def get_password(pass_id):
"""This view processes getting of password.
It processes '/api/password/<int:pass_id>' route and accepts GET requests.
It takes password id, retrieves it's content and returns it.
:Parameters:
- `pass_id`: id of the password to retrieve.
:Returns:
template with password's content.
"""
cur_user = flask_login.current_user
result = db.get_password(pass_id, cur_user.uid)
if result:
resource_name, login, password = result
else:
template = get_template('service_message.html')
return template.render(current_user=cur_user,
message='Error! You dont have rights to access '
'this page or page has not been found!')
decrypted_pass = CRYPTING_OBJ.decrypt(password.encode('utf-8'))
template = get_template('password.html')
return template.render(resource_name=resource_name,
login=login,
password=decrypted_pass,
current_user=cur_user)
def change_org_password(settings_admin_error_label, entries, navigation):
settings_admin_error_label.configure(fg="red")
password = db.get_password(user)
current_password = md5(entries[0].get())
new_org_pass = entries[1].get()
confirm_new_org_pass = entries[2].get()
if current_password != password:
settings_admin_error_label.configure(text="Invalid password!")
return
if new_org_pass != confirm_new_org_pass:
settings_admin_error_label.configure(text="Passwords do not match!")
return
if not password_is_valid(new_org_pass):
settings_admin_error_label.configure(
text=
"Password must contain upper case letter, lower case letter and a number"
)
return
org_id = db.get_org_id(user)
db.update_org_password(org_id, md5(new_org_pass))
show_frame(navigation[0], navigation[1], navigation[2], navigation[3])
settings_admin_error_label.configure(fg="green")
settings_admin_error_label.configure(text="Updated successfully!")
def verify_user(username, password):
"""check if the credentials provided are valid"""
hashed_pass = db.get_password(username)
if hashed_pass is None:
return False
else:
return security.check_password_hash(hashed_pass, password)
def show_password():
data = get_password()
for x in data:
print("-" * 40)
print("URL / Name : " + x[0])
print("Username / E-mail : " + x[1])
print("Password : " + decrypt_message(x[2]))
def login(username, password):
usernameFound = db.check_username(username)
if usernameFound == 0:
return ('Username or password is not correct')
else:
userPassword = db.get_password(username)
if check_password_hash(userPassword, password):
session["user"] = [usernameFound[0], usernameFound[1]]
print('Logged in')
return ('Logged in')
else:
return ('Username or password is not correct')
def update_info(settings_error_label, entries, navigation):
updated = False
current_password = md5(entries[0].get())
new_password = entries[1].get()
confirm_new_password = entries[2].get()
org_name = entries[3].get()
org_pass = entries[4].get()
password = db.get_password(user)
if current_password != password:
settings_error_label.configure(text="Invalid password!")
return
if len(new_password) > 0 or len(confirm_new_password) > 0:
if new_password != confirm_new_password:
settings_error_label.configure(text="Passwords do not match!")
return
elif not password_is_valid(new_password):
settings_error_label.configure(
text=
"Password must contain upper case letter, lower case letter and a number"
)
return
else:
db.update_password(user, md5(new_password))
updated = True
else:
settings_error_label.configure(text="")
if len(org_name) > 0 or len(org_pass) > 0:
org_info = db.get_org_by_name(org_name)
if org_info is None:
settings_error_label.configure(text="Organization does not exist!")
