def test_change_password(self, _session):
sample_user = mock.Mock()
with mock.patch.object(UserMeta, "query", _session.query_property()) as _query:
_query.filter_by.return_value.first.return_value = sample_user
UserMeta.change_password("Bob", "changedpassword")
pbkdf2_sha256.verify("changedpassword", sample_user.password)
_session.add.assert_called_once_with(sample_user)
_session.commit.assert_called_once_with()
_session.close.assert_called_once_with()
def autenticate(cls, user, psw):
try:
user_model = cls.objects.get(user=user)
if pbkdf2_sha256.verify(psw, user_model.psw):
return True
except cls.DoesNotExist, e:
pass
def do_login(username="", passwd=""):
"""performs user login authentication"""
if username != app.config["ADMIN_USERNAME"]:
raise ValueError
if not pbkdf2_sha256.verify(passwd, app.config["ADMIN_PASSWORD"]):
raise ValueError
session["logged_in"] = True
def verifyPass(password, user):
if not existsInDB(user):
sys.exit(exits['userNotInDb'])
dbPass = (list(collection.find({'username':user}))[0])['password']
if not pbkdf2_sha256.verify(password,dbPass):
sys.exit(exits['userpasscombo'])
return True
def password():
status = Status()
form = Form(request.forms)
username = open_session()['u']
if request.method == 'POST' and form.validate():
conn = db.engine.connect()
result = conn.execute(
select([
users.c.pbkdf2]).where(
users.c.id == username))
conn.close()
row = result.fetchone()
verify = pbkdf2_sha256.verify(
form.current_password.data, row['pbkdf2'])
if verify:
new_pbkdf2 = to_bytes(pbkdf2_sha256.encrypt(
form.new_password.data))
conn = db.engine.connect()
conn.execute(
users.update().values(
pbkdf2=new_pbkdf2).where(
users.c.id == username))
conn.close()
status.success = "Changed password"
else:
status.warning = "Wrong password for this account"
return dict(status=status,
form=form)
def user_login(username, password):
"""User Login"""
password_hash = ''
conn = conn_db.connect()
cursor = conn.cursor()
query = """SELECT Password FROM Users WHERE Username = '******' LIMIT 1""".format(username)
cursor.execute(query)
for database_password in cursor:
password_hash = ''.join(map(str, database_password))
try:
login = pbkdf2_sha256.verify(password, password_hash)
except ValueError:
login = False
if not login:
cursor.close()
conn_db.close_connection(conn)
user_name = ''
return user_name
else:
user_name = ''
conn = conn_db.connect()
cursor = conn.cursor()
query = """SELECT Name FROM Users WHERE Username = '******' LIMIT 1""".format(username)
cursor.execute(query)
for user_name in cursor:
user_name = ''.join(map(str, user_name))
cursor.close()
conn_db.close_connection(conn)
return user_name
def do_login(db_pwd, user_id, username='', passwd=''):
if username not in get_all_user_names():
raise ValueError("Invalid Username or Password")
if not pbkdf2_sha256.verify(passwd, db_pwd):
raise ValueError("Invalid Username or Password")
session['logged_in'] = True
session['user_id'] = user_id
def _execute(self, transforms, *args, **kwargs):
# executed before everything else.
receivedAuth = self.request.headers.get("Authorization")
if receivedAuth is not None:
authMode, auth_b64 = receivedAuth.split(" ")
if authMode != "Basic":
logging.error("Used other HTTP authmode than 'Basic', '%s'." % authMode)
else:
auth = base64.b64decode(auth_b64.encode('ascii'))
username_b, _, password_b = auth.partition(b":")
username = username_b.decode('utf-8')
password = password_b.decode('utf-8')
users = self.application.users
from passlib.hash import pbkdf2_sha256
if username not in users:
logging.debug("Received nonexistent user '%s'." % username)
elif not pbkdf2_sha256.verify(password, users[username]):
logging.error("Failed login for %s from %s." % (username, self.request.remote_ip))
else:
self.request.netsecus_user = username
return super(RequestHandlerWithAuth, self)._execute(transforms, *args, **kwargs)
self.set_status(401)
realm = getattr(self.application, 'realm', '')
self.set_header("WWW-Authenticate", "Basic realm=\"%s\"" % realm)
self._transforms = []
self.write("401: Authentifizierung erforderlich.")
