def webauthn_begin_assertion(): jsonData = request.get_json() username = jsonData['username'] if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) user = database.query_db("select * from Users where username=?",[username])[0] if len(user) == 0: return make_response(jsonify({'fail': 'User does not exist.'}), 401) if not user[4]: return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401) challenge = util.generate_challenge(32) # We strip the padding from the challenge stored in the session # for the reasons outlined in the comment in webauthn_begin_activate. toStoreChallenge = challenge.rstrip('=') try: insert = database.insert_db("insert into PublicKeyCredentialCreationOptions VALUES (?,?,?,?,?,?)",[None, None,user[0],None,username,toStoreChallenge]) except: update = database.insert_db("update PublicKeyCredentialCreationOptions SET challenge=? where user_username=?",[toStoreChallenge,username]) webauthn_user = webauthn.WebAuthnUser( user[0], user[1], user[2], user[6], user[4], user[3], user[5], user[7]) webauthn_assertion_options = webauthn.WebAuthnAssertionOptions( webauthn_user, challenge) return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_assertion(): username = request.form.get('username') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) user = User.query.filter_by(username=username).first() if not user: return make_response(jsonify({'fail': 'User does not exist.'}), 401) if not user.credential_id: return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401) if 'challenge' in session: del session['challenge'] challenge = util.generate_challenge(32) session['challenge'] = challenge webauthn_user = webauthn.WebAuthnUser( user.ukey, user.username, user.display_name, user.icon_url, user.credential_id, user.pub_key, user.sign_count, user.rp_id) webauthn_assertion_options = webauthn.WebAuthnAssertionOptions( webauthn_user, challenge) return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_activate(): ''' This url is called when the registration process starts ''' username = request.form.get('register_username') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) display_name = request.form.get('register_display_name') user_exists = database.user_exists(username) if not user_exists or not current_user.is_authenticated or not username == current_user.id: return make_response(jsonify({'fail': 'User not logged in.'}), 401) if not util.validate_token_name(display_name): return make_response(jsonify({'fail': 'Invalid display name.'}), 401) # clear session variables prior to starting a new registration session.pop('register_ukey', None) session.pop('register_username', None) session.pop('register_display_name', None) session.pop('challenge', None) session['register_username'] = username session['register_display_name'] = display_name challenge = util.generate_challenge(32) ukey = util.generate_ukey() session['challenge'] = challenge.rstrip('=') session['register_ukey'] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, RP_NAME, RP_ID, ukey, username, display_name, cfg['host']['origin']) return jsonify(make_credential_options.registration_dict)
def join(member): """ 회원 등록. 회원 정보를 포함하고 있는 딕셔너리를 던져 주면 회원 등록을 시도한다. 실패했을 경우 상황에 따른 오류 코드를 반환한다. member에 오는 키와 값은 다음과 같다. - username: 사용자 ID - password: 사용자 암호. 두 번 입력받는 걸 검증하는 역할은 프론트엔드에서 담당한다. 암호화되지 않음. - nick: 별명. - email: 이메일 주소. - signature: 글 뒤에 붙는 시그. - introduction: 회원 정보 페이지에 뜨는 자기 소개. @type member: dict @param member: 회원 정보 딕셔너리. @rtype tuple @return: 회원 등록 성공 여부(T/F)와 오류 코드(실패 시)를 포함하는 튜플. """ if not util.validate_username(member['username']): return (False, _('INVALID_USERNAME')) if _get_uid_from_username(member['username']) > 0: return (False, _('ID_ALREADY_EXISTS')) t = db.transaction() try: result = db.insert('Users', uNick = member['nick'], uEmail = member['email'], uId = member['username'], uPasswd = generate_password(member['password']), uDatetime = web.SQLLiteral('NOW()'), uSig = '', uPlan = '') except: t.rollback() return (False, _('DATABASE_ERROR')) else: t.commit() return (True, '')
def webauthn_begin_assertion(): ''' This url is called when the authentication process begins ''' username = request.form.get('login_username') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) credentials = database.get_credentials(username) user = database.get_user(username) if not user: return make_response(jsonify({'fail': 'User does not exist.'}), 401) session.pop('challenge', None) challenge = util.generate_challenge(32) session['challenge'] = challenge.rstrip('=') webauthn_users = [] for credential in credentials: webauthn_users.append( webauthn.WebAuthnUser(credential.ukey, credential.username, credential.display_name, credential.icon_url, credential.credential_id, credential.pub_key, credential.sign_count, credential.rp_id)) webauthn_assertion_options = webauthn.WebAuthnAssertionOptions( webauthn_users, challenge) return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_assertion(): username = request.form.get('login_username') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) user = User.query.filter_by(username=username).first() if not user: return make_response(jsonify({'fail': 'User does not exist.'}), 401) if not user.credential_id: return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401) session.pop('challenge', None) challenge = util.generate_challenge(32) # We strip the padding from the challenge stored in the session # for the reasons outlined in the comment in webauthn_begin_activate. session['challenge'] = challenge.rstrip('=') webauthn_user = webauthn.WebAuthnUser(user.ukey, user.username, user.display_name, user.icon_url, user.credential_id, user.pub_key, user.sign_count, user.rp_id) webauthn_assertion_options = webauthn.WebAuthnAssertionOptions( webauthn_user, challenge) return jsonify(webauthn_assertion_options.assertion_dict)
def webauthn_begin_login(): username = request.form.get('login_username') password = request.form.get('login_password') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) _, person = auth.getPerson(username) if not person: return make_response(jsonify({'fail': 'User does not exist.'}), 401) if not person.credential_id: return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401) session.pop('challenge', None) session.pop('login_password', None) challenge = util.generate_challenge(32) # We strip the padding from the challenge stored in the session # for the reasons outlined in the comment in webauthn_begin_activate. session['challenge'] = challenge.rstrip('=') session['login_password'] = password webauthn_user = webauthn.WebAuthnUser( person.ukey, person.username, person.display_name, person.icon_url, person.credential_id, person.pub_key, person.sign_count, person.rp_id) webauthn_assertion_options = webauthn.WebAuthnAssertionOptions( webauthn_user, challenge) return jsonify(webauthn_assertion_options.assertion_dict)
def scrape_upload_dir_outer(verbose=False, dev=False): """ TODO: consider implementing upload timeout As currently implemented dokuwiki buffers files and writes them instantly However might want to allow slower uploads such as through sftp Consider verifying the file size is stable (say over 1 second) """ verbose and print("") verbose and print("Scraping upload dir") change = False # Check main dir with username prefix scrape_upload_dir_inner(env.SIPAGER_DIR, verbose=verbose) # Check user dirs for glob_dir in glob.glob(env.SIPAGER_DIR + "/*"): fn_can = os.path.realpath(glob_dir) if not os.path.isdir(fn_can): continue if fn_can in failed_upload_files: continue basename = os.path.basename(fn_can) if basename == "done": continue user = basename if not validate_username(user): failed_upload_files.add(fn_can) print("Invalid user name: %s" % user) continue scrape_upload_dir_inner(glob_dir, verbose=verbose, assume_user=user) if change: simapper.reindex_all(dev=dev)
def webauthn_begin_activate(): print("[ENTER] begin registration") import pdb pdb.set_trace() # MakeCredentialOptions username = request.form.get('register_username') display_name = request.form.get('register_display_name') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) if not util.validate_display_name(display_name): return make_response(jsonify({'fail': 'Invalid display name.'}), 401) if User.query.filter_by(username=username).first(): return make_response(jsonify({'fail': 'User already exists.'