def confirm(theform, userdir, thisscript): """Confirm a login. Either from an invite or from a user who has registered.""" from dataenc import pass_dec, pass_enc from login import encodestring fail = False try: theval, daynumber, timestamp = pass_dec(theform['id'].value) except: # FIXME: bare except.... newloginfail() tempstore = ConfigObj(userdir + 'temp.ini') if not tempstore.has_key(theval): newloginfail() uservals = tempstore[theval] del tempstore[theval] username = uservals['username'] if username in tempstore['pending']: tempstore['pending'].remove(username) tempstore.write() # newconfig = ConfigObj(userdir + 'default.ini') newpath = userdir + username + '.ini' if os.path.isfile(newpath): newloginfail() newconfig.filename = newpath # FIXME: should this be '' ? action = None for entry in uservals: if entry == 'action': action = uservals[entry] elif entry == 'password': password = uservals[entry] newconfig[entry] = pass_enc(password, timestamp=True, daynumber=True) else: newconfig[entry] = uservals[entry] newconfig.write() # # next we need to create the cookie header to return it from Cookie import SimpleCookie thecookie = SimpleCookie() thecookie['userid'] = encodestring(newconfig['username'], password) config = ConfigObj(userdir + 'config.ini') maxage = newconfig['max-age'] cookiepath = config['cookiepath'] if maxage and int(maxage): # possible cause of error here if the maxage value in a users file isn't an integer !! thecookie['userid']['max-age'] = int(maxage) if cookiepath: thecookie['userid']['path'] = cookiepath if config['adminmail']: msg = 'A new user has created a login - "%s".\n\n' % thisscript for entry in newconfig: if entry != 'password': msg += entry + ' : ' + newconfig[entry] + '\n' # FIXME: should be mailme sendmailme(config['adminmail'], msg, config['email_subject'], config['adminmail'], html=False) return action, newconfig, thecookie.output()
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie): """Process the results from edit account form submissions.""" from dataenc import pass_enc, pass_dec loginaction = theform['login'].value if not loginaction == 'doeditaccountnojs': # only type of newlogin supported so far sys.exit() allentries = theform.keys() vallist = allentries + [ entry for entry in edacckeys if entry not in allentries ] formdict = getform(vallist, theform, nolist=True) # oldpass = formdict['pass0'] storedpass = pass_dec(userconfig['password'])[0] pass1 = formdict['pass1'] pass2 = formdict['pass2'] # email = validateemail(formdict) oldemail = userconfig['email'] if not email: msg = 'The email address you supplied appears to be invalid.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if email != oldemail and (not oldpass or oldpass != storedpass): msg = 'You must correctly enter your password to change your email address.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['email'] = email if not formdict['realname']: msg = 'You need to enter a name for us to use.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['realname'] = formdict['realname'] if pass1 or pass2: if pass1 != pass2: msg = "The two passwords don't match." display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if len(pass1) < 5: msg = "The password must be longer than 5 characters." display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if not oldpass or oldpass != storedpass: msg = 'You must correctly enter your current password to change it.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['password'] = pass_enc(pass1, daynumber=True, timestamp=True) newcookie = makecookie(userconfig, pass1, ConfigObj(userdir + 'config.ini')['cookiepath']) for entry in formdict: if entry not in edacckeys: userconfig[entry] = formdict[entry] userconfig.write() return action, userconfig, newcookie # XXXXX display values changed page
def decodestring(cookiestring, userdir): """Given a username/password encoded into a string - decode it and check it's validity. It checks the username against the one stored in the user file.. """ # try decoding the string, if it's badly formed then it may raise an excpetion - in which case we just return False try: instring, daynumber, timestamp = pass_dec(cookiestring) except: return False # check it's not a really old (or copied) cookie if not unexpired(daynumber, timestamp, AGETEST): return False # we've extracted the timestamped string from the cookie string. # Let's pull out the username and password hash try: username, passhash, ranstring = instring.split('||') except ValueError: return False if not len(ranstring) == 10: return False # Now we need to check it's a valid username and check the password if username in RESERVEDNAMES or not os.path.isfile(userdir+username+'.ini'): return False user = ConfigObj(userdir+username+'.ini') stampedpass = user['password'] maxage = user['max-age'] cookiepath = ConfigObj(userdir+'config.ini')['cookiepath'] # the password is time stamped - so we need to decode it try: password, daynumber, timestamp = pass_dec(stampedpass) except: return False thishash = hashlib.sha1(password+ranstring).hexdigest() if thishash != passhash: return False return user, password, cookiepath
def decodestring(cookiestring, userdir): """Given a username/password encoded into a string - decode it and check it's validity. It checks the username against the one stored in the user file.. """ # try decoding the string, if it's badly formed then it may raise an excpetion - in which case we just return False try: instring, daynumber, timestamp = pass_dec(cookiestring) except: return False # check it's not a really old (or copied) cookie if not unexpired(daynumber, timestamp, AGETEST): return False # we've extracted the timestamped string from the cookie string. # Let's pull out the username and password hash try: username, passhash, ranstring = instring.split("||") except ValueError: return False if not len(ranstring) == 10: return False # Now we need to check it's a valid username and check the password if username in RESERVEDNAMES or not os.path.isfile(userdir + username + ".ini"): return False user = ConfigObj(userdir + username + ".ini") stampedpass = user["password"] maxage = user["max-age"] cookiepath = ConfigObj(userdir + "config.ini")["cookiepath"] # the password is time stamped - so we need to decode it try: password, daynumber, timestamp = pass_dec(stampedpass) except: return False thishash = hashlib.sha1(password + ranstring).hexdigest() if thishash != passhash: return False return user, password, cookiepath