self.finish()
def check_password(cls, username, password):
user_mata_info = cls.query.filter_by(username=username).first()
session.close()
if user_mata_info:
return pbkdf2_sha256.verify(password, user_mata_info.password)
else:
return False
def login_user(self, user, password):
"""Tries to login user using username and password, returns Account object when succeed, otherwise None"""
# Get user
user = self.get_user(user=user)
# Check if user exists
if user is None:
logging.info("Someone tried to log in with username {}, but cannot find that user in database".format(user.user))
return None
# Check user password
if not pbkdf2_sha256.verify(password, user.password):
logging.warning("User {} supplied wrong password".format(user.user))
return None
# Everything ok
# Update session key and lastlogin value in database
user.session = ''.join([random.choice(string.ascii_letters + string.digits) for n in range(32)])
user.lastlogin = int(time.time())
user.commit()
# Create cookies
cherrypy.response.cookie["user"] = user.user
cherrypy.response.cookie["user"]["path"] = "/"
cherrypy.response.cookie["user"]["max-age"] = 3600 * 6
cherrypy.response.cookie["session"] = user.session
cherrypy.response.cookie["session"]["path"] = "/"
cherrypy.response.cookie["session"]["max-age"] = 3600 * 6
logging.info("User {} ({}) logged in".format(user.user, self.core.get_client_ip()))
# Return user account
libs.statistics.Statistics.snooper(2)
return user
def submitEmailPassword():
for k in request.forms.keys():
print k, request.forms[k]
username = request.forms.get('email')
password = request.forms.get('password')
password_hashed = base64.urlsafe_b64encode(pbkdf2_sha256.encrypt(password, rounds=NOF_HASH_ROUNDS, salt_size=16))
username_encrypted = base64.urlsafe_b64encode(encrypt(ENCRYPTION_PASSWORD, username))
usersTable = db.table('users')
existingUser = usersTable.search(where('key') == username_encrypted)
if existingUser:
if pbkdf2_sha256.verify(existingUser['values']['password'],password_hashed):
pass
else:
print "wrong login"
else:
usersTable.insert({'key':username_encrypted, 'values':{'password':password_hashed}})
videosTable = db.table('videos')
existing_cookie = request.get_cookie('sebifyme',secret=GLOBAL_COOKIE_SECRET)
uid = existing_cookie['uid']
elements = videosTable.search((where('values').has('uploaded_by_uid') == uid) & (where('values').has('uploaded_by_user') == None))
for el in elements:
currentValues = el['values']
currentValues['uploaded_by_user'] = username_encrypted
videosTable.update({'values':currentValues}, eids=[el.eid])
website_content = template('video',video_name='joke.mp4')
return website_content
def post(self):
email = self.get_argument('email', None)
password = self.get_argument('password', None)
next = self.get_argument("next", "/")
if not email or not password or email == "" or password == "":
self.render("login.html", message = "Please enter an email and password")
return
with db.getCur() as cur:
cur.execute("SELECT Id, Password FROM Users WHERE Email = LOWER(?)", (email,))
row = cur.fetchone()
if row is not None:
result = row[0]
passhash = row[1]
if pbkdf2_sha256.verify(password, passhash):
self.set_secure_cookie("user", str(result))
cur.execute("SELECT EXISTS(SELECT * FROM Admins WHERE Id = ?)", (result,))
if cur.fetchone()[0] == 1:
self.set_secure_cookie("admin", "1")
if result != None:
self.redirect(next)
return
self.render("login.html", message = "Incorrect email and password")
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('panel'))
form = LoginForm()
if form.validate_on_submit():
#logging_in_user = User.objects(username=form.username.data)
#logging_in_user = User.all().filter('username ='******'next') or url_for('panel'))
else:
flash('Invalid login. Please try again.', 'error')
redirect(url_for('login'))
else:
flash('Invalid login. Please try again.', 'error')
redirect(url_for('login'))
return render_template('users/login.html',
title='Sign In',
form=form)
def processLogin():
session["user_id"] = None
session["user_name"] = None
email = request.form.get("userEmail").lower()
password = request.form.get("password")
user = modelPG.User.getUserByEmail(email)
pwordcheck = modelPG.User.getUserPasswordByEmail(email)
if user:
if pbkdf2_sha256.verify(password, pwordcheck):
flash("Welcome, %s" % (user.user_name))
# if the user is already logged in do the first part
if "user" in session:
session["user_id"] = user.id
session["user_name"] = user.user_name
else:
do_login(user.id, email, user.user_name)
else:
flash("Invalid Email or Password. Please try again")
flash('<a href = "/resetpword">Reset Password</a>')
return render_template("login.html")
else:
flash("New User? Please create an account.")
session["user_id"] = None
session["user_name"] = None
return render_template("login.html")
return redirect("/userRecipes/%d" % user.id)
def valid_login_credentials( cls, request ):
user_name = request.json_body['email']
psw = request.json_body['password']
user = request.db.users.find({ 'profile.email' : user_name })
request.headers.update({
'Access-Control-Allow-Origin' : '*',
'Access-Control-Allow-Methods' : 'POST,GET,DELETE,PUT',
'Access-Control-Allow-Headers' : 'Origin, Content-Type, Accept, Authorization',
'Access-Control-Allow-Credentials' : 'true',
'Access-Control-Max-Age': '1728000',
})
if user.count() == 0:
request.errors.add('querystring', 'login Details', 'Your email or password are not correct!')
request.errors.status = 401
else:
userdata = dumps(user)
userdata_json = loads(userdata)
account_status = userdata_json[0]['profile']['account_active']
user_password = userdata_json[0]['profile']['password']
# verify password
is_verified = pbkdf2_sha256.verify( psw, user_password )
if account_status == False:
request.errors.add('querystring', 'account', 'Account not active')
elif user.count() > 0 and is_verified:
request.validated['username'] = userdata
request.validated['password'] = is_verified
else :
request.errors.add('querystring', 'username', 'Your username or password are not correct!')