}), 401) #clear session variables prior to starting a new registration session.pop('register_ukey', None) session.pop('register_username', None) session.pop('register_display_name', None) session.pop('challenge', None) session['register_username'] = username session['register_display_name'] = display_name challenge = util.generate_challenge(32) print("[INFO] registration challenge ", challenge) ukey = util.generate_ukey() # We strip the saved challenge of padding, so that we can do a byte # comparison on the URL-safe-without-padding challenge we get back # from the browser. # We will still pass the padded version down to the browser so that the JS # can decode the challenge into binary without too much trouble. session['challenge'] = challenge.rstrip('=') print("[INFO] challenge.rstrip('=') ", session['challenge']) session['register_ukey'] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, RP_NAME, RP_ID, ukey, username, display_name, 'https://example.com') js = make_credential_options.registration_dict pprint.pprint(js) print("[EXIT] begin registration\n") return jsonify(js)
def webauthn_begin_register(): # MakeCredentialOptions username = request.form.get('register_username') display_name = request.form.get('register_display_name') password = request.form.get('register_password') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) if not util.validate_display_name(display_name): return make_response(jsonify({'fail': 'Invalid display name.'}), 401) if auth.isRegistered(username): return make_response(jsonify({'fail': 'User already exists.'}), 401) #clear session variables prior to starting a new registration session.pop('register_ukey', None) session.pop('register_username', None) session.pop('register_display_name', None) session.pop('register_password', None) session.pop('challenge', None) session['register_username'] = username session['register_display_name'] = display_name # TODO: I am not sure if this is safe to do?!?!? session['register_password'] = password challenge = util.generate_challenge(32) ukey = util.generate_ukey() # We strip the saved challenge of padding, so that we can do a byte # comparison on the URL-safe-without-padding challenge we get back # from the browser. # We will still pass the padded version down to the browser so that the JS # can decode the challenge into binary without too much trouble. session['challenge'] = challenge.rstrip('=') session['register_ukey'] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, RP_NAME, RP_ID, ukey, username, display_name, ORIGIN, attestation='none') return jsonify(make_credential_options.registration_dict)
def webauthn_begin_activate(): # MakeCredentialOptions username = request.form.get('username') display_name = request.form.get('displayName') if not util.validate_username(username): return make_response(jsonify({'fail': 'Invalid username.'}), 401) if not util.validate_display_name(display_name): return make_response(jsonify({'fail': 'Invalid display name.'}), 401) if User.query.filter_by(username=username).first(): return make_response(jsonify({'fail': 'User already exists.'}), 401) if 'register_ukey' in session: del session['register_ukey'] if 'register_username' in session: del session['register_username'] if 'register_display_name' in session: del session['register_display_name'] if 'challenge' in session: del session['challenge'] session['register_username'] = username session['register_display_name'] = display_name rp_name = 'localhost' challenge = util.generate_challenge(32) ukey = util.generate_ukey() session['challenge'] = challenge session['register_ukey'] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, rp_name, RP_ID, ukey, username, display_name, 'https://example.com') return jsonify(make_credential_options.registration_dict)
def webauthn_begin_assertion(): username = request.form.get('login_username') print("[ENTER] begin authentcation for user ", username) import pdb pdb.set_trace() if not util.validate_username(username): print("[ERROR] Invalid username.") return make_response(jsonify({'fail': 'Invalid username.'}), 401) user = User.query.filter_by(username=username).first() if not user: print("[ERROR] User does not exist.") return make_response(jsonify({'fail': 'User does not exist.'}), 401) if not user.credential_id: print("[ERROR] Unknown credential ID.") return make_response(jsonify({'fail': 'Unknown credential ID.'}), 401) session.pop('challenge', None) challenge = util.generate_challenge(32, True) print("[INFO] authentication challenge ", challenge) # print("[INFO] challenge type ", type(challenge)) # We strip the padding from the challenge stored in the session # for the reasons outlined in the comment in webauthn_begin_activate. session['challenge'] = challenge.rstrip('=') webauthn_user = webauthn.WebAuthnUser(user.ukey, user.username, user.display_name, user.icon_url, user.credential_id, user.pub_key, user.sign_count, user.rp_id) webauthn_assertion_options = webauthn.WebAuthnAssertionOptions( webauthn_user, challenge) ad = webauthn_assertion_options.assertion_dict pprint.pprint(ad) print("[EXIT] begin authentcation\n") return jsonify(ad)
