def get_user_data_by_email(): user_email = request.args.get("user_email") email = request.args.get("email") time_stamp = request.args.get("time") blob = user_email + email if check_hash(blob, email, request.args.get("hash"), time_stamp): return json.dumps({ 'success': False, 'message': 'You are trying to hack a user. You should be ashamed of yourself!' }) token = database_helper.get_token(email) if token is None: return json.dumps({ 'success': False, 'message': 'User is not logged in' }) else: data = database_helper.get_user(user_email) tok = database_helper.get_token(user_email) if data is not None: if user_email != email: # If the user is not checking his own page, we update the looked-at-user's view count da = database_helper.get_user(email) database_helper.updateViews(user_email, da[3]) if tok is not None and tok in wslist: # here we send the user's view count (which could be the sender himself if he just started his home page) d = database_helper.getViews(user_email) send_message( wslist[tok], json.dumps({ 'messageType': 'views', 'message': [d[0], d[1]] })) retData = { 'firstname': data[0], 'familyname': data[1], 'email': data[2], 'gender': data[3], 'city': data[4], 'country': data[5] } return json.dumps({ 'success': True, 'message': 'Data retrieval successful', "data": retData }) else: return json.dumps({ 'success': False, 'message': 'The user does not exist' })
def get_user_data_by_token(): token = request.args.get("token") time_stamp = request.args.get("time") email = database_helper.get_email(token) if check_hash("", email, request.args.get("hash"), time_stamp): return json.dumps({ 'success': False, 'message': 'You are trying to hack a user. You should be ashamed of yourself!' }) if email is None: return json.dumps({ 'success': False, 'message': 'User is not logged in' }) else: data = database_helper.get_user(email) retData = { 'firstname': data[0], 'familyname': data[1], 'email': data[2], 'gender': data[3], 'city': data[4], 'country': data[5] } return json.dumps({ 'success': True, 'message': 'Data retrieval successful', "data": retData })
def change_password(): token = request.json['token'] oldpassword = request.json['oldpassword'] newpassword = request.json['newpassword'] try: email = database_helper.get_email_by_token(token) except: return json.dumps({ 'success': False, 'message': "Token does not exist", 'data': "" }) user = database_helper.get_user(email) if user[0]['password'] == oldpassword: result = database_helper.change_password(email, newpassword) if result: return json.dumps({ 'success': result, 'message': "Password successfully changed", 'data': "" }) else: return json.dumps({ 'success': result, 'message': "Password change failed", 'data': "" }) else: return json.dumps({ 'success': False, 'message': "Old passwords do not match", 'data': "" })
def sign_in(): #print "SOMEONE JUST SIGNED IN" email = request.form['emailLog'] password = request.form['passwordLog'] data_user = database_helper.get_user(email) if data_user == None: return json.dumps({'success': False, 'message': "User doesn't exist."}) if bcrypt.check_password_hash(data_user[1],password): token = create_token() if database_helper.get_logged_in_by_mail(email): if email in sockets: # Removing the other token if the user signs in again try: ws = sockets[str(email)] ws.send(json.dumps({'success': False, 'message': "You've been logged out !"})) except WebSocketError as err: repr(err) print("WebSocketError !") #The socket is closed already del sockets[str(email)] except Exception, err: print err database_helper.remove_logged_in_by_mail(email) database_helper.add_logged_in(token, email) return json.dumps({'success': True, 'message': "Login successful!", 'token': token, 'email': email})
def signUp(): email = request.form['email'] password = request.form['password'] firstname = request.form['firstname'] familyname = request.form['familyname'] gender = request.form['gender'] city = request.form['city'] country = request.form['country'] if len(email) != 0 and len(firstname) != 0 and len(familyname) != 0 and len(gender) != 0 and len(city) != 0 and \ len(country) != 0: print "form exist" if len(password) < 7: return jsonify(success=False, message="Password is too short") if not re.match(r"[^@]+@[^@]+\.[^@]+", email): return jsonify(success=False, message="Email is invalid") if database_helper.get_user(email): return jsonify(success=False, message="Email already exists") else: pw_hash = bcrypt.generate_password_hash(password) #print "pw: ", password, "pw_hash: ", pw_hash database_helper.signup_user(email, pw_hash, firstname, familyname, gender, city, country) return jsonify(success=True, message="User signed up successfully") return jsonify(success=False, message="Formdata are not complete")
