def get(self):
user_identifier = get_openid_identity()
user: OAuth2User = OAuth2User.query.filter_by(sub=user_identifier).first()
if user.master_password_hashed is None:
return {"success": False}
else:
return {"success": True}
def put(self, uuid):
user_identifier = get_openid_identity()
card_entry = Card.query.filter_by(uuid=uuid, oauth2_user_sub=user_identifier, deleted=False).first()
card_schema = CardSchema(exclude=["oauth2_user"])
post_data = request.json
if card_entry is not None:
for x in post_data:
setattr(card_entry, x, post_data.get(x))
db.session.commit()
updated_entry = Card.query.filter_by(uuid=uuid, oauth2_user_sub=user_identifier, deleted=False).first()
response_obj = {
"success": True
}
if updated_entry is not None:
response_obj["data"] = card_schema.dumps(updated_entry)
else:
delete_entry = Card.query.filter_by(uuid=uuid, oauth2_user_sub=user_identifier, deleted=True).first()
db.session.delete(delete_entry)
db.session.commit()
return response_obj
else:
response_obj = {
"success": False,
"message": "No such Entry saved"
}
return make_response(jsonify(response_obj), 404)
def get(self):
user_identifier = get_openid_identity()
user: OAuth2User = OAuth2User.query.filter_by(sub=user_identifier).first()
if user.master_password_hint:
return {"success": True, 'data': user.master_password_hint}
else:
return {"success": True, 'data': ''}
def get(self):
user_identifier = get_openid_identity()
try:
app_identifier = request.args["app_id"]
except KeyError:
return {"success": False, "message": "invalid request"}, 400
app_s: AppSession = AppSession.query.filter_by(
uuid=app_identifier, active=True, oauth2_user_sub=user_identifier)
if app_s is None:
return {"success": False, "message": "Unknown/expired session"}
else:
data = app_s.oauth2_user.app_settings
return {"success": True, "data": data}
def post(self):
user_identifier = get_openid_identity()
card_schema = CardSchema()
post_data = request.json
c = Card(oauth2_user_sub=user_identifier)
for x in post_data:
setattr(c, x, post_data.get(x))
db.session.add(c)
db.session.commit()
response_obj = {
"success": True,
"data": c.uuid,
}
return response_obj
def get(self):
user_identifier = get_openid_identity()
headers = {
"hibp-api-key": HIBP.API_KEY,
"user-agent": "Cultisk security, School Project"
}
params = {
"truncateResponse": False
}
user: OAuth2User = OAuth2User.query.filter_by(sub=user_identifier).first()
url = f'{HIBP.BASE_URL_ACCOUNT}/breachedaccount/{user.email}'
r = requests.get(url, headers=headers, params=params)
response_obj = {
"success": True,
"data": {
"paste": [],
"breach": [],
}
}
breach_data = []
paste_data = []
if r.status_code == 200:
for x in r.json():
d = {
'Name': x['Name'],
'BreachDate': x['BreachDate'],
'PwnCount': int(x['PwnCount']),
'DataClasses': x['DataClasses']
}
breach_data.append(d)
elif r.status_code != 200 or r.status_code != 404:
return {
"success": False
}
url = f'{HIBP.BASE_URL_ACCOUNT}/pasteaccount/{user.email}'
z = requests.get(url, headers=headers, params=params)
if z.status_code == 200:
for x in z.json():
d = {
'Source': x['Source'],
'EmailCount':int(x['EmailCount']),
}
paste_data.append(d)
elif z.status_code != 200 or z.status_code != 404:
return {
"success": False
}
response_obj["data"]["breach"] = breach_data
response_obj["data"]["paste"] = paste_data
return response_obj
def post(self):
user_identifier = get_openid_identity()
hash_value = request.json["hash"]
user: OAuth2User = OAuth2User.query.filter_by(sub=user_identifier).first()
salt = user.master_password_hash_salt
dk = hashlib.pbkdf2_hmac('sha256', bytes.fromhex(hash_value), bytes.fromhex(salt), 100000)
if dk.hex() == user.master_password_hashed:
return {
"success": True,
"data": user.protected_symmetric_key
}
else:
return {
"success": False
}
def get(self):
user_identifier = get_openid_identity()
passwords = Password.query.filter_by(oauth2_user_sub=user_identifier, deleted=False).all()
cards = Card.query.filter_by(oauth2_user_sub=user_identifier, deleted=False).all()
password_schema = PasswordSchema(many=True, exclude=["oauth2_user"])
card_schema = CardSchema(many=True, exclude=["oauth2_user"])
response_passwords = password_schema.dump(passwords)
response_cards = card_schema.dump(cards)
response_obj = {
"success": True,
"data": {
"passwords": response_passwords,
"cards": response_cards,
}
}
return response_obj
def post(self):
user_identifier = get_openid_identity()
try:
app_identifier = request.json["app_id"]
settings = request.json["settings"]
except KeyError:
return {"success": False, "message": "invalid request"}, 400
app_s: AppSession = AppSession.query.filter_by(
uuid=app_identifier, active=True, oauth2_user_sub=user_identifier)
if app_s is None:
return {"success": False, "message": "Unknown/expired session"}
else:
app_s.oauth2_user.app_settings = json.loads(settings)
db.session.commit()
return {"success": True}
def post(self):
user_identifier = get_openid_identity()
protected_symmetric = request.json["symmetric"]
hash_value = request.json["hash"]
password_hint = request.json["hint"]
user: OAuth2User = OAuth2User.query.filter_by(sub=user_identifier).first()
salt = os.urandom(8) # 64-bit salt
dk = hashlib.pbkdf2_hmac('sha256', bytes.fromhex(hash_value), salt, 100000)
user.master_password_hashed = dk.hex()
user.master_password_hash_salt = salt.hex()
user.protected_symmetric_key = protected_symmetric
if password_hint:
user.master_password_hint = password_hint
db.session.commit()
return {
"success": True
}
def post(self):
user_identifier = get_openid_identity()
password_schema = PasswordSchema()
post_data = request.json
try:
post_data = password_schema.load(post_data, partial=("totp_secret", "url"))
except ValidationError as e:
return {"success": False, "error": str(e)}
p = Password(oauth2_user_sub=user_identifier)
for x in post_data:
setattr(p, x, post_data.get(x))
db.session.add(p)
db.session.commit()
response_obj = {
"success": True,
"data": p.uuid
}
return response_obj