def post(self):
if 'login-username' not in request.form or 'login-pass' not in request.form:
return self.invalid_login()
else:
self.username = request.form['login-username']
self.password = request.form['login-pass']
user = config.checkLogin(self.username, self.password)
# got the correct data, attempt to evaluate it
if user == False:
return self.invalid_login()
else:
self.json['logged_in'] = True
self.json['error'] = ''
response = app.make_response(json.dumps(self.json))
session_id = hashlib.md5(user['account'] + user['password'] + str(int(time.time()))).hexdigest()
# generate a response and a session id
config.db.users.update({'account': user['account']}, {'$set': {'session_id': session_id}})
# update the session id in the database
response.set_cookie('session-id', session_id)
response.set_cookie('tab-options', '{}')
# set the cookies
response.headers['Content-Type'] = 'application/json'
return response
def handlePassword(self):
if 'current-pass' not in request.form or 'new-pass' not in request.form or 'confirm-pass' not in request.form:
self.json['error_message'].append(self.responses['PASS_REQUIRED'])
else:
current_pass = request.form['current-pass']
current_hash = hashlib.sha512(hashlib.sha512(current_pass).hexdigest() + str(int(self.user['salt']))).hexdigest()
new_pass = request.form['new-pass']
confirm_pass = request.form['confirm-pass']
if current_hash != self.user['password']:
self.json['error_message'].append(self.responses['INCOR_PASS'])
if len(new_pass) < 7 or len(new_pass) > 25:
self.json['error_message'].append(self.responses['INVAL_PASS'])
if new_pass != confirm_pass:
self.json['error_message'].append(self.responses['MISMATCH_PASS'])
# validate our inputs
if len(self.json['error_message']) > 0:
self.json['error'] = True
else:
self.json['error'] = False
self.json['success_message'] = self.responses['SUCCESS_PASS']
new_pass_hash = hashlib.sha512(hashlib.sha512(new_pass).hexdigest() + str(int(self.user['salt']))).hexdigest()
newdata = {'$set': {'password': new_pass_hash}}
config.db.users.update({'account': self.username}, newdata)
response = app.make_response(json.dumps(self.json))
# update the record in our mongodb
response.set_cookie('login-pass-hash', new_pass_hash)
# over write the cookie so they don't get logged out
return response
def handleEmail(self):
if 'current-email' not in request.form or 'new-email' not in request.form or 'confirm-email' not in request.form:
self.json['error_message'].append(self.responses['EMAIL_REQUIRED'])
else:
current_email = request.form['current-email']
new_email = request.form['new-email']
confirm_email = request.form['confirm-email']
signup_row = config.db.users.find_one({'email': new_email})
if current_email != self.user['email']:
self.json['error_message'].append(self.responses['INCOR_EMAIL'])
if not re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$', new_email, re.IGNORECASE):
self.json['error_message'].append(self.responses['INVAL_EMAIL'])
if signup_row != None:
self.json['error_message'].append(self.responses['USED_EMAIL'])
if new_email != confirm_email:
self.json['error_message'].append(self.responses['MISMATCH_EMAIL'])
# validate our inputs
if len(self.json['error_message']) > 0:
self.json['error'] = True
else:
self.json['error'] = False
self.json['success_message'] = self.responses['SUCCESS_EMAIL']
newdata = {'$set': {'email': new_email}}
config.db.users.update({'account': self.username}, newdata)
# update the record in our mongodb
return app.make_response(json.dumps(self.json))
def invalid_login(self):
self.json['logged_in'] = False
self.json['error'] = 'Incorrect login details'
response = app.make_response(json.dumps(self.json))
response.set_cookie('session-id', '')
response.headers['Content-Type'] = 'application/json'
return response
def post(self, req_type): self.json['error'] = False self.json['error_message'] = [] self.json['success_message'] = '' # reset the json responses if self.checkAccess() == False: self.json['error'] = True self.json['error_message'].append(self.responses['NO_ACCESS']) return app.make_response(json.dumps(self.json)) # check for access else: if req_type == 'settings': return self.handleSettings() elif req_type == 'email': return self.handleEmail() elif req_type == 'password': return self.handlePassword() else: self.json['error'] = True return app.make_response(json.dumps(self.json))
def get(self):
self.json['error'] = False
self.json['error_message'] = []
self.json['success_message'] = ''
# reset the json responses
if self.checkAccess() == False:
