def do_login():
session.pop('username', None)
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
otp = request.form.get('otp')
username = libuser.login(username, password)
if not username:
flash("Invalid user or password");
return render_template('user.login.mfa.html')
if libmfa.mfa_is_enabled(username):
if not libmfa.mfa_validate(username, otp):
flash("Invalid OTP");
return render_template('user.login.mfa.html')
response = make_response(redirect('/'))
response = libsession.create(request=request, response=response, username=username)
return response
return render_template('user.login.mfa.html')
def do_create():
session.pop('username', None)
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
email = request.form.get('password')
session['username'] = libuser.login(username, password)
if session['username']:
return redirect('/')
return render_template('user.create.html')
def keygen(username, password=None):
if password:
if not libuser.login(username, password):
return None
key = hashlib.sha256(str(random.getrandbits(2048)).encode()).hexdigest()
for f in Path('/tmp/').glob('Athena.apikey.' + username + '.*'):
print('removing', f)
f.unlink()
keyfile = '/tmp/Athena.apikey.{}.{}'.format(username, key)
Path(keyfile).touch()
return key
def keygen(username, password=None, login=True):
if login:
if not libuser.login(username, password):
return None
now = time()
token = jwt.encode(
{
'username': username,
'nbf': now,
'exp': now + not_after
},
secret,
algorithm='HS256').decode()
return token
def do_chpasswd_post():
if 'username' not in g.session:
return redirect('/')
current_password = request.form.get('current_password')
new_password = request.form.get('new_password')
new_password_again = request.form.get('new_password_again')
if not libuser.login(g.session['username'], current_password):
flash("Invalid current password")
return render_template('user.chpasswd.html')
if new_password != new_password_again:
flash("The passwords don't match")
return render_template('user.chpasswd.html')
if not libuser.is_password_allowed(new_password):
flash("The password don't comply our requirements, please, choose another one.")
return render_template('user.chpasswd.html')
libuser.password_set(g.session['username'], new_password)
return redirect('/')
flash("Password changed")