elif org_pass != org_info[2]:
settings_error_label.configure(
text="Invalid organization password")
else:
updated = True
db.update_organization(user, org_info[0])
else:
settings_error_label.configure(text="")
if updated:
show_frame(navigation[0], navigation[1], navigation[2], navigation[3])
settings_error_label.configure(text="updated successfully")
def run(self):
#locks for thread which will be used for thread synchronization,break the lock
#when curent peer(which send request to server) succesfully login or logout
self.lock = threading.Lock()
print("Connection from : " + self.ip + " : " + str(self.port))
print("IP Connected: " + self.ip)
#handle request from another peer to the server thread
while True:
try:
#waits for incoming message from peers to registry
#message form: list with 3 element, first is request type,
#second is user name, thirst is password
message = self.tcpClientSocket.recv(1024).decode().split()
logging.info("Received from " + self.ip + " : " +
str(self.port) + " -> " + " ".join(message))
#Register Message
if message[0] == 'JOIN':
#If the username is exist
if db.is_account_exists(message[1]):
response = "account already exist"
print("From-> " + self.ip + " : " + str(self.port) +
" " + response)
logging.info("Send to " + self.ip + " : " +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
else:
#If not, create an account
db.register(message[1], message[2])
response = 'successfully register'
logging.info("Send to " + self.ip + " : " +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
#Login Message
elif message[0] == 'LOGIN':
#Handle login using non-exist account
if not db.is_account_exists(message[1]):
response = "account not exist"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
#If account exist, but already online
elif db.is_account_online(message[1]):
response = 'account is online'
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
#account exist and not online, handle password
else:
truePass = db.get_password(message[1])
#password correct
if truePass == message[2]:
self.username = message[1]
self.lock.acquire()
try:
tcpThreads[self.username] = self
finally:
self.lock.release()
db.user_login(message[1], self.ip, self.port)
#login succes, so create server thread for this peer,
# also set timer for this thread
response = 'succesfully login'
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
self.ServerThread = ServerThread(
self.username, self.tcpClientSocket)
self.ServerThread.start()
self.ServerThread.timer.start()
else:
response = "incorect password"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
elif message[0] == 'LOGOUT':
#user is online =>removes from online_peers list
if len(message) > 1 and message[
1] is not None and db.is_account_online(
message[1]):
db.user_logout(message[1])
self.lock.acquire()
try:
if message[1] in tcpThreads:
del tcpThreads[message[1]]
finally:
self.lock.release()
print(self.ip + ":" + str(self.port) +
" is logged out")
self.tcpClientSocket.close()
self.ServerThread.timer.cancel()
break
else:
self.tcpClientSocket.close()
break
#check if an arbitary user is online or not
elif message[0] == 'CHECKONL':
if db.is_account_exists(message[1]):
if db.is_account_online(message[1]):
peer_info = db.get_peer_ip_port(message[1])
response = "search successfull " + peer_info[
0] + ":" + peer_info[1]
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
else:
response = 'user does not online'
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
else:
response = "search-user-not-found"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
except OSError as oErr:
logging.error("OSError: {0}".format(oErr))
def run(self):
#locks for thread which will be used for thread synchronization,break the lock
#when curent peer(which send request to server) succesfully login or logout
self.lock = threading.Lock()
print("Connection from : " + self.ip + " : " + str(self.port))
print("IP Connected: " + self.ip)
#handle request from another peer to the server thread
while True:
try:
#waits for incoming message from peers to registry
#message form: list with 3 element, first is request type,
#second is user name, thirst is password
message = self.tcpClientSocket.recv(1024).decode().split()
logging.info("Received from " + self.ip + " : " +
str(self.port) + " -> " + " ".join(message))
if len(message) == 0:
break
#Register Message
if message[0] == 'JOIN':
#If the username is exist
if db.is_account_exists(message[1]):
response = "account already exist"
print("From-> " + self.ip + " : " + str(self.port) +
" " + response)
logging.info("Send to " + self.ip + " : " +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
else:
#If not, create an account
db.register(message[1], message[2])
response = 'successfully register'
logging.info("Send to " + self.ip + " : " +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
#Login Message
elif message[0] == 'LOGIN':
#Handle login using non-exist account
if not db.is_account_exists(message[1]):
response = "account not exist"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
#If account exist, but already online
elif db.is_account_online(message[1]):
response = 'account is online'