self.json['error'] = True
self.json['error_message'].append(self.responses['NO_ACCESS'])
return app.make_response(json.dumps(self.json))
# check for access
else:
return render_template('network.html')
def get(self):
self.json['error'] = False
self.json['error_message'] = []
self.json['success_message'] = ''
# reset the json responses
if self.checkAccess() == False:
self.json['error'] = True
self.json['error_message'].append(self.responses['NO_ACCESS'])
return app.make_response(json.dumps(self.json))
# check for access
else:
return render_template('network.html')
def post(self, req_type):
self.json['error'] = False
self.json['error_message'] = []
self.json['success_message'] = ''
# reset the json responses
if req_type == 'false':
return self.handleRequest()
elif req_type == 'true':
return self.handleNewPassword()
else:
self.json['error'] = True
self.json['error_message'].append(self.responses['INVAL_URI'])
return app.make_response(json.dumps(self.json))
def post(self, req_type): self.json['error'] = False self.json['error_message'] = [] self.json['success_message'] = '' # reset the json responses if req_type == 'false': return self.handleRequest() elif req_type == 'true': return self.handleNewPassword() else: self.json['error'] = True self.json['error_message'].append(self.responses['INVAL_URI']) return app.make_response(json.dumps(self.json))
def handleNewPassword(self):
if 'account-id' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form:
self.json['error_message'].append(self.responses['PASS_REQUIRED'])
else:
try:
_id = bson.ObjectId(oid=str(request.form['account-id']))
except Exception, e:
self.json['error'] = True
self.json['error_message'].append(self.responses['INVAL_ACC'])
return app.make_response(json.dumps(self.json))
# bail immediately if the object id is invalid
password = request.form['password']
confirm = request.form['confirm-password']
# setup some variables
account_row = config.db.users.find_one({'_id': _id})
if account_row == None:
self.json['error_message'].append(self.responses['INVAL_ACC'])
# check account id
if len(password) < 7 or len(password) > 25:
self.json['error_message'].append(self.responses['INVAL_PASS'])
if password != confirm:
self.json['error_message'].append(
self.responses['MISMATCH_PASS'])
# validate size and email address validity
if len(self.json['error_message']) > 0:
self.json['error'] = True
else:
password_hash = hashlib.sha512(
hashlib.sha512(password).hexdigest() +
str(int(account_row['salt']))).hexdigest()
account_row['extra']['reset_password_ts'] = 0
account_row['extra']['reset_password_link'] = ''
newdata = {
'$set': {
'password': password_hash,
'extra': account_row['extra']
}
}
update = config.db.users.update({'_id': _id}, newdata)
# update the password
self.json['error'] = False
self.json['success_message'] = self.responses['SUCCESS_PASS']
def get(self):
if self.checkAccess() == False:
response = app.make_response(json.dumps(self.json))
response.headers['Content-Type'] = 'application/json'
return response
# invalid user, return an empty array
node_object = self.collection.find_one({'_id': self.user['node']})
if node_object == None:
node_object = self.collection.find(limit = 1, skip = random.randrange(0, self.collection.count()))
node_object = node_object[0]
# cant find a node object, get a new one
self.json['logged_in'] = True
self.json['username'] = self.username
self.json['session_id'] = self.user['session_id']
self.json['settings'] = self.user['settings']
self.json['endpoint'] = node_object['endpoint']
# give the return object some information
response = app.make_response(json.dumps(self.json))
response.headers['Content-Type'] = 'application/json'
return response
def get(self):
self.json['error'] = False
self.json['error_message'] = []
self.json['success_message'] = ''
# reset the json responses
if self.checkAccess() == False:
self.json['error'] = True
self.json['error_message'].append(self.responses['NO_ACCESS'])
return app.make_response(json.dumps(self.json))
# check for access
else:
timestamp_format = ' checked' if self.user['settings']['timestamp_format'] == 1 else ''
return render_template('settings.html', yourName = self.user['real'], ircNickname = self.user['nick'], highlightWords = self.user['highlight_words'], autoComplete = self.user['settings']['autocompletion'], timestampFormat = timestamp_format)
def handleNewPassword(self):
if 'account-id' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form:
self.json['error_message'].append(self.responses['PASS_REQUIRED'])
else:
try:
_id = bson.ObjectId(oid = str(request.form['account-id']))
except Exception, e:
self.json['error'] = True
self.json['error_message'].append(self.responses['INVAL_ACC'])
return app.make_response(json.dumps(self.json))
# bail immediately if the object id is invalid
password = request.form['password']
confirm = request.form['confirm-password']
# setup some variables
account_row = config.db.users.find_one({'_id': _id})
if account_row == None:
self.json['error_message'].append(self.responses['INVAL_ACC'])
# check account id
if len(password) < 7 or len(password) > 25:
self.json['error_message'].append(self.responses['INVAL_PASS'])
if password != confirm:
self.json['error_message'].append(self.responses['MISMATCH_PASS'])
# validate size and email address validity
if len(self.json['error_message']) > 0:
self.json['error'] = True
else:
password_hash = hashlib.sha512(hashlib.sha512(password).hexdigest() + str(int(account_row['salt']))).hexdigest()
account_row['extra']['reset_password_ts'] = 0
account_row['extra']['reset_password_link'] = ''
newdata = {
'$set': {
'password': password_hash,
'extra': account_row['extra']
}
}
update = config.db.users.update({'_id': _id}, newdata)
# update the password
self.json['error'] = False
self.json['success_message'] = self.responses['SUCCESS_PASS']
def handleSignup(self):
if 'your-name' not in request.form or 'irc-nickname' not in request.form or 'email-address' not in request.form or 'username' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form:
self.json['error_message'].append(self.responses['REQUIRED'])
else:
self.name = request.form['your-name']
self.nick = request.form['irc-nickname']
self.email = request.form['email-address']
self.username = request.form['username']
self.password = request.form['password']
self.confirm_pass = request.form['confirm-password']
# assign the variables
signup_row_a = config.db.users.find_one({'account': self.username})
signup_row_e = config.db.users.find_one({'email': self.email})
# see if we can find the user information
if len(self.username) < 4 or len(self.username) > 25 or not re.match(r'[a-z0-9-_]*$', self.username, re.IGNORECASE):
self.json['error_message'].append(self.responses['INVAL_USER'])
if signup_row_a != None:
self.json['error_message'].append(self.responses['USED_USER'])
if len(self.name) > 35:
self.json['error_message'].append(self.responses['INVAL_NAME'])
if not re.match(r'[a-z_\-\[\]\\^{}|`][a-z0-9_\-\[\]\\^{}|`]*$', self.nick, re.IGNORECASE) or len(self.nick) > 30:
self.json['error_message'].append(self.responses['INVAL_NICK'])
if not re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$', self.email, re.IGNORECASE):
self.json['error_message'].append(self.responses['INVAL_EMAIL'])
if signup_row_e != None:
self.json['error_message'].append(self.responses['USED_EMAIL'])
if len(self.password) < 6 or len(self.password) > 25:
self.json['error_message'].append(self.responses['INVAL_PASS'])
if self.confirm_pass != self.password:
self.json['error_message'].append(self.responses['INVAL_CPASS'])
# validate size and email address validity
if len(self.json['error_message']) > 0:
self.json['error'] = True
else:
self.insertUser()
return app.make_response(json.dumps(self.json))
def handleSignup(self):
if 'your-name' not in request.form or 'irc-nickname' not in request.form or 'email-address' not in request.form or 'username' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form:
self.json['error_message'].append(self.responses['REQUIRED'])
else:
self.name = request.form['your-name']
self.nick = request.form['irc-nickname']
self.email = request.form['email-address']
self.username = request.form['username']
self.password = request.form['password']
self.confirm_pass = request.form['confirm-password']
# assign the variables
signup_row_a = config.db.users.find_one({'account': self.username})
signup_row_e = config.db.users.find_one({'email': self.email})
# see if we can find the user information
if len(self.username) < 4 or len(self.username) > 25 or not re.match(r'[a-z0-9-_]*$', self.username, re.IGNORECASE):
self.json['error_message'].append(self.responses['INVAL_USER'])
if signup_row_a != None:
self.json['error_message'].append(self.responses['USED_USER'])
if len(self.name) > 35:
self.json['error_message'].append(self.responses['INVAL_NAME'])
if not re.match(r'[a-z_\-\[\]\\^{}|`][a-z0-9_\-\[\]\\^{}|`]*$', self.nick, re.IGNORECASE) or len(self.nick) > 30:
self.json['error_message'].append(self.responses['INVAL_NICK'])