request.errors.status = 401
def validate_user(f):
try:
results = db.query("SELECT * FROM users WHERE username=$username ORDER BY ROWID ASC LIMIT 1",
vars={'username': f.username.value})
user = results[0]
try:
valid_hash = pbkdf2_sha256.verify(f.password.value, user.password)
except ValueError as e:
web.debug('%s user=%s' % (str(e), user.username))
valid_hash = None
pass
date_now = datetime.datetime.now()
date_expires = datetime.datetime.combine(user.expires, datetime.time.min)
if date_now <= date_expires:
if valid_hash:
web.debug('login_success_hash: user=%s' % user.username)
return user
else:
web.debug('login_failed_hash: incorrect password user=%s, fallback to plaintext' % user.username)
if f.password.value == user.password:
web.debug('login_success_plaintext: user=%s' % user.username)
return user
else:
web.debug('login_failed_plaintext: incorrect password user=%s' % user.username)
return None
else:
web.debug('login_failed: expired account user=%s' % user.username)
return None
except IndexError, e:
web.debug('login_failed: not found user=%s' % f.username.value)
return None
def validate_password(self, password):
"""Check a password against an existing hash."""
if isinstance(password, unicode):
password = password.encode('utf-8')
hash = self.password
log.debug(password)
return pbkdf2_sha256.verify(password, hash)
def verifyPass(password, user):
if not dbLayer.userExists(user):
sys.exit(exits['userNotInDb'])
dbPass = dbLayer.getUser(user)['password']
if not pbkdf2_sha256.verify(password, dbPass):
sys.exit(exits['userpasscombo'])
return True
def authenticate(cls, email, password):
user = cls.query.filter_by(email=email).first()
if user and user.enabled and hasher.verify(password, user.password):
user.last_login = DT.now()
db.session.add(user)
db.session.commit()
db.session.refresh(user)
return user
def verifyuser():
username = request.form["username"]
password = request.form["password"]
dbuser = User.query.filter_by(username=username).first()
if dbuser is not None:
if pbkdf2_sha256.verify(password, dbuser.password):
return 'ok'
abort(401, 'failed')
def get_user_by_login(cls, email, password):
email = email.lower()
auth = Auth.get_by_id(email.lower())
if auth:
user = cls.get_by_id(auth.user)
if user.password and pbkdf2_sha256.verify(password, user.password):
return user
def login(self, user, pw):
users = _get_users()
for i in users:
if i[0] == user:
if hasher.verify(pw, i[1]):
self.username = user
self.authenticated = True
return True
return False
def checkCredentials(username, password, usersDict, contactStr = ""):
"""Verifies credentials for username and password.
Returns None on success or a string describing the error on failure"""
if usersDict == {}:
return None
for userNameKey in usersDict.keys():
if username == userNameKey and pbkdf2_sha256.verify(password, usersDict[userNameKey]['hash']) == True:
return None
return u"Incorrect username or password. %s" % (contactStr)
def check_user(username, password):
filename = "./databases/users/" + str(username).encode('ascii', 'ignore') + ".json"
if not os.path.isfile(filename):
return False
user = json.loads(open(filename).read())
if pbkdf2_sha256.verify(password, user["password"]):
return True
else:
return False
def isPasswordCorrect(login, password, dbfile):
conn = sqlite3.connect(dbfile)
c = conn.cursor()
c.execute('SELECT password FROM dbase WHERE login=?', (login, ))
conn.commit()
result = c.fetchall()
conn.close()
return pbkdf2_sha256.verify(password, str(result[0][0]))
def authenticate(uname, passwd):
try:
user = User.objects.filter(displayname=uname)
if pbkdf2_sha256.verify(passwd, user[0].password): # Compare the hashes of the password
return user[0]
else:
return None
except:
return None
def validate(username,password): try: librarian=getLibrarianPassword(username) if(pbkdf2_sha256.verify(password, librarian.password)): return True else: return False except Exception as e: return False
def verifyUser(user, password):
con = sqlite3.connect(DBNAME)
cursor = con.execute("SELECT PASSWORD FROM USERS WHERE USER_ID = ?", (user,))
rows = cursor.fetchone()
if rows is None:
return False
con.commit()
con.close()
return pbkdf2_sha256.verify(password, rows[0])
def test_insert(self, session):
_insert_data = UserMeta(username="******", user_type=1, password="******", public_key="/path/key1.pub")
session.add(_insert_data)
_query_data = session.query(UserMeta).filter_by(username="******").first()
self.assertEqual(_query_data.username, "Alice")
self.assertEqual(_query_data.user_type, 1)
self.assertEqual(_query_data.public_key, "/path/key1.pub")
self.assertTrue(pbkdf2_sha256.verify("badpasswd", _query_data.password))
def is_password_correct(self, password):
"""
This functions verify a password against an existing hash.