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
#account exist and not online, handle password
else:
truePass = db.get_password(message[1])
#password correct
if truePass == message[2]:
self.username = message[1]
self.lock.acquire()
try:
tcpThreads[self.username] = self
finally:
self.lock.release()
db.user_login(message[1], self.ip, str(message[3]))
#login succes, so create server thread for this peer,
# also set timer for this thread
response = 'succesfully login'
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
self.ServerThread = ServerThread(
self.username, self.tcpClientSocket)
self.ServerThread.start()
self.ServerThread.timer.start()
else:
response = "incorect password"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
#param :type. username of logout account
elif message[0] == 'LOGOUT':
#user is online =>removes from online_peers list
if len(message) > 1 and message[
1] is not None and db.is_account_online(
message[1]):
db.user_logout(message[1])
self.lock.acquire()
try:
if message[1] in tcpThreads:
del tcpThreads[message[1]]
finally:
self.lock.release()
print(self.ip + ":" + str(self.port) +
" is logged out")
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> is logout")
self.tcpClientSocket.close()
self.ServerThread.timer.cancel()
break
else:
self.tcpClientSocket.close()
break
#find online friend
elif message[0] == 'CHECKONL':
if db.is_account_exists(
message[1]) and db.is_account_online(message[1]):
ListOnlineFriends = db.get_online_friends(message[1])
if len(ListOnlineFriends) == 0:
response = 'No firend of you are online now'
else:
response = "list of online friends are "
for i in ListOnlineFriends:
response += i + " "
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
#param: type,username(peer want to add),username(of peer being added)
elif message[0] == 'ADDFRIEND':
if len(message) > 1 and message[1] and message[
2] and db.is_account_exists(
message[2]) and db.is_account_online(
message[1]):
response = db.insert_friend_request(
message[2], message[1])
if response == 'AlreadyFriend':
response = 'You and ' + message[
1] + " are already friend"
elif response == 'AlreadyAskFriendRequest':
response = 'You have sent a request for ' + message[
2]
else:
response = "your request is successfully sending to " + message[
2]
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
else:
response = 'user does not exist'
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
# param: type,username (peer THAT ACCEPT),username(peer being ACCEPTED)
elif message[0] == 'ACCEPTFRIEND':
if len(message) > 1 and message[1] and message[
2] and db.is_account_exists(
message[2]) and db.is_account_online(
message[1]):
if db.accept_friend_request(
message[1], message[2]) == 'NotInRequest':
response = message[2] + "not in your request list"
else:
db.make_friend(message[1], message[2])
response = "accept successfull you and " + message[
2] + " are friend"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
else:
response = 'user does not exist'
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
elif message[0] == 'VIEWREQUESTFRIEND':
if len(message) > 1 and db.is_account_online(message[1]):
ListReFriend = db.get_request_friend(message[1])
if len(ListReFriend) == 0:
response = "You have no request"
else:
response = "list of request friends are "
for i in ListReFriend:
response += i + " "
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
else:
response = 'NotLoginYet'
self.tcpClientSocket.send(response.encode())
elif message[0] == "SEARCH":
# checks if an account with the username exists
if db.is_account_exists(message[1]):
# checks if the account is online
# and sends the related response to peer
if db.is_account_online(message[1]):
peer_info = db.get_peer_ip_port(message[1])
response = "search-success " + peer_info[
0] + ":" + peer_info[1]
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
else:
response = "search-user-not-online"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
# enters if username does not exist
else:
response = "search-user-not-found"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
elif message[0] == 'CHECKFRIEND':
if db.is_account_exists(
message[1]) and db.is_account_exists(message[2]):
if db.is_account_online(
message[1]) and db.is_account_online(
message[2]):
if db.Is_Friend(message[1], message[2]):
response = 'YES'
else:
response = 'NO'
self.tcpClientSocket.send(response.encode())
else:
response = 'NOTONL'
self.tcpClientSocket.send(response.encode())
else:
response = 'NOTEX'
self.tcpClientSocket.send(response.encode())
except OSError as oErr:
pass
def test_get_users_all():
create_user('testp1', 'test_pass')
update_credentials('testp1', 'test2_pass')
assert get_password('testp1') == 'test2_pass'
def test_get_password_negative():
assert get_password('noexist') is None
def test_get_password():
create_user('test', 'test_pass')
assert get_password('test') == "test_pass"
def console_ui():
actions = [
"add", "remove", "enable", "disable", "transaction", "transactions",
"accounts", "delete", "modify", "cancel", "process", "exit"
]
print(f"""
================================================================================
Welcome Admin!
