def user_register():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = UserRegisterForm()
if not form.validate_on_submit():
return render_template('register.html', form=form, testing=app.testing)
else:
username = form.username.data
nickname = form.nickname.data
password = form.password1.data
email = form.email1.data
print(username, nickname, password, email, flush=True)
try:
User.create(username=username,
nickname=nickname,
password=password,
email=email)
except IntegrityError as e:
app.logger.warning(f"Integrity Error: {e}")
crx_flash('ERROR_USER_EXISTS')
return redirect(url_for('user_register'))
except Exception as e:
app.logger.warning(f"Unknown Error: {e}")
crx_flash('ERROR_UNKNOWN')
return redirect(url_for('user_register'))
app.logger.info(f"User created: {username}, {nickname}, {email}")
crx_flash('ACCOUNT_CREATED', username)
return redirect(url_for('user_login'))
def home():
params = get_params(request.args)
query = params.get('q')
if query == None:
return render('home.html', sample_queries=get_sample_queries())
default_command = params.get('default')
try:
commands = builtin_commands
if user_signed_in():
user = get_current_user()
commands = user.commands
default_command = user.getDefaultCommand()
return redirect(commands.getRedirectUrl(query, default_command))
except (NotEnoughArgumentsException, UnknownCommandException,
UnknownDefaultCommandException) as e:
return render(
'command_error.html',
exception_type=e.__class__.__name__,
exception=e,
)
except MalformedQueryException:
return redirect(HOME)
def oauth_initiate(service):
assert_user_signed_out()
s = oauth_services.get(service)
if s == None:
return redirect(SIGN_IN)
state = set_oauth_state()
return redirect(s.getInitiateRedirectURL(state))
def break_candidate_ok(identifier):
# Check that the program is broken
program = Program.get_unbroken_or_broken_by_id(identifier)
if program is None or not program.is_broken:
return redirect(url_for('index'))
# Check that the user indeed broke the challenge
wb_break = WhiteboxBreak.get(current_user, program)
if wb_break is None:
return redirect(url_for('index'))
# If we reach this point, the user indeed broke the challenge
return render_template('challenge_break_ok.html',
wb_break=wb_break,
current_user=current_user)
def test_redirect():
from app.utils import redirect
assert redirect("https://www.google.com") == "https://www.google.com"
assert (
redirect(
(
"https://l.messenger.com/l.php?u=https%3A%2F%2Fwww.shopmyexchange.com%2F"
"apple-ipad-pro-11-in-512gb-with-wifi%2F1726804&h=AT3GRFe-SvZbNUTx-"
"XLVVEWhEy8eBs_QOtd13einBQXNWit63zN5UrP8H1GsR8Y8gdUr6MnH6ry7gvfSD5gH"
"YeGlQZQkp7mJiLhQlJysrEmwA7jcfgJTDVYYJK8smh-ICJx1BcdvHQ"
)
)
== "https://www.shopmyexchange.com/apple-ipad-pro-11-in-512gb-with-wifi/1726804"
)
def server_error(e):
if isinstance(e, RedirectException):
return redirect(e.route)
# Log the error and stacktrace.
logging.exception('unhandled exception')
return render('error.html')
def get_candidate_proof_of_knowledge(identifier):
program = Program.get_by_id(identifier)
if program is None:
return redirect(url_for('index'))
do_show = False
if program.is_published:
do_show = True
if current_user is not None and \
current_user.is_authenticated and \
current_user == program.user:
do_show = True
if not do_show:
return redirect(url_for('index'))
return program.proof_of_knowledge
def get_item_info(url):
soup = make_soup(url)
title = get_title(soup)
item = soup.find("div", {"class": "aafes-pdp-price mt-1 jsRenderedPrice"})
try:
price = "".join(
item.find("div", {
"class": "aafes-price-sale"
}).text.strip().replace(" Sale", "").split())
except:
try:
price = check_num(
item.find("div", {
"class": "aafes-price"
}).text.strip())
except:
try:
price = check_num(
item.find("div", {
"class": "aafes-price-sm"
}).text.strip())
except:
raw_price = item.find("span", {
"class": "aafes-price-list"
}).text.strip()
price = check_num(raw_price[raw_price.find("$"):])
return title, floatify(price), redirect(url)
def pick_commands():
assert_user_signed_in()
checkbox_prefix = 'checkbox_'
checked = {}
error = None
if request.method == 'POST':
try:
params = get_params(request.form)
user = get_current_user()
for k in params.iterkeys():
if k.startswith(checkbox_prefix):
command = builtin_commands.get(k[len(checkbox_prefix):])
if command != None:
checked[command.name] = True
for k in sorted(checked.keys()):
user.commands.add(builtin_commands.get(k))
user.put()
return redirect(COMMANDS)
except ParamException as e:
error = e.message
return render(
'pick_commands.html',
builtin_command_groups=builtin_command_groups,
checkbox_prefix=checkbox_prefix,
checked=checked,
error=error,
csrf_token=get_csrf_token(),
)
def on_revert(request, page_name):
"""Revert an old revision."""