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie): """Process the results from edit account form submissions.""" from dataenc import pass_enc, pass_dec loginaction = theform['login'].value if not loginaction == 'doeditaccountnojs': # only type of newlogin supported so far sys.exit() allentries = theform.keys() vallist = allentries + [entry for entry in edacckeys if entry not in allentries] formdict = getform(vallist, theform, nolist=True) # oldpass = formdict['pass0'] storedpass = pass_dec(userconfig['password'])[0] pass1 = formdict['pass1'] pass2 = formdict['pass2'] # email = validateemail(formdict) oldemail = userconfig['email'] if not email: msg = 'The email address you supplied appears to be invalid.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if email != oldemail and (not oldpass or oldpass != storedpass): msg = 'You must correctly enter your password to change your email address.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['email'] = email if not formdict['realname']: msg = 'You need to enter a name for us to use.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['realname'] = formdict['realname'] if pass1 or pass2: if pass1 != pass2: msg = "The two passwords don't match." display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if len(pass1) < 5: msg = "The password must be longer than 5 characters." display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if not oldpass or oldpass != storedpass: msg = 'You must correctly enter your current password to change it.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['password'] = pass_enc(pass1, daynumber=True, timestamp=True) newcookie = makecookie(userconfig, pass1, ConfigObj(userdir+'config.ini')['cookiepath']) for entry in formdict: if entry not in edacckeys: userconfig[entry] = formdict[entry] userconfig.write() return action, userconfig, newcookie # XXXXX display values changed page
def checkpass(username, password, userdir, thisscript, action): """Check the password from a new login.""" # XXXX log failed login attempts if username in RESERVEDNAMES: return False if not os.path.isfile(userdir+username+'.ini'): return False user = ConfigObj(userdir+username+'.ini') stampedpass = user['password'] cookiepath = ConfigObj(userdir+'config.ini')['cookiepath'] # we need to un-time stamp the password realpass, daynumber, timestamp = pass_dec(stampedpass) if realpass != password: return False #open('xxxtest.txt', 'w').write(str(user)) # if we've got this far then the login was successful and we need to return a cookie thecookie = makecookie(user, password, cookiepath) return action, user, thecookie
def checkpass(username, password, userdir, thisscript, action): """Check the password from a new login.""" # XXXX log failed login attempts if username in RESERVEDNAMES: return False if not os.path.isfile(userdir + username + ".ini"): return False user = ConfigObj(userdir + username + ".ini") stampedpass = user["password"] cookiepath = ConfigObj(userdir + "config.ini")["cookiepath"] # we need to un-time stamp the password realpass, daynumber, timestamp = pass_dec(stampedpass) if realpass != password: return False # open('xxxtest.txt', 'w').write(str(user)) # if we've got this far then the login was successful and we need to return a cookie thecookie = makecookie(user, password, cookiepath) return action, user, thecookie
def confirm(theform, userdir, thisscript): """Confirm a login. Either from an invite or from a user who has registered.""" from dataenc import pass_dec, pass_enc from login import encodestring fail = False try: theval, daynumber, timestamp = pass_dec(theform['id'].value) except: # FIXME: bare except.... newloginfail() tempstore = ConfigObj(userdir + 'temp.ini') if not tempstore.has_key(theval): newloginfail() uservals = tempstore[theval] del tempstore[theval] username = uservals['username'] if username in tempstore['pending']: tempstore['pending'].remove(username) tempstore.write() # newconfig = ConfigObj(userdir + 'default.ini') newpath = userdir + username + '.ini' if os.path.isfile(newpath): newloginfail() newconfig.filename = newpath # FIXME: should this be '' ? action = None for entry in uservals: if entry == 'action': action = uservals[entry] elif entry == 'password': password = uservals[entry] newconfig[entry] = pass_enc(password, timestamp=True, daynumber=True) else: newconfig[entry] = uservals[entry] newconfig.write() # # next we need to create the cookie header to return it from Cookie import SimpleCookie thecookie = SimpleCookie() thecookie['userid'] = encodestring(newconfig['username'], password) config = ConfigObj(userdir + 'config.ini') maxage = newconfig['max-age'] cookiepath = config['cookiepath'] if maxage and int( maxage ): # possible cause of error here if the maxage value in a users file isn't an integer !! thecookie['userid']['max-age'] = int(maxage) if cookiepath: thecookie['userid']['path'] = cookiepath if config['adminmail']: msg = 'A new user has created a login - "%s".\n\n' % thisscript for entry in newconfig: if entry != 'password': msg += entry + ' : ' + newconfig[entry] + '\n' # FIXME: should be mailme sendmailme(config['adminmail'], msg, config['email_subject'], config['adminmail'], html=False) return action, newconfig, thecookie.output()