Ejemplo n.º 1
0
 def export_key(self):
     self.require_verification()
     form = Form(self.request, schema=forms.PassphraseSchema)
     if 'form.submitted' in self.request.POST and form.validate():
         with utils.db_session(self.dbmaker) as session:
             user = session.query(User).filter(User.username==self.username).first()
             key = session.query(Key).filter(Key.user_id==user.id, Key.name==self.key).first()
             pub = base64.b64decode(key.public_key)
             priv = base64.b64decode(key.private_key)
             priv = utils.decrypt(priv, pub, pub, form.data['passphrase'])
             filename = user.username + '.keypair.asc'
         content_type, encoding = mimetypes.guess_type(filename)
         logger.info('priv: %s', priv)
         with utils.tmpdir() as tmpd:
             tmp = os.path.join(tmpd, filename)
             with open(tmp, 'wb') as tmpf:
                 tmpf.write('\n\n'.join((pub, priv)))
                 tmpf.flush()
                 response = FileResponse(
                     tmp,
                     request=self.request
                 )
                 return response
     return dict(
         form=FormRenderer(form),
         username=self.username,
         key=self.key
     )
Ejemplo n.º 2
0
 def toggle_sharability(self):
     self.require_login()
     with utils.db_session(self.dbmaker) as session:
         user = session.query(User).filter(User.username==self.username).first()
         user.sharable = not user.sharable
         session.add(user)
     return HTTPFound(location=self.request.route_url('user', userid=self.username))
Ejemplo n.º 3
0
 def register(self):
     form = Form(self.request, schema=forms.RegistrationSchema)  # Me add
     if 'form.submitted' in self.request.POST and form.validate():
         username = form.data['username']
         user = User(username=username,
                     password=form.data['password'],
                     name=form.data['name'],
                     email=form.data['email'],
                     created_at=time.time())
         with utils.db_session(self.dbmaker) as session:
             userExist = session.query(User).filter(
                 User.username == username).first()
             if not userExist:
                 session.add(user)
                 headers = remember(self.request, username)
                 return HTTPFound(
                     location=self.request.route_url('send_verify'),
                     headers=headers)
             else:
                 self.request.session.flash(
                     u'This User is exist, please create another "Username" or "Email" !!!'
                 )
                 return HTTPFound(
                     location=self.request.route_url('register'))
     return dict(username=self.username)
Ejemplo n.º 4
0
 def delete_key(self):
     self.require_verification()
     with utils.db_session(self.dbmaker) as session:
         user = session.query(User).filter(User.username == self.username).first()
         key = session.query(Key).filter(Key.user_id == user.id, Key.name == self.key).first()
         session.delete(key)
     self.request.session.flash(u"successfully deleted key %s." % (self.key,))
     return HTTPFound(location=self.request.route_url("keys"))
Ejemplo n.º 5
0
 def require_key(self, errmsg=u'you must first create a key to do that'):
     self.require_verification()
     with utils.db_session(self.dbmaker) as session:
         user = session.query(User).filter(
             User.username == self.username).first()
         if not user.keys:
             self.request.session.flash(errmsg)
             raise HTTPFound(location=self.request.route_url('keys'))
Ejemplo n.º 6
0
 def delete_file(self):
     query_file = os.path.join(self.storage_dir, self.username, self.filename)
     with utils.db_session(self.dbmaker) as session:
         f = session.query(File).filter(File.name==self.filename).first()
         session.delete(f)
     os.remove(query_file)
     self.request.session.flash(u'successfully deleted file: %s.' % (self.filename, ))
     return HTTPFound(location=self.request.route_url('view_files'))
Ejemplo n.º 7
0
 def delete_key(self):
     self.require_verification()
     with utils.db_session(self.dbmaker) as session:
         user = session.query(User).filter(User.username==self.username).first()
         key = session.query(Key).filter(Key.user_id==user.id, Key.name==self.key).first()
         session.delete(key)
     self.request.session.flash(u'successfully deleted key %s.' % (self.key, ))
     return HTTPFound(location=self.request.route_url('keys'))
Ejemplo n.º 8
0
    def view_keys(self):
        with utils.db_session(self.dbmaker) as session:
            user = session.query(User).filter(User.username == self.username).first()
            keys = dict()
            for key in user.keys:
                keys[key.name] = dict(created_at=key.created_at)