rev_id = request.args.get('rev', type=int)
old_revision = page = None
error = 'No such revision'
if request.method == 'POST' and request.form.get('cancel'):
return redirect(href(page_name))
if rev_id:
old_revision = Revision.query.filter(
(Revision.revision_id == rev_id) &
(Revision.page_id == Page.page_id) &
(Page.name == page_name)
).first()
if old_revision:
new_revision = Revision.query.filter(
(Revision.page_id == Page.page_id) &
(Page.name == page_name)
).order_by(Revision.revision_id.desc()).first()
if old_revision == new_revision:
error = 'You tried to revert the current active ' \
'revision.'
elif old_revision.text == new_revision.text:
error = 'There are no changes between the current ' \
'revision and the revision you want to ' \
'restore.'
else:
error = ''
page = old_revision.page
if request.method == 'POST':
change_note = request.form.get('change_note', '')
change_note = 'revert' + (change_note and ': ' +
change_note or '')
session.add(Revision(page, old_revision.text,
change_note))
session.commit()
return redirect(href(page_name))
return Response(generate_template('action_revert.html',
error=error,
old_revision=old_revision,
page=page
))
def down_candidate(identifier):
program = Program.get_by_id(identifier)
if program is None:
return redirect(url_for('index'))
do_show = False
if program.is_published:
do_show = True
if current_user is not None and \
current_user.is_authenticated and \
current_user == program.user:
do_show = True
if not do_show:
return redirect(url_for('index'))
# If we reach this point, we can show the source code
upload_folder = app.config['UPLOAD_FOLDER']
return send_from_directory(upload_folder, program.filename)
def get_candidate_pubkey(identifier):
program = Program.get_by_id(identifier)
if program is None:
return redirect(url_for('index'))
do_show = False
if program.is_published:
do_show = True
if current_user is not None and \
current_user.is_authenticated and \
current_user == program.user:
do_show = True
if not do_show:
return redirect(url_for('index'))
if not program.pubkey:
return "Public key was erased for some reason, contact administrator."
else:
return program.pubkey
def set_default_command():
assert_user_signed_in()
params = get_params(request.form)
default_command = params.get('default_command')
user = get_current_user()
user.setDefaultCommand(default_command)
user.put()
return redirect(COMMANDS)
def delete_command():
assert_user_signed_in()
params = get_params(request.form)
user = get_current_user()
command = user.commands.get(params.get('delete'))
if command != None:
user.commands.remove(command.name)
user.put()
return redirect(COMMANDS)
def submit_candidate():
now = int(time.time())
if now < app.config['STARTING_DATE']:
return render_template('submit_candidate_before_starting_date.html',
active_page='submit_candidate',
starting_date=format_timestamp(
app.config['STARTING_DATE']))
if now > app.config['POSTING_DEADLINE']:
return render_template('submit_candidate_deadline_exceeded.html',
active_page='submit_candidate',
posting_deadline=format_timestamp(
app.config['POSTING_DEADLINE']))
form = WhiteboxSubmissionForm()
if request.method != 'POST':
return render_template('submit_candidate.html',
form=form,
active_page='submit_candidate',
testing=app.testing)
elif not form.validate_on_submit():
crx_flash("CHALLENGE_INVALID")
return render_template('submit_candidate.html',
form=form,
active_page='submit_candidate',
testing=app.testing), 400
else:
upload_folder = app.config['UPLOAD_FOLDER']
