SessionRefCipher: atomically revoke IDs using RevokedToken model.

author: Michał Górny <mgorny@gentoo.org> 2013-08-21 00:53:36 +0200
committer: Michał Górny <mgorny@gentoo.org> 2013-08-21 00:53:36 +0200
commit: 231474b883ca747b603e97324eba1ba83726ceee (patch)
tree: ad74a2e6939fc09965857505af7b3c31deee0791 /okupy/common
parent: Move RevokedToken to common and make it more universal. (diff)
download: identity.gentoo.org-231474b883ca747b603e97324eba1ba83726ceee.tar.gz
identity.gentoo.org-231474b883ca747b603e97324eba1ba83726ceee.tar.bz2
identity.gentoo.org-231474b883ca747b603e97324eba1ba83726ceee.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/okupy/common/crypto.py b/okupy/common/crypto.py
index e019ecb..0860359 100644
--- a/okupy/common/crypto.py
+++ b/okupy/common/crypto.py
@@ -130,10 +130,14 @@ class SessionRefCipher(object):
             session_id = session_id[self.random_prefix_bytes:]
             session = SessionStore(session_key=session_id)
             if session.get('encrypted_id') == eid:
+                # circular import
+                from .models import RevokedToken
+
                 # revoke to prevent replay attacks
-                del session['encrypted_id']
-                session.save()
-                return session
+                if RevokedToken.add(eid):
+                    del session['encrypted_id']
+                    session.save()
+                    return session
         raise ValueError('Invalid session id')
author	Michał Górny <mgorny@gentoo.org>	2013-08-21 00:53:36 +0200
committer	Michał Górny <mgorny@gentoo.org>	2013-08-21 00:53:36 +0200
commit	231474b883ca747b603e97324eba1ba83726ceee (patch)
tree	ad74a2e6939fc09965857505af7b3c31deee0791 /okupy/common
parent	Move RevokedToken to common and make it more universal. (diff)
download	identity.gentoo.org-231474b883ca747b603e97324eba1ba83726ceee.tar.gz identity.gentoo.org-231474b883ca747b603e97324eba1ba83726ceee.tar.bz2 identity.gentoo.org-231474b883ca747b603e97324eba1ba83726ceee.zip