        return dict(keys=keys, username=self.username)
Ejemplo n.º 9
0
 def toggle_sharability(self):
     self.require_login()
     with utils.db_session(self.dbmaker) as session:
         user = session.query(User).filter(
             User.username == self.username).first()
         user.sharable = not user.sharable
         session.add(user)
     return HTTPFound(
         location=self.request.route_url('user', userid=self.username))
Ejemplo n.º 10
0
    def view_keys(self):
        with utils.db_session(self.dbmaker) as session:
            user = session.query(User).filter(
                User.username == self.username).first()
            keys = dict()
            for key in user.keys:
                keys[key.name] = dict(created_at=key.created_at)

        return dict(keys=keys, username=self.username)
Ejemplo n.º 11
0
 def require_verification(self,
                          errmsg=u'Account must be verified to do that'):
     self.require_login()
     with utils.db_session(self.dbmaker) as session:
         user = session.query(User).filter(
             User.username == self.username).first()
         if user.verified_at is None:
             self.request.session.flash(errmsg)
             raise HTTPFound(location=self.request.route_url(
                 'user', userid=self.username))
Ejemplo n.º 12
0
 def share_file(self):
     if 'form.submitted' in self.request.POST and form.validate():
         passphrase = form.data['passphrase']
         query_file = os.path.join(self.storage_dir, self.username, self.filename)
         share_user = self.request.params['share_user']
         with utils.db_session(self.dbmaker) as session:
             owner = session.query(User).filter(User.username==self.username).one()
             f = session.query(File).filter(File.name==self.filename).one()
             u = session.query(User).filter(User.username==share_user).first()
             if u is None:
                 del f.shared_users[:]
             else:
                 for key in u.keys:
                     f.keys.append(key)
             session.add(f)
             owner_pubs = [k.public_key for k in owner.keys]
             owner_privs = [k.private_key for k in owner.keys]
             recipients = owner_pubs + [k.public_key for k in f.keys]
             with open(query_file, 'rb') as o:
                 data = o.read()
             decrypted = utils.decrypt(data, owner_privs, owner_pubs, passwd)
             with tempfile.NamedTemporaryFile() as tmp:
                 tmp.write(decrypted)
                 tmp.flush()
                 tmp.seek(0)
                 encrypted = utils.encrypt(tmp, recipients)
             tmp = tempfile.NamedTemporaryFile(dir=self.storage_dir, delete=False)
             tmp.write(encrypted)
             os.rename(tmp.name, query_file)
         self.request.session.flash(
             u'successfully shared file: %s with user %s' % (self.filename, share_user)
         )
         return HTTPFound(location=self.request.route_url('view_files'))
     with utils.db_session(self.dbmaker) as session:
         sharable_users = session.query(User).filter(User.sharable==True)
         sharable_users = sharable_users.filter(User.username!=self.username).all()
         sharable_users = [u.username for u in sharable_users]
     return dict(
         username=self.username,
         filename=self.filename,
         sharable_users=sharable_users
     )
Ejemplo n.º 13
0
 def user(self):
     self.require_login()
     with utils.db_session(self.dbmaker) as session:
         user = session.query(User).filter(
             User.username == self.username).first()
         return dict(name=user.name,
                     username=user.username,
                     email=user.email,
                     created_at=user.created_at,
                     verified=user.verified_at is not None,
                     sharable=user.sharable,
                     filecount=len(user.files))
Ejemplo n.º 14
0
 def user(self):
     self.require_login()
     with utils.db_session(self.dbmaker) as session:
         user = session.query(User).filter(User.username==self.username).first()
         return dict(
             name=user.name,
             username=user.username,
             email=user.email,
             created_at=user.created_at,
             verified=user.verified_at is not None,
             sharable=user.sharable,
             filecount=len(user.files)
         )
Ejemplo n.º 15
0
 def unshare_file(self):
     query_file = os.path.join(self.storage_dir, self.username, self.filename)
     with utils.db_session(self.dbmaker) as session:
         f = session.query(File).filter(File.name==self.filename).first()
         u = session.query(User).filter(User.username==self.unshare_user).first()
         for key in u.keys:
             if key in f.keys:
                 f.keys.remove(key)
         session.add(f)
     self.request.session.flash(
         u'no longer sharing file: %s with user: %s' % (self.filename, self.unshare_user)
     )
     return HTTPFound(location=self.request.route_url('view_files'))
Ejemplo n.º 16
0
    def genkey(self):
        self.require_verification()
        with utils.db_session(self.dbmaker) as session:
            user = session.query(User).filter(User.username == self.username).first()