@param string password: password to be verified
@return boolean: True if password is correct, otherwise False
"""
return pbkdf2_sha256.verify(password, self.hashed_password)
def verify(cls, password, hash):
return pw_hasher.verify(password, hash)
def createAWSSpace():
data = request.json
# Verify required fields
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp(msg="User id is required", code=400)
if 'cid' in data:
cid = data['cid']
else:
return Response.make_error_resp(msg="Credential id is required",
code=400)
if 'password' in data:
password = data['password']
else:
return Response.make_error_resp(msg="Password is required", code=400)
#if 'cloudService' in data:
# validPlatforms = ["aws", "openstack"]
# cloudService = data['cloudService']
# if cloudService not in validPlatforms:
# return Response.make_error_resp(msg="invalid cloudService", code=400)
#else:
# return Response.make_error_resp(msg="Cloud Service Choice is required", code=400)
if 'spaceName' in data:
spaceName = data['spaceName'] + tf.genComponentID()
else:
return Response.make_error_resp(msg="Name of space required", code=400)
if 'availability_zone' in data:
availability_zone = data["availability_zone"]
else:
return Response.make_error_resp(msg="Availability Zone is required",
code=400)
# Get rid of unsafe characters in the name
safeSpaceName = spaceName.replace('/', '_')
safeSpaceName = safeSpaceName.replace(' ', '_')
# Create a safe path
spacePath = os.path.join("spaces", safeSpaceName)
# Get the users data
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="User does not exist", code=404)
# Create a new directory for the space
try:
os.makedirs(spacePath)
except FileExistsError as e:
print(e)
return Response.make_error_resp(msg="Space Name already used",
code=400)
except Exception as e:
print(e)
return Response.make_error_resp(msg="Error Creating Space Directory",
code=400)
# Verify the users password
if pbkdf2_sha256.verify(password, user.password):
tfPath = "terraformScripts/createSpace/aws"
requiredFiles = ["deploy.tf", "provider.tf"]
# Get the files from the source code directory
for file in requiredFiles:
copyfile(tfPath + "/" + file, spacePath + "/" + file)
# Get the aws creds object
try:
creds = AWSCreds.get((AWSCreds.id == cid) & (AWSCreds.uid == uid))
except AWSCreds.DoesNotExist:
return Response.make_error_resp(msg="Error Finding Creds",
code=404)
# Decrypt the user data
secretKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=creds.secretKey)
accessKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=creds.accessKey)
publicKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=user.publicKey)
# Generate the variables file
varPath = tf.generateAWSSpaceVars(secretKey, accessKey, publicKey,
availability_zone, safeSpaceName,
spacePath)
# Init the terraform directory
initResultCode = tf.init(spacePath)
print(initResultCode)
# Run the terrafom script
output, createResultCode = tf.create(spacePath)
# Check the result code for errors
if createResultCode != 0:
# Add destroy function here
print("Removing Inf")
tf.destroy(spacePath)
shutil.rmtree(spacePath)
return Response.make_error_resp(
msg="Error Creating Infrastructure", code=400)
# Remove the vars file
os.remove(varPath)
# Get data from the terraform outputs
keyPairId = output["key_pair"]["value"]
securityGroupId = output["security_group"]["value"]
subnetId = output["subnet"]["value"]
# Create the space object
newSpace = SpaceAWS.create(dir=spacePath,
keyPairId=keyPairId,
securityGroupId=securityGroupId,
name=safeSpaceName,
subnetId=subnetId,
uid=uid,
availabilityZone=availability_zone,
cid=cid,
id=str(uuid.uuid4()))
# Get the new space object
try:
newSpace = SpaceAWS.get(SpaceAWS.id == newSpace.id)
except AWSCreds.DoesNotExist as e:
return Response.make_error_resp(msg="Error Finding Creds",
code=404)
# Return the space data
res = {"id": newSpace.id, "name": newSpace.name}
return Response.make_json_response(res)
else:
return Response.make_error_resp(msg="Password is incorrect")
def check_password(self, password):
return pbsha.verify(password, self.password_hash)
def verify_password(self, raw_pass):
return pbkdf2_sha256.verify(raw_pass, self.pass_field)
def register():
data = request.get_json()
try:
username = str(data['username'].lower().strip())
device_id = str(data['device_id'])
session_key = str(data['session_key'])
recaptcha = str(data['recaptcha'])
challenge = str(data['challenge_key'])
password = str(data['password'])
except:
#print "error!"
return json.dumps({
'success': 0,
'error_type': RegistrationErrorType['validation']
})
if not validUsername(username) or not validDeviceID(device_id):
return json.dumps({
'success': 0,
'error_type': RegistrationErrorType['validation']
})
u_test = User.all().filter('username ='******'device_id =', device_id).get()
if u_test is None and did_test is None: # username and device ID does not exist
if not validPassword(password):
#print 'invalid password'
return json.dumps({
'success': 0,
'error_type': RegistrationErrorType['validation']
})
if not validReCaptcha(request.remote_addr, recaptcha, challenge):
return json.dumps({
'success': 0,
'error_type': RegistrationErrorType['recaptcha']
})
session_key = generate_session_key()
# hash password
pass_hash = pbkdf2_sha256.encrypt(password, rounds=2000, salt_size=16)
# store user in database
u = User(username=username,
device_id=device_id,
session_key=session_key,
password=pass_hash)
u.put()
return json.dumps({'success': 1, 'session_key': session_key})
elif did_test is not None and (u_test is None
or did_test.device_id == u_test.device_id
): # user re-registers on same device
#if did_test.password != password:
# return json.dumps({'success': 0, 'error_type': RegistrationErrorType['password']})
#if not validPassword(password):
# return json.dumps({'success': 0, 'error_type': RegistrationErrorType['validation']})
if did_test.session_key != session_key:
return json.dumps({
'success': 0,
'error_type': RegistrationErrorType['reauth']
})
else:
#logging.debug('changing username from ' + did_test.username + ' to ' + username)
# hash password and update user
did_test.username = username
#pass_hash = pbkdf2_sha256.encrypt(password, rounds=2000, salt_size=16)
#did_test.password = pass_hash
did_test.put()
return json.dumps({'success': 1, 'session_key': session_key})
elif u_test is not None:
if not validPassword(password):
return json.dumps({
'success': 0,
'error_type': RegistrationErrorType['validation']
})
if not validReCaptcha(request.remote_addr, recaptcha, challenge):
return json.dumps({