def sign_up(): user = { 'email': request.headers.get('email'), 'password': request.headers.get('password'), 'firstname': request.headers.get('firstname'), 'familyname': request.headers.get('familyname'), 'gender': request.headers.get('gender'), 'city': request.headers.get('city'), 'country': request.headers.get('country'), } # Validate sign up form if not db.validate_user(user): return json.dumps({ 'success': False, 'message': "Form data missing or incorrect type." }) # Check if email is taken if db.get_user(user['email']): return json.dumps({ 'success': False, 'message': "User already exists." }) encrypted_password = sha256_crypt.encrypt(unicode(user['password'])) db.add_user(user['email'], encrypted_password, user['firstname'], user['familyname'], user['gender'], user['city'], user['country']) return json.dumps({ 'success': True, 'message': "Successfully created a new user." })
def get_user_data_by_email(token, email): if email is None: return json.dumps({"success": False, "message": "You are not signed in."}) data = database_helper.get_user(email) if data is None: return json.dumps({"success": False, "message": "No such user."}) return json.dumps({"success": True, "message": "User data retrieved..", "data": data})
def post_message(): data = request.get_json() token = request.headers.get("token") fromemail = database_helper.get_loggedinuser(token)['email'] if database_helper.get_user(fromemail) != None: if data['toemail'] == None: data['toemail'] = fromemail if database_helper.get_user(data['toemail']) != None: database_helper.save_message(data['message'], fromemail, data['toemail']) return {"success": True, "msg": "Message posted"} else: return jsonify({ "success": False, "msg": "Recipient user doesn't exist" }) else: return jsonify({"success": False, "msg": "User is not signed in"})
def get_user_data_by_email(): email = request.json['email'] user = database_helper.get_user(email) if len(user) != 0: user = user[0] del user['password'] return json.dumps({'success':True, 'message':"You successfully found a user", 'data':user}) else: return json.dumps({'success':False, 'message':"The user does not exist", 'data':""})
def getUserDataByToken(): token = request.form['token'] email = database_helper.get_email(token) email = email[0] if database_helper.get_loggedInUsers(email): user = database_helper.get_user(email) if user is None: return jsonify(success=False, message="User not signed in!") else: return jsonify(success=True, message="User data retrieved.", data=user)
def init(): doc = request.args.get('doc') signed_in = current_user.is_authenticated() if signed_in: admin = database_helper.is_admin(current_user.id) else: admin = False if doc is None: url_auth = make_authorization_url() return render_template("index.html", URL_AUTH=url_auth, SIGNED_IN=signed_in, ADMIN=admin) if doc == "home": admin = database_helper.get_user('*****@*****.**') if admin is not None: admin_id = admin.id else: admin_id = "0" return render_template("home.html", ADMIN_ID=admin_id) id_arg = request.args.get('id') try: id_arg = int(id_arg) except: pass if doc == "profile": if signed_in: own = ((id_arg == 'signedIn') or (id_arg == current_user.id)) else: own = False return render_template("profile.html", SIGNED_IN=signed_in, OWN_PROFILE=own) elif doc == "review": if signed_in: own = database_helper.is_own_review(current_user.id, id_arg) else: own = False return render_template("review.html", SIGNED_IN=signed_in, OWN_REVIEW=own, ADMIN=admin) elif doc == "title": return render_template("title.html", SIGNED_IN=signed_in, ADMIN=admin) elif doc == "author": return render_template("author.html", ADMIN=admin) else: abort(404)
def get_user_data_by_email(email): try: params = request.args; header = request.headers token = header["token"] except KeyError as e: response = jsonify({"success": False, "message": "Missing data."}) return response return database_helper.get_user(email)
def get_user_data_by_token(): try: header = request.headers token = header["token"] email = loggedInUsers[token] except KeyError as e: response = jsonify({"success": False, "message": "Missing data."}) return response return database_helper.get_user(email)
