Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-13 22:40:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rolled back Discord managers to fix #235

Browse Source 
Commit chosen: 08cd2c1f1ade6845f5710329b0beab47ab7df6aa
Additional security implemented: tokens deleted for users after succesful addition to discord server.
 - prevents another user from authenticating with their email and wrong password
This commit is contained in:
Adarnof 2016-02-09 12:32:08 +00:00
parent 7ca6decc12
commit e5d8c62674
1 changed files with 21 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
services/managers/discord_manager.py
View File

@ -13,8 +13,8 @@ DISCORD_URL = "https://discordapp.com/api"
class DiscordAPIManager:
def __init__(self, server_id, email, password, user=None):
self.token = DiscordAPIManager.get_token_by_user(email, password, user)
def __init__(self, server_id, email, password):
self.token = DiscordAPIManager.get_token_by_user(email, password)
self.email = email
self.password = password
self.server_id = server_id
@ -131,8 +131,9 @@ class DiscordAPIManager:
r.raise_for_status()
return r.json()
def accept_invite(self, invite_id):
custom_headers = {'accept': 'application/json', 'authorization': self.token}
@staticmethod
def accept_invite(invite_id, token):
custom_headers = {'accept': 'application/json', 'authorization': token}
path = DISCORD_URL + "/invite/" + str(invite_id)
r = requests.post(path, headers=custom_headers)
logger.debug("Received status code %s after accepting invite." % r.status_code)
@ -222,20 +223,17 @@ class DiscordAPIManager:
raise KeyError('Group not found on server: ' + group_name)
@staticmethod
def get_token_by_user(email, password, user):
def get_token_by_user(email, password):
if DiscordAuthToken.objects.filter(email=email).exists():
auth = DiscordAuthToken.objects.get(email=email)
if not auth.user == user:
raise ValueError("User mismatch while validating DiscordAuthToken for email %s - user %s, requesting user %s" % (email, auth.user, user))
logger.debug("Discord auth token cached for supplied email starting with %s" % email[0:3])
auth = DiscordAuthToken.objects.get(email=email, user=user)
auth = DiscordAuthToken.objects.get(email=email)
if DiscordAPIManager.validate_token(auth.token):
logger.debug("Token still valid. Returning token starting with %s" % auth.token[0:5])
return auth.token
else:
logger.debug("Token has expired. Deleting.")
auth.delete()
logger.debug("Generating auth token for email starting with %s user %s and password of length %s" % (email[0:3], user, len(password)))
logger.debug("Generating auth token for email starting with %s and password of length %s" % (email[0:3], len(password)))
data = {
"email" : email,
"password": password,
@ -246,19 +244,11 @@ class DiscordAPIManager:
logger.debug("Received status code %s after generating auth token for custom user." % r.status_code)
r.raise_for_status()
token = r.json()['token']
auth = DiscordAuthToken(email=email, token=token, user=user)
auth = DiscordAuthToken(email=email, token=token)
auth.save()
logger.debug("Created cached token for email starting with %s" % email[0:3])
return token
def get_profile(self):
custom_headers = {'accept': 'application/json', 'authorization': self.token}
path = DISCORD_URL + "/users/@me"
r = requests.get(path, headers=custom_headers)
logger.debug("Received status code %s after retrieving user profile with email %s" % (r.status_code, self.email[0:3]))
r.raise_for_status()
return r.json()
@staticmethod
def get_user_profile(email, password):
token = DiscordAPIManager.get_token_by_user(email, password)
@ -381,25 +371,26 @@ class DiscordManager:
return current_password
@staticmethod
def add_user(email, password, user):
def add_user(email, password):
try:
logger.debug("Adding new user %s to discord with email %s and password of length %s" % (user, email[0:3], len(password)))
server_api = DiscordAPIManager(settings.DISCORD_SERVER_ID, settings.DISCORD_USER_EMAIL, settings.DISCORD_USER_PASSWORD)
user_api = DiscordAPIManager(settings.DISCORD_SERVER_ID, email, password, user=user)
profile = user_api.get_profile()
logger.debug("Adding new user to discord with email %s and password of length %s" % (email[0:3], len(password)))
api = DiscordAPIManager(settings.DISCORD_SERVER_ID, settings.DISCORD_USER_EMAIL, settings.DISCORD_USER_PASSWORD)
profile = DiscordAPIManager.get_user_profile(email, password)
logger.debug("Got profile for user: %s" % profile)
user_id = profile['id']
logger.debug("Determined user id: %s" % user_id)
if server_api.check_if_user_banned(user_id):
if api.check_if_user_banned(user_id):
logger.debug("User is currently banned. Unbanning %s" % user_id)
server_api.unban_user(user_id)
invite_code = server_api.create_invite()['code']
api.unban_user(user_id)
invite_code = api.create_invite()['code']
logger.debug("Generated invite code beginning with %s" % invite_code[0:5])
user_api.accept_invite(invite_code)
token = DiscordAPIManager.get_token_by_user(email, password)
logger.debug("Got auth token for supplied credentials beginning with %s" % token[0:5])
DiscordAPIManager.accept_invite(invite_code, token)
logger.info("Added user to discord server %s with id %s" % (settings.DISCORD_SERVER_ID, user_id))
return user_id
except:
logger.exception("An unhandled exception has occured.")
logger.exception("An unhandled exception has occured.", exc_info=True)
return ""
@staticmethod
@ -412,5 +403,5 @@ class DiscordManager:
logger.info("Deleted user with id %s from discord server id %s" % (user_id, settings.DISCORD_SERVER_ID))
return True
except:
logger.exception("An unhandled exception has occured.")
logger.exception("An unhandled exception has occured.", exc_info=True)
return False