def clear(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) defenses.csrfDefense.validate(request, csrftoken) user = getUser() if user and user.username: database.clearHistory(user.username) redirect("./")
def login(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) defenses.csrfDefense.validate(request, csrftoken) username = request.forms.get("username") password = request.forms.get("password") if not database.validateUser(username, password): raise HTTPError(403, "Login unsuccessful") response.set_cookie("authuser", username, authSecret, httponly=True) redirect("./")
def search(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) defenses.xssDefense.init(response) query = defenses.xssDefense.filter(request.query.q) user = getUser() if user and user.id: if query != "": database.addHistory(user.id, query) history = database.getHistory(user.id) else: history = None return dict(v=FormsDict(defenses=defenses.selectors(), user=getUser(), query=query, history=history, csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def search(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) defenses.xssDefense.init(response) query = defenses.xssDefense.filter(request.query.q) user = getUser() if user and user.id: if user.username != 'attacker': # Hack to prevent students from polluting each others' history if query != "": database.addHistory(user.id, query) history = database.getHistory(user.id) else: history = None return dict(v=FormsDict(defenses=defenses.selectors(), user=getUser(), query=query, history=history, csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def create(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) defenses.csrfDefense.validate(request, csrftoken) username = request.forms.get("username") password = request.forms.get("password") if not username or not password: raise HTTPError(400, "Required field is empty") if not re.match("[A-Za-z0-9]+$", username): raise HTTPError(400, "Invalid username") if database.fetchUser(username): raise HTTPError(400, "User already exists") if len(password) < 4: raise HTTPError(400, "Password too short") database.createUser(username, password) if not database.validateUser(username, password): raise HTTPError(403, "Account creation unsuccessful") response.set_cookie("authuser", username, authSecret, httponly=True) redirect("./")
def login(create=False): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) defenses.csrfDefense.validate(request, csrftoken) username = request.forms.get("username") password = request.forms.get("password") if not username or not password: raise HTTPError(400, "Required field is empty") if not re.match("[A-Za-z0-9]+$", username): raise HTTPError(400, "Invalid username") if create: if database.fetchUser(username): raise HTTPError(400, "User already exists") if len(password) < 4: raise HTTPError(400, "Password too short") database.createUser(username, password) if not database.validateUser(username, password): raise HTTPError(403, "Login unsuccessful") response.set_cookie("authuser", username, authSecret, httponly=True) redirect("./")
def search(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) defenses.xssDefense.init(response) query = defenses.xssDefense.filter(request.query.q) user = getUser() if user and user.id: if user.username != "attacker": # Hack to prevent students from polluting each others' history if query != "": database.addHistory(user.id, query) history = database.getHistory(user.id) else: history = None return dict( v=FormsDict( defenses=defenses.selectors(), user=getUser(), query=query, history=history, csrfcode=defenses.csrfDefense.formHTML(csrftoken), ) )
def setdefenses(): defenses.setup(request, response) if request.forms.get("location"): redirect(request.forms.get("location")) else: redirect("./")
def logout(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) defenses.csrfDefense.validate(request, csrftoken) response.delete_cookie("authuser") redirect("./")
def index(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) return dict(v=FormsDict(defenses=defenses.selectors(), user=getUser(), csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def index(): defenses.setup(request, response) csrftoken = defenses.csrfDefense.init(request, response) return dict( v=FormsDict(defenses=defenses.selectors(), user=getUser(), csrfcode=defenses.csrfDefense.formHTML(csrftoken)) )