Beispiel #1
0
def login():
	if request.method == "POST":
		db = DbController()
		expire_date = datetime.now()
		expire_date = expire_date + timedelta(days=0, seconds=config.MAX_LIFE)
		username = request.form["username"]
		hashed_password = request.form["password"]


		print username
		print hashed_password

		if db.verify_user(username, hashed_password):
			cur_timestamp = datetime.now()
			cur_timestamp = str(cur_timestamp)
			cookie = hashlib.sha512(app.secret_key + username + cur_timestamp).hexdigest()
			db.update_cookie(username, cookie, cur_timestamp)
			response = make_response(json.dumps({'success' : True, "cookie": cookie, 'time_stamp': cur_timestamp, 'expire_date': str(expire_date)}), status.HTTP_200_OK)
			
			cookie_data = {"username": username, "user_cookie": cookie, "time_stamp": cur_timestamp}
			response.set_cookie("cookie_data", value=json.dumps(cookie_data), expires=expire_date, max_age=config.MAX_LIFE)
			return response
		else :
			response = make_response(json.dumps({'success' : False, 'error' : 'Incorrect Password'}), status.HTTP_200_OK)
			return response
Beispiel #2
0
def logout():
    if request.method == "POST":
        db = DbController()
        username = request.form["username"]
        user_cookie = request.form["user_cookie"]
        time_stamp = request.form["time_stamp"]
        db.update_cookie(username, "", time_stamp)
        response = make_response(json.dumps({'success': True}),
                                 status.HTTP_200_OK)
        response.set_cookie("cookie_data", expires=0)
        return response
Beispiel #3
0
def login():
    if request.method == "POST":
        db = DbController()
        expire_date = datetime.now()
        expire_date = expire_date + timedelta(days=0, seconds=config.MAX_LIFE)
        username = request.form["username"]
        encrypted_login_message = request.form["password"]

        encrypted_login_message = base64.b64decode(encrypted_login_message)

        if not db.is_username_available(username):
            response = make_response(
                json.dumps({
                    'success': False,
                    'error': 'Unknown User'
                }), status.HTTP_200_OK)
            return response
        else:
            public_key = db.get_user_public_key(username)
            public_key = public_key.encode('ascii', 'ignore')
            public_key = RSA.importKey(public_key)
            encrypted_login_message = public_key.encrypt(
                encrypted_login_message, None)
            encrypted_login_message = encrypted_login_message[0]
            encrypted_login_message = json.loads(encrypted_login_message)

            encrypted_hashed_password_with_nonce = encrypted_login_message[
                "encrypted_hashed_password"]
            nonce = encrypted_login_message["nonce"]

            if db.verify_nonce(nonce):
                response = make_response(
                    json.dumps({
                        'success': False,
                        'error': 'No Nonce Found. Try Again.'
                    }), status.HTTP_200_OK)
                return response

            if db.verify_user(username, encrypted_hashed_password_with_nonce,
                              nonce):
                cur_timestamp = datetime.now()
                cur_timestamp = str(cur_timestamp)
                cookie = hashlib.sha512(app.secret_key + username +
                                        cur_timestamp).hexdigest()
                db.update_cookie(username, cookie, cur_timestamp)
                response = make_response(
                    json.dumps({
                        'success': True,
                        "cookie": cookie,
                        'time_stamp': cur_timestamp,
                        'expire_date': str(expire_date)
                    }), status.HTTP_200_OK)

                random.seed(random.randint(1, sys.maxint))
                nonce = random.randint(1, sys.maxint)

                while not db.verify_nonce(nonce):
                    nonce = random.randint(1, sys.maxint)
                db.add_nonce(nonce)

                cookie_data = {
                    "username": username,
                    "user_cookie": cookie,
                    "time_stamp": cur_timestamp
                }
                response.set_cookie("cookie_data",
                                    value=json.dumps(cookie_data),
                                    expires=expire_date,
                                    max_age=config.MAX_LIFE)
                response.set_cookie("nonce", value=str(nonce))
                return response
            else:
                response = make_response(
                    json.dumps({
                        'success': False,
                        'error': 'Incorrect Password'
                    }), status.HTTP_200_OK)
                return response