def getUserDataByEmail(): token = request.form['token'] email = request.form['email'] checkuser = database_helper.get_email(token) checklogin = database_helper.get_loggedInUsers(checkuser[0]) if checklogin: user = database_helper.get_user(email) if not user: return jsonify(success=False, message="User not signed in!") else: return jsonify(success=True, message="User data retrieved.", data=user)
def get_user_messages_by_email(token, email, hashvalue): # Create empty dictionary for storing return data data = {} # Check if user with given email exists dataset = database_helper.get_user(email) if (dataset == None): # Pass error data to dictionary data['success'] = False data['message'] = 'No user with email ' + email # return the dataset as json data return json.dumps(data) # Create empty list for storing messages dictionaries messages = [] # Check if user is logged in if (is_logged_in(token) == True): # Get user logged_in_user = get_user_by_token(token) privatekey = logged_in_user['privatekey'] # Compare hash values if (hashvalue != hash_data(privatekey + token)): data['success'] = False data['message'] = 'Error in hash value' return json.dumps(data) # Get Messages for searched user and append them to messages dict result = database_helper.get_messages(email) count = 0 for element in result: message = {} message['sender_email'] = element[1] message['receiver_email'] = element[2] message['message'] = element[3] message['messageid'] = "getusermessagesbyemail" + str(count) messages.append(message) count = count + 1 # Pass success data to dictionary data['success'] = True data['message'] = 'Successfully retrieved messages' data['data'] = messages else: # Pass error data to dictionary data['success'] = False data['message'] = 'Not able to get messages' # return the dataset as json data return json.dumps(data)
def change_password(): data = request.get_json() token = request.headers.get("token") if database_helper.get_loggedinuser(token) != None: email = database_helper.get_loggedinuser(token)['email'] if database_helper.get_user(email)['password'] == data['oldpassword']: database_helper.change_password(email, data['newpassword']) return jsonify({"success": True, "msg": "Password changed"}) else: return jsonify({"success": False, "msg": "Wrong password"}) else: return jsonify({"success": False, "msg": "User is not signed in"})
def get_user_data_by_email(email): token = request.headers.get("token") if database_helper.get_loggedinuser(token) != None: if database_helper.get_user(email) != None: data = database_helper.get_user(email) result = { "email": data['email'], "firstname": data['firstname'], "familyname": data['familyname'], "gender": data['gender'], "city": data['city'], "country": data['country'] } return { "success": True, "msg": "User data retrieved", "data": result } else: return jsonify({"success": False, "msg": "User doesn't exist"}) else: return jsonify({"success": False, "msg": "User is not signed in"})
def get_user_data(email): # Get user data from database result = database_helper.get_user(email) if (result == None): return None user = {} user['email'] = result[1] user['firstname'] = result[3] user['familyname'] = result[4] user['gender'] = result[5] user['city'] = result[6] user['country'] = result[7] return user
def login(): error = request.args.get('error, ''') if error: return "Error:" + error state = request.args.get('state', '') if not database_helper.is_valid_state(state): abort(401) database_helper.delete_state(state) code = request.args.get('code', '') id_token, access_token = get_tokens(code) email = id_token['email'] user = database_helper.get_user(email) if user is None: database_helper.add_user(email) user = database_helper.get_user(email) login_user(user) return redirect("/#/profile/signedIn") else: login_user(user) return redirect("/")
def get_user_messages_by_email(): token = request.json['token'] toemail = request.json['email'] try: fromemail = database_helper.get_email_by_token(token) except: return json.dumps({'success':False, 'message':"Token does not exist", 'data':""}) user = database_helper.get_user(toemail) if len(user) == 0: return json.dumps({'success':False, 'message':"Recipient does not exist", 'data':""}) messages = database_helper.get_messages(toemail) return json.dumps({'success':True, 'message':"", 'data':messages})