""" + "\n".join(actions) + """
================================================================================
""")
while True:
# get action
while True:
action = input("Action: ").lower()
if action in actions:
break
if action == "transactions":
print(db.get_transactions())
elif action == "exit":
break
elif action == "transaction":
transaction_id = input("ID: ")
transaction_id = int(transaction_id)
print(db.get_transaction(transaction_id))
elif action == "accounts":
print(db.get_accounts())
elif action == "add":
name = input_existing_user()
db.deposit(name)
elif action == "remove":
name = input_existing_user()
db.withdraw(name)
elif action == "delete":
name = input_existing_user()
confirm = input("Confirm action? ").lower()
if confirm == "yes":
db.delete_account(name)
elif action == "enable":
name = input_existing_user()
if not db.get_status(name):
db.enable_account(name)
else:
print("Account already enabled!")
elif action == "disable":
name = input_existing_user()
if not db.get_status(name):
db.enable_account(name)
elif action == "modify":
name = input_existing_user()
password = db.get_password(name)
new_name = input("New name (put none if no new name): ")
while True:
new_password = input(
"New password (put none if no new password): ")
confirm_password = input(
"Confirm password (put none if no new password): ")
if new_password != confirm_password:
print("Password does not match!")
else:
break
if new_name == "none":
new_name = None
if new_password == "none":
new_password = None
db.modify_account(name, password, new_name, new_password)
print("Changes saved.")
break
def run(self):
# locking the thread
self.lock = threading.Lock()
print("Connection from: " + self.IPAddr + ":" + str(self.portAddr))
print("IP Connected: " + self.IPAddr)
while True:
try:
# message incoming from the peer
message = self.tcpClientSocket.recv(1024).decode().split()
# if JOIN recieved #
if message[0] == "JOIN":
# if account exists
# then account-exists is send as reponse
if db.is_account_exist(message[1]):
response = "account-exist"
self.tcpClientSocket.send(response.encode())
# if account doesn't exists
# account created and account success message is sent
else:
db.register(message[1], message[2], " ".join(message[3:])) #messagep[3] status
response = "account-success"
self.tcpClientSocket.send(response.encode())
# if CHANGE recieved #
elif message[0] == "CHANGE":
# if account exist
# status changed mssg is sent
if db.is_account_exist(message[1]):
db.update_status(message[1]," ".join(message[2:]))
response = "status-changed"
self.tcpClientSocket.send(response.encode())
# if GET recieved #
elif message[0] == "GET":
# if account exists
# current status is sent as mssg
if db.is_account_exist(message[1]):
status = db.get_status(message[1])
self.tcpClientSocket.send(status.encode())
# if LOGIN recieved #
elif message[0] == "LOGIN":
# if no account exist with the given username
# flag is sent to the peer
if not db.is_account_exist(message[1]):
response = "Account-not-exist"
self.tcpClientSocket.send(response.encode())
# if an account is already online with given username
# flag is sent
elif db.is_account_online(message[1]):
response = "Account-online"
self.tcpClientSocket.send(response.encode())
# if an account is log in successfully
# extracts the password from the string
else:
# checks the password from looking into database
retrievedPass = db.get_password(message[1])
if retrievedPass == message[2]:
self.username = message[1]
self.lock.acquire()
try:
tcpThreads[self.username] = self
finally:
self.lock.release()
db.user_login(message[1], self.IPAddr, message[3])
# login-success is sent to the peer and udp thread is started to
# watch the time
response = "Account-success"
self.tcpClientSocket.send(response.encode())
# udp server created
self.udpServer = UDPServer(self.username, self.tcpClientSocket)
# udp server started
self.udpServer.start()
# start the timer of udp
self.udpServer.timer.start()
# if wrong password then flag is sent
else:
response = "Wrong-password"
self.tcpClientSocket.send(response.encode())
# if LOGOUT recieved #
elif message[0] == "LOGOUT":
# if user logouts removes usre from the online list of peer
# thread removed from the list and socket is closed
# timer udp thread cancels
if len(message) > 1 and message[1] is not None and db.is_account_online(message[1]):
db.user_logout(message[1])
# lock acquired
self.lock.acquire()
try:
if message[1] in tcpThreads:
# removes thread form the list
del tcpThreads[message[1]]
finally:
# lock released
self.lock.release()
self.tcpClientSocket.close()
self.udpServer.timer.cancel()
break
else:
self.tcpClientSocket.close()
break
