Skip to content

Commit

Permalink
misc (#1396)
Browse files Browse the repository at this point in the history 
tiny fixes and improvements that I’d have pushed directly at one time, but requiring every change to main to pass through a PR so diffs can be verified in a clean environment is an important security step
  • Loading branch information
@charmander
charmander authored Mar 4, 2024
2 parents 9e453f1 + 95acc05 commit 1145144
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 23 deletions.
5 changes: 3 additions & 2 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,17 +137,18 @@ services:
if test $$i -ge 8; then
exit 1
fi
if test -n "$$(.venv/bin/alembic -c /run/config/alembic.ini current 2> /dev/null)"; then
if test -n "$$(.venv/bin/alembic current 2> /dev/null)"; then
break
fi
i=$$((i + 1))
printf 'checking if postgres is up in %i seconds...\n' $$i
sleep $$i
done
exec .venv/bin/alembic -c /run/config/alembic.ini upgrade head
exec .venv/bin/alembic upgrade head
environment:
# needed for revision f30dc3b5856a
WEASYL_STORAGE_ROOT: /fakepath
ALEMBIC_CONFIG: /run/config/alembic.ini
volumes:
- config:/run/config:ro
networks:
Expand Down
4 changes: 3 additions & 1 deletion weasyl/character.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -369,7 +369,9 @@ def edit(userid, character, friends_only):
raise WeasylError("characterNameInvalid")
elif not character.rating:
raise WeasylError("Unexpected")
profile.check_user_rating_allowed(userid, character.rating)

if userid == query.userid:
profile.check_user_rating_allowed(userid, character.rating)

if friends_only:
welcome.character_remove(character.charid)
Expand Down
4 changes: 3 additions & 1 deletion weasyl/journal.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,6 @@ def edit(userid, journal, friends_only=False):
raise WeasylError("contentInvalid")
elif not journal.rating:
raise WeasylError("ratingInvalid")
profile.check_user_rating_allowed(userid, journal.rating)

query = d.engine.execute(
"SELECT userid, hidden FROM journal WHERE journalid = %(id)s",
Expand All @@ -279,6 +278,9 @@ def edit(userid, journal, friends_only=False):
elif userid != query[0] and userid not in staff.MODS:
raise WeasylError("InsufficientPermissions")

if userid == query.userid:
profile.check_user_rating_allowed(userid, journal.rating)

if friends_only:
welcome.journal_remove(journal.journalid)

Expand Down
3 changes: 1 addition & 2 deletions weasyl/profile.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -683,16 +683,15 @@ def edit_preferences(userid,
config = config.replace(i, "")
config_str = config + preferences.to_code()
updates['config'] = config_str
d._get_all_config.invalidate(userid)
if jsonb_settings is not None:
# update jsonb preferences
updates['jsonb_settings'] = jsonb_settings.get_raw()
d._get_all_config.invalidate(userid)

d.engine.execute(
t.profile.update().where(t.profile.c.userid == userid),
updates
)
d._get_all_config.invalidate(userid)


def select_manage(userid):
Expand Down
6 changes: 4 additions & 2 deletions weasyl/submission.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -974,13 +974,15 @@ def edit(userid, submission, embedlink=None, friends_only=False, critique=False)
raise WeasylError("embedlinkInvalid")
elif 'google-drive' == query[3]:
embedlink = _normalize_google_docs_embed(embedlink)
profile.check_user_rating_allowed(userid, submission.rating)

if userid == query.userid:
profile.check_user_rating_allowed(userid, submission.rating)

if 'other' == query[3]:
submission.content = "%s\n%s" % (embedlink, submission.content)

if friends_only:
welcome.submission_became_friends_only(submission.submitid, userid)
welcome.submission_became_friends_only(submission.submitid, query.userid)

# TODO(kailys): maintain ORM object
db = d.connect()
Expand Down
23 changes: 8 additions & 15 deletions weasyl/test/login/test_get_account_verification_token.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@

from weasyl import login
from weasyl import define as d
from weasyl.test.utils import Bag


user_name = "test"
Expand All @@ -16,33 +15,27 @@

@pytest.mark.usefixtures('db')
def test_acct_verif_token_returned_if_email_provided_to_function():
form = Bag(username=user_name, password='0123456789',
email=email_addr,
day='12', month='12', year=arrow.utcnow().year - 19)
d.engine.execute(d.meta.tables["logincreate"].insert(), {
"token": token,
"username": form.username,
"login_name": form.username,
"username": user_name,
"login_name": user_name,
"hashpass": login.passhash(raw_password),
"email": form.email,
"email": email_addr,
"birthday": arrow.Arrow(2000, 1, 1),
})
acct_verification_token = login.get_account_verification_token(email=form.email, username=None)
acct_verification_token = login.get_account_verification_token(email=email_addr, username=None)
assert token == acct_verification_token


@pytest.mark.usefixtures('db')
def test_acct_verif_token_returned_if_username_provided_to_function():
form = Bag(username=user_name, password='0123456789',
email=email_addr,
day='12', month='12', year=arrow.utcnow().year - 19)
d.engine.execute(d.meta.tables["logincreate"].insert(), {
"token": token,
"username": form.username,
"login_name": form.username,
"username": user_name,
"login_name": user_name,
"hashpass": login.passhash(raw_password),
"email": form.email,
"email": email_addr,
"birthday": arrow.Arrow(2000, 1, 1),
})
acct_verification_token = login.get_account_verification_token(email=None, username=form.username)
acct_verification_token = login.get_account_verification_token(email=None, username=user_name)
assert token == acct_verification_token

0 comments on commit 1145144

Please sign in to comment.