basename = ''.join(
random.SystemRandom().choice(string.ascii_lowercase +
string.digits) for _ in range(32))
filename = basename + '.c'
pubkey = form.pubkey.data
proof_of_knowledge = form.proof_of_knowledge.data
form_data = form.program.data
form_data.save(os.path.join(upload_folder, filename))
Program.create(basename=basename,
pubkey=pubkey,
proof_of_knowledge=proof_of_knowledge,
user=current_user)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError as e:
db.session.rollback()
crx_flash("DUPLICATE_KEY")
app.logger.error(e)
new_form = WhiteboxSubmissionForm()
return render_template('submit_candidate.html',
form=new_form,
active_page='submit_candidate',
testing=app.testing), 400
else:
return redirect(url_for('submit_candidate_ok'))
def edit_command(command_name=None):
assert_user_signed_in()
if command_name == None:
return redirect(NEW_COMMAND_ONLY)
user = get_current_user()
command = user.commands.get(command_name)
if command == None:
return redirect(NEW_COMMAND_ONLY + command_name)
params = None
if request.method == 'POST':
# remove command, it might be renamed
user.commands.remove(command.name)
params = get_params(request.form)
try:
save_command(**params)
return redirect(COMMANDS)
except ParamException as e:
params['error'] = e.message
# add the command back, some other code might use it
# before response is finalized
user.commands.add(command)
else:
params = {
'name': command.name,
'description': command.description,
'url_pattern': command.url_pattern,
'default_url': command.default_url,
}
params['action'] = EDIT_COMMAND_ONLY + command_name
params['original_command'] = command_name
params['csrf_token'] = get_csrf_token()
params['modifiers'] = modifiers
return render('new_command.html', **params)
def user_login():
if current_user.is_authenticated:
return redirect(url_for('user_show'))
form = LoginForm()
if not form.validate_on_submit():
return render_template('login.html', form=form, testing=app.testing)
else:
username = form.username.data
password = form.password.data
user = User.validate(username, password)
if user is None:
crx_flash('BAD_USERNAME_OR_PWD')
return render_template('login.html',
form=form,
testing=app.testing)
else:
login_user(user, remember=False)
crx_flash('WELCOME_BACK', user.username)
next = request.args.get('next')
if next is not None and is_safe_url(request, next):
return redirect(next)
else:
return redirect(url_for('user_show'))
def new_command(command_name=None):
assert_user_signed_in()
params = {}
if command_name != None:
user = get_current_user()
if user.commands.get(command_name) != None:
return redirect(EDIT_COMMAND_ONLY + command_name)
params['name'] = command_name
if request.method == 'POST':
params = get_params(request.form)
try:
save_command(**params)
return redirect(COMMANDS)
except ParamException as e:
params['error'] = e.message
params['action'] = NEW_COMMAND_ONLY
params['csrf_token'] = get_csrf_token()
params['modifiers'] = modifiers
return render('new_command.html', **params)
def on_edit(request, page_name):
"""Edit the current revision of a page."""
change_note = error = ''
revision = Revision.query.filter(
(Page.name == page_name) &
(Page.page_id == Revision.page_id)
).order_by(Revision.revision_id.desc()).first()
if revision is None:
page = None
else:
page = revision.page
if request.method == 'POST':
text = request.form.get('text')
if request.form.get('cancel') or \
revision and revision.text == text:
return redirect(href(page.name))
elif not text:
error = 'You cannot save empty revisions.'
