def export_key(self):
self.require_verification()
form = Form(self.request, schema=forms.PassphraseSchema)
if 'form.submitted' in self.request.POST and form.validate():
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
key = session.query(Key).filter(Key.user_id==user.id, Key.name==self.key).first()
pub = base64.b64decode(key.public_key)
priv = base64.b64decode(key.private_key)
priv = utils.decrypt(priv, pub, pub, form.data['passphrase'])
filename = user.username + '.keypair.asc'
content_type, encoding = mimetypes.guess_type(filename)
logger.info('priv: %s', priv)
with utils.tmpdir() as tmpd:
tmp = os.path.join(tmpd, filename)
with open(tmp, 'wb') as tmpf:
tmpf.write('\n\n'.join((pub, priv)))
tmpf.flush()
response = FileResponse(
tmp,
request=self.request
)
return response
return dict(
form=FormRenderer(form),
username=self.username,
key=self.key
)
def toggle_sharability(self):
self.require_login()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
user.sharable = not user.sharable
session.add(user)
return HTTPFound(location=self.request.route_url('user', userid=self.username))
def register(self):
form = Form(self.request, schema=forms.RegistrationSchema) # Me add
if 'form.submitted' in self.request.POST and form.validate():
username = form.data['username']
user = User(username=username,
password=form.data['password'],
name=form.data['name'],
email=form.data['email'],
created_at=time.time())
with utils.db_session(self.dbmaker) as session:
userExist = session.query(User).filter(
User.username == username).first()
if not userExist:
session.add(user)
headers = remember(self.request, username)
return HTTPFound(
location=self.request.route_url('send_verify'),
headers=headers)
else:
self.request.session.flash(
u'This User is exist, please create another "Username" or "Email" !!!'
)
return HTTPFound(
location=self.request.route_url('register'))
return dict(username=self.username)
def delete_key(self):
self.require_verification()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username == self.username).first()
key = session.query(Key).filter(Key.user_id == user.id, Key.name == self.key).first()
session.delete(key)
self.request.session.flash(u"successfully deleted key %s." % (self.key,))
return HTTPFound(location=self.request.route_url("keys"))
def require_key(self, errmsg=u'you must first create a key to do that'):
self.require_verification()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(
User.username == self.username).first()
if not user.keys:
self.request.session.flash(errmsg)
raise HTTPFound(location=self.request.route_url('keys'))
def delete_file(self):
query_file = os.path.join(self.storage_dir, self.username, self.filename)
with utils.db_session(self.dbmaker) as session:
f = session.query(File).filter(File.name==self.filename).first()
session.delete(f)
os.remove(query_file)
self.request.session.flash(u'successfully deleted file: %s.' % (self.filename, ))
return HTTPFound(location=self.request.route_url('view_files'))
def delete_key(self):
self.require_verification()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
key = session.query(Key).filter(Key.user_id==user.id, Key.name==self.key).first()
session.delete(key)
self.request.session.flash(u'successfully deleted key %s.' % (self.key, ))
return HTTPFound(location=self.request.route_url('keys'))
def view_keys(self):
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username == self.username).first()
keys = dict()
for key in user.keys:
keys[key.name] = dict(created_at=key.created_at)
return dict(keys=keys, username=self.username)
def toggle_sharability(self):
self.require_login()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(
User.username == self.username).first()
user.sharable = not user.sharable
session.add(user)
return HTTPFound(
location=self.request.route_url('user', userid=self.username))
def view_keys(self):
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(
User.username == self.username).first()
keys = dict()
for key in user.keys:
keys[key.name] = dict(created_at=key.created_at)
return dict(keys=keys, username=self.username)
def require_verification(self,
errmsg=u'Account must be verified to do that'):
self.require_login()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(
User.username == self.username).first()
if user.verified_at is None:
self.request.session.flash(errmsg)
raise HTTPFound(location=self.request.route_url(
'user', userid=self.username))
def share_file(self):