            if form.validate():
                name = form.data["keyname"]
                passphrase = form.data["passphrase"]
                pub, priv = utils.keygen(name, user.email, passphrase)
                keyobj = Key(name, user.id, pub, priv)
                user.keys.append(keyobj)
                session.add(keyobj)
                session.add(user)
                self.request.session.flash(u"successfully generated key %s." % (name,))

        return HTTPFound(location=self.request.route_url("keys"))
Ejemplo n.º 17
0
    def genkey(self):
        self.require_verification()
        form = Form(self.request, schema=forms.GenKeySchema)
        with utils.db_session(self.dbmaker) as session:
            user = session.query(User).filter(User.username==self.username).first()

            if form.validate():
                name = form.data['keyname']
                passphrase = form.data['passphrase']
                pub, priv = utils.keygen(name, user.email, passphrase)
                keyobj = Key(name, user.id, pub, priv)
                user.keys.append(keyobj)
                session.add(keyobj)
                session.add(user)
                self.request.session.flash(u'successfully generated key %s.' % (name, ))

        return HTTPFound(location=self.request.route_url('keys'))
Ejemplo n.º 18
0
 def register(self):
     if 'form.submitted' in self.request.POST and form.validate():
         username = form.data['username']
         user = User(
             username=username,
             password=form.data['password'],
             name=form.data['name'],
             email=form.data['email'],
             created_at=time.time()
         )
         with utils.db_session(self.dbmaker) as session:
             session.add(user)
         headers = remember(self.request, username)
         return HTTPFound(location=self.request.route_url('send_verify'), headers=headers)
 
