Beispiel #1
0
    def run(self):
        log = Logger('AdminPostHandlerThread')
        request_data = json.loads(self.request.request.body)
        print request_data
        login = LoginDBHelper()
        update_status = False

        final_dict = {}

        admin_detail = login.get_login(self.current_user, update_flag=True)

        if admin_detail is None:
            final_dict['pass'] = False
            final_dict['message'] = "Wrong username password combination"

        else:
            current_password = request_data.get('current_password')
            login_success = verify_password(str(current_password),
                                        d64(admin_detail.get('password')))


            if login_success:
                login_id = admin_detail.get('login_id')
                new_password = request_data.get('new_password')
                temp_passwd = make_verifier(str(new_password))
                new_password_hash = e64(temp_passwd).strip()
                update_status = login.update_login_password(login_id,
                                new_password_hash)

            if update_status:

                final_dict['pass'] = True
                final_dict['message'] = "Password changed successfully"

            else:

                final_dict['pass'] = False
                final_dict['message'] = "Wrong username password combination"

        opJson = json.dumps(final_dict)
        #self.request.add_header('Access-Control-Allow-Origin', '*')
        self.request.set_header ('Content-Type', 'application/json')
        self.request.write(opJson)
        tornado.ioloop.IOLoop.instance().add_callback(self.callback)
Beispiel #2
0
    def run(self):
        # log = Logger('AdminPostHandlerThread')
        request_data = json.loads(self.request.request.body)
        print request_data
        login = LoginDBHelper()
        update_status = False

        final_dict = {}

        admin_detail = login.get_login(self.current_user, update_flag=True)

        if admin_detail is None:
            final_dict['pass'] = False
            final_dict['message'] = "Wrong username password combination"

        else:
            current_password = request_data.get('current_password')
            login_success = verify_password(str(current_password),
                                            d64(admin_detail.get('password')))

            if login_success:
                login_id = admin_detail.get('login_id')
                new_password = request_data.get('new_password')
                temp_passwd = make_verifier(str(new_password))
                new_password_hash = e64(temp_passwd).strip()
                update_status = login.update_login_password(
                    login_id, new_password_hash)

            if update_status:

                final_dict['pass'] = True
                final_dict['message'] = "Password changed successfully"

            else:

                final_dict['pass'] = False
                final_dict['message'] = "Wrong username password combination"

        opJson = json.dumps(final_dict)
        #self.request.add_header('Access-Control-Allow-Origin', '*')
        self.request.set_header('Content-Type', 'application/json')
        self.request.write(opJson)
        tornado.ioloop.IOLoop.instance().add_callback(self.callback)
Beispiel #3
0
    packed = _PARAMS.pack(logN,r,p,len(salt)) + salt + hash
    return packed

def unpack_verifier(verifier):
    logN,r,p,salt_bytes = _PARAMS.unpack_from(verifier)
    i = _PARAMS.size+salt_bytes
    salt = verifier[_PARAMS.size:i]
    hash = verifier[i:]
    return logN,r,p,salt,hash

def make_verifier( password, logN=14, r=8, p=1, salt_bytes=16,hash_bytes=16):
    salt = random(salt_bytes)
    hash = scrypt.hash(password,salt,1<<logN,r,p,hash_bytes)
    return pack_verifier(logN,r,p,salt,hash)

def verify_password( password, verifier ):
    logN,r,p,salt,hash = unpack_verifier(verifier)
    newhash = scrypt.hash(password,salt,1<<logN,r,p,len(hash))
    return consteq(newhash,hash)


if __name__=="__main__":
    v = make_verifier( "password" )
    # print(verify_password( "password", v))
    # print(verify_password( "Password", v))

    ev = e64(v).strip()
    print(ev)
    # # store ev in database
    # print( verify_password("password",d64(ev)))
Beispiel #4
0
def unpack_verifier(verifier):
    logN, r, p, salt_bytes = _PARAMS.unpack_from(verifier)
    i = _PARAMS.size + salt_bytes
    salt = verifier[_PARAMS.size:i]
    hash = verifier[i:]
    return logN, r, p, salt, hash


def make_verifier(password, logN=14, r=8, p=1, salt_bytes=16, hash_bytes=16):
    salt = random(salt_bytes)
    hash_value = scrypt.hash(password, salt, 1 << logN, r, p, hash_bytes)
    return pack_verifier(logN, r, p, salt, hash_value)


def verify_password(password, verifier):
    logN, r, p, salt, hash_value = unpack_verifier(verifier)
    newhash = scrypt.hash(password, salt, 1 << logN, r, p, len(hash_value))
    return consteq(newhash, hash_value)


if __name__ == "__main__":
    v = make_verifier(args.password)
    ev = e64(v).strip()