def process(entry): print("") print(entry) print("Validating URL file name...") source_fn = entry.get("local_fn") or entry["url"] url_check = entry.get("force_name") or source_fn print("Parsing raw URL: %s" % (url_check, )) # Patch up case errors server side url_check = url_check.lower() # Allow query strings at end (ex: for filebin) url_check = url_check.split("?")[0] print("Parsing simplified URL: %s" % (url_check, )) fnbase, vendor, chipid, flavor = parse_image_name(url_check) if not validate_username(entry["user"]): print("Invalid user name: %s" % entry["user"]) entry["status"] = STATUS_ERROR return """ script_fn = "/home/mcmaster/bin/map-%s" % entry["user"] if not os.path.exists(script_fn): print("Import script not found: %s" % script_fn) entry["status"] = STATUS_ERROR return """ print("Checking if exists..") vendor_dir = "%s/%s/" % ( env.MAP_DIR, vendor, ) chipid_dir = env.MAP_DIR + "/" + vendor + "/" + chipid single_dir = env.MAP_DIR + "/" + vendor + "/" + chipid + "/single" single_fn = env.MAP_DIR + "/" + vendor + "/" + chipid + "/single/" + fnbase map_fn = env.MAP_DIR + "/%s/%s/%s" % (vendor, chipid, flavor) print("Checking %s...." % single_fn) if os.path.exists(single_fn): print("Collision (single): %s" % single_fn) entry["status"] = STATUS_COLLISION return print("Checking %s...." % map_fn) if os.path.exists(map_fn): print("Collision (map): %s" % map_fn) entry["status"] = STATUS_COLLISION return def cleanup(): if os.path.exists(single_fn): print("WARNING: deleting map image failure: " + single_fn) os.unlink(single_fn) if os.path.exists(map_fn): print("WARNING: deleting map dir on failure: " + map_fn) shutil.rmtree(map_fn) try: print("Checking if directories exist....") if not os.path.exists(vendor_dir): print("Create %s" % vendor_dir) os.mkdir(vendor_dir) if not os.path.exists(chipid_dir): print("Create %s" % chipid_dir) os.mkdir(chipid_dir) if not os.path.exists(single_dir): print("Create %s" % single_dir) os.mkdir(single_dir) print("Fetching file...") if "local_fn" in entry: print("Local copy %s => %s" % (entry["local_fn"], single_fn)) shutil.copy(entry["local_fn"], single_fn) else: print("Downloading %s => %s" % (entry["url"], single_fn)) with urllib.request.urlopen(entry["url"]) as response: # Note: this fixes case issue as we explicitly set output case lower ftmp = open(single_fn, "wb") shutil.copyfileobj(response, ftmp) ftmp.close() # Sanity check its image file / multimedia # Mostly intended for failing faster on HTML in non-direct link subprocess.check_call(["identify", single_fn]) print("Sanity check OK") print("Converting...") try: map_user.run(user=entry["user"], files=[single_fn], run_img2doku=False) except: print("Conversion failed") traceback.print_exc() entry["status"] = STATUS_ERROR return _out_txt, wiki_page, wiki_url, map_chipid_url, wrote, exists = img2doku.run( hi_fns=[single_fn], collect=entry["user"], write=True, write_lazy=True, www_dir=env.WWW_DIR) print("wiki_page: " + wiki_page) print("wiki_url: " + wiki_url) print("map_chipid_url: " + map_chipid_url) print("wrote: " + str(wrote)) print("exists: " + str(exists)) entry["map"] = map_chipid_url entry["wiki"] = wiki_url log_simapper_update(entry) if "local_fn" in entry: shift_done(entry) entry["status"] = STATUS_DONE finally: if entry["status"] != STATUS_DONE: print("Cleaning up on non-sucess") cleanup()
import sys import colorlabels as cl from service.auth import register from util import validate_password, validate_username if __name__ == '__main__': if len(sys.argv) < 3: cl.warning('Usage: %s username password' % sys.argv[0]) sys.exit(-1) username = sys.argv[1] password = sys.argv[2] r = validate_username(username) if not r: cl.error(str(r)) sys.exit(-1) r = validate_password(password) if not r: cl.error(str(r)) sys.exit(-1) if register(username, password): cl.success('Successfully registered user %r.' % username) else: cl.error('User %r already exists!' % username)