Beispiel #1
0
def registerAjax():
    users = readUsers()
    user = request.forms.get("user")
    password = request.forms.get("password")

    challenge = request.forms.get("validate[geetest_challenge]")
    validate = request.forms.get("validate[geetest_validate]")
    seccode = request.forms.get("validate[geetest_seccode]")

    result = gt.geetest_validate(challenge, validate, seccode)
    if not result:
        return resJSON(0, "Validate Fail ")

    guest_session_id = request.get_cookie("guest")
    private = Session.getGuest_key(guest_session_id, "privateKey")

    try:
        de_user = deRSA(user, private)
        de_password = deRSA(password, private)

        flag, msg = addUser(de_user, de_password, False)

        if flag:
            return resJSON(1, msg)
        else:
            return resJSON(0, msg)

    except Exception, e:
        print e
Beispiel #2
0
    def wrapper(*args, **kw):
        users = readUsers()
        cookie_session = request.get_cookie('session')
        guest_session_id = request.get_cookie("guest")
        guest_session = Session.getGuest(guest_session_id)
        private = Session.getGuest_key(guest_session_id, 'privateKey')
        user = None if guest_session is None or 'user' not in guest_session else guest_session['user']

        user_ans = session_ans = de_session = session_id = None
        try:
            if user and cookie_session and private:
                de_session = json.loads(deAES(users[user], cookie_session))
                # 第一层验证 cookie解密
                if user in users and de_session['user'] == user:
                    # 第二层验证 session
                    session_id = de_session['session_id']
                    session = Session.get(user, session_id)
                    # session 时间戳不活跃过期机制
                    if float(de_session['time']) + session_timeout > time.time() and \
                            session and session['user'] == user:
                        user_ans = user
                        session_ans = session

        except Exception:
            response.delete_cookie('guest')
            response.delete_cookie('session')
        temp = func(user=user_ans, session=session_ans, *args, **kw)
        if user_ans:
            de_session['time'] = time.time()
            de_session['session_id'] = Session.update(user, session_id, session_ans)
            encrypted = enAES(users[user], json.dumps(de_session))
            response.set_cookie("session", encrypted, path='/')
        return temp
Beispiel #3
0
def getPass(user, session):
    users = readUsers()
    if user and user in users:
        n = request.forms.n
        e = request.forms.e
        publicKey = rsa.PublicKey(int(n), int(e))
        allPass = loadPassword(user)
        message = json.dumps(allPass)
        after = enRSA(message, publicKey)
        return resJSON(1, "ok", after)
    return resJSON(0, "no")
Beispiel #4
0
def deletePass(user, session):
    users = readUsers()

    try:
        if user and user in users:
            id = request.forms.id
            allPass = loadPassword(user)
            if id in allPass:
                del allPass[id]
                savePassword(user, allPass)
                return resJSON(1, "delete ok")
            else:
                return resJSON(1, "delete already")
    except Exception:
        print Exception

    return resJSON(0, "Error. try refresh the page")
Beispiel #5
0
def login():
    users = readUsers()
    user = request.forms.get("user")
    password = request.forms.get("password")
    guest_session_id = request.get_cookie("guest")
    private = Session.getGuest_key(guest_session_id, "privateKey")
    try:
        de_user = deRSA(user, private)
        de_password = deRSA(password, private)
        print de_user, de_password
        print users[de_user]

        if de_user in users and users[de_user] == de_password:
            session_id = Session.set(de_user, None, {"user": de_user})
            encrypted = enAES(de_password, json.dumps({"user": de_user, "time": time.time(), "session_id": session_id}))
            new_guest = Session.updateGuest(guest_session_id, {"user": de_user})
            response.set_cookie("guest", new_guest, path="/")
            response.set_cookie("session", encrypted, path="/")
            return resJSON(1, "ok")
    except Exception, e:
        print e
Beispiel #6
0
def editPass(user, session):
    users = readUsers()
    guest_key = request.get_cookie("guest")

    private = Session.getGuest_key(guest_key, "privateKey")
    try:
        if user and user in users and private:
            item = request.forms.item
            item = deRSA(item, private)

            item = item.split("|")
            id = item[1]
            value = item[0]

            allPass = loadPassword(user)

            allPass[id] = value
            savePassword(user, allPass)

            return resJSON(1, "save ok")
    except Exception:
        print Exception

    return resJSON(0, "Error. try refresh the page")
Beispiel #7
0
            allPass = loadPassword(user)
            if id in allPass:
                del allPass[id]
                savePassword(user, allPass)
                return resJSON(1, "delete ok")
            else:
                return resJSON(1, "delete already")
    except Exception:
        print Exception

    return resJSON(0, "Error. try refresh the page")


@post("/logout")
@Auth
@Xsrf
def deletePass(user, session):
    guest_session_id = request.get_cookie("guest")
    Session.deleteGuest(guest_session_id)
    response.delete_cookie("guest")
    response.delete_cookie("token")
    response.delete_cookie("session")
    return resJSON(1, "bye")


if __name__ == "__main__":
    makeDir()
    readUsers()
    gt = geetest(captcha_id, private_key)
    run(host="127.0.0.1", port=port)
Beispiel #8
0
def listUsers():
    users = readUsers()
    for i, user in enumerate(users.keys()):
        print i + 1, ":", user