Accounts should now support requiring moderator approval. Also dropped pydantic dep.

backends/file.py

@@ -15,7 +15,7 @@ def _load(name,pos,file,obj):
 	for line in linegen(file):
 		split=line.split(',')
 		if split[pos]==name: return obj(*split)
-	raise Exception('No such',obj.__name__,'with identifier',name)
+	return None
 def _load_multi(name,pos,file,obj):
 	out=[]
 	for line in linegen(file):
@@ -46,53 +46,56 @@ def load_token(tokeid):
 def load_tokens(user):
 	return _load_multi(user.username,1,access_tokens,models.AccessToken)
 def save_token(token):
-	return _save(token,0,access_tokens,token.value)
+	return _save(token,0,access_tokens,str(token))
 def delete_token(token):
-	return _delete(token,0,access_tokens,token.value)
+	return _delete(token,0,access_tokens,str(token))
 
 def load_invite(tokeid):
 	return _load(tokeid,0,invite_tokens,models.InviteToken)
 def load_invites(user):
 	return _load_multi(user.username,1,invite_tokens,models.InviteToken)
 def save_invite(token):
-	return _save(token,0,invite_tokens,token.value)
+	return _save(token,0,invite_tokens,str(token))
 def delete_invite(token):
-	return _delete(token,0,invite_tokens,token.value)
+	return _delete(token,0,invite_tokens,str(token))
 
 def linegen(path):
 	i=0
 	file=open(path)
-	line=file.readline()
+	line=_rl(file)
 	while line:
 		i+=1
 		response=yield line
 		if response is not None: yield i
-		line=file.readline()
+		line=_rl(file)
 	file.close()
 
 def update(path,lines):
 	def _action(file,i,line):
 		if i in lines: file.write(lines[i]+'\n')
-		else: file.write(line)
+		else: file.write(line+'\n')
 	def _post(file):
 		if -1 in lines: file.write(lines[-1]+'\n')
 	writefile(path,_action,_post)
 
 def remove(path,lines):
 	def _action(file,i,line):
-		if i not in lines: file.write(line)
+		if i not in lines: file.write(line+'\n')
 	writefile(path,_action)
 
 def writefile(path,action,post=None):
 	i=0
 	file=open(path)
 	write=open(f'{path}.tmp','w')
-	line=file.readline()
+	line=_rl(file)
 	while line:
 		i+=1
 		action(write,i,line)
-		line=file.readline()
+		line=_rl(file)
 	if post is not None: post(write)
 	file.close()
 	write.close()
-	rename(f'{path}.tmp',path)
+	rename(f'{path}.tmp',path)
+
+def _rl(file):
+	return file.readline().rstrip('\n') # Maybe sometimes there won't be one.

config.py

@@ -2,4 +2,4 @@ import os
 import json
 file=os.environ.get('AUTH_CONFIG_FILE')
 if not file: raise Exception('AUTH_CONFIG_FILE not set. (It should point to a json file.) Exiting.')
-config=json.load(open(file))
+config=json.load(open(file))

main.py

@@ -1,10 +0,0 @@
-from importlib import import_module
-from . import utils, models
-from .config import config
-
-globals()['backend']=import_module('.backends.'+config['backend']['type'],'auth')
-backend.config=config['backend']['options']
-backend.utils=utils
-backend.models=models
-models.backend=backend
-backend.init()

models.py

@@ -1,19 +1,15 @@
 from dataclasses import dataclass
 from datetime import datetime
-from hashlib import shake_256
+from enum import Enum
 import uuid
 
-def phash(pw,salt=None):
-	if salt is None: salt=uuid.uuid4()
-	return shake_256(f'{pw}{salt}'.encode('utf-8')).hexdigest(256),salt
-
 class AbstractUser():
 	pass # It fixes circular dep on user.invited_by
 	# And on User.register (InviteToken)
 
 @dataclass
 class Token():
-	value: str
+	value: uuid.UUID
 	owner: AbstractUser
 	def __init__(self,value,owner=None):
 		if owner is None:
@@ -24,14 +20,22 @@ class Token():
 		self.owner=owner
 	def revoke(self):
 		backend.delete_token(self)
+	@property
+	def serialise(self):
+		return ','.join(map(str,[self,self.owner]))
+	def __str__(self): return str(self.value)
 
