Refactor handling of working directory for SourceCodeEventHandler

src/event_handlers/source_code_server/login_component.py

@@ -0,0 +1,27 @@
+import sqlite3
+
+
+def get_db():
+    return sqlite3.connect('users.db')
+
+
+def authorize_login(email, password):
+    """
+    This method checks if a user is authorized and has admin privileges.
+    :param email: The email address of the user.
+    :param password: The password of the user.
+    :return: A tuple, the first element is the email address if the user exists,
+    and None if they don't; the second element is a boolean, which is True if
+    the user has admin privileges.
+    """
+    conn = get_db()
+    sql_statement = '''SELECT email, is_admin FROM users
+                       WHERE email="{}" AND password="{}"'''
+    # The problem with this approach is that it substitutes any value received
+    # from the user, even if it is a valid SQL statement!
+    result = conn.execute(sql_statement.format(email, password)).fetchone()
+    if result is None:
+        return None, False
+    else:
+        email, is_admin = result
+        return email, is_admin == 1

src/event_handlers/source_code_server/server.py

@@ -1,9 +1,10 @@
-import json
-
+import json, sys
 from tornado.ioloop import IOLoop
 from tornado.web import RequestHandler, Application
 
-from tfw.config import LOGIN_APP_PORT
+from tfw.config import LOGIN_APP_PORT, WEBIDE_WD
+
+sys.path.append(WEBIDE_WD)
 from login_component import authorize_login