Beispiel #1
0
class User:
	"""
	class defining a user
	"""

	AUTH_AT = 10
	MINS_BAN = 1

	def __init__(self, login="", pwd=""):
		self.login = login
		self.pwd = pwd
		self.salt = ""
		self.dbUser = DbUser()
		self.fAttempts = 0

		if(login != ""):
			if(self.userExists(login)):
				uInfo = self.dbUser.getUserInfo(login)
				#retrieve only perssistent info
				self.login = uInfo["login"]
				self.pwd = uInfo["salted_pwd"]#salty password
				self.salt = uInfo["salt"]
				self.fAttempts = uInfo["attempts"]
	

	
	def userExists(self, login):
		"""
		checks if a user exists (see also db_user.py)
		"""
		return self.dbUser.userInDb(self.login)
	
	

	def loginUser(self, givenPwd="", token=""):
		"""
		login the user (checks credentials)
		TODO check if user exists
		"""

		if givenPwd != "":
			if self.hashSaltPwd(givenPwd, self.salt) == self.pwd:
				self.clearFailedAttempts(self.login)
				self.unBanUser()
				return True
			
			self.addFailedAttempt(self.login)
			return False

		if token != "":
			uToken = self.dbUser.getToken(self.login)["token"]
			return token == uToken

		return False

	
	def createUser(self, login, pwd):
		"""
		creates a non existing user
		"""
		print("creating user")
		if not self.userExists(login):
			salt = self.generateSalt()
			spwd = self.hashSaltPwd(pwd, salt)
			token = self.generateToken()
			self.dbUser.insertUser(login, spwd, salt , token)

			self.login = login
			self.pwd = spwd
			self.salt = salt
	


	def generateSalt(self):
		"""
		generates and returns a unique salt (different at each call)
		"""
		return str(uuid.uuid4().hex)
		


	def generateToken(self):
		"""
		generates and returns a unique token 
		"""
		return uuid.uuid4().hex
	
	
	def updateToken(self):
		"""
		fully updates the users token
		"""
		if self.userExists(self.login):
			#calls to db
			self.dbUser.changeToken(self.generateToken(), self.login)
			self.dbUser.updateTokenValidity(int(time.time()), self.login)
			return self.dbUser.getToken(self.login)["token"]
		
		return False
		



	def hashSaltPwd(self, pwd, salt):
		"""
		salts and hashes a password
		"""
		spwd = pwd + salt
		return hashlib.sha512(spwd).hexdigest()
		


	def addFailedAttempt(self, login):
		self.dbUser.updateFailedAttempts(self.fAttempts + 1, login)
		self.fAttempts = self.dbUser.getFailedAttemps(login)



	def clearFailedAttempts(self, login):
		self.dbUser.updateFailedAttempts(0, login)



	def shouldBeBanned(self):
		if self.userExists(self.login):
			attempts = self.dbUser.getAttempts(self.login)["attempts"]
			if attempts > User.AUTH_AT:
				return True
		return False

	def shouldBeUnBanned(self):
		User.MINS_BAN = 2
		tenMin =  minsForBan * 60 * 1000
		banTime = self.dbUser.getBanDate(self.login)

		if banTime > tenMin:
			self.unBanUser()

	def banUser(self):
		self.dbUser.updateBanDate(self.login, int(time.time()))

	def isUserBanned(self):
		if self.dbUser.getBanDate(self.login)["ban_date"] is None:
			return False

		banTime = self.dbUser.getBanDate(self.login)["ban_date"]
		tenMin =  User.MINS_BAN * 60
		currTime = int(time.time())
		if (currTime - banTime) >= tenMin:
			return False

		return True

	def getBanDate(self):
		return self.dbUser.getBanDate(self.login)["ban_date"]


	def getBanTime(self):
		t0 = self.dbUser.getBanDate(self.login)["ban_date"]
		tn = time.time()
		secsBan = User.MINS_BAN * 60
		return (int)(secsBan - (tn - t0))

	def unBanUser(self):
		self.dbUser.updateBanDate(self.login, None)

	def getUserId(self):
		return self.dbUser.getId(self.login)["id"]


	def getUserPoll(self, pollId, formated=True):
		p = Poll(pollId)

		if formated:
			return p.formated()

		return p

	def getUserPollAnswers(self, pollId):
		p = Poll(pollId)
		return p.getResults()

		


	def hasAnsweredPoll(self, pollId):
		p = Poll(pollId)

		if p.pollExists(pollId):
			return not p.hasUserAnswer(self.getUserId())

		return False


	def getUserPolls(self):
		return Poll.getPollList()


	def getUnansweredUserPolls(self):
		return list(Poll.getUnansweredPollList(self.getUserId()))


	def getAnsweredUserPolls(self):
		return list(Poll.getAnsweredPollList(self.getUserId()))


	def answerUserPoll(self, pollId, answerId):
		p = Poll(pollId)
		if p.pollExists(pollId):
			p.answer(self.getUserId(), answerId)

	def __str__(self):
		return self.login + " - " + self.pwd + " - " + self.salt