external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-20 02:52:11 +00:00
Code Issues Releases Wiki Activity

Make __token_dict private in KeyAuthService

Browse Source
This commit is contained in:
NewbieOrange 2021-07-28 00:57:53 +08:00
parent aed5a39383
commit 41e07e56e9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
management/auth.py
View File

@ -16,7 +16,7 @@ class KeyAuthService:
requests. The key is passed as the username field in the standard HTTP requests. The key is passed as the username field in the standard HTTP
Basic Auth header. Basic Auth header.
""" """
token_dict = ExpiringDict(max_len=1024, max_age_seconds=600) __token_dict = ExpiringDict(max_len=1024, max_age_seconds=600)
def __init__(self): def __init__(self):
self.auth_realm = DEFAULT_AUTH_REALM self.auth_realm = DEFAULT_AUTH_REALM
@ -84,7 +84,7 @@ class KeyAuthService:
privs = self.check_user_auth(username, password, request, env) privs = self.check_user_auth(username, password, request, env)
if not self.validate_user_token(username, request, env): if not self.validate_user_token(username, request, env):
token = secrets.token_hex(16) token = secrets.token_hex(16)
KeyAuthService.token_dict[username] = token KeyAuthService.__token_dict[username] = token
return (username, privs, token) return (username, privs, token)
def check_user_auth(self, email, pw, request, env): def check_user_auth(self, email, pw, request, env):
@ -139,7 +139,7 @@ class KeyAuthService:
def check_user_token(self, email, token, request, env): def check_user_token(self, email, token, request, env):
# Check whether a token matches the one we stored for the user. # Check whether a token matches the one we stored for the user.
return token is not None and KeyAuthService.token_dict.get(email) == token return token is not None and KeyAuthService.__token_dict.get(email) == token
def validate_user_token(self, email, request, env): def validate_user_token(self, email, request, env):
# Check whether the provided token in request cookie matches the one we stored for the user. # Check whether the provided token in request cookie matches the one we stored for the user.