Beispiel #1
0
    def post(self):
        if getStatus(self) == 0:
            self.finish({'ok': False})
            return

        username = ''
        password = ''

        credentials = self.request.body
        for kvp in credentials.split("&"):
            kv = kvp.split("=")
            if kv[0] == "username":
                username = kv[1]
            elif kv[0] == "password":
                password = kv[1]

        if not username or not password:
            self.finish({'ok': False})
            return

        #createNewUser(username, password)
        auth = "%s.txt" % hashlib.sha1(username + getFileSalt()).hexdigest()

        # if this file exists,
        try:
            f = open(os.path.join(user_root, auth), 'rb')
            ciphertext = f.read()
            f.close()

            # decrypt it using supplied password.
            plaintext = decrypt(ciphertext, password, p_salt=getPasswordSalt())

            # if that works, send back plaintext
            if plaintext is not None:
                try:
                    if plaintext['admin']:
                        del plaintext['admin']
                        self.set_secure_cookie(admin_cookie_tag,
                                               "true",
                                               path="/",
                                               expires_days=1)
                except KeyError as e:
                    pass

                new_cookie = base64.b64encode(json.dumps(plaintext))
                if new_cookie is not None:
                    self.set_secure_cookie(cookie_tag,
                                           new_cookie,
                                           path="/",
                                           expires_days=1)
                    self.finish({'ok': True, 'user': plaintext})
                    return

        except IOError as e:
            print e
            pass

        self.finish({'ok': False})
	def post(self):
		if getStatus(self) == 0:
			self.finish({'ok':False})
			return

		username = ''
		password = ''
		
		credentials = self.request.body
		for kvp in credentials.split("&"):
			kv = kvp.split("=")
			if kv[0] == "username":
				username = kv[1]
			elif kv[0] == "password":
				password = kv[1]

		if not username or not password:
			self.finish({'ok':False})
			return
		
		#createNewUser(username, password)
		auth = "%s.txt" % hashlib.sha1(username + getFileSalt()).hexdigest()
		
		# if this file exists,
		try:
			f = open(os.path.join(user_root, auth), 'rb')
			ciphertext = f.read()
			f.close()
			
			# decrypt it using supplied password.
			plaintext = decrypt(ciphertext, password, p_salt=getPasswordSalt())
			
			# if that works, send back plaintext
			if plaintext is not None:
				try:
					if plaintext['admin']:
						del plaintext['admin']
						self.set_secure_cookie(admin_cookie_tag, "true", path="/", expires_days=1)
				except KeyError as e:
					pass

				new_cookie = base64.b64encode(json.dumps(plaintext))
				if new_cookie is not None:
					self.set_secure_cookie(cookie_tag, new_cookie, path="/", expires_days=1)
					self.finish({'ok':True, 'user' : plaintext})
					return
			
		except IOError as e:
			print e
			pass
		
		self.finish({'ok':False})
Beispiel #3
0
    def post(self):
        if getStatus(self) == 0:
            self.finish({'ok': False})
            return

        self.clear_cookie(cookie_tag)
        self.clear_cookie(admin_cookie_tag)

        if self.request.body != "":
            try:
                credentials = json.loads(self.request.body)

                auth = "%s.txt" % hashlib.sha1(credentials['user']['username']
                                               + getFileSalt()).hexdigest()

                f = open(os.path.join(user_root, auth), 'rb')
                ciphertext = f.read()
                f.close()

                # decrypt it using supplied password.
                plaintext = decrypt(ciphertext,
                                    credentials['password'],
                                    p_salt=getPasswordSalt())

                # if that works, encrypt new data
                if plaintext is not None:
                    new_data = copy.deepcopy(plaintext)
                    new_data['saved_searches'] = credentials['user'][
                        'saved_searches']
                    # also, new_data might have ['default_home']

                    f = open(os.path.join(user_root, auth), 'wb+')
                    f.write(
                        encrypt(new_data,
                                credentials['password'],
                                iv=getPrivateIV(),
                                p_salt=getPasswordSalt()))
                    f.close()
                else:
                    self.finish({'ok': False})
                    return

            except ValueError as e:
                print e
                self.finish({'ok': False})
                return
            except TypeError as e:
                print e
                self.finish({'ok': False})
                return

        self.finish({'ok': True})
	def post(self):
		if getStatus(self) == 0:
			self.finish({'ok':False})
			return
			
		self.clear_cookie(cookie_tag)
		self.clear_cookie(admin_cookie_tag)
		
		if self.request.body != "":
			try:			
				credentials = json.loads(self.request.body)
				
				auth = "%s.txt" % hashlib.sha1(credentials['user']['username'] + getFileSalt()).hexdigest()
				
				f = open(os.path.join(user_root, auth), 'rb')
				ciphertext = f.read()
				f.close()
			
				# decrypt it using supplied password.
				plaintext = decrypt(ciphertext, credentials['password'], p_salt=getPasswordSalt())
			
				# if that works, encrypt new data
				if plaintext is not None:
					new_data = copy.deepcopy(plaintext)
					new_data['saved_searches'] = credentials['user']['saved_searches']
					# also, new_data might have ['default_home']
					
					f = open(os.path.join(user_root, auth), 'wb+')
					f.write(encrypt(
						new_data,
						credentials['password'],
						iv=getPrivateIV(),
						p_salt=getPasswordSalt()
					))
					f.close()
				else:
					self.finish({'ok':False})
					return
					
			except ValueError as e:
				print e
				self.finish({'ok':False})
				return
			except TypeError as e:
				print e
				self.finish({'ok':False})
				return
		
		self.finish({'ok':True})