'success': 0,
'error_type': RegistrationErrorType['recaptcha']
})
if pbkdf2_sha256.verify(password, u_test.password):
# Remove current entry for an existing device ID
if did_test is not None:
did_test.delete()
# Change device ID of user and generate/return new session key
u_test.device_id = device_id
session_key = generate_session_key()
u_test.session_key = session_key
u_test.put()
return json.dumps({'success': 1, 'session_key': session_key})
else:
return json.dumps({
'success': 0,
'error_type': RegistrationErrorType['exists']
})
else:
return json.dumps({
'success': 0,
'error_type': RegistrationErrorType['exists']
})
def change_password(self, current_password, new_password):
if pbkdf2_sha256.verify(current_password, self.password):
self.password = self.encrypt_password(new_password)
def verify_hash(self, hashed_value):
return pbkdf2_sha256.verify(self.value, hashed_value)
def checa_senha(self, senha):
if cryp.verify(senha, self.__senha):
return True
return False
def do_login(username='', passwd=''):
if username != app.config['ADMIN_USERNAME']:
raise ValueError
if not pbkdf2_sha256.verify(passwd, app.config['ADMIN_PASSWORD']):
raise ValueError
session['logged_in'] = True
def check_password(user_password, password):
# check if passsord provided by user is the correct one
return pbkdf2_sha256.verify(password, user_password)
def verify_hash(self, password, hash):
return pbkdf2_sha256.verify(password, hash)
def check_password(self, password):
return pbkdf2_sha256.verify(password, self.password_hash)
def verify_hash(password, hash):
return sha256.verify(password, hash)
def removePlatform(id):
try:
platform = Platforms.get(Platforms.id == id)
except Platforms.DoesNotExist:
return Response.make_error_resp(msg="Platform Not Found", code=400)
data = request.json
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp(msg="User ID is required", code=400)
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
if 'password' in data:
password = data['password']
else:
return Response.make_error_resp(msg="Password is required", code=400)
if not pbkdf2_sha256.verify(password, user.password):
return Response.make_error_resp(msg="Password is Incorrect", code=400)
path = ""
if platform.cloudService == "aws":
space = SpaceAWS.get((SpaceAWS.id == platform.sid)
& (SpaceAWS.uid == uid))
creds = AWSCreds.get(AWSCreds.id == space.cid)
secretKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=creds.secretKey)
accessKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=creds.accessKey)
tf.generateAWSPlatformVars("", "", "", secretKey, accessKey, 0, "",
platform.dir)
elif platform.cloudService == "openstack":
space = SpaceOS.get((SpaceOS.id == platform.sid)
& (SpaceOS.uid == uid))
creds = OSCreds.get(OSCreds.id == space.cid)
osUsername = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=creds.username)
osPassword = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=creds.password)
authUrl = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=creds.authUrl)
tf.generateOSPlatformVars(osUsername, osPassword, space.tenantName,
authUrl, space.availabilityZone, "", "", "",
space.ipPool, space.securityGroup,
space.intNetwork, "", "", platform.dir)
elif platform.cloudService == "gcp":
creds = GCPCreds.get(GCPCreds.id == platform.cid)
gcpGenVars(user, password, creds, "", "", platform.name, platform.dir)
path = platform.dir
resultCode = tf.destroy(platform.dir)
if resultCode != 0:
return Response.make_error_resp(msg="Error deleting platform")
platform.delete_instance()
if path != "":
shutil.rmtree(path)
return Response.make_success_resp(msg="Platform Has been removed")
def check_password(self, raw_password):
return pbkdf2_sha256.verify(raw_password, self.password)
CURSOR.execute(
"INSERT INTO User(USERNAME, PASSWORD, FIRST_NAME, LAST_NAME, HEIGHT, WEIGHT, BIRTHDATE, GENDER) VALUES(?,?,?,?,?,?,?,?)",
info)
CONNECTION.commit()
def updateUser(self, username, newInfo):
info = newInfo + (username, )
CURSOR.execute(
"UPDATE User SET FIRST_NAME = '%s', LAST_NAME = '%s', HEIGHT = %d, WEIGHT = %d, GENDER = '%s' WHERE USERNAME = '******'"
% (info))
CONNECTION.commit()
def getUser(self, username):
statement = "SELECT * FROM User WHERE USERNAME = '******'" % (username)
CURSOR.execute(statement)
user_info = CURSOR.fetchone()
CONNECTION.commit()
if user_info is None: return None
return User(user_info)
USER_MODEL = UserModel()
if __name__ == "__main__":
u = User(("rrrit", "pass", "Phurit", "Warapattnapong", 181, 73,
"11/7/2001", "Male"))
USER_MODEL = UserModel()
USER_MODEL.insertUser(u)
print(userfromdb)
print(pbkdf2_sha256.verify(u.getPassword(), userfromdb.getPassword()))
def updateDataProcessing(id):
try:
platform = Platforms.get(Platforms.id == id)
except Platforms.DoesNotExist:
return Response.make_error_resp(msg="Platform Not Found", code=400)
data = dict(request.form)
if 'script' in request.files:
script = request.files['script']
else:
return Response.make_error_resp(msg="Script not in request", code=400)
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp(msg="User ID is required", code=400)
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
if 'password' in data:
password = data['password']
else:
return Response.make_error_resp(msg="Password is required", code=400)
if 'packages' in data:
packages = data['packages'].replace(" ", "").split(",")
else:
packages = []
if len(packages) != 0:
issue = checkPackages(packages)
if issue != "":
return Response.make_error_resp(msg=issue + " Package not valid",
code=400)
exsistingPackages = platform.packageList.split(",")
packages = exsistingPackages + packages + [
"pika==1.1.0", "influxdb", "pymongo"
]
if not pbkdf2_sha256.verify(password, user.password):
return Response.make_error_resp(msg="Password is Incorrect", code=400)
privateKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=user.privateKey)
updateAnsibleFiles = "ansiblePlaybooks/updateProcessing"
ansiblePath = os.path.join(platform.dir, "ansible", "updatePlatform")
if os.path.exists(ansiblePath):
shutil.rmtree(ansiblePath)
shutil.copytree(updateAnsibleFiles, ansiblePath)
script.save(
os.path.join(ansiblePath, "roles", "dmacklin.updateProcessing",
"templates", "dataProcessing.py"))
ab.generateRequirementsFile(packages, ansiblePath,
"dmacklin.updateProcessing")
output, error = ab.runPlaybook(platform.ipAddress, privateKey, ansiblePath,
"updateProcessing")
print(output)
print(error)
return Response.make_success_resp(msg="Script updated")
def verify_password(self, campoPassword, password):
"""Verifica se a Senha está Correta."""
