Skip to content

Commit

Permalink
Fixed issue #2: information leakage in admin panel
Browse files Browse the repository at this point in the history
  • Loading branch information
anx-ckreuzberger committed Aug 27, 2018
1 parent c5ef98f commit 7e11ed6
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 3 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ If your project uses an older verison of Django or Django Rest Framework, you ca

| This Project | Python Version | Django Version | Django Rest Framework |
|--------------|----------------|----------------|-----------------------|
| 1.3 | 2.7, 3.4+ | 1.11, 2.0+ | 3.6, 3.7, 3.8 |
| 1.3.* | 2.7, 3.4+ | 1.11, 2.0+ | 3.6, 3.7, 3.8 |
| 1.2.* | 2.7, 3.4+ | 1.8, 1.11, 2.0+| 3.6, 3.7, 3.8 |


Expand Down
47 changes: 47 additions & 0 deletions django_rest_multitokenauth/migrations/0003_pk_migration.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# -*- coding: utf-8 -*-
from __future__ import unicode_literals

from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion


def populate_auto_incrementing_pk_field(apps, schema_editor):
MultiToken = apps.get_model('django_rest_multitokenauth', 'MultiToken')

# Generate values for the new id column
for i, o in enumerate(MultiToken.objects.all()):
o.id = i + 1
o.save()


class Migration(migrations.Migration):

dependencies = [
('django_rest_multitokenauth', '0002_rename_ip_address_20160426',),
]

operations = [
migrations.AddField(
model_name='multitoken',
name='id',
field=models.IntegerField(null=True),
preserve_default=True,
),
migrations.RunPython(
populate_auto_incrementing_pk_field,
migrations.RunPython.noop
),
# add primary key information to id field
migrations.AlterField(
model_name='multitoken',
name='id',
field=models.AutoField(primary_key=True, serialize=False)
),
# remove primary key information from 'key' field
migrations.AlterField(
model_name='multitoken',
name='key',
field=models.CharField(db_index=True, max_length=64, unique=True, verbose_name='Key'),
),
]
8 changes: 7 additions & 1 deletion django_rest_multitokenauth/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,16 @@ class MultiToken(models.Model):
"""
The multi token model with user agent and IP address.
"""

id = models.AutoField(
primary_key=True
)

key = models.CharField(
_("Key"),
max_length=64,
primary_key=True
db_index=True,
unique=True
)
user = models.ForeignKey(
AUTH_USER_MODEL,
Expand Down
2 changes: 1 addition & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

setup(
name='django-rest-multitokenauth',
version='1.3',
version='1.3.1',
packages=find_packages(),
include_package_data=True,
license='BSD License',
Expand Down

0 comments on commit 7e11ed6

Please sign in to comment.