external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-04-20 02:52:11 +00:00
Code Issues Releases Wiki Activity

Make __token_dict private in KeyAuthService

Browse Source
This commit is contained in:
NewbieOrange 2021-07-28 00:57:53 +08:00
parent aed5a39383
commit 41e07e56e9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
management/auth.py
View File

@ -16,7 +16,7 @@ class KeyAuthService:
requests. The key is passed as the username field in the standard HTTP
Basic Auth header.
"""
token_dict = ExpiringDict(max_len=1024, max_age_seconds=600)
__token_dict = ExpiringDict(max_len=1024, max_age_seconds=600)
def __init__(self):
self.auth_realm = DEFAULT_AUTH_REALM
@ -84,7 +84,7 @@ class KeyAuthService:
privs = self.check_user_auth(username, password, request, env)
if not self.validate_user_token(username, request, env):
token = secrets.token_hex(16)
KeyAuthService.token_dict[username] = token
KeyAuthService.__token_dict[username] = token
return (username, privs, token)
def check_user_auth(self, email, pw, request, env):
@ -139,7 +139,7 @@ class KeyAuthService:
def check_user_token(self, email, token, request, env):
# Check whether a token matches the one we stored for the user.
return token is not None and KeyAuthService.token_dict.get(email) == token
return token is not None and KeyAuthService.__token_dict.get(email) == token
def validate_user_token(self, email, request, env):
# Check whether the provided token in request cookie matches the one we stored for the user.