else:
change_note = request.form.get('change_note', '')
if page is None:
page = Page(page_name)
session.add(page)
session.add(Revision(page, text, change_note))
session.commit()
return redirect(href(page.name))
return Response(generate_template('action_edit.html',
revision=revision,
page=page,
new=page is None,
page_name=page_name,
change_note=change_note,
error=error
))
def candidate(identifier):
program = Program.get_by_id(identifier)
if program is None or not program.is_published:
return redirect(url_for('index'))
programs_broken_by_current_user = None
if current_user and current_user.is_authenticated:
wb_breaks_by_current_user = WhiteboxBreak.get_all_by_user(current_user)
programs_broken_by_current_user = [
wb_break.program for wb_break in wb_breaks_by_current_user
]
# If we reach this point, we can show the source code
return render_template(
'candidate.html',
program=program,
programs_broken_by_current_user=programs_broken_by_current_user,
)
def break_candidate(identifier):
now = int(time.time())
if now < app.config['STARTING_DATE']:
crx_flash('BEFORE_STARTING_DATE')
return redirect(url_for('index'))
if now > app.config['FINAL_DEADLINE']:
crx_flash('EXCEED_DEADLINE')
return render_template('break_candidate_deadline_exceeded.html',
final_deadline=format_timestamp(
app.config['FINAL_DEADLINE']))
# Only published programs can be broken
program = Program.get_unbroken_or_broken_by_id(identifier)
if program is None or not program.is_published:
return redirect(url_for('index'))
# If the current user is the one who submitted the program, redirect to index
if program.user == current_user:
crx_flash('CANNOT_BREAK_OWN')
return redirect(url_for('index'))
# A user cannot break the same challenge twice
wb_break = WhiteboxBreak.get(current_user, program)
if wb_break is not None:
crx_flash('CANNOT_BREAK_TWICE')
return redirect(url_for('index'))
form = WhiteboxBreakForm()
if request.method != 'POST' or not form.validate_on_submit():
return render_template('break_candidate.html',
form=form,
strawberries=program.strawberries_last,
identifier=identifier,
testing=app.testing)
submitted_prikey = form.prikey.data
if program.pubkey is None:
return redirect(url_for('index'))
if validate_private_key(submitted_prikey, program.pubkey):
app.logger.info(f"Implementation is broken at {now}")
program.set_status_to_broken(current_user, now)
db.session.commit()
return redirect(url_for('break_candidate_ok', identifier=identifier))
else:
app.logger.info("Invalid private key")
return render_template('challenge_break_ko.html',
identifier=identifier,
current_user=current_user,
submitted_prikey=submitted_prikey,
pubkey=program.pubkey)
def show_candidate_sample(identifier):
program = Program.get_by_id(identifier)
if program is None or not program.is_published:
return redirect(url_for('index'))
number_of_test_vectors = int(len(program.hashes) / 32)
test_vectors = list()
for i in range(number_of_test_vectors):
test_vectors.append({
"hash":
program.hashes[i * 32:(i + 1) * 32].hex().upper(),
"signature":
program.signatures[i * 64:(i + 1) * 64].hex().upper()
})
res = {
"id": program._id,
"public_key": program.pubkey,
"proof_of_knowledge": program.proof_of_knowledge,
"test_vectors": test_vectors
}
return jsonify(res)
def oauth_callback(service):
assert_user_signed_out()
s = oauth_services.get(service)
if s == None:
return redirect(SIGN_IN)
token = None
if s.name == 'twitter':
oauth_token = request.args.get('oauth_token', '')
oauth_verifier = request.args.get('oauth_verifier', '')
token = s.getAccessToken(oauth_token, oauth_verifier)
if token == None:
return redirect(SIGN_IN)
else:
state = request.args.get('state', '')
code = request.args.get('code', '')
if not verify_oauth_state(state):
return redirect(SIGN_IN)
token = s.getAccessToken(state, code)
if token == None:
return redirect(SIGN_IN)
user_id = s.getUserID(token)
if user_id == None:
return redirect(SIGN_IN)
username = '******' % (service, user_id)
user = User.fromUsername(username)
if user == None:
user = User(
service=service,
username=username,
commands=Commands(),
)
user.put()
user_key = user.key.urlsafe()
route = COMMANDS
if user.commands.size() == 0:
route = PICK_COMMANDS
set_current_user_key(user_key)
return redirect(route)
def logout(request):
logout_user(request)
return redirect('index')
def logout(request):
logout_user(request)
return redirect('index')
def sign_out():
assert_user_signed_in()
set_current_user_key(None)
return redirect(HOME)
def submit_candidate_ok():
""" This route is called directly when the user has js activated (see file-progress.js)"""
crx_flash('CHALLENGE_SUBMITTED')
return redirect(url_for('user_show'))
def logout():
logout_user()
crx_flash('LOGOUT')
return redirect(url_for('index'))
def make_soup(url):
url = redirect(url)
page = requests.get(url)
return bs4.BeautifulSoup(page.text, "lxml")
def unauthorized_handler():
crx_flash('PLEASE_SIGN_IN')
try:
return redirect(url_for('user_login', next=url_for(request.endpoint)))
except:
return redirect(url_for('index'))
