def changePassword():
usr_cookie = request.cookies.get("S_ID")
ip = request.environ['REMOTE_ADDR']
user_UUID = cookies.getUUID(usr_cookie, ip)
csrf_token = request.form.get("token")
if user_UUID == None:
return logoutResponse({
"code":
"danger",
"reason":
"You have been automatically logged out. Please log in again."
})
captcha_code = request.form.get("g-recaptcha-response")
captcha_resp = Verification.verifyCaptchaCode(captcha_code, ip)
if captcha_resp != True:
ret = {"code": "warning", "reason": "Captcha failed"}
return jsonify(ret)
elif not cookies.validateCSRF(usr_cookie, csrf_token):
ret = {"code": "warning", "reason": "CSRF Error."}
else:
old_password = request.form.get("old_p") + P_VALUE
new_password = request.form.get("new_p") + P_VALUE
veri_password = request.form.get("ver_p") + P_VALUE
if new_password != veri_password:
ret = {"code": "warning", "reason": "New passwords do not match"}
else:
username = DB_Manager.getUsername(user_UUID)
u_salt = DB_Manager.execute(
"AUTH", '''SELECT salt FROM User_Auth WHERE (UUID = '%s');''',
user_UUID)
if (len(u_salt) == 0):
ret = {"code": "warning", "reason": "Unknown error"}
else:
u_salt = u_salt[0][0]
u_salt = bytearray.fromhex(u_salt)
e_password = pbkdf2(old_password, u_salt).digest()
if DB_Manager.authenticateUser(username, e_password) == True:
new_salt = Token_generator.new_crypto_bytes(20)
salted_pwd = pbkdf2(new_password, new_salt).digest()
veri_code = Token_generator.new_crypto_bytes(16).hex()
x2 = DB_Manager.changePassword(username, salted_pwd,
new_salt.hex(), veri_code)
if x2 == None:
ret = {
"code": "warning",
"reason": "Error with new password"
}
else:
ret = {"code": "success"}
else:
ret = {"code": "warning", "reason": "Old password incorrect."}
return jsonify(ret)
def createUser():
global cookies
#print("fields: ", request.form)
UUID = Token_generator.new_crypto_bytes(16).hex()
verification_code = Token_generator.new_crypto_bytes(16).hex()
username = request.form.get("usernameInput")
password = request.form.get("passwordInput") + P_VALUE
email = request.form.get("emailInput")
forename = request.form.get("forenameInput")
surname = request.form.get("surnameInput")
DOB = request.form.get("dobInput")
ip = request.environ['REMOTE_ADDR']
password_blacklist = [
"uea", "pirate", "cove", "piratecove", "password", "topsecret", "123",
"12345", "qwerty", "abc", email, forename, surname, username
]
flag, level, mess = checkValidPassword(password, password_blacklist)
if flag == False:
ret = {"code": level, "reason": mess}
return jsonify(ret)
captcha_code = request.form.get("g-recaptcha-response")
captcha_resp = Verification.verifyCaptchaCode(captcha_code, ip)
if captcha_resp == False:
ret = {"code": "warning", "reason": "Captcha failed"}
return jsonify(ret)
print("Passed captcha veri")
salt = Token_generator.new_crypto_bytes(20)
salted_pwd = pbkdf2(password, salt).digest()
x1 = DB_Manager.execute(
"ALTER",
'''INSERT INTO Users VALUES ('%s', '%s', '%s', '%s', '%s', '%s')''',
UUID, username, email, forename, surname, DOB)
x2 = DB_Manager.changePassword(username, salted_pwd, salt.hex(),
verification_code)
if x1 == None or x2 == None:
ret = {
"code": "warning",
"reason": "There was an issue with your request"
}
return jsonify(ret)
else:
Verification.sendVerificationEmail(email, forename, verification_code)
ret = {"code": "success"}
return jsonify(ret)
ret = {"code": "warning", "reason": "There was an issue with your request"}
return jsonify(ret)
def deleteAccount():
usr_cookie = request.cookies.get("S_ID")
ip = request.environ['REMOTE_ADDR']
user_UUID = cookies.getUUID(usr_cookie, ip)
csrf_token = request.form.get("token")
if user_UUID == None:
return logoutResponse({
"code":
"danger",
"reason":
"You have been automatically logged out. Please log in again."
})
elif not cookies.validateCSRF(usr_cookie, csrf_token):
ret = {"code": "warning", "reason": "CSRF Error."}
return jsonify(ret)
captcha_code = request.form.get("g-recaptcha-response")
captcha_resp = Verification.verifyCaptchaCode(captcha_code, ip)
if captcha_resp != True:
ret = {"code": "warning", "reason": "Captcha failed"}
return jsonify(ret)
else:
cookies.deleteCookie(usr_cookie, ip)
x1 = DB_Manager.execute(
"ALTER", '''DELETE FROM Comments WHERE (user_UUID='%s')''',
user_UUID)
x2 = DB_Manager.execute(
"ALTER", '''DELETE FROM Posts WHERE (user_UUID='%s')''', user_UUID)
x3 = DB_Manager.execute("ALTER",
'''DELETE FROM User_Auth WHERE (UUID='%s')''',
user_UUID)
x4 = DB_Manager.execute("ALTER",
'''DELETE FROM Users WHERE (UUID='%s')''',
user_UUID)
if x1 == None or x2 == None or x3 == None or x4 == None:
ret = {"code": "warning", "reason": "Unknown error deleting user."}
else:
ret = {"code": "success"}
return jsonify(ret)