← Back to team overview

launchpad-reviewers team mailing list archive

  1. launchpad-reviewers team
  2. Mailing list archive
  3. Message #17393

[Merge] lp:~wgrant/launchpad/logintoken-sha256 into lp:launchpad

  Thread PreviousDate PreviousThread Next 
William Grant has proposed merging lp:~wgrant/launchpad/logintoken-sha256 into lp:launchpad.

Commit message:
Hash LoginTokens with SHA-256 in the DB.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~wgrant/launchpad/logintoken-sha256/+merge/232959

Hash LoginTokens with SHA-256 in the DB.
-- 
https://code.launchpad.net/~wgrant/launchpad/logintoken-sha256/+merge/232959
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~wgrant/launchpad/logintoken-sha256 into lp:launchpad.

=== modified file 'lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt'
--- lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt	2014-09-01 12:55:14 +0000
+++ lib/lp/registry/stories/gpg-coc/xx-gpg-coc.txt	2014-09-02 01:09:21 +0000
@@ -209,9 +209,10 @@
 
     >>> nothing, token_value = token_url.split('http://launchpad.dev/token/')
 
-    >>> import pytz, datetime
+    >>> import datetime, hashlib, pytz
     >>> from lp.services.verification.model.logintoken import LoginToken
-    >>> logintoken = LoginToken.selectOneBy(_token=token_value)
+    >>> logintoken = LoginToken.selectOneBy(
+    ...     _token=hashlib.sha256(token_value).hexdigest())
     >>> logintoken.date_created = datetime.datetime(
     ...     2005,04,01, 12,00,00, tzinfo=pytz.timezone('UTC'))
     >>> logintoken.sync()
@@ -296,7 +297,9 @@
 
 Now that the key has been validated, the login token is consumed:
 
-    >>> LoginToken.selectOneBy(_token=token_value).date_consumed is not None
+    >>> consumed_token = LoginToken.selectOneBy(
+    ...     _token=hashlib.sha256(token_value).hexdigest())
+    >>> consumed_token.date_consumed is not None
     True
 
 Now Sample Person's sign-only key is associated with his account. He

=== modified file 'lib/lp/services/verification/model/logintoken.py'
--- lib/lp/services/verification/model/logintoken.py	2014-09-01 12:55:14 +0000
+++ lib/lp/services/verification/model/logintoken.py	2014-09-02 01:09:21 +0000
@@ -75,7 +75,7 @@
         token = kwargs.pop('token', None)
         if token is not None:
             self._plaintext_token = token
-            kwargs['_token'] = token
+            kwargs['_token'] = hashlib.sha256(token).hexdigest()
         super(LoginToken, self).__init__(*args, **kwargs)
 
     _plaintext_token = None

Follow ups

  Thread PreviousDate PreviousThread Next