if 'form.submitted' in self.request.POST and form.validate():
passphrase = form.data['passphrase']
query_file = os.path.join(self.storage_dir, self.username, self.filename)
share_user = self.request.params['share_user']
with utils.db_session(self.dbmaker) as session:
owner = session.query(User).filter(User.username==self.username).one()
f = session.query(File).filter(File.name==self.filename).one()
u = session.query(User).filter(User.username==share_user).first()
if u is None:
del f.shared_users[:]
else:
for key in u.keys:
f.keys.append(key)
session.add(f)
owner_pubs = [k.public_key for k in owner.keys]
owner_privs = [k.private_key for k in owner.keys]
recipients = owner_pubs + [k.public_key for k in f.keys]
with open(query_file, 'rb') as o:
data = o.read()
decrypted = utils.decrypt(data, owner_privs, owner_pubs, passwd)
with tempfile.NamedTemporaryFile() as tmp:
tmp.write(decrypted)
tmp.flush()
tmp.seek(0)
encrypted = utils.encrypt(tmp, recipients)
tmp = tempfile.NamedTemporaryFile(dir=self.storage_dir, delete=False)
tmp.write(encrypted)
os.rename(tmp.name, query_file)
self.request.session.flash(
u'successfully shared file: %s with user %s' % (self.filename, share_user)
)
return HTTPFound(location=self.request.route_url('view_files'))
with utils.db_session(self.dbmaker) as session:
sharable_users = session.query(User).filter(User.sharable==True)
sharable_users = sharable_users.filter(User.username!=self.username).all()
sharable_users = [u.username for u in sharable_users]
return dict(
username=self.username,
filename=self.filename,
sharable_users=sharable_users
)
def user(self):
self.require_login()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(
User.username == self.username).first()
return dict(name=user.name,
username=user.username,
email=user.email,
created_at=user.created_at,
verified=user.verified_at is not None,
sharable=user.sharable,
filecount=len(user.files))
def user(self):
self.require_login()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
return dict(
name=user.name,
username=user.username,
email=user.email,
created_at=user.created_at,
verified=user.verified_at is not None,
sharable=user.sharable,
filecount=len(user.files)
)
def unshare_file(self):
query_file = os.path.join(self.storage_dir, self.username, self.filename)
with utils.db_session(self.dbmaker) as session:
f = session.query(File).filter(File.name==self.filename).first()
u = session.query(User).filter(User.username==self.unshare_user).first()
for key in u.keys:
if key in f.keys:
f.keys.remove(key)
session.add(f)
self.request.session.flash(
u'no longer sharing file: %s with user: %s' % (self.filename, self.unshare_user)
)
return HTTPFound(location=self.request.route_url('view_files'))
def genkey(self):
self.require_verification()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username == self.username).first()
if form.validate():
name = form.data["keyname"]
passphrase = form.data["passphrase"]
pub, priv = utils.keygen(name, user.email, passphrase)
keyobj = Key(name, user.id, pub, priv)
user.keys.append(keyobj)
session.add(keyobj)
session.add(user)
self.request.session.flash(u"successfully generated key %s." % (name,))
return HTTPFound(location=self.request.route_url("keys"))
def genkey(self):
self.require_verification()
form = Form(self.request, schema=forms.GenKeySchema)
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
if form.validate():
name = form.data['keyname']
passphrase = form.data['passphrase']
pub, priv = utils.keygen(name, user.email, passphrase)
keyobj = Key(name, user.id, pub, priv)
user.keys.append(keyobj)
session.add(keyobj)
session.add(user)
self.request.session.flash(u'successfully generated key %s.' % (name, ))
return HTTPFound(location=self.request.route_url('keys'))
def register(self):
if 'form.submitted' in self.request.POST and form.validate():
username = form.data['username']
user = User(
username=username,
password=form.data['password'],
name=form.data['name'],
email=form.data['email'],
created_at=time.time()
)
with utils.db_session(self.dbmaker) as session:
session.add(user)
headers = remember(self.request, username)
return HTTPFound(location=self.request.route_url('send_verify'), headers=headers)
return dict(
username=self.username
)
def export_key(self):
self.require_verification()
if "form.submitted" in self.request.POST and form.validate():
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username == self.username).first()
key = session.query(Key).filter(Key.user_id == user.id, Key.name == self.key).first()
pub = base64.b64decode(key.public_key)
priv = base64.b64decode(key.private_key)
priv = utils.decrypt(priv, pub, pub, form.data["passphrase"])
filename = user.username + ".keypair.asc"
content_type, encoding = mimetypes.guess_type(filename)
logger.info("priv: %s", priv)
with utils.tmpdir() as tmpd:
tmp = os.path.join(tmpd, filename)
with open(tmp, "wb") as tmpf:
tmpf.write("\n\n".join((pub, priv)))
tmpf.flush()
response = FileResponse(tmp, request=self.request)
return response
return dict(username=self.username, key=self.key)
def verify(self):
email = utils.verify_email(self.token, self.verification_key, self.verification_salt)
if not email:
self.request.session.flash(u'Unable to verify your email account')
return HTTPFound(location=self.request.route_url('home'))
if 'form.submitted' in self.request.POST:
if not utils.authenticate_user(form, self.dbmaker):
self.request.session.flash(u'Failed to verify your account credentials')
return HTTPFound(location=self.request.route_url('home'))
headers = remember(self.request, self.username)
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.email==email).first()
(pub, priv) = utils.keygen(user.name, user.email, form.data['password'])
user.verified_at = time.time()
session.add(user)
self.request.session.flash(u'Account verified!')
return HTTPFound(location=self.request.route_url('keys'))
return dict(
username=self.username,
token=self.token
)
def verify(self):
form = Form(self.request, schema=forms.RegistrationSchema) # Me add
email = utils.verify_email(self.token, self.verification_key,
self.verification_salt)
if not email:
self.request.session.flash(u'Unable to verify your email account')
return HTTPFound(location=self.request.route_url('home'))
if 'form.submitted' in self.request.POST:
if not utils.authenticate_user(form, self.dbmaker):
self.request.session.flash(
u'Failed to verify your account credentials')
return HTTPFound(location=self.request.route_url('home'))
headers = remember(self.request, self.username)
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.email == email).first()
(pub, priv) = utils.keygen(user.name, user.email,
form.data['password'])
user.verified_at = time.time()
session.add(user)
self.request.session.flash(u'Account verified!')
return HTTPFound(location=self.request.route_url('keys'))
return dict(username=self.username, token=self.token)
def manage_file(self):
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
f = session.query(File).filter(File.name==self.filename).first()
username = user.username
size = f.size
uploaded_at = f.uploaded_at
sharable_users = session.query(User).filter(User.sharable==True)
sharable_users = sharable_users.filter(User.username!=self.username).all()
sharable_users = [u.username for u in sharable_users]
shared_with = ', '.join([k.user.username for k in f.keys])
return dict(
username=username,
filename=self.filename,
uploaded_at=uploaded_at,
size=size,
sharable_users=sharable_users,
shared_with=shared_with
)
def send_verify(self):
self.require_login()
with utils.db_session(self.dbmaker) as session:
email = session.query(User.email).filter(User.username==self.username).first()
serializer = URLSafeTimedSerializer(self.verification_key)
token = serializer.dumps(email, salt=self.verification_salt)
token_url = self.request.route_url('verify', token=token)
server = smtplib.SMTP(self.email_server, self.email_port)
server.ehlo()
server.starttls()
server.login(self.email_user, self.email_password)
body = '\r\n'.join(['To: %s' % (email, ),
'From: %s' % (self.email_user, ),
'Subject: %s' % ('Thanks for registering at whereikeep.info', ),
'',
'Click here to complete registration %s' % (token_url, )
])
server.sendmail(self.email_user, [email], body)
self.request.session.flash(u'Registration email sent. '\
'Follow instructions in email to complete registration')
return HTTPFound(location=self.request.route_url('home'))
def view_file(self):
if 'form.submitted' in self.request.POST and form.validate():
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
f = session.query(File).filter(File.name==self.filename).first()
proper_key = [k for k in f.keys if k.user.username == user.username]
logger.info('owner: %s files: %s keys: %s', f.owner, user.files, f.keys)
if f.owner != user.username and len(proper_key) == 0:
self.request.session.flash(u'File not shared with you. are you a bad actor?')
