execute("SELECT hash FROM auth WHERE user=?", param) + + db_ret = cursor.fetchone() + + if db_ret != None: + db_hash = str(db_ret[0]) + salt = db_hash[-16:] + hashobj = hashlib.sha256() + + hashobj.update(username+password+salt) + + return (db_ret != None and hashobj.hexdigest()+salt == db_hash) + # Our entry point def make_app(global_conf, **local_conf): - return SyncApp(**local_conf) + return DatabaseAuthSyncApp(**local_conf) def main(): from wsgiref.simple_server import make_server