ouczbs/anki-sync-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge SyncApp's SqliteUserManager and the newly introduced UserManager and group all user managers in user_managers.py.

Browse Source
This commit is contained in:
Christoph Mack 2016-05-27 21:33:22 +02:00 committed by flan
parent 573aeece81
commit c7d7ff3e85
5 changed files with 158 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
ankisyncd/sync_app.py
View File

@ -38,6 +38,8 @@ from anki.sync import Syncer, MediaSyncer
from anki.utils import intTime, checksum, isMac from anki.utils import intTime, checksum, isMac
from anki.consts import SYNC_ZIP_SIZE, SYNC_ZIP_COUNT from anki.consts import SYNC_ZIP_SIZE, SYNC_ZIP_COUNT
from ankisyncd.users import SimpleUserManager, SqliteUserManager
try: try:
from cStringIO import StringIO from cStringIO import StringIO
except ImportError: except ImportError:
@ -316,25 +318,6 @@ class SimpleSessionManager(object):
def delete(self, hkey): def delete(self, hkey):
del self.sessions[hkey] del self.sessions[hkey]
class SimpleUserManager(object):
"""A simple user manager that always allows any user."""
def authenticate(self, username, password):
"""
Returns True if this username is allowed to connect with this password. False otherwise.
Override this to change how users are authenticated.
"""
return True
def username2dirname(self, username):
"""
Returns the directory name for the given user. By default, this is just the username.
Override this to adjust the mapping between users and their directory.
"""
return username
class SyncApp(object): class SyncApp(object):
valid_urls = SyncCollectionHandler.operations + SyncMediaHandler.operations + ['hostKey', 'upload', 'download'] valid_urls = SyncCollectionHandler.operations + SyncMediaHandler.operations + ['hostKey', 'upload', 'download']
@ -694,34 +677,6 @@ class SqliteSessionManager(SimpleSessionManager):
cursor.execute("DELETE FROM session WHERE hkey=?", (hkey,)) cursor.execute("DELETE FROM session WHERE hkey=?", (hkey,))
conn.commit() conn.commit()
class SqliteUserManager(SimpleUserManager):
"""Authenticates users against a SQLite database."""
def __init__(self, auth_db_path):
self.auth_db_path = os.path.abspath(auth_db_path)
def authenticate(self, username, password):
"""Returns True if this username is allowed to connect with this password. False otherwise."""
conn = sqlite.connect(self.auth_db_path)
cursor = conn.cursor()
param = (username,)
cursor.execute("SELECT hash FROM auth WHERE user=?", param)
db_ret = cursor.fetchone()
if db_ret != None:
db_hash = str(db_ret[0])
salt = db_hash[-16:]
hashobj = hashlib.sha256()
hashobj.update(username+password+salt)
conn.close()
return (db_ret != None and hashobj.hexdigest()+salt == db_hash)
def make_app(global_conf, **local_conf): def make_app(global_conf, **local_conf):
return SyncApp(**local_conf) return SyncApp(**local_conf)

