Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Odevzdávací Systém MO
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Model registry
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Martin Mareš
Odevzdávací Systém MO
Merge requests
!86
Registrace
Code
Review changes
Check out branch
Download
Patches
Plain diff
Expand sidebar
Merged
Registrace
mj/registrace
into
devel
Overview
49
Commits
38
Changes
1
Merged
Martin Mareš
requested to merge
mj/registrace
into
devel
4 years ago
Overview
13
Commits
38
Changes
1
Implementace registrace podle
#220 (closed)
.
Edited
3 years ago
by
Martin Mareš
0
0
Merge request reports
Viewing commit
a9d18a30
Show latest version
1 file
+
13
−
8
Inline
Compare changes
Side-by-side
Inline
Show whitespace changes
Show one file at a time
a9d18a30
reg: fixup
· a9d18a30
Martin Mareš
authored
4 years ago
mo/web/auth.py
+
13
−
8
View file @ a9d18a30
Edit in single-file editor
Open in Web IDE
Show full file
@@ -245,13 +245,13 @@ class Reg1:
def
_gen_captcha
(
self
):
rng
=
self
.
_init_rng
()
self
.
x
=
rng
.
randrange
(
1
,
10
)
self
.
y
=
rng
.
randrange
(
1
,
20
)
self
.
y
=
rng
.
randrange
(
1
,
10
)
app
.
logger
.
debug
(
f
'
Reg1: Captcha:
{
self
.
x
}
*
{
self
.
y
}
'
)
def
captcha_task
(
self
)
->
str
:
cisla
=
[
'
nula
'
,
'
jedna
'
,
'
dva
'
,
'
tři
'
,
'
čtyři
'
,
'
pět
'
,
'
šest
'
,
'
sedm
'
,
'
osm
'
,
'
devět
'
,
'
deset
'
,
'
jedenáct
'
,
'
dvanáct
'
,
'
třináct
'
,
'
čtrnáct
'
,
'
patnáct
'
,
'
šestnáct
'
,
'
sedmnáct
'
,
'
osmnáct
'
,
'
devatenáct
'
]
app
.
logger
.
debug
(
f
'
Reg1: Captcha:
{
self
.
x
}
*
{
self
.
y
}
'
)
return
f
'
Napiš číslem, kolik je
{
cisla
[
self
.
x
]
}
krát
{
cisla
[
self
.
y
]
}
.
'
return
f
'
Napište číslem, kolik je
{
cisla
[
self
.
x
]
}
krát
{
cisla
[
self
.
y
]
}
.
'
def
captcha_check_answer
(
self
,
answer
:
str
)
->
bool
:
correct
=
self
.
x
*
self
.
y
@@ -266,6 +266,7 @@ class Reg1:
sess
=
db
.
get_session
()
rr
=
sess
.
query
(
db
.
RegRequest
).
with_for_update
().
filter_by
(
captcha_token
=
self
.
seed
).
one_or_none
()
if
rr
:
self
.
_reset
()
self
.
status
=
RegStatus
.
expired
sess
.
rollback
()
app
.
logger
.
info
(
'
Reg1: Captcha token použit znovu
'
)
@@ -286,22 +287,26 @@ class Reg1:
sess
.
commit
()
return
True
def
process
(
self
,
email
:
str
,
captcha
:
str
):
def
process
(
self
,
email
:
str
,
captcha
:
str
)
->
bool
:
# XXX: Nejdříve zapisujeme registraci do DB, a teprve pak ověřujeme captchu.
# Tímto způsobem je těžší captchu obejít (protože je rate-limitovaná), ale
# zase je snazší páchat DoS útok na celou registraci (protože je rate-limitovaná).
if
not
self
.
create_reg_request
(
email
):
return
return
False
el
if
not
self
.
captcha_check_answer
(
captcha
):
if
not
self
.
captcha_check_answer
(
captcha
):
self
.
_reset
()
self
.
status
=
RegStatus
.
wrong_captcha
return
False
el
if
mo
.
users
.
user_by_email
(
email
):
if
mo
.
users
.
user_by_email
(
email
):
self
.
_reset
()
self
.
status
=
RegStatus
.
already_exists
app
.
logger
.
info
(
f
'
Reg1: Účet s e-mailem
{
email
}
už existuje
'
)
return
False
return
True
class
Reg1Form
(
FlaskForm
):
@@ -435,7 +440,7 @@ class Reg2Form(FlaskForm):
submit
=
wtforms
.
SubmitField
(
'
Vytvořit účet
'
)
def
validate_passwd
(
form
,
field
):
if
not
mo
.
users
.
validate_passwd
(
field
.
data
):
if
not
mo
.
users
.
validate_passw
or
d
(
field
.
data
):
raise
wtforms
.
ValidationError
(
mo
.
users
.
password_help
)
def
validate_passwd2
(
form
,
field
):
Loading