aji/costapy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: aji:356d88f73a261deaee069abf458b70c772732b35
Branches Tags
aji:master
aji:system/gebox
aji:system/authsquare
aji:template/sbmodernbiz
aji:template/prime
aji:template/ezmail
aji:system/highlight
aji:system/bruno
aji:system/invlab
aji:template/kiddy
aji:bottle
aji:cherrypy
..
compare: aji:829b939273802d3702e81d649c365896c5db2019
Branches Tags
aji:system/gebox
aji:system/authsquare
aji:template/sbmodernbiz
aji:template/prime
aji:template/ezmail
aji:system/highlight
aji:system/bruno
aji:master
aji:system/invlab
aji:template/kiddy
aji:bottle
aji:cherrypy

No commits in common. "356d88f73a261deaee069abf458b70c772732b35" and "829b939273802d3702e81d649c365896c5db2019" have entirely different histories.
356d88f73a ... 829b939273

2 changed files with 14 additions and 37 deletions
Show Stats Expand all files Collapse all files

16
modules/api/auth.py
View File

@ -33,10 +33,9 @@ class auth:
self.cursor.execute("BEGIN;") self.cursor.execute("BEGIN;")
try: try:
loggorilla.prcss(APIADDR, "Get dependency data") loggorilla.prcss(APIADDR, "Get dependency data")
self.cursor.execute(f"SELECT `id` FROM `auth_roles` WHERE `name` = %s ;", (roles,) ) self.cursor.execute(f"SELECT id, name FROM `auth_roles` WHERE auth_roles.name = %s ; ", (roles,) )
result_roles = self.cursor.fetchone() result_roles = self.cursor.fetchone()
loggorilla.prcss(APIADDR, "Process parameters") loggorilla.prcss(APIADDR, "Process parameters")
ls_roles = [ result_roles["id"] ]
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode() hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
token = saltedkey.token(username, hashed) token = saltedkey.token(username, hashed)
if globalvar.production == True: if globalvar.production == True:
@ -52,7 +51,11 @@ class auth:
result_validation = procedure_validation.validation().register(APIADDR, captcha, score, roles, username, password, email) result_validation = procedure_validation.validation().register(APIADDR, captcha, score, roles, username, password, email)
if result_validation['status'] == "valid": if result_validation['status'] == "valid":
loggorilla.prcss(APIADDR, "Inserting") loggorilla.prcss(APIADDR, "Inserting")
self.cursor.execute("CALL sp_auth_add(%s, %s, %s, %s, %s, %s);", (token, hashed, username, email, 0, str(ls_roles)) ) self.cursor.execute("INSERT INTO `auth` VALUES (%s, %s);", (token, hashed) )
self.cursor.execute("INSERT INTO `auth_profile` VALUES (DEFAULT, %s, %s, %s, NULL);", (token, username, email) )
auth_profile_lastrowid = self.cursor.lastrowid
self.cursor.execute("INSERT INTO `auth_profile_verification` VALUES (DEFAULT, %s, 'email', 0);", (auth_profile_lastrowid,) )
self.cursor.execute("INSERT INTO `auth_profile_roles` VALUES (DEFAULT, %s, %s);", (auth_profile_lastrowid, result_roles['id']) )
loggorilla.prcss(APIADDR, "Set expired datetime") loggorilla.prcss(APIADDR, "Set expired datetime")
expired = globalvar.verification_link_expiration expired = globalvar.verification_link_expiration
expired_isoformat = expired.isoformat() expired_isoformat = expired.isoformat()
@ -375,7 +378,12 @@ class auth:
hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode() hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
token = saltedkey.token(username, hashed) token = saltedkey.token(username, hashed)
loggorilla.prcss(APIADDR, "Inserting") loggorilla.prcss(APIADDR, "Inserting")
self.cursor.execute("CALL sp_auth_add(%s, %s, %s, %s, %s, %s);", (token, hashed, username, email, 1, str(roles)) ) self.cursor.execute("INSERT INTO `auth` VALUES (%s, %s);", (token, hashed) )
self.cursor.execute("INSERT INTO `auth_profile` VALUES (DEFAULT, %s, %s, %s, NULL);", (token, username, email) )
auth_profile_lastrowid = self.cursor.lastrowid
self.cursor.execute("INSERT INTO `auth_profile_verification` VALUES (DEFAULT, %s, 'email', 1);", (auth_profile_lastrowid,) )
for role in roles:
self.cursor.execute("INSERT INTO `auth_profile_roles` VALUES (DEFAULT, %s, %s);", (auth_profile_lastrowid, role) )
loggorilla.prcss(APIADDR, "Sending email") loggorilla.prcss(APIADDR, "Sending email")
webmail_data = { webmail_data = {
"username" : username, "username" : username,

35
sql/auth.sql
View File

@ -1,11 +1,8 @@
-- README -- README
-- Prefix idx_ = index -- idx_ = index
-- Prefix fk_ = foreign -- fk_ = foreign
-- Create an index for fast lookups -- Create an index for fast lookups
-- Defining constraints separately for better readability & maintainability -- Defining constraints separately for better readability & maintainability
-- Prefix sp_ = Stored Procedure
-- Prefix p_ = Parameter(s)
-- Prefix v_ = Variable(s)
-- NOTE -- NOTE
-- Next verification variation should be based from identity and contact -- Next verification variation should be based from identity and contact
@ -78,31 +75,3 @@ INSERT INTO `auth_roles` VALUES
(3, 'member' ), (3, 'member' ),
(4, 'tester' ); (4, 'tester' );
DELIMITER //
CREATE PROCEDURE sp_auth_add(
IN p_token binary(40),
IN p_hashed binary(60),
IN p_username varchar(36),
IN p_email LONGTEXT,
IN p_verified int(1), -- register:0, accept:1
IN p_roles JSON -- example: [1,2,4]. Roles duplication was checked on Back-End side.
)
BEGIN
DECLARE i INT DEFAULT 0;
DECLARE n INT;
DECLARE v_auth_profile_lastrowid INT(11);
INSERT INTO `auth` VALUES (p_token, p_hashed);
INSERT INTO `auth_profile` VALUES (DEFAULT, p_token, p_username, p_email, NULL);
SET v_auth_profile_lastrowid = LAST_INSERT_ID();
INSERT INTO `auth_profile_verification` VALUES (DEFAULT, v_auth_profile_lastrowid, 'email', p_verified);
SET n = JSON_LENGTH(p_roles);
WHILE i < n DO
INSERT INTO `auth_profile_roles` VALUES (
DEFAULT,
v_auth_profile_lastrowid,
JSON_UNQUOTE(JSON_EXTRACT(p_roles, CONCAT('$[', i, ']')))
);
SET i = i + 1;
END WHILE;
END //
DELIMITER ;