return pbkdf2_sha256.verify(password, self.__dict__[campoPassword])
def createPlatform():
data = dict(request.form)
if 'script' in request.files:
script = request.files['script']
else:
script = None
externalVolume = None
if 'platformName' in data:
platformName = data["platformName"] + tf.genComponentID()
else:
return Response.make_error_resp(msg="Platform Requires Name", code=400)
if 'cloudService' in data:
cloudService = data['cloudService']
else:
return Response.make_error_resp(msg="Cloud Service Choice is required",
code=400)
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp(msg="User ID is required", code=400)
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
if 'password' in data:
password = data['password']
else:
return Response.make_error_resp(msg="Password is required", code=400)
if not pbkdf2_sha256.verify(password, user.password):
return Response.make_error_resp(msg="Password is Incorrect", code=400)
if 'sid' in data:
sid = data['sid']
else:
sid = ""
if "rabbitUser" in data:
rabbitUser = data['rabbitUser']
else:
rabbitUser = ""
if "rabbitPass" in data:
rabbitPass = data['rabbitPass']
else:
rabbitPass = ""
if "rabbitTLS" in data:
# Get string version of rabbitTLS flag as ansible is looking for a string
rabbitTLS = data['rabbitTLS']
else:
rabbitTLS = "false"
if "database" in data:
validDbs = ["influxdb", "mongodb", "mysqldb", "timescaledb"]
database = data['database']
if database not in validDbs:
return Response.make_error_resp(msg="Invalid database", code=400)
else:
return Response.make_error_resp(msg="Database is required", code=400)
if "dbFields" in data:
if database == "mysqldb" or database == "timescaledb":
try:
dbFields = json.loads(data["dbFields"])
except Exception as e:
print(e)
return Response.make_error_resp(msg="Invalid DB fields",
code=400)
else:
dbFields = None
else:
dbFields = None
if "dbsize" in data:
dbsize = int(data["dbsize"])
if dbsize % 10 != 0 or dbsize > 100:
return Response.make_error_resp(msg="Database Size is invalid")
else:
return Response.make_error_resp(msg="Database Size is required",
code=400)
if 'packages' in data:
packages = data['packages'].replace(" ", "").split(",")
else:
packages = []
if 'monitoring' in data:
monitoring = data["monitoring"]
if monitoring == "true":
monitoringFreq = data["monitoringFreq"]
else:
monitoringFreq = "30"
else:
monitoring = "false"
monitoringFreq = "30"
if len(packages) != 0:
issue = checkPackages(packages)
if issue != "":
return Response.make_error_resp(msg=issue + " Package not valid",
code=400)
packages = packages + [
"pika==1.1.0", "influxdb", "pymongo", "mysql-connector", "psycopg2"
]
safePlatformName = platformName.replace('/', '_')
safePlatformName = safePlatformName.replace(' ', '_')
cid = ""
space = ""
# ------------Terraform Setup------------#
validPlatforms = ["aws", "openstack", "gcp"]
if cloudService not in validPlatforms:
return Response.make_error_resp(msg="invalid cloudService", code=400)
# Define Terraform Variables
tfPath = ""
platformPath = ""
if cloudService == "aws":
tfPath = "terraformScripts/createPlatform/aws"
externalVolume = "/dev/nvme1n1"
try:
space = SpaceAWS.get((SpaceAWS.id == sid) & (SpaceAWS.uid == uid))
except SpaceAWS.DoesNotExist:
return Response.make_error_resp(msg="Error Finding Space",
code=400)
platformPath = os.path.join(space.dir, "platforms", safePlatformName)
elif cloudService == "openstack":
tfPath = "terraformScripts/createPlatform/openstack"
externalVolume = "/dev/vdb"
if 'flavorName' in data:
flavorName = data['flavorName']
else:
return Response.make_error_resp(
msg="Flavor Name Required for Openstack")
if 'imageName' in data:
imageName = data['imageName']
else:
return Response.make_error_resp(
msg="Image Name Required for Openstack")
try:
space = SpaceOS.get((SpaceOS.id == sid) & (SpaceOS.uid == uid))
except SpaceOS.DoesNotExist:
return Response.make_error_resp(msg="Error Finding Space",
code=400)
platformPath = os.path.join("openstack", "platforms", safePlatformName)
elif cloudService == "gcp":
tfPath = "terraformScripts/createPlatform/gcp"
externalVolume = "/dev/sdb"
if 'zone' in data:
zone = data['zone']
else:
return Response.make_error_resp(msg="Zone Required for GCP")
if 'cid' in data:
cid = data['cid']
else:
return Response.make_error_resp(msg="Credentials Required for GCP")
try:
creds = GCPCreds.get((GCPCreds.id == cid) & (GCPCreds.uid == uid))
except SpaceOS.DoesNotExist:
return Response.make_error_resp(msg="Error Finding Credentials",
code=400)
platformPath = os.path.join("gcp", "platforms", safePlatformName)
try:
shutil.copytree(tfPath, platformPath)
except FileExistsError as e:
return Response.make_error_resp(msg="Platform Name already used",
code=400)
if cloudService == "aws":
print(dbsize)
varPath = awsGenVars(user, password, space, dbsize, safePlatformName,
platformPath)