     return dict(
         username=self.username
     )
Ejemplo n.º 19
0
 def export_key(self):
     self.require_verification()
     if "form.submitted" in self.request.POST and form.validate():
         with utils.db_session(self.dbmaker) as session:
             user = session.query(User).filter(User.username == self.username).first()
             key = session.query(Key).filter(Key.user_id == user.id, Key.name == self.key).first()
             pub = base64.b64decode(key.public_key)
             priv = base64.b64decode(key.private_key)
             priv = utils.decrypt(priv, pub, pub, form.data["passphrase"])
             filename = user.username + ".keypair.asc"
         content_type, encoding = mimetypes.guess_type(filename)
         logger.info("priv: %s", priv)
         with utils.tmpdir() as tmpd:
             tmp = os.path.join(tmpd, filename)
             with open(tmp, "wb") as tmpf:
                 tmpf.write("\n\n".join((pub, priv)))
                 tmpf.flush()
                 response = FileResponse(tmp, request=self.request)
                 return response
     return dict(username=self.username, key=self.key)
Ejemplo n.º 20
0
 def verify(self):
     email = utils.verify_email(self.token, self.verification_key, self.verification_salt)
     if not email:
         self.request.session.flash(u'Unable to verify your email account')
         return HTTPFound(location=self.request.route_url('home'))
     if 'form.submitted' in self.request.POST:
         if not utils.authenticate_user(form, self.dbmaker):
             self.request.session.flash(u'Failed to verify your account credentials')
             return HTTPFound(location=self.request.route_url('home'))
         headers = remember(self.request, self.username)
         with utils.db_session(self.dbmaker) as session:
             user = session.query(User).filter(User.email==email).first()
             (pub, priv) = utils.keygen(user.name, user.email, form.data['password'])
             user.verified_at = time.time()
             session.add(user)
             self.request.session.flash(u'Account verified!')
             return HTTPFound(location=self.request.route_url('keys'))
     return dict(
         username=self.username,
         token=self.token
     )
Ejemplo n.º 21
0
 def verify(self):
     form = Form(self.request, schema=forms.RegistrationSchema)  # Me add
     email = utils.verify_email(self.token, self.verification_key,
                                self.verification_salt)
     if not email:
         self.request.session.flash(u'Unable to verify your email account')
         return HTTPFound(location=self.request.route_url('home'))
     if 'form.submitted' in self.request.POST:
         if not utils.authenticate_user(form, self.dbmaker):
             self.request.session.flash(
                 u'Failed to verify your account credentials')
             return HTTPFound(location=self.request.route_url('home'))
         headers = remember(self.request, self.username)
         with utils.db_session(self.dbmaker) as session:
             user = session.query(User).filter(User.email == email).first()
             (pub, priv) = utils.keygen(user.name, user.email,
                                        form.data['password'])
             user.verified_at = time.time()
             session.add(user)
             self.request.session.flash(u'Account verified!')
             return HTTPFound(location=self.request.route_url('keys'))
     return dict(username=self.username, token=self.token)
Ejemplo n.º 22
0
    def manage_file(self):
        with utils.db_session(self.dbmaker) as session:
            user = session.query(User).filter(User.username==self.username).first()
            f = session.query(File).filter(File.name==self.filename).first()
            username = user.username
            size = f.size
            uploaded_at = f.uploaded_at

            sharable_users = session.query(User).filter(User.sharable==True)
            sharable_users = sharable_users.filter(User.username!=self.username).all()
            sharable_users = [u.username for u in sharable_users]

            shared_with = ', '.join([k.user.username for k in f.keys])

        return dict(
            username=username,
            filename=self.filename,
            uploaded_at=uploaded_at,
            size=size,
            sharable_users=sharable_users,
            shared_with=shared_with
        )
Ejemplo n.º 23
0
 def send_verify(self):
     self.require_login()
     with utils.db_session(self.dbmaker) as session:
         email = session.query(User.email).filter(User.username==self.username).first()
     serializer = URLSafeTimedSerializer(self.verification_key)
     token = serializer.dumps(email, salt=self.verification_salt)
     token_url = self.request.route_url('verify', token=token)
 
     server = smtplib.SMTP(self.email_server, self.email_port)
     server.ehlo()
     server.starttls()
     server.login(self.email_user, self.email_password)
     body = '\r\n'.join(['To: %s' % (email, ),
                         'From: %s' % (self.email_user, ),
                         'Subject: %s' % ('Thanks for registering at whereikeep.info', ),
                         '',
                         'Click here to complete registration %s' % (token_url, )
                        ])
     server.sendmail(self.email_user, [email], body)
     self.request.session.flash(u'Registration email sent. '\
         'Follow instructions in email to complete registration')
     return HTTPFound(location=self.request.route_url('home'))
Ejemplo n.º 24
0
 def view_file(self):
     if 'form.submitted' in self.request.POST and form.validate():
         with utils.db_session(self.dbmaker) as session:
             user = session.query(User).filter(User.username==self.username).first()
             f = session.query(File).filter(File.name==self.filename).first()
             proper_key = [k for k in f.keys if k.user.username == user.username]
             logger.info('owner: %s files: %s keys: %s', f.owner, user.files, f.keys)
             if f.owner != user.username and len(proper_key) == 0:
                 self.request.session.flash(u'File not shared with you. are you a bad actor?')
                 return HTTPFound(location=self.request.route_url('home'))
             privs = []
             pubs = []
             for k in proper_key:
                 privs.append(k.private_key)
                 pubs.append(k.public_key)
             query_file = os.path.join(self.storage_dir, f.owner.username, self.filename)
         if not os.path.isfile(query_file):
             return HTTPNotFound("file %s is not a thinger" % (self.filename, ))
         content_type, encoding = mimetypes.guess_type(query_file)
         with open(query_file, 'rb') as o:
             encrypted = o.read()
             decrypted = utils.decrypt(encrypted, privs, pubs, form.data['passphrase']) 
         with utils.tmpdir() as tmpd:
             tmp = os.path.join(tmpd, self.filename)
             with open(tmp, 'wb') as tmpf:
                 tmpf.write(decrypted)
                 tmpf.flush()
                 response = FileResponse(
                     tmp,
                     request=self.request,
                     content_type=content_type,
                     content_encoding=encoding
                 )
                 return response
     return dict(
         username=self.username,
         filename=self.filename
     )
Ejemplo n.º 25
0
    def upload_file(self):
        self.require_key()
        with utils.db_session(self.dbmaker) as session:
            user = session.query(User).filter(User.username==self.username).first()

            if 'uploaded_file' in self.request.POST and form.validate():
                f = form.data['uploaded_file']
                name = f['filename']
                size = f['size']
                self.request.session.flash(u'successfully uploaded file %s.' % (name, ))
                pubs = []
                for key in user.keys:
                    pubs.append(key.public_key)
                encrypted = utils.encrypt(f['file'], pubs)
                name = utils.store_file(encrypted, name, user.username, self.storage_dir)
                fileobj = File(name, size, user.id)
                fileobj.owner = user
                for key in user.keys:
                    fileobj.keys.append(key)
                user.files.append(fileobj)
                session.add(user)

        return HTTPFound(location=self.request.route_url('view_files'))
Ejemplo n.º 26
0
    def send_verify(self):
        self.require_login()
        with utils.db_session(self.dbmaker) as session:
            email = session.query(
                User.email).filter(User.username == self.username).first()
        serializer = URLSafeTimedSerializer(self.verification_key)
        token = serializer.dumps(email, salt=self.verification_salt)
        token_url = self.request.route_url('verify', token=token)

        server = smtplib.SMTP(self.email_server, self.email_port)
        server.ehlo()
        server.starttls()
        server.login(self.email_user, self.email_password)
        body = '\r\n'.join([
            'To: %s' % (email, ),
            'From: %s' % (self.email_user, ),
            'Subject: %s' % ('Thanks for registering at whereikeep.info', ),
            '',
            'Click here to complete registration %s' % (token_url, )
        ])
        server.sendmail(self.email_user, [email], body)
        self.request.session.flash(u'Registration email sent. ' \
                                   'Follow instructions in email to complete registration')
        return HTTPFound(location=self.request.route_url('home'))
Ejemplo n.º 27
0
    def view_files(self):
        self.require_verification()
        with utils.db_session(self.dbmaker) as session:
            user = session.query(User).filter(User.username==self.username).first()
            current_upload_size = sum([f.size for f in user.files])
            username = user.username
            owned_files = dict()
            shared_files = dict()
            for f in user.files:
                shared_with = [k.user.username for k in f.keys]
                owned_file = dict(shared=shared_with, uploaded_at=f.uploaded_at, size=f.size)
                owned_files[f.name] = owned_file
                shared_files[f.name] = dict(size=f.size, owner=f.owner.username)
            sharable_users = session.query(User).filter(User.sharable==True)
            sharable_users = sharable_users.filter(User.username!=self.username).all()
            sharable_users = [u.username for u in sharable_users]

        return dict(
            current_upload_size=current_upload_size,
            username=username,
            uploaded_files=owned_files,
            sharable_users=sharable_users,
            shared_files=shared_files
        )