 @dataclass
 class InviteToken(Token):
 	_uses: int=0
 	_max_uses: int=-1
-	_expires: datetime=None
-	def __init__(self,*args,**kwargs):
-		return super().__init__(*args,**kwargs)
+	expires: datetime|None=None
+	def __init__(self,value,owner,uses:int,maxuses:int,expiry:datetime|None):
+		uses=int(uses); maxuses=int(maxuses);
+		if expiry!='None': expiry=datetime(expiry)
+		else: expiry=None
+		self.uses,self.max_uses,self.expires=uses,maxuses,expiry
+		return super().__init__(value,owner)
 	@property
 	def uses(self): return self._uses
 	@uses.setter
@@ -44,6 +48,9 @@ class InviteToken(Token):
 	def max_uses(self,val):
 		if -1<val<=self.uses: self.revoke()
 		self._max_uses=val
+	@property
+	def serialise(self):
+		return super().serialise+','+','.join(map(str,[self.uses,self.max_uses,self.expires]))
 
 @dataclass
 class AccessToken(Token):
@@ -55,31 +62,59 @@ class User(AbstractUser):
 	username: str
 	password_hash: str
 	salt: str
-	invited_by: AbstractUser=None # Root node will just reference itself
+	_invited_by: AbstractUser|str # Root node will just reference itself
 	email: str=''
+	state: str='pending'
+	def _load_invite(self):
+		if self._invited_by==self.username: return self # Sanity-check to prevent infinite recursion.
+		return backend.load_user(self._invited_by)
+	@property
+	def invited_by(self):
+		if isinstance(self._invited_by,str):
+			self._invited_by=self._load_invite()
+		return self._invited_by
 	@property
 	def serialise(self):
-		return ','.join([self.username,self.password_hash,str(self.salt),self.invited_by.username,self.email])
+		upstream=self.invited_by
+		upstream=upstream.username if upstream else 'None'
+		return ','.join([self.username,self.password_hash,str(self.salt),upstream,self.email or '',self.state])
 	def create_inv_token(self,*args,**kwargs):
+		"""	All arguments are passed directly to InviteToken's constructor, with self added at the beginning	"""
 		tok=InviteToken(self,*args,**kwargs)
-		backend.save_token(tok)
+		backend.save_invite(tok)
 		return tok
-	def change_password(self,old_pw:str|None,new_pw:str): pass
+	def auth(self,pw):
+		return utils.phash(pw,self.salt)[0]==self.password_hash
+	def change_password(self,old_pw:str|None,new_pw:str):
+		if self.auth(old_pw):
+			self.password_hash,self.salt=utils.phash(new_pw)
+			self.save()
 	def save(self):
 		backend.save_user(self)
+	def __str__(self): return self.username
 	
 	@classmethod
 	def login(cls,username:str,password:str):
 		u=backend.load_user(username)
 		if u is None: raise Exception("User doesn't exist")
-		if phash(password,u.salt)[0]==u.password_hash: return AccessToken(u)
+		if u.auth(password):
+			a=AccessToken(u)
+			backend.save_token(a)
+			return a
 		raise Exception("Incorrect password")
 	@classmethod
-	def register(cls,username:str,password:str,invite:InviteToken,email:str|None):
+	def register(cls,username:str,password:str,invite:InviteToken=None,email:str=''):
 		if set([chr(n) for n in range(32)]+[','])&set(username): raise Exception('Invalid username')
 		u=backend.load_user(username)
 		if u is not None: raise Exception("User already exists")
-		u=User(username,*phash(password),invite.owner,email)
+		if invite:
+			owner=invite.owner
+		else:
+			owner=None
+		u=User(username,*utils.phash(password),owner,email)
+		if invite:
+			user.state='approved' # Invited users don't need approval
+			invite.uses+=1
+			backend.save_invite(invite)
 		u.save()
-		invite.uses+=1
-		return u
+		return u

utils.py

@@ -0,0 +1,6 @@
+from hashlib import shake_256
+import uuid
+
+def phash(pw,salt=None):
+	if salt is None: salt=uuid.uuid4()
+	return shake_256(f'{pw}{salt}'.encode('utf-8')).hexdigest(256),salt