def before_request() -> None:
global config
g.cache = Cache(app,
config={
'CACHE_TYPE': 'filesystem',
'CACHE_DIR': config['cache_dir'],
})
if request.endpoint in ['jsx', 'static']:
# This is just serving cached compiled frontends, skip loading from DB
return
g.config = config
g.data = Data(config)
g.sessionID = None
g.userID = None
try:
aes = AESCipher(config['secret_key'])
sessionID = aes.decrypt(request.cookies.get('SessionID'))
except Exception:
sessionID = None
g.sessionID = sessionID
if sessionID is not None:
g.userID = g.data.local.user.from_session(sessionID)
else:
g.userID = None
def login() -> Response:
username = request.form['username']
password = request.form['password']
userid = g.data.local.user.from_username(username)
if userid is None:
error('Unrecognized username or password!')
return Response(
render_template(
'account/login.html', **{
'title': 'Log In',
'show_navigation': False,
'username': username
}))
if g.data.local.user.validate_password(userid, password):
aes = AESCipher(g.config['secret_key'])
sessionID = g.data.local.user.create_session(userid,
expiration=90 * 86400)
response = make_response(redirect(url_for('home_pages.viewhome')))
response.set_cookie('SessionID',
aes.encrypt(sessionID),
expires=datetime.datetime.now() +
datetime.timedelta(days=90))
return response
else:
error('Unrecognized username or password!')
return Response(
render_template(
'account/login.html', **{
'title': 'Log In',
'show_navigation': False,
'username': username
}))
def test_pad(self) -> None:
aes = AESCipher('a wonderful key')
self.assertEqual(aes._pad(''), '0.--------------')
self.assertEqual(aes._unpad(aes._pad('')), '')
self.assertEqual(aes._pad('1337'), '4.1337----------')
self.assertEqual(aes._unpad(aes._pad('1337')), '1337')
self.assertEqual(aes._pad('aaaaaaaaaaaaaaaa'),
'16.aaaaaaaaaaaaaaaa-------------')
self.assertEqual(aes._unpad(aes._pad('aaaaaaaaaaaaaaaa')),
'aaaaaaaaaaaaaaaa')
self.assertEqual(aes._pad('aaaaaaaaaaaaa'), '13.aaaaaaaaaaaaa')
self.assertEqual(aes._unpad(aes._pad('aaaaaaaaaaaaa')),
'aaaaaaaaaaaaa')
def test_crypto(self) -> None:
aes = AESCipher('a wonderful key')
ciphertext = aes.encrypt('testing')
plaintext = aes.decrypt(ciphertext)
self.assertEqual(plaintext, 'testing')
self.assertNotEqual(ciphertext, plaintext)
def register() -> Response:
card_number = request.form['card_number']
pin = request.form['pin']
username = request.form['username']
email = request.form['email']
password1 = request.form['password1']
password2 = request.form['password2']
# First, try to convert the card to a valid E004 ID
try:
cardid = CardCipher.decode(card_number)
except CardCipherException:
error('Invalid card number!')
return register_display(card_number, username, email)
# Now, see if this card ID exists already
userid = g.data.local.user.from_cardid(cardid)
if userid is None:
error('This card has not been used on the network yet!')
return register_display(card_number, username, email)
# Now, make sure this user doesn't already have an account
user = g.data.local.user.get_user(userid)
if user.username is not None or user.email is not None:
error('This card is already in use!')
return register_display(card_number, username, email)
# Now, see if the pin is correct
if not g.data.local.user.validate_pin(userid, pin):
error('The entered PIN does not match the PIN on the card!')
return register_display(card_number, username, email)
# Now, see if the username is valid
if not valid_username(username):
error('Invalid username!')
return register_display(card_number, username, email)
# Now, check whether the username is already in use
if g.data.local.user.from_username(username) is not None:
error('The chosen username is already in use!')
return register_display(card_number, username, email)
# Now, see if the email address is valid
if not valid_email(email):
error('Invalid email address!')
return register_display(card_number, username, email)
# Now, make sure that the passwords match
if password1 != password2:
error('Passwords do not match each other!')
return register_display(card_number, username, email)
# Now, make sure passwords are long enough
if len(password1) < 6:
error('Password is not long enough!')
return register_display(card_number, username, email)
# Now, create the account.
user.username = username
user.email = email
g.data.local.user.put_user(user)
g.data.local.user.update_password(userid, password1)
# Now, log them into that created account!
aes = AESCipher(g.config['secret_key'])
sessionID = g.data.local.user.create_session(userid)
success('Successfully registered account!')
response = make_response(redirect(url_for('home_pages.viewhome')))
response.set_cookie('SessionID', aes.encrypt(sessionID))
return response