if not re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$', self.email, re.IGNORECASE):
self.json['error_message'].append(self.responses['INVAL_EMAIL'])
if signup_row_e != None:
self.json['error_message'].append(self.responses['USED_EMAIL'])
if len(self.password) < 6 or len(self.password) > 25:
self.json['error_message'].append(self.responses['INVAL_PASS'])
if self.confirm_pass != self.password:
self.json['error_message'].append(self.responses['INVAL_CPASS'])
# validate size and email address validity
if len(self.json['error_message']) > 0:
self.json['error'] = True
else:
self.insertUser()
return app.make_response(json.dumps(self.json))
def handleSettings(self):
if 'your-name' not in request.form or 'irc-nickname' not in request.form or 'autocompletion' not in request.form:
self.json['error_message'].append(self.responses['SET_REQUIRED'])
else:
name = request.form['your-name']
nick = request.form['irc-nickname']
autocompletion = request.form['autocompletion']
timestamp_format = 0 if 'timestamp-format' not in request.form else 1
highlight_words = '' if 'highlight-words' not in request.form else request.form['highlight-words']
if len(name) > 35:
self.json['error_message'].append(self.responses['INVAL_NAME'])
if not re.match(r'[a-z_\-\[\]\\^{}|`][a-z0-9_\-\[\]\\^{}|`]*$', nick, re.IGNORECASE) or len(nick) > 30:
self.json['error_message'].append(self.responses['INVAL_NICK'])
if not re.match(r'^([,|:|\-]|\s+[,|:|\-])$', autocompletion, re.IGNORECASE):
self.json['error_message'].append(self.responses['INVAL_AUTOC'])
# validate our inputs
if len(self.json['error_message']) > 0:
self.json['error'] = True
else:
self.json['error'] = False
self.json['success_message'] = self.responses['SUCCESS_SET']
newdata = {
'$set': {
'real': name,
'nick': nick,
'highlight_words': highlight_words,
'settings.timestamp_format': timestamp_format,
'settings.autocompletion': autocompletion
}
}
config.db.users.update({'account': self.username}, newdata)
# update the record in our mongodb
return app.make_response(json.dumps(self.json))
def get(self):
response = app.make_response(redirect('/'))
response.set_cookie('session-id', '')
response.set_cookie('tab-options', '')
return response
def get(self):
response = app.make_response(redirect('/'))
response.set_cookie('session-id', '')
response.set_cookie('tab-options', '')
return response
else: self.json['error_message'].append(self.responses['ALREADY_SENT']) # is the email already been sent? if len(self.json['error_message']) > 0: self.json['error'] = True elif email_sent == False: self.json['error'] = True self.json['error_message'].append(self.responses['FAILED']) else: self.json['error'] = False self.json['success_message'] = self.responses['SUCCESS'] # check for errors return app.make_response(json.dumps(self.json)) def handleNewPassword(self): if 'account-id' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form: self.json['error_message'].append(self.responses['PASS_REQUIRED']) else: try: _id = bson.ObjectId(oid = str(request.form['account-id'])) except Exception, e: self.json['error'] = True self.json['error_message'].append(self.responses['INVAL_ACC']) return app.make_response(json.dumps(self.json)) # bail immediately if the object id is invalid password = request.form['password'] confirm = request.form['confirm-password']
def get(self):
response = app.make_response(self.combine_js(True))
response.headers['Content-Type'] = 'application/javascript'
return response
def get(self):
response = app.make_response(self.combine_js(True))
response.headers["Content-Type"] = "application/javascript"
return response
else:
self.json['error_message'].append(self.responses['ALREADY_SENT'])
# is the email already been sent?
if len(self.json['error_message']) > 0:
self.json['error'] = True
elif email_sent == False:
self.json['error'] = True
self.json['error_message'].append(self.responses['FAILED'])
else:
self.json['error'] = False
self.json['success_message'] = self.responses['SUCCESS']
# check for errors
return app.make_response(json.dumps(self.json))
def handleNewPassword(self):
if 'account-id' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form:
self.json['error_message'].append(self.responses['PASS_REQUIRED'])
else:
try:
_id = bson.ObjectId(oid=str(request.form['account-id']))
except Exception, e:
self.json['error'] = True
self.json['error_message'].append(self.responses['INVAL_ACC'])
return app.make_response(json.dumps(self.json))
# bail immediately if the object id is invalid
password = request.form['password']
confirm = request.form['confirm-password']