# if SEARCH recieved #
elif message[0] == "SEARCH":
# checks for accounts existsence
if db.is_account_exist(message[1]):
# if account is online search success is send
if db.is_account_online(message[1]):
peer_info = db.get_peer_ip_port(message[1])
response = "Success " + peer_info[0] + ":" + peer_info[1]
self.tcpClientSocket.send(response.encode())
# else user not online is send
else:
response = "User-not-online"
self.tcpClientSocket.send(response.encode())
# if no user with given name is found serach user not found is sent
else:
response = "User-not-found"
self.tcpClientSocket.send(response.encode())
except OSError as oErr:
pass
def user_exists(username):
return db.get_password(username) is not None
def verify(username, password):
return encrypt(password) == db.get_password(username)
def run(self):
# locks for thread which will be used for thread synchronization
self.lock = threading.Lock()
print("Connection from: " + self.ip + ":" + str(port))
print("IP Connected: " + self.ip)
while True:
try:
# waits for incoming messages from peers
message = self.tcpClientSocket.recv(1024).decode().split()
logging.info("Received from " + self.ip + ":" +
str(self.port) + " -> " + " ".join(message))
# JOIN #
if message[0] == "JOIN":
# join-exist is sent to peer,
# if an account with this username already exists
if db.is_account_exist(message[1]):
response = "join-exist"
print("From-> " + self.ip + ":" + str(self.port) +
" " + response)
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
# join-success is sent to peer,
# if an account with this username is not exist, and the account is created
else:
db.register(message[1], message[2])
response = "join-success"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
# LOGIN #
elif message[0] == "LOGIN":
# login-account-not-exist is sent to peer,
# if an account with the username does not exist
if not db.is_account_exist(message[1]):
response = "login-account-not-exist"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
# login-online is sent to peer,
# if an account with the username already online
elif db.is_account_online(message[1]):
response = "login-online"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
# login-success is sent to peer,
# if an account with the username exists and not online
else:
# retrieves the account's password, and checks if the one entered by the user is correct
retrievedPass = db.get_password(message[1])
# if password is correct, then peer's thread is added to threads list
# peer is added to db with its username, port number, and ip address
if retrievedPass == message[2]:
self.username = message[1]
self.lock.acquire()
try:
tcpThreads[self.username] = self
finally:
self.lock.release()
db.user_login(message[1], self.ip, message[3])
# login-success is sent to peer,
# and a udp server thread is created for this peer, and thread is started
# timer thread of the udp server is started
response = "login-success"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
self.udpServer = UDPServer(self.username,
self.tcpClientSocket)
self.udpServer.start()
self.udpServer.timer.start()
# if password not matches and then login-wrong-password response is sent
else:
response = "login-wrong-password"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
# LOGOUT #
elif message[0] == "LOGOUT":
# if user is online,
# removes the user from onlinePeers list
# and removes the thread for this user from tcpThreads
# socket is closed and timer thread of the udp for this
# user is cancelled
if len(message) > 1 and message[
1] is not None and db.is_account_online(
message[1]):
db.user_logout(message[1])
self.lock.acquire()
try:
if message[1] in tcpThreads:
del tcpThreads[message[1]]
finally:
self.lock.release()
print(self.ip + ":" + str(self.port) +
" is logged out")
self.tcpClientSocket.close()
self.udpServer.timer.cancel()
break
else:
self.tcpClientSocket.close()
break
# SEARCH #
elif message[0] == "SEARCH":
# checks if an account with the username exists
if db.is_account_exist(message[1]):
# checks if the account is online
# and sends the related response to peer
if db.is_account_online(message[1]):
peer_info = db.get_peer_ip_port(message[1])
response = "search-success " + peer_info[
0] + ":" + peer_info[1]
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
else:
response = "search-user-not-online"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
# enters if username does not exist
else:
response = "search-user-not-found"
logging.info("Send to " + self.ip + ":" +
str(self.port) + " -> " + response)
self.tcpClientSocket.send(response.encode())
except OSError as oErr:
logging.error("OSError: {0}".format(oErr))