if varPath == "Error Finding Creds":
return Response.make_error_resp(msg="Error Finding Creds",
code=400)
elif cloudService == "openstack":
print(dbsize)
varPath = osGenVars(user, password, space, flavorName, imageName,
dbsize, safePlatformName, platformPath)
if varPath == "Error Finding Creds":
return Response.make_error_resp(msg="Error Finding Creds",
code=400)
elif cloudService == "gcp":
print(dbsize)
varPath, accountPath, keyPath = gcpGenVars(user, password, creds, zone,
dbsize, safePlatformName,
platformPath)
#------------Ansible Setup------------#
createAnsibleFiles = "ansiblePlaybooks/createPlatform"
ansiblePath = os.path.join(platformPath, "ansible", "createPlatform")
shutil.copytree(createAnsibleFiles, ansiblePath)
if script:
script.save(
os.path.join(ansiblePath, "roles", "dmacklin.mytInstall",
"templates", "dataProcessing.py"))
if dbFields:
ab.createSQLInit(ansiblePath, dbFields, database)
ab.updateAnsiblePlaybookVars(cloudService, externalVolume, database,
rabbitTLS, monitoring, monitoringFreq,
ansiblePath)
ab.generateMyTConfig(rabbitUser, rabbitPass, rabbitTLS, database,
ansiblePath)
ab.generateRequirementsFile(packages, ansiblePath, "dmacklin.mytInstall")
# ------------Terraform Create------------#
initResultCode = tf.init(platformPath)
output, createResultCode = tf.create(platformPath)
print(createResultCode)
if createResultCode != 0:
# Add destroy function here
print("Removing Inf")
tf.destroy(platformPath)
shutil.rmtree(platformPath)
return Response.make_error_resp(msg="Error Creating Infrastructure",
code=400)
# Remove the vars file
os.remove(varPath)
if cloudService == "gcp":
os.remove(accountPath)
os.remove(keyPath)
isUp = serverCheck(output["instance_ip_address"]["value"])
if not isUp:
return Response.make_error_resp(msg="Error Contacting Server")
# ------------Ansible Create------------#
privateKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=user.privateKey)
aboutput, aberror = ab.runPlaybook(output["instance_ip_address"]["value"],
privateKey, ansiblePath,
"installService")
print(aboutput)
print(aberror)
# ------------Save Platform------------#
newPlatform = Platforms.create(
dir=platformPath,
name=safePlatformName,
uid=user.uid,
sid=sid,
cid=cid,
cloudService=cloudService,
ipAddress=output["instance_ip_address"]["value"],
packageList=data['packages'],
database=database,
dbsize=dbsize,
id=str(uuid.uuid4()))
try:
platform = Platforms.get(Platforms.id == newPlatform.id)
except Platforms.DoesNotExist:
return Response.make_error_resp(msg="Platform Not Found", code=400)
# ------------Return Data------------#
if rabbitTLS == "true":
filename = "cert_rabbitmq.zip"
dumpPath = os.path.join(ansiblePath, filename)
try:
return send_file(dumpPath,
attachment_filename=filename,
as_attachment=True,
mimetype="application/zip")
except Exception as e:
print(e)
return Response.make_error_resp("Error Getting Certs", code=400)
else:
res = {"id": platform.id, "name": platform.name}
return Response.make_data_resp(res)
def databaseDump(id):
data = request.json
try:
platform = Platforms.get(Platforms.id == id)
except Platforms.DoesNotExist:
return Response.make_error_resp(msg="Platform Not Found", code=400)
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp(msg="User ID is required", code=400)
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
if 'password' in data:
password = data['password']
else:
return Response.make_error_resp(msg="Password is required", code=400)
if not pbkdf2_sha256.verify(password, user.password):
return Response.make_error_resp(msg="Password is Incorrect", code=400)
database = platform.database
privateKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=user.privateKey)
dumpAnsibleFiles = "ansiblePlaybooks/dataBaseDump"
ansiblePath = os.path.join(platform.dir, "ansible", "dataBaseDump")
if os.path.exists(ansiblePath):
shutil.rmtree(ansiblePath)
shutil.copytree(dumpAnsibleFiles, ansiblePath)
ab.updateDBDumpVars(database, ansiblePath)
output, error = ab.runPlaybook(platform.ipAddress, privateKey, ansiblePath,
"dbDump")
print(output)
print(error)
filename = ""
dumpPath = ""
if database == "influxdb":
filename = "influxdump.zip"
dumpPath = os.path.join(ansiblePath, filename)
elif database == "mongodb":
filename = "mongodump.zip"
dumpPath = os.path.join(ansiblePath, filename)
try:
return send_file(dumpPath,
attachment_filename=filename,
as_attachment=True,
mimetype="application/zip")
except Exception as e:
print(e)
return Response.make_error_resp("Error Getting Dump", code=400)
def verify_password(password, raw_password):
return pbkdf2_sha256.verify(raw_password, password)
def checkPass(self, nom, passw):
usuari = self.collection.find_one({'username': nom})
return pbkdf2_sha256.verify(passw, usuari['password'])
def createOSSpace():
data = request.json
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp(msg="User ID is required", code=400)
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
if 'password' in data:
password = data['password']
else:
return Response.make_error_resp(msg="Password is required", code=400)
if "cid" in data:
cid = data["cid"]
else:
return Response.make_error_resp(msg="Creds id is required", code=400)
if "tenantName" in data:
tenantName = data["tenantName"]
else:
return Response.make_error_resp(msg="Tenant Name is required",
code=400)
if "availabilityZone" in data:
availabilityZone = data["availabilityZone"]
else:
return Response.make_error_resp(msg="Availability Zone is required",
code=400)
if "ipPool" in data:
ipPool = data["ipPool"]
else:
return Response.make_error_resp(msg="Ip Pool is required", code=400)
if "securityGroup" in data:
securityGroup = data["securityGroup"]
else:
return Response.make_error_resp(msg="Security Group is required",
code=400)
if "intNetwork" in data:
intNetwork = data["intNetwork"]
else:
return Response.make_error_resp(msg="intNetwork is required", code=400)
if "name" in data:
name = data["name"]
else:
return Response.make_error_resp(msg="Name is required", code=400)
if pbkdf2_sha256.verify(password, user.password):
# Get the aws creds object
try:
creds = OSCreds.get((OSCreds.id == cid) & (OSCreds.uid == uid))
except OSCreds.DoesNotExist:
return Response.make_error_resp(msg="Error Finding Creds",
code=404)
newSpace = SpaceOS.create(name=name,
tenantName=tenantName,
availabilityZone=availabilityZone,
ipPool=ipPool,
securityGroup=securityGroup,
intNetwork=intNetwork,
uid=uid,
cid=cid,
id=str(uuid.uuid4()))
# Get the new space object
try:
newSpace = SpaceOS.get(SpaceOS.id == newSpace.id)
except AWSCreds.DoesNotExist as e:
return Response.make_error_resp(msg="Error Finding new Space",
code=404)
# Return the space data
res = {"id": newSpace.id, "name": newSpace.name}
return Response.make_json_response(res)
else:
return Response.make_error_resp(msg="Password is incorrect")
def new_signup():
# forms to handle sign up and sign in
signup_form = web_forms.SignUpForm()
signin_form = web_forms.SignInForm()
login = True
if request.method == 'POST':
if signin_form.data['submit_bttn']:
if signin_form.validate_on_submit():
username = signin_form.data['username_field']
password = signin_form.data['password_field']
result = db.select('users', ['password', 'user_id'],
['username'], [username])
log.info('here is result: {}'.format(result))
if result:
hash = result['password']
password_match = pbkdf2_sha256.verify(password, hash)
if password_match:
curr_user = User(result['user_id'])
login_user(curr_user)
next_url = request.args.get('next')
if not is_safe_url(next_url):
return abort(400)
if not current_user.is_profile_complete():
flash(
'Please complete your profile before continuing!'
)
return redirect(next_url or url_for('profile'))
return redirect(next_url or url_for('team'))
signin_form.username_field.errors.append(
"Invalid Username or Password.")
elif signup_form.data['submit']:
if signup_form.validate():
# create token
token = ts.dumps(signup_form.data['email'],
salt='email-confirm-key')
# build url
confirm_url = url_for('confirm_email',
token=token,
_external=True)
# set up html that makes up email
html = render_template('signup_email.html',
validate_url=confirm_url,
user={
'first': signup_form.data['first'],
'last': signup_form.data['last']
})
# create thread to speed up process
subject = "Confirm Your Email"
t1 = threading.Thread(target=util_basic.send_email,
args=(signup_form.data['email'], html,
subject))
t1.start()
# create user
curr_user = User.user_from_form(signup_form.data)
# log user in
login_user(curr_user)
# wait for thread
t1.join()
# flash message and redirect user to their new profile page
flash(
'Please check your email and follow the instructions to confirm your email address.',
'alert-success')
return redirect(url_for('profile'))
login = False
return render_template(
'signup.html',
sign_up=signup_form,
sign_in=signin_form,
login=login,
_url=
"https://s3-us-west-2.amazonaws.com/athlessary-images/defaults/login_photo.jpg"
)
def verifyUser(user, pwd):
person = getUser(user)
return (person and pbkdf2_sha256.verify(pwd, person['password']))
def is_password_valid(password: str, password_hash: str) -> bool:
result: bool = pbkdf2_sha256.verify(password, password_hash)
return result
def verify(password, password_storaged):
return pbkdf2_sha256.verify(password, password_storaged)
def verify_password(self, password):
return pbkdf2_sha256.verify(password, self.password)
def verify_password(self, password):
#return pwd_context.verify(password, self.password_hash)
return pbkdf2_sha256.verify(password, self.password_hash)
def verify_hash(password, hash):
# Verifies the hash against the password
return sha256.verify(password, hash)
