diff options
author | Aleksey Lim <alsroot@sugarlabs.org> | 2012-01-16 22:31:58 (GMT) |
---|---|---|
committer | Aleksey Lim <alsroot@sugarlabs.org> | 2012-01-16 22:31:58 (GMT) |
commit | d612181dcedde8e1b9cbe49fdb748ec3dc7ba91f (patch) | |
tree | ab732240bc5edbe07cd733bc839fc0803c3eb9e3 | |
parent | 94c0049ff408c57ebe75340289803a8943362f55 (diff) |
Avoid using direct access to the storage on authentication
-rw-r--r-- | restful_document/user.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/restful_document/user.py b/restful_document/user.py index 6202171..05d5681 100644 --- a/restful_document/user.py +++ b/restful_document/user.py @@ -15,7 +15,6 @@ import hashlib import logging -from os.path import exists from gettext import gettext as _ from M2Crypto import DSA @@ -72,12 +71,13 @@ class User(Document): @classmethod def verify(cls, guid, signature): - # TODO Avoid direct access to pubkey property - pubkey_path = cls.metadata.path(guid[:2], guid, 'pubkey') - enforce(exists(pubkey_path), env.Unauthorized, - _('Principal user does not exist')) + try: + pubkey = cls(guid, raw=True)['pubkey'] + except ad.NotFound: + raise env.Unauthorized(_('Principal user does not exist')) if env.trust_users.value: return + pubkey_path = util.TempFilePath(text=pubkey) pubkey = DSA.load_pub_key(pubkey_path) data = hashlib.sha1(guid).digest() enforce(pubkey.verify_asn1(data, signature.decode('hex')), |