123
ankisyncd/users.py
View File

@ -2,25 +2,57 @@
import binascii import binascii
from contextlib import closing
import hashlib import hashlib
import logging import logging
import os import os
import sqlite3 as sqlite import sqlite3 as sqlite
class UserManager: class SimpleUserManager(object):
def __init__(self, auth_db_path, collection_path): """A simple user manager that always allows any user."""
self.auth_db_path = auth_db_path
def __init__(self, collection_path=''):
self.collection_path = collection_path self.collection_path = collection_path
def authenticate(self, username, password):
"""
Returns True if this username is allowed to connect with this password.
False otherwise. Override this to change how users are authenticated.
"""
return True
def username2dirname(self, username):
"""
Returns the directory name for the given user. By default, this is just
the username. Override this to adjust the mapping between users and
their directory.
"""
return username
def _create_user_dir(self, username):
user_dir_path = os.path.join(self.collection_path, username)
if not os.path.isdir(user_dir_path):
logging.info("Creating collection directory for user '{}' at {}"
.format(username, user_dir_path))
os.makedirs(user_dir_path)
class SqliteUserManager(SimpleUserManager):
"""Authenticates users against a SQLite database."""
def __init__(self, auth_db_path, collection_path=None):
SimpleUserManager.__init__(self, collection_path)
self.auth_db_path = auth_db_path
def auth_db_exists(self): def auth_db_exists(self):
return os.path.isfile(self.auth_db_path) return os.path.isfile(self.auth_db_path)
def user_list(self): def user_list(self):
if not self.auth_db_exists(): if not self.auth_db_exists():
self.create_auth_db() raise ValueError("Cannot list users for nonexistent auth db {}."
return [] .format(self.auth_db_path))
else: else:
conn = sqlite.connect(self.auth_db_path) conn = sqlite.connect(self.auth_db_path)
cursor = conn.cursor() cursor = conn.cursor()
@ -37,15 +69,16 @@ class UserManager:
def del_user(self, username): def del_user(self, username):
if not self.auth_db_exists(): if not self.auth_db_exists():
self.create_auth_db() raise ValueError("Cannot remove user from nonexistent auth db {}."
.format(self.auth_db_path))
conn = sqlite.connect(self.auth_db_path) else:
cursor = conn.cursor() conn = sqlite.connect(self.auth_db_path)
logging.info("Removing user '{}' from auth db." cursor = conn.cursor()
.format(username)) logging.info("Removing user '{}' from auth db."
cursor.execute("DELETE FROM auth WHERE user=?", (username,)) .format(username))
conn.commit() cursor.execute("DELETE FROM auth WHERE user=?", (username,))
conn.close() conn.commit()
conn.close()
def add_user(self, username, password): def add_user(self, username, password):
self._add_user_to_auth_db(username, password) self._add_user_to_auth_db(username, password)
@ -69,6 +102,59 @@ class UserManager:
conn.commit() conn.commit()
conn.close() conn.close()
def set_password_for_user(self, username, new_password):
if not self.auth_db_exists():
raise ValueError("Cannot remove user from nonexistent auth db {}."
.format(self.auth_db_path))
elif not self.user_exists(username):
raise ValueError("Cannot remove nonexistent user {}."
.format(username))
else:
hash = self._create_pass_hash(username, new_password)
conn = sqlite.connect(self.auth_db_path)
cursor = conn.cursor()
cursor.execute("UPDATE auth SET hash=? WHERE user=?", (hash, username))
conn.commit()
conn.close()
logging.info("Changed password for user {}.".format(username))
def authenticate_user(self, username, password):
"""Returns True if this username is allowed to connect with this password. False otherwise."""
conn = sqlite.connect(self.auth_db_path)
cursor = conn.cursor()
param = (username,)
cursor.execute("SELECT hash FROM auth WHERE user=?", param)
db_hash = cursor.fetchone()
conn.close()
if db_hash is None:
logging.info("Authentication failed for nonexistent user {}."
.format(username))
return False
else:
expected_value = str(db_hash[0])
salt = self._extract_salt(expected_value)
hashobj = hashlib.sha256()
hashobj.update(username + password + salt)
actual_value = hashobj.hexdigest() + salt
if actual_value == expected_value:
logging.info("Authentication succeeded for user {}."
.format(username))
return True
else:
logging.info("Authentication failed for user {}."
.format(username))
return False
@staticmethod
def _extract_salt(hash):
return hash[-16:]
@staticmethod @staticmethod
def _create_pass_hash(username, password): def _create_pass_hash(username, password):
salt = binascii.b2a_hex(os.urandom(8)) salt = binascii.b2a_hex(os.urandom(8))
@ -85,10 +171,3 @@ class UserManager:
(user VARCHAR PRIMARY KEY, hash VARCHAR)""") (user VARCHAR PRIMARY KEY, hash VARCHAR)""")
conn.commit() conn.commit()
conn.close() conn.close()
def _create_user_dir(self, username):
user_dir_path = os.path.join(self.collection_path, username)
if not os.path.isdir(user_dir_path):
logging.info("Creating collection directory for user '{}' at {}"
.format(username, user_dir_path))
os.makedirs(user_dir_path)