return HTTPFound(location=self.request.route_url('home'))
privs = []
pubs = []
for k in proper_key:
privs.append(k.private_key)
pubs.append(k.public_key)
query_file = os.path.join(self.storage_dir, f.owner.username, self.filename)
if not os.path.isfile(query_file):
return HTTPNotFound("file %s is not a thinger" % (self.filename, ))
content_type, encoding = mimetypes.guess_type(query_file)
with open(query_file, 'rb') as o:
encrypted = o.read()
decrypted = utils.decrypt(encrypted, privs, pubs, form.data['passphrase'])
with utils.tmpdir() as tmpd:
tmp = os.path.join(tmpd, self.filename)
with open(tmp, 'wb') as tmpf:
tmpf.write(decrypted)
tmpf.flush()
response = FileResponse(
tmp,
request=self.request,
content_type=content_type,
content_encoding=encoding
)
return response
return dict(
username=self.username,
filename=self.filename
)
def upload_file(self):
self.require_key()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
if 'uploaded_file' in self.request.POST and form.validate():
f = form.data['uploaded_file']
name = f['filename']
size = f['size']
self.request.session.flash(u'successfully uploaded file %s.' % (name, ))
pubs = []
for key in user.keys:
pubs.append(key.public_key)
encrypted = utils.encrypt(f['file'], pubs)
name = utils.store_file(encrypted, name, user.username, self.storage_dir)
fileobj = File(name, size, user.id)
fileobj.owner = user
for key in user.keys:
fileobj.keys.append(key)
user.files.append(fileobj)
session.add(user)
return HTTPFound(location=self.request.route_url('view_files'))
def send_verify(self):
self.require_login()
with utils.db_session(self.dbmaker) as session:
email = session.query(
User.email).filter(User.username == self.username).first()
serializer = URLSafeTimedSerializer(self.verification_key)
token = serializer.dumps(email, salt=self.verification_salt)
token_url = self.request.route_url('verify', token=token)
server = smtplib.SMTP(self.email_server, self.email_port)
server.ehlo()
server.starttls()
server.login(self.email_user, self.email_password)
body = '\r\n'.join([
'To: %s' % (email, ),
'From: %s' % (self.email_user, ),
'Subject: %s' % ('Thanks for registering at whereikeep.info', ),
'',
'Click here to complete registration %s' % (token_url, )
])
server.sendmail(self.email_user, [email], body)
self.request.session.flash(u'Registration email sent. ' \
'Follow instructions in email to complete registration')
return HTTPFound(location=self.request.route_url('home'))
def view_files(self):
self.require_verification()
with utils.db_session(self.dbmaker) as session:
user = session.query(User).filter(User.username==self.username).first()
current_upload_size = sum([f.size for f in user.files])
username = user.username
owned_files = dict()
shared_files = dict()
for f in user.files:
shared_with = [k.user.username for k in f.keys]
owned_file = dict(shared=shared_with, uploaded_at=f.uploaded_at, size=f.size)
owned_files[f.name] = owned_file
shared_files[f.name] = dict(size=f.size, owner=f.owner.username)
sharable_users = session.query(User).filter(User.sharable==True)
sharable_users = sharable_users.filter(User.username!=self.username).all()
sharable_users = [u.username for u in sharable_users]
return dict(
current_upload_size=current_upload_size,
username=username,
uploaded_files=owned_files,
sharable_users=sharable_users,
shared_files=shared_files
)