Example #1
0
def _prepare_user_query(u_id, username, password):

    q = "INSERT into users (id, username, password) VALUES " \
            "('{}', '{}', '{}')".format(
                qu_esc(u_id),
                qu_esc(username),
                qu_esc(password) )

    return q
Example #2
0
def _prepare_user_query(u_id, username, password):

    q = "INSERT into users (id, username, password) VALUES " \
            "('{}', '{}', '{}')".format(
                qu_esc(u_id),
                qu_esc(username),
                qu_esc(password) )

    return q
Example #3
0
def get_mail_query(sender, receiver, message):
    n = datetime.datetime.now()
    q = "insert into mail_queue (id, sender, receiver, time_created, message) " \
        "VALUES " \
        "(null, '{}', '{}', '{}', '{}')".format(
            qu_esc(sender),
            qu_esc(receiver),
            str(n),
            qu_esc(message)
        )

    return q
Example #4
0
def __set_session_token(dbc, uid, tk):

    import datetime
    n = datetime.datetime.now()
    n = str(n)[:19]

    q = "INSERT INTO session_token (id, id_user, created) VALUES ('{}', '{}', '{}')".format(
        qu_esc(tk), qu_esc(uid), qu_esc(n))

    try:
        dbc.execute(q)
    except Exception as e:
        raise ErrorSetSessionToken
Example #5
0
def __set_session_token(dbc, uid, tk):

    import datetime
    n = datetime.datetime.now()
    n = str(n)[:19]

    q = "INSERT INTO session_token (id, id_user, created) VALUES ('{}', '{}', '{}')".format(
            qu_esc(tk),
            qu_esc(uid),
            qu_esc(n))

    try:
        dbc.execute(q)
    except Exception as e:
        raise ErrorSetSessionToken
Example #6
0
def do_get(request, *args, **kwