| 1 | # -*- coding: utf8 -*- |
|---|
| 2 | # |
|---|
| 3 | # Copyright (C) 2007 Matthew Good <trac@matt-good.net> |
|---|
| 4 | # |
|---|
| 5 | # "THE BEER-WARE LICENSE" (Revision 42): |
|---|
| 6 | # <trac@matt-good.net> wrote this file. As long as you retain this notice you |
|---|
| 7 | # can do whatever you want with this stuff. If we meet some day, and you think |
|---|
| 8 | # this stuff is worth it, you can buy me a beer in return. Matthew Good |
|---|
| 9 | # |
|---|
| 10 | # Author: Matthew Good <trac@matt-good.net> |
|---|
| 11 | |
|---|
| 12 | from trac.core import * |
|---|
| 13 | from trac.config import ExtensionOption |
|---|
| 14 | |
|---|
| 15 | from api import IPasswordStore |
|---|
| 16 | from pwhash import IPasswordHashMethod |
|---|
| 17 | |
|---|
| 18 | class SessionStore(Component): |
|---|
| 19 | implements(IPasswordStore) |
|---|
| 20 | |
|---|
| 21 | hash_method = ExtensionOption('account-manager', 'hash_method', |
|---|
| 22 | IPasswordHashMethod, 'HtDigestHashMethod') |
|---|
| 23 | |
|---|
| 24 | def get_users(self): |
|---|
| 25 | """Returns an iterable of the known usernames |
|---|
| 26 | """ |
|---|
| 27 | db = self.env.get_db_cnx() |
|---|
| 28 | cursor = db.cursor() |
|---|
| 29 | cursor.execute("SELECT DISTINCT sid FROM session_attribute " |
|---|
| 30 | "WHERE authenticated=1 AND name='password'") |
|---|
| 31 | for sid, in cursor: |
|---|
| 32 | yield sid |
|---|
| 33 | |
|---|
| 34 | def has_user(self, user): |
|---|
| 35 | db = self.env.get_db_cnx() |
|---|
| 36 | cursor = db.cursor() |
|---|
| 37 | cursor.execute("SELECT * FROM session_attribute " |
|---|
| 38 | "WHERE authenticated=1 AND name='password' " |
|---|
| 39 | "AND sid=%s", (user,)) |
|---|
| 40 | for row in cursor: |
|---|
| 41 | return True |
|---|
| 42 | return False |
|---|
| 43 | |
|---|
| 44 | def set_password(self, user, password): |
|---|
| 45 | """Sets the password for the user. This should create the user account |
|---|
| 46 | if it doesn't already exist. |
|---|
| 47 | Returns True if a new account was created, False if an existing account |
|---|
| 48 | was updated. |
|---|
| 49 | """ |
|---|
| 50 | hash = self.hash_method.generate_hash(user, password) |
|---|
| 51 | db = self.env.get_db_cnx() |
|---|
| 52 | cursor = db.cursor() |
|---|
| 53 | cursor.execute("UPDATE session_attribute " |
|---|
| 54 | "SET value=%s " |
|---|
| 55 | "WHERE authenticated=1 AND name='password' " |
|---|
| 56 | "AND sid=%s", (hash, user)) |
|---|
| 57 | if cursor.rowcount > 0: |
|---|
| 58 | return False # updated existing password |
|---|
| 59 | cursor.execute("INSERT INTO session_attribute " |
|---|
| 60 | "(sid,authenticated,name,value) " |
|---|
| 61 | "VALUES (%s,1,'password',%s)", |
|---|
| 62 | (user, hash)) |
|---|
| 63 | return True |
|---|
| 64 | |
|---|
| 65 | def check_password(self, user, password): |
|---|
| 66 | """Checks if the password is valid for the user. |
|---|
| 67 | """ |
|---|
| 68 | db = self.env.get_db_cnx() |
|---|
| 69 | cursor = db.cursor() |
|---|
| 70 | cursor.execute("SELECT value FROM session_attribute " |
|---|
| 71 | "WHERE authenticated=1 AND name='password' " |
|---|
| 72 | "AND sid=%s", (user,)) |
|---|
| 73 | for hash, in cursor: |
|---|
| 74 | return self.hash_method.check_hash(user, password, hash) |
|---|
| 75 | return False |
|---|
| 76 | |
|---|
| 77 | def delete_user(self, user): |
|---|
| 78 | """Deletes the user account. |
|---|
| 79 | Returns True if the account existed and was deleted, False otherwise. |
|---|
| 80 | """ |
|---|
| 81 | if not self.has_user(user): |
|---|
| 82 | return False |
|---|
| 83 | db = self.env.get_db_cnx() |
|---|
| 84 | cursor = db.cursor() |
|---|
| 85 | cursor.execute("DELETE FROM session_attribute " |
|---|
| 86 | "WHERE authenticated=1 AND name='password' " |
|---|
| 87 | "AND sid=%s", (user,)) |
|---|
| 88 | # TODO cursor.rowcount doesn't seem to get # deleted |
|---|
| 89 | # is there another way to get count instead of using has_user? |
|---|
| 90 | return True |
|---|