6
tests/sync_app_functional_test_base.py
View File

@ -6,7 +6,7 @@ import unittest
from webtest import TestApp from webtest import TestApp
from ankisyncd.users import UserManager from ankisyncd.users import SqliteUserManager
from helpers.collection_utils import CollectionUtils from helpers.collection_utils import CollectionUtils
from helpers.db_utils import DBUtils from helpers.db_utils import DBUtils
from helpers.file_utils import FileUtils from helpers.file_utils import FileUtils
@ -45,8 +45,8 @@ class SyncAppFunctionalTestBase(unittest.TestCase):
self.server_paths = self.serverutils.create_server_paths() self.server_paths = self.serverutils.create_server_paths()
# Add a test user to the temp auth db the server will use. # Add a test user to the temp auth db the server will use.
self.user_manager = UserManager(self.server_paths['auth_db'], self.user_manager = SqliteUserManager(self.server_paths['auth_db'],
self.server_paths['data_root']) self.server_paths['data_root'])
self.user_manager.add_user('testuser', 'testpassword') self.user_manager.add_user('testuser', 'testpassword')
# Get absolute path to development ini file. # Get absolute path to development ini file.

78
tests/test_sync_app.py
View File

@ -57,84 +57,6 @@ class SyncCollectionHandlerTest(CollectionTestBase):
self.assertEqual(meta['cont'], True) self.assertEqual(meta['cont'], True)
class SimpleUserManagerTest(unittest.TestCase):
_good_test_un = 'username'
_good_test_pw = 'password'
_bad_test_un = 'notAUsername'
_bad_test_pw = 'notAPassword'
def setUp(self):
self._user_manager = SimpleUserManager()
def tearDown(self):
self._user_manager = None
def test_authenticate(self):
self.assertTrue(self._user_manager.authenticate(self._good_test_un,
self._good_test_pw))
self.assertTrue(self._user_manager.authenticate(self._bad_test_un,
self._bad_test_pw))
self.assertTrue(self._user_manager.authenticate(self._good_test_un,
self._bad_test_pw))
self.assertTrue(self._user_manager.authenticate(self._bad_test_un,
self._good_test_pw))
def test_username2dirname(self):
dirname = self._user_manager.username2dirname(self._good_test_un)
self.assertEqual(dirname, self._good_test_un)
class SqliteUserManagerTest(SimpleUserManagerTest):
file_descriptor, _test_auth_db_path = tempfile.mkstemp(suffix=".db")
os.close(file_descriptor)
os.unlink(_test_auth_db_path)
def _create_test_auth_db(self, db_path, username, password):
if os.path.exists(db_path):
os.remove(db_path)
salt = binascii.b2a_hex(os.urandom(8))
crypto_hash = hashlib.sha256(username+password+salt).hexdigest()+salt
conn = sqlite3.connect(db_path)
cursor = conn.cursor()
cursor.execute("""CREATE TABLE IF NOT EXISTS auth
(user VARCHAR PRIMARY KEY, hash VARCHAR)""")
cursor.execute("INSERT INTO auth VALUES (?, ?)", (username, crypto_hash))
conn.commit()
conn.close()
def setUp(self):
self._create_test_auth_db(self._test_auth_db_path,
self._good_test_un,
self._good_test_pw)
self._user_manager = SqliteUserManager(self._test_auth_db_path)
def tearDown(self):
if os.path.exists(self._test_auth_db_path):
os.remove(self._test_auth_db_path)
def test_authenticate(self):
self.assertTrue(self._user_manager.authenticate(self._good_test_un,
self._good_test_pw))
self.assertFalse(self._user_manager.authenticate(self._bad_test_un,
self._bad_test_pw))
self.assertFalse(self._user_manager.authenticate(self._good_test_un,
self._bad_test_pw))
self.assertFalse(self._user_manager.authenticate(self._bad_test_un,
self._good_test_pw))
class SimpleSessionManagerTest(unittest.TestCase): class SimpleSessionManagerTest(unittest.TestCase):
test_hkey = '1234567890' test_hkey = '1234567890'
test_session = SyncUserSession('testName', 'testPath', None, None) test_session = SyncUserSession('testName', 'testPath', None, None)

