diff options
| author | xray7224 <xray7224@googlemail.com> | 2013-07-14 16:24:04 +0100 |
|---|---|---|
| committer | xray7224 <xray7224@googlemail.com> | 2013-07-14 16:24:04 +0100 |
| commit | cfe7054c13880657fdcb95068a734554ff847cea (patch) | |
| tree | 88c6be2332cff83b929d0cb14611b66dffdfb9a0 /mediagoblin/db/models.py | |
| parent | e49263564b0ee8859c43e2716fcedab6e80bf164 (diff) | |
| download | mediagoblin-cfe7054c13880657fdcb95068a734554ff847cea.tar.lz mediagoblin-cfe7054c13880657fdcb95068a734554ff847cea.tar.xz mediagoblin-cfe7054c13880657fdcb95068a734554ff847cea.zip | |
Using nonce now, preventing OAuth replay attacks
Diffstat (limited to 'mediagoblin/db/models.py')
| -rw-r--r-- | mediagoblin/db/models.py | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py index b6ae533e..74dea44e 100644 --- a/mediagoblin/db/models.py +++ b/mediagoblin/db/models.py @@ -161,6 +161,16 @@ class AccessToken(Base): updated = Column(DateTime, nullable=False, default=datetime.datetime.now) +class NonceTimestamp(Base): + """ + A place the timestamp and nonce can be stored - this is for OAuth1 + """ + __tablename__ = "core__nonce_timestamps" + + nonce = Column(Unicode, nullable=False, primary_key=True) + timestamp = Column(DateTime, nullable=False, primary_key=True) + + class MediaEntry(Base, MediaEntryMixin): """ TODO: Consider fetching the media_files using join @@ -636,8 +646,8 @@ with_polymorphic( [ProcessingNotification, CommentNotification]) MODELS = [ - User, Client, RequestToken, AccessToken, MediaEntry, Tag, MediaTag, - MediaComment, Collection, CollectionItem, MediaFile, FileKeynames, + User, Client, RequestToken, AccessToken, NonceTimestamp, MediaEntry, Tag, + MediaTag, MediaComment, Collection, CollectionItem, MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData, Notification, CommentNotification, ProcessingNotification, CommentSubscription] |