Compare commits

...

1 Commits

Author SHA1 Message Date
Nyo
7b06f2921e .BANCHO. Add more privileges check through direct privilege value 2016-11-15 19:27:21 +01:00
5 changed files with 22 additions and 11 deletions

1
.gitignore vendored
View File

@ -6,3 +6,4 @@ filters.txt
common_funzia common_funzia
common_refractor common_refractor
common_memato common_memato
redistest.py

2
common

@ -1 +1 @@
Subproject commit 5c4ce6b7c8d03de8c25b379b2ebfb2229982af97 Subproject commit cccd6208170f34ab070a15bbbc0fc768bb3bd4df

View File

@ -11,14 +11,17 @@ def handle(userToken, packetData):
userID = userToken.userID userID = userToken.userID
username = userToken.username username = userToken.username
# Update privileges
userToken.updatePrivileges()
# Make sure we are not banned # Make sure we are not banned
if userUtils.isBanned(userID): if userUtils.isBanned(priv=userToken.privileges):
userToken.enqueue(serverPackets.loginBanned()) userToken.enqueue(serverPackets.loginBanned())
return return
# Send restricted message if needed # Send restricted message if needed
if not userToken.restricted: if not userToken.restricted:
if userUtils.isRestricted(userID): if userUtils.isRestricted(priv=userToken.privileges):
userToken.setRestricted() userToken.setRestricted()
# Change action packet # Change action packet

View File

@ -64,9 +64,9 @@ def handle(tornadoRequest):
# Make sure we are not banned or locked # Make sure we are not banned or locked
priv = userUtils.getPrivileges(userID) priv = userUtils.getPrivileges(userID)
if userUtils.isBanned(userID) == True and priv & privileges.USER_PENDING_VERIFICATION == 0: if userUtils.isBanned(priv=priv) == True and not userUtils.isPending(priv=priv):
raise exceptions.loginBannedException() raise exceptions.loginBannedException()
if userUtils.isLocked(userID) == True and priv & privileges.USER_PENDING_VERIFICATION == 0: if userUtils.isLocked(priv=priv) == True and not userUtils.isPending(priv=priv):
raise exceptions.loginLockedException() raise exceptions.loginLockedException()
# 2FA check # 2FA check
@ -195,6 +195,10 @@ def handle(tornadoRequest):
location = locationHelper.getLocation(requestIP) location = locationHelper.getLocation(requestIP)
countryLetters = locationHelper.getCountry(requestIP) countryLetters = locationHelper.getCountry(requestIP)
country = countryHelper.getCountryID(countryLetters) country = countryHelper.getCountryID(countryLetters)
# Set country in db if user has no country (first bancho login)
if userUtils.getCountry(userID) == "XX":
userUtils.setCountry(userID, countryLetters)
else: else:
# Set location to 0,0 and get country from db # Set location to 0,0 and get country from db
log.warning("Location skipped") log.warning("Location skipped")
@ -206,10 +210,6 @@ def handle(tornadoRequest):
responseToken.setLocation(location) responseToken.setLocation(location)
responseToken.setCountry(country) responseToken.setCountry(country)
# Set country in db if user has no country (first bancho login)
if userUtils.getCountry(userID) == "XX":
userUtils.setCountry(userID, countryLetters)
# Send to everyone our userpanel if we are not restricted or tournament # Send to everyone our userpanel if we are not restricted or tournament
if not responseToken.restricted: if not responseToken.restricted:
glob.streams.broadcast("main", serverPackets.userPanel(userID)) glob.streams.broadcast("main", serverPackets.userPanel(userID))

View File

@ -30,7 +30,7 @@ class token:
self.privileges = userUtils.getPrivileges(self.userID) self.privileges = userUtils.getPrivileges(self.userID)
self.admin = userUtils.isInPrivilegeGroup(self.userID, "developer") or userUtils.isInPrivilegeGroup(self.userID, "community manager") self.admin = userUtils.isInPrivilegeGroup(self.userID, "developer") or userUtils.isInPrivilegeGroup(self.userID, "community manager")
self.irc = irc self.irc = irc
self.restricted = userUtils.isRestricted(self.userID) self.restricted = userUtils.isRestricted(priv=self.privileges)
self.loginTime = int(time.time()) self.loginTime = int(time.time())
self.pingTime = self.loginTime self.pingTime = self.loginTime
self.timeOffset = timeOffset self.timeOffset = timeOffset
@ -441,3 +441,10 @@ class token:
return False return False
self.sentAway.append(userID) self.sentAway.append(userID)
return True return True
def updatePrivileges(self):
"""
Force updating self.privileges from db
:return:
"""
self.privileges = userUtils.getPrivileges(self.userID)