61
tests/test_users.py
View File

@ -5,17 +5,39 @@ import os
import unittest import unittest
from ankisyncd.users import UserManager from ankisyncd.users import SimpleUserManager, SqliteUserManager
from helpers.file_utils import FileUtils from helpers.file_utils import FileUtils
class SimpleUserManagerTest(unittest.TestCase): class SimpleUserManagerTest(unittest.TestCase):
_good_test_un = 'username' def setUp(self):
_good_test_pw = 'password' self.user_manager = SimpleUserManager()
_bad_test_un = 'notAUsername' def tearDown(self):
_bad_test_pw = 'notAPassword' self._user_manager = None
def test_authenticate(self):
good_test_un = 'username'
good_test_pw = 'password'
bad_test_un = 'notAUsername'
bad_test_pw = 'notAPassword'
self.assertTrue(self.user_manager.authenticate(good_test_un,
good_test_pw))
self.assertTrue(self.user_manager.authenticate(bad_test_un,
bad_test_pw))
self.assertTrue(self.user_manager.authenticate(good_test_un,
bad_test_pw))
self.assertTrue(self.user_manager.authenticate(bad_test_un,
good_test_pw))
def test_username2dirname(self):
username = 'my_username'
dirname = self.user_manager.username2dirname(username)
self.assertEqual(dirname, username)
class SqliteUserManagerTest(unittest.TestCase):
@classmethod @classmethod
def setUpClass(cls): def setUpClass(cls):
cls.fileutils = FileUtils() cls.fileutils = FileUtils()
@ -28,8 +50,8 @@ class SimpleUserManagerTest(unittest.TestCase):
def setUp(self): def setUp(self):
self.auth_db_path = self.fileutils.create_file_path(suffix='auth.db') self.auth_db_path = self.fileutils.create_file_path(suffix='auth.db')
self.collection_path = self.fileutils.create_dir_path() self.collection_path = self.fileutils.create_dir_path()
self.user_manager = UserManager(self.auth_db_path, self.user_manager = SqliteUserManager(self.auth_db_path,
self.collection_path) self.collection_path)
def tearDown(self): def tearDown(self):
self.user_manager = None self.user_manager = None
@ -124,6 +146,27 @@ class SimpleUserManagerTest(unittest.TestCase):
self.user_manager._create_user_dir(username) self.user_manager._create_user_dir(username)
self.assertTrue(os.path.isdir(expected_dir_path)) self.assertTrue(os.path.isdir(expected_dir_path))
def test_authenticate_user(self):
username = "my_username"
password = "my_password"
self.user_manager.create_auth_db()
self.user_manager.add_user(username, password)
self.assertTrue(self.user_manager.authenticate_user(username,
password))
def test_set_password_for_user(self):
username = "my_username"
password = "my_password"
new_password = "my_new_password"
self.user_manager.create_auth_db()
self.user_manager.add_user(username, password)
self.user_manager.set_password_for_user(username, new_password)
self.assertFalse(self.user_manager.authenticate_user(username,
password))
self.assertTrue(self.user_manager.authenticate_user(username,
new_password))
if __name__ == '__main__':
unittest.main()