    # if not(verify_password(args.password, d64(args.hash))):
    #     print("Password not verified!!\n")
    #     sys.exit(1)

    print(ev)
Beispiel #5
0
    def run(self):
        log = Logger('RegisterWorkerThread')
        TAG = 'run'
        print 'RegisterWorkerThread'
        final_dict = {}

        company = CompanyDBHelper()
        admin = LoginDBHelper()

        request_data = json.loads(self.request.request.body)

        company_name = request_data.get('company_name')
        company_email = request_data.get('company_email')
        company_address = request_data.get('company_address')
        company_contact = request_data.get('company_contact')
        admin_name = request_data.get('admin_name')
        admin_email = request_data.get('admin_email')
        admin_password = request_data.get('admin_password')

        company_id, duplicate_company = company.add_company(
                {'name': company_name, 'email': company_email,
                 'contact': company_contact, 'address': company_address})

        # if company_id and duplicate_company:
        #     ## Send mail to admin registered for this company
        #     pass

        if company_id:

            temp_hash = make_verifier(str(admin_password))
            final_hash = e64(temp_hash).strip()
            pass_id = admin.set_login_password(final_hash)

            if pass_id:
                admin_id, duplicate_admin = admin.add_admin(
                    {'email':admin_email, 'name': admin_name,
                    'login_id': pass_id, 'company_id':company_id})

                if admin_id and duplicate_admin:
                    ## Admin already registered, set pass false
                    final_dict['admin'] = True
                    final_dict['pass'] = False


                elif admin_id and not duplicate_admin:
                    final_dict['pass'] = True
                    final_dict['admin'] = False

                    ## send verification mail to this admin
                    admin_signup(admin_id, company_id, admin_email,
                                          company_email)
                else:
                    final_dict['pass'] = False
                    final_dict['admin'] = False

            else:
                final_dict['pass'] = False
                final_dict['admin'] = False
        else:
            final_dict['pass'] = False
            final_dict['admin'] = False

        self.request.write(json.dumps(final_dict))
        tornado.ioloop.IOLoop.instance().add_callback(self.callback)
Beispiel #6
0
    """
    if type(password) is unicode:
        password = password.encode("utf-8")

    whichkdf = byte(password[0])>>5

    kdf = KDFS.get(whichkdf)
    if kdf is None:
        raise RuntimeError("unsupported algorithm")

    return kdf(password,salt,dklen)


if __name__=="__main__":
    from binascii import b2a_base64 as e64
    import time
    
    from getpass import getpass
    try:
        while True:
            pw = getpass("please enter a password:"******"NaCl",32)
            elapsed = time.clock()-start
            print("{0:0.3f} seconds {1}".format(elapsed,e64(dkey)))
    except KeyboardInterrupt:
        print("goodbye")

Beispiel #7
0
    def run(self):
        # log = Logger('RegisterWorkerThread')
        # TAG = 'run'
        print 'RegisterWorkerThread'
        final_dict = {}

        company = CompanyDBHelper()
        admin = LoginDBHelper()

        request_data = json.loads(self.request.request.body)

        company_name = request_data.get('company_name')
        company_email = request_data.get('company_email')
        company_address = request_data.get('company_address')
        company_contact = request_data.get('company_contact')
        admin_name = request_data.get('admin_name')
        admin_email = request_data.get('admin_email')
        admin_password = request_data.get('admin_password')

        company_id, duplicate_company = company.add_company({
            'name':
            company_name,
            'email':
            company_email,
            'contact':
            company_contact,
            'address':
            company_address
        })

        # if company_id and duplicate_company:
        # Send mail to admin registered for this company
        #     pass

        if company_id:

            temp_hash = make_verifier(str(admin_password))
            final_hash = e64(temp_hash).strip()
            pass_id = admin.set_login_password(final_hash)

            if pass_id:
                admin_id, duplicate_admin = admin.add_admin({
                    'email':
                    admin_email,
                    'name':
                    admin_name,
                    'login_id':
                    pass_id,
                    'company_id':
                    company_id
                })

                if admin_id and duplicate_admin:
                    # Admin already registered, set pass false
                    final_dict['admin'] = True
                    final_dict['pass'] = False

                elif admin_id and not duplicate_admin:
                    final_dict['pass'] = True
                    final_dict['admin'] = False

                    # send verification mail to this admin
                    admin_signup(admin_id, company_id, admin_email,
                                 company_email)
                else:
                    final_dict['pass'] = False
                    final_dict['admin'] = False

            else:
                final_dict['pass'] = False
                final_dict['admin'] = False
        else:
            final_dict['pass'] = False
            final_dict['admin'] = False

        self.request.write(json.dumps(final_dict))
        tornado.ioloop.IOLoop.instance().add_callback(self.callback)