allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [1/4] allura git commit: [#8118] minor fixes and improvements to basic TOTP stuff
Date Thu, 08 Sep 2016 19:44:23 GMT
Repository: allura
Updated Branches:
  refs/heads/master 9ecc62604 -> 4bfdd443f


[#8118] minor fixes and improvements to basic TOTP stuff


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/d240da95
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/d240da95
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/d240da95

Branch: refs/heads/master
Commit: d240da95e31787b7500790da1287f191f9155631
Parents: 9ecc626
Author: Dave Brondsema <dave@brondsema.net>
Authored: Mon Sep 5 14:48:53 2016 -0400
Committer: Dave Brondsema <dave@brondsema.net>
Committed: Tue Sep 6 17:42:48 2016 -0400

----------------------------------------------------------------------
 Allura/allura/controllers/auth.py           | 1 +
 Allura/allura/lib/decorators.py             | 1 +
 Allura/allura/model/multifactor.py          | 2 +-
 Allura/allura/tests/functional/test_auth.py | 2 +-
 4 files changed, 4 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/d240da95/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 382f4b1..5276682 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -678,6 +678,7 @@ class PreferencesController(BaseController):
     @expose('jinja:allura:templates/user_totp.html')
     @reconfirm_auth
     @require_post()
+    @without_trailing_slash
     def totp_set(self, code, **kw):
         key = session['totp_new_key']
         totp_service = TotpService.get()

http://git-wip-us.apache.org/repos/asf/allura/blob/d240da95/Allura/allura/lib/decorators.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/decorators.py b/Allura/allura/lib/decorators.py
index 7c311dc..7249e7c 100644
--- a/Allura/allura/lib/decorators.py
+++ b/Allura/allura/lib/decorators.py
@@ -121,6 +121,7 @@ def reconfirm_auth(func, *args, **kwargs):
         if AuthenticationProvider.get(request).validate_password(c.user, request.POST['password']):
             session['auth-reconfirmed'] = datetime.utcnow()
             session.save()
+            kwargs.pop('password')
         else:
             c.form_errors['password'] = 'Invalid password.'
 

http://git-wip-us.apache.org/repos/asf/allura/blob/d240da95/Allura/allura/model/multifactor.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/multifactor.py b/Allura/allura/model/multifactor.py
index 2a4e2f0..24a7898 100644
--- a/Allura/allura/model/multifactor.py
+++ b/Allura/allura/model/multifactor.py
@@ -38,4 +38,4 @@ class TotpKey(MappedClass):
 
     _id = FieldProperty(S.ObjectId)
     user_id = FieldProperty(S.ObjectId, required=True)
-    key = FieldProperty(str, required=True)
+    key = FieldProperty(bytes, required=True)

http://git-wip-us.apache.org/repos/asf/allura/blob/d240da95/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 261b956..d340a2f 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -2125,7 +2125,7 @@ class TestTwoFactor(TestController):
     def test_disable(self):
         self._init_totp()
 
-        self.app.get('/auth/multifactor_disable', status=404)  # GET not allowed
+        self.app.get('/auth/preferences/multifactor_disable', status=405)  # GET not allowed
 
         # get form and submit
         r = self.app.get('/auth/preferences/')


Mime
View raw message