store update_secret as salted sha1 (use crypto code from django), fix bug: we also need to catch NoAnswer, not just NXDOMAIN.

NoAnswer == there is a record, but not of the type (A or AAAA) we requested. NXDOMAIN == there is no record at all.
2013-09-29 00:34:26 +02:00 · 2013-09-29 00:34:26 +02:00 · d558e2ece2
commit d558e2ece2
parent 553e02f243
3 changed files with 16 additions and 5 deletions
--- a/nsupdate/api/views.py
+++ b/nsupdate/api/views.py
@ -5,6 +5,8 @@ logger = logging.getLogger(__name__)

 from django.http import HttpResponse
 from django.conf import settings
+from django.contrib.auth.hashers import check_password
+
 from main.forms import *
 from main.models import Host
 import dns.inet
@ -61,10 +63,16 @@ def check_auth(username, password):
    :param password: update password
    :return: True if authenticated, False otherwise.
    """
-    # in our case username == fqdn
-    hosts = Host.objects.filter(fqdn=username, update_secret=password)
-    assert len(hosts) < 2
-    return bool(hosts)
+    fqdn = username
+    hosts = Host.objects.filter(fqdn=fqdn)
+    num_hosts = len(hosts)
+    if num_hosts == 0:
+        return False
+    if num_hosts > 1:
+        logging.error("fqdn %s has multiple entries" % fqdn)
+        return False
+    password_hash = hosts[0].update_secret
+    return check_password(password, password_hash)


 def Response(content):
--- a/nsupdate/main/dnstools.py
+++ b/nsupdate/main/dnstools.py
@ -27,7 +27,7 @@ def update(fqdn, ipaddr, ttl=60):
        current_ipaddr = query_ns(fqdn, rdtype)
        # check if ip really changed
        ok = ipaddr != current_ipaddr
-    except dns.resolver.NXDOMAIN:
+    except (dns.resolver.NXDOMAIN, dns.resolver.NoAnswer):
        # no dns entry yet, ok
        ok = True
    if ok:
--- a/nsupdate/main/views.py
+++ b/nsupdate/main/views.py
@ -7,6 +7,7 @@ from django.conf import settings
 from django.shortcuts import render, get_object_or_404
 from django.contrib.auth.decorators import login_required
 from django.contrib import messages
+from django.contrib.auth.hashers import make_password
 from django.utils.decorators import method_decorator
 from django.core.urlresolvers import reverse
 import dns.inet
@ -43,6 +44,7 @@ class OverviewView(CreateView):
    def form_valid(self, form):
        self.object = form.save(commit=False)
        self.object.created_by = self.request.user
+        self.object.update_secret = make_password(self.object.update_secret, hasher='sha1')
        self.object.save()
        messages.add_message(self.request, messages.SUCCESS, 'Host added.')
        return HttpResponseRedirect(self.get_success_url())
@ -68,6 +70,7 @@ class HostView(UpdateView):
    def form_valid(self, form):
        self.object = form.save(commit=False)
        self.object.created_by = self.request.user
+        self.object.update_secret = make_password(self.object.update_secret, hasher='sha1')
        self.object.save()
        messages.add_message(self.request, messages.SUCCESS, 'Host updated.')
        return HttpResponseRedirect(self.get_success_url())