def login(): error = request.args.get('error, ' '') if error: return "Error:" + error state = request.args.get('state', '') if not database_helper.is_valid_state(state): abort(401) database_helper.delete_state(state) code = request.args.get('code', '') id_token, access_token = get_tokens(code) email = id_token['email'] user = database_helper.get_user(email) if user is None: database_helper.add_user(email) user = database_helper.get_user(email) login_user(user) return redirect("/#/profile/signedIn") else: login_user(user) return redirect("/")
def get_user_data(email): userInfo = database_helper.get_user(email) if userInfo is None: return json.dumps({"success": False, "message": "No such user."}) else: user = [ userInfo[0], userInfo[2], userInfo[3], userInfo[4], userInfo[5], userInfo[6] ] return json.dumps({ "success": True, "message": "User data retrieved.", "data": user })
def getUserDataByToken(): token = request.form['token'] token = verify_token(token) print "token i getuserfan: ", token email = database_helper.get_email(token) email = email[0] print "EMAIL 0: ", email if database_helper.get_loggedInUsers(email): user = database_helper.get_user(email) if user is None: return jsonify(success=False, message="User not signed in!") else: return jsonify(success=True, message="User data retrieved.", data=user)
def sign_in(): email = request.json['email'] password = request.json['password'] user = database_helper.get_user(email) if len(user) == 0: return json.dumps({ 'success': False, 'message': "User not found", 'data': "" }) elif password != user[0]['password']: return json.dumps({ 'success': False, 'message': "Wrong password", 'data': "" }) else: token = generate_token() if database_helper.is_logged_in(email): ws = ws_dic[email] ws.send("Log out command!") ws.close() print "before delete:" print ws_dic del ws_dic[email] print "after delete" print ws_dic database_helper.update_token(email, token) return json.dumps({ 'success': True, 'message': "You successfully signed in (and your other logged in session was logged out)", 'data': token }) else: res = database_helper.save_token(email, token) if res: return json.dumps({ 'success': True, 'message': "You successfully signed in", 'data': token }) else: return json.dumps({ 'success': False, 'message': "Sign in was unsuccessful", 'data': "" })
def change_password(): token = request.headers.get('token') old_password = request.headers.get('oldPassword') new_password = request.headers.get('newPassword') email = db.get_email_by_token(token) user = db.get_user(email) # Compare encrypted password if not sha256_crypt.verify(str(old_password), user['password']): return json.dumps({'success': False, 'message': "Wrong password."}) encrypted_password = sha256_crypt.encrypt(unicode(new_password)) db.set_password(email, encrypted_password) return json.dumps({'success': True, 'message': "Password changed."})
def sign_up(): email = request.form['email'] firstname = request.form['firstname'] familyname = request.form['familyname'] gender = request.form['gender'] city = request.form['city'] country = request.form['country'] password = request.form['password'] # does the user already exist? if database_helper.get_user(email) is None: result = database_helper.add_user(email, firstname, familyname, country, city, gender, password) return jsonify(success = True, message = "User successfully added") else: return jsonify(success = False, message = "A user with the same email already exists")
def get_user_data_by_token(): token = request.json['token'] try: email = database_helper.get_email_by_token(token) except: return json.dumps({'success':False, 'message':"Token does not exist", 'data':""}) user = database_helper.get_user(email) if len(user) != 0: user = user[0] del user['password'] return json.dumps({'success':True, 'message':"", 'data':user}) else: return json.dumps({'success':False, 'message':"User does not exist", 'data':""})
def sign_up(): email = request.form['email'] firstname = request.form['firstname'] familyname = request.form['familyname'] gender = request.form['gender'] city = request.form['city'] country = request.form['country'] password = request.form['password'] # does the user already exist? if database_helper.get_user(email) is None: result = database_helper.add_user(email, firstname, familyname, country, city, gender, password) return jsonify(success = True, message = "User successfully added") else: return jsonify(success = False, message = "A user with the same email already exists")
def sign_in(email, password): token = ''.join( random.choice(string.ascii_uppercase + string.digits) for _ in range(40)) print password m = hashlib.md5() m.update(password) print m.hexdigest() pwd = m.hexdigest() result = database_helper.get_user(email, pwd, token) jsonfile = json.dumps({ "success": True, "Message": "Log in", "data": token }) return jsonfile
def sign_in(): email = request.json['email'] password = request.json['password'] user = database_helper.get_user(email) if len(user) == 0: return json.dumps({'success':False, 'message':"User not found", 'data':""}) elif password != user[0]['password']: return json.dumps({'success':False, 'message':"Wrong password", 'data':""}) else: token = generate_token() res = database_helper.save_token(email, token) if res: return json.dumps({'success':True, 'message':"You successfully signed in", 'data':token}) else: return json.dumps({'success':False, 'message':"Sign in was unsuccessful", 'data':""})
def init(): doc = request.args.get('doc') signed_in = current_user.is_authenticated() if signed_in: admin = database_helper.is_admin(current_user.id) else: admin = False if doc is None: url_auth = make_authorization_url() return render_template("index.html", URL_AUTH=url_auth, SIGNED_IN=signed_in, ADMIN=admin) if doc == "home": admin = database_helper.get_user('*****@*****.**') if admin is not None: admin_id = admin.id else: admin_id = "0" return render_template("home.html", ADMIN_ID=admin_id) id_arg = request.args.get('id') try: id_arg = int(id_arg) except: pass if doc == "profile": if signed_in: own = ((id_arg == 'signedIn') or (id_arg == current_user.id)) else: own = False return render_template("profile.html", SIGNED_IN=signed_in, OWN_PROFILE=own) elif doc == "review": if signed_in: own = database_helper.is_own_review(current_user.id, id_arg) else: own = False return render_template("review.html", SIGNED_IN=signed_in, OWN_REVIEW=own, ADMIN=admin) elif doc == "title": return render_template("title.html", SIGNED_IN=signed_in, ADMIN=admin) elif doc == "author": return render_template("author.html", ADMIN=admin) else: abort(404)
def sign_up(): # Get data from form email = request.json['email'] password = request.json['password'] firstname = request.json['firstname'] familyname = request.json['familyname'] gender = request.json['gender'] city = request.json['city'] country = request.json['country'] # Create empty dictionary for storing return data data = {} # Validation: Check if password is long enough if (len(password) < password_length): # Pass error data to dictionary data['success'] = False data['message'] = 'Password must have at least ' + str(password_length) + ' characters.' # return the dataset as json data return json.dumps(data) # Validation: Check if user is already registered dataset = database_helper.get_user(email) if (dataset != None): # Pass error data to dictionary data['success'] = False data['message'] = 'User is already registered.' # return the dataset as json data return json.dumps(data) # Get hashed password and salt hashed_password_and_salt = hash_password_with_random_salt(password) salt = hashed_password_and_salt['salt'] hashed_password = hashed_password_and_salt['hashed_password'] # Add User to the database database_helper.add_user( \ email, hashed_password, firstname, familyname, gender, city, country, salt ) # Pass success data to dictionary data['success'] = True data['message'] = 'Successfully signed up' # return the dataset as json data return json.dumps(data)
def post_message(): token = request.json['token'] toemail = request.json['email'] message = request.json['message'] if toemail == "": toemail = database_helper.get_email_by_token(token) user = database_helper.get_user(toemail) if len(user) == 0: return json.dumps({ 'success': False, 'message': "Recipient does not exist (postmessage)", 'data': "" }) try: fromemail = database_helper.get_email_by_token(token) except: return json.dumps({ 'success': False, 'message': "Token does not exist", 'data': "" }) result = database_helper.store_message(toemail, fromemail, message) if result: try: ws_dic[toemail].send( str(len(ws_dic.keys())) + ":" + str(database_helper.number_of_messages(toemail)) + ":" + str(database_helper.registered_users())) except: pass return json.dumps({ 'success': result, 'message': "You succesfully posted a message", 'data': message }) else: return json.dumps({ 'success': result, 'message': "Your message was not posted", 'data': "" })
def sign_in(): data = request.get_json() user = database_helper.get_user(data['email']) if user != None: if user['password'] == data['password']: characters = "abcdefghiklmnopqrstuvwwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890" token = "" for i in range(36): token += characters[rd.randint(0, 61)] database_helper.save_token(data['email'], token) return jsonify({ "success": True, "msg": "Successfully signed in", "data": token }) else: return jsonify({"success": False, "msg": "Wrong password"}) else: return jsonify({"success": False, "msg": "User doesn't exist"})
def sign_in(): email = request.form['email'] password = request.form['password'] user = database_helper.get_user(email) if user == None: return json.dumps({ 'success': False, 'message': 'This user does not exist' }) elif bcrypt.check_password_hash(user[1], password): token = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(30)) if database_helper.get_logged_in_user(token): return json.dumps({ 'success': False, 'message': 'Already logged in' }) elif database_helper.get_logged_in_user_by_email(email): # remove other token if signed in again if email in active_sockets: try: ws = active_sockets[email] ws.send( json.dumps({ 'success': False, 'message': 'You have been logged out' })) except WebSocketError as e: repr(e) print "WebSocketError on logout" # websocket already closed del active_sockets[email] database_helper.remove_logged_in_user_by_email(email) # add token to database database_helper.add_logged_in_user(email, token) return json.dumps({ 'success': True, 'message': 'you have logged in', 'data': token }) else: return json.dumps({'success': False, 'message': 'Wrong password'})
def get_user_data_by_email(): token = request.form['token'] # token of the user retrieving the data email = request.form['email'] # TODO: check if token is valid!!! user = database_helper.get_user(email) if user is None: return jsonify(success = False, message = "Can't find user data") u = {} u['email'] = user[0] u['firstname'] = user[1] u['familyname'] = user[2] u['country'] = user[3] u['city'] = user[4] u['gender'] = user[5] return jsonify(success = True, message = "User data successfully returned", data = u)
def get_user_data_by_token(): token = request.form["token"] email = database_helper.get_email_from_token(token) if email is None: return jsonify(success = False, message = "Can't find email matching token") user = database_helper.get_user(email[0]) if user is None: return jsonify(success = False, message = "Can't find user data") u = {} u['email'] = user[0] u['firstname'] = user[1] u['familyname'] = user[2] u['country'] = user[3] u['city'] = user[4] u['gender'] = user[5] return jsonify(success = True, message = "User data successfully returned", data = u)
def post_message(): token = request.json['token'] toemail = request.json['email'] message = request.json['message'] user = database_helper.get_user(toemail) if len(user) == 0: return json.dumps({'success':False, 'message':"Recipient does not exist", 'data':""}) try: fromemail = database_helper.get_email_by_token(token) except: return json.dumps({'success':False, 'message':"Token does not exist", 'data':""}) result = database_helper.store_message(toemail, fromemail, message) if result: return json.dumps({'success':result, 'message':"You succesfully posted a message", 'data':message}) else: return json.dumps({'success':result, 'message':"Your message was not posted", 'data':""})
def get_user_data_by_token(): token = request.headers.get('token') email = db.get_email_by_token(token) user = db.filter_user(db.get_user(email)) if not user: return json.dumps({'success': False, 'message': "No such user."}) # Add additional statistics messages = db.get_user_messages(email) user["message_count"] = len(messages) page_views = db.get_page_views(email) user["page_views"] = len(page_views) return json.dumps({ 'success': True, 'message': "User data retrieved.", 'data': user })
def get_user_data_by_token(): token = request.form["token"] email = database_helper.get_email_from_token(token) if email is None: return jsonify(success = False, message = "Can't find email matching token") user = database_helper.get_user(email[0]) if user is None: return jsonify(success = False, message = "Can't find user data") u = {} u['email'] = user[0] u['firstname'] = user[1] u['familyname'] = user[2] u['country'] = user[3] u['city'] = user[4] u['gender'] = user[5] return jsonify(success = True, message = "User data successfully returned", data = u)
def change_password(): email = request.form['email'] pwd = request.form['pwd'] chgpwd = request.form['chgPwd'] timestamp = request.form['timestamp'] #Secure way to transmission of data if check_tok_post('changepassword', request): if not database_helper.get_logged_in_by_mail(email): return json.dumps({'success': False, 'message': "You are not logged in."}) else: if len(chgpwd) < 6: return json.dumps({"success": False, "message": "Error: password must be at least 6 characters long"}) current_password = database_helper.get_user(email)[1] if bcrypt.check_password_hash(current_password, pwd): database_helper.modify_pwd(email, current_password, bcrypt.generate_password_hash(chgpwd)) return json.dumps({"success": True, "message": "Password changed."}) return json.dumps({"success": False, "message": "Error : invalid inputs."}) return json.dumps({"success": False, "message": "Error request."})
def get_user_data_by_email(): token = request.headers.get('token') email = request.headers.get('email') user = db.filter_user(db.get_user(email)) if not user: return json.dumps({'success': False, 'message': "No such user."}) # Update page views if user is visiting another user's profile visitorEmail = db.get_email_by_token(token) if email != visitorEmail: db.add_page_view(email, visitorEmail) page_views = db.get_page_views(email) owner_token = db.get_token_by_email(email) sockets.update_page_views(owner_token, len(page_views)) return json.dumps({ 'success': True, 'message': "User data retrieved.", 'data': user })
def get_user_data_by_email(): token = request.form['token'] # token of the user retrieving the data email = request.form['email'] # Check if online if database_helper.is_user_online(token) != True: return jsonify(success = False, message = "You are not logged in") user = database_helper.get_user(email) if user is None: return jsonify(success = False, message = "Can't find user data") u = {} u['email'] = user[0] u['firstname'] = user[1] u['familyname'] = user[2] u['country'] = user[3] u['city'] = user[4] u['gender'] = user[5] return jsonify(success = True, message = "User data successfully returned", data = u)
def change_password(): clientEmail = request.form['clientEmail'] old_password = request.form['old_password'] new_password = request.form['new_password'] if len(new_password) < 5: return json.dumps({ "success": False, "message": "The password has to be 5 characters or more." }) if verifyTokenPOST('changepassword', request): current_password = database_helper.get_user(clientEmail)[1] if bcrypt.check_password_hash(current_password, old_password): database_helper.set_password( clientEmail, bcrypt.generate_password_hash(new_password)) return json.dumps({ "success": True, "message": "Password changed." }) return json.dumps({"success": False, "message": "Wrong password."}) return json.dumps({"success": False, "message": "You are not signed in."})
def get_user_messages_by_email(email): token = request.headers.get("token") if database_helper.get_loggedinuser(token) != None: if database_helper.get_user(email) != None: messages = database_helper.get_usermessages(email) if messages != None: result = [message for message in messages] return jsonify({ "success": True, "msg": "User messages retrieved", "data": result }) else: return jsonify({ "success": True, "msg": "User messages retrieved", "data": None }) else: return jsonify({"success": False, "msg": "User doesn't exist"}) else: return jsonify({"success": False, "msg": "User is not signed in"})
def post_message(): # Get data from form token = request.json['token'] receiver_email = request.json['receiverEmail'] message = request.json['message'] hashvalue = request.json['hashvalue'] # Create empty dictionary for storing return data data = {} # Check if user with given email exists dataset = database_helper.get_user(receiver_email) if (dataset == None): # Pass error data to dictionary data['success'] = False data['message'] = 'No user with email ' + receiver_email # return the dataset as json data return json.dumps(data) # Check if user is logged in if (is_logged_in(token) == True): # Get user logged_in_user = get_user_by_token(token) sender_email = logged_in_user['email'] privatekey = logged_in_user['privatekey'] # Compare hash values if (hashvalue != hash_data(privatekey + token + message + receiver_email)): data['success'] = False data['message'] = 'Error in hash value' return json.dumps(data) # Save message to database database_helper.post_message(sender_email, receiver_email, message) # Pass success data to dictionary data['success'] = True data['message'] = 'Successfully posted message' # chartjs: Send Update to User if is_logged_in_by_email(receiver_email): user = get_user_by_email(receiver_email) if ('websocket' in user): # Form Data Object chartjs = {} chartjs['success'] = True chartjs['message'] = 'MessageCountChanged' chartjs['data'] = database_helper.get_message_count(receiver_email) # Get Websocket and sent data websocket = user['websocket'] if websocket is not None: websocket.send(json.dumps(chartjs)) # if user is not logged in else: # Pass error data to dictionary data['success'] = False data['message'] = 'Not able to post message' # return the dataset as json data return json.dumps(data)
def sign_in(): # Get email and password from form email = request.json['email'] password = request.json['password'] # Create empty dictionary for storing return data data = {} # Get user from database dataset = database_helper.get_user(email) # Check if database call was successfull if (dataset != None): salt = dataset[8] # Prepend the salt to password salted_password = salt + password # Hash the salted password hashed_password = hash_password(salted_password) # Check if password from form is same as in database if (hashed_password == dataset[2]): # Create a private key private_key = base64.b64encode(os.urandom(128)) private_key = salt.decode("utf-8") # Check if user is already logged in: if (is_logged_in_by_email(email) == True): # Append new token to existing user object increase_session_count(email) # Get existing token token = get_user_by_email(email)['token'] else: # Create session token token = token_generator() # Create new user object and add it to the list of logged in users logged_in_users.append({'email':email,'token':token,'sessions':1,'privatekey':private_key}) # Pass success data to dictionary data['success'] = True data['message'] = 'Successfully signed in' data['data'] = token data['privatekey'] = private_key # chartjs: Update Statistics about online users count = len(logged_in_users) for logged_in_user in logged_in_users: if ('websocket' in logged_in_user): # Form Data Object chartjs = {} chartjs['success'] = True chartjs['message'] = "OnlineCountChanged" chartjs['data'] = count # Get Websocket and sent data websocket = logged_in_user['websocket'] if websocket is not None: websocket.send(json.dumps(chartjs)) else: # In case password is not the same provide error information data['success'] = False data['message'] = 'Wrong username or password' else: # In case user can't be fetched from database provide error information data['success'] = False data['message'] = 'Wrong username or password' # return the dataset as json data return json.dumps(data)
def change_password(): # Get data from form token = request.json['token'] hashvalue = request.json['hashvalue'] old_password = request.json['oldPassword'] new_password = request.json['newPassword'] repeatNewPsw = request.json['repeatNewPsw'] # Create empty dictionary for storing return data data = {} # Validation: Check if password is long enough if (len(new_password) < password_length): # Pass error data to dictionary data['success'] = False data['message'] = 'Password must have at least ' + str(password_length) + ' characters.' # return the dataset as json data return json.dumps(data) # Check if user is logged in if (is_logged_in(token) == True): # Get user logged_in_user = get_user_by_token(token) email = logged_in_user['email'] privatekey = logged_in_user['privatekey'] # Compare hash values if (hashvalue != hash_data(privatekey + token + old_password + new_password + repeatNewPsw)): data['success'] = False data['message'] = 'Error in hash value' return json.dumps(data) # Get current password and salt from database result = database_helper.get_user(email) db_password = result[2] salt = result[8] # Hash old password old_password = hash_password(salt + old_password) # Validate user input with database data if (db_password != old_password): # Pass error data to dictionary data['success'] = False data['message'] = 'Old password is not correct' # return the dataset as json data return json.dumps(data) # Change password new_password = hash_password(salt + new_password) database_helper.change_password(email, new_password) # Pass success data to dictionary data['success'] = True data['message'] = 'Successfully updated password' else: # Pass error data to dictionary data['success'] = False data['message'] = 'Not able to update password' # return the dataset as json data return json.dumps(data)