Beispiel #1
def login():
    if request.method == "POST":
        user = request.form['user']
        passw = request.form['passw']
        return "False"
    # get user collection
    users = util.get_collection('users')
    # find the user in the collection
    user_data = users.find_one({"user": user})
    # if the login details match up
    if user_data and user_data['passw'] == util.sha512(user + passw):
        # create a salt so the same session key is only valid once
        session_salt = util.sha512(os.urandom(512))
        # add the salt to the database so we can verify it later
        util.update_user(user_data['_id'], {"session_salt": session_salt})
        # construct a session key from the salt
        session_key = util.sha512(session_salt + user_data['passw'])
        userID = str(user_data['_id'])
        del user_data['_id']# delete sensitive variables
        del user_data['passw']# ^^^^^^^^^^^^^^^^^^^^^^^^
        del user_data['session_salt']# ^^^^^^^^^^^^^^^^^
        # User logged in. Gibbe (session) cookies
        return json.dumps({
            "session": session_key,
            "userID": userID,
            "details": user_data
        return "False"
Beispiel #2
def register():
    user = request.form['user']
    passw = request.form['passw']
    if "details" in request.form:
        details = request.form['details']
        details = json.loads(details)
        details = False
    # get the users collection
    users = util.get_collection('users')
    # construct user model
    userData = {
        "user": user,
        "passw": util.sha512(user + passw),   # Effective permanent salt
        "details": details,
        "session_salt": False
    # make sure user is not already registered
    if users.find({"user": user}).count() > 0:
        return "userTaken"
    # validate the username and password
    elif len(user) < 140 and len(passw) >= 6 and len(passw) < 140:
        # insert the user into the database and return their id
        # log the user in
        return login()
        # Only broken clients will recieve this error
        return "error"
Beispiel #3
 def store(self, data, collection, visible=False):
     collection = util.get_collection(collection)
     # Note: If the user stores data with key='visible', it will be
     # overwritten here for security reasons.
     # Note: Documents with visible=True can be read by the front end
     # which includes the user! So no password hashes. No sensitive info
     # unless it's their own.
     data['visible'] = visible
Beispiel #4
 def store(self, data, collection, visible=False):
     collection = util.get_collection(collection)
     # Note: If the user stores data with key='visible', it will be
     # overwritten here for security reasons.
     # Note: Documents with visible=True can be read by the front end
     # which includes the user! So no password hashes. No sensitive info
     # unless it's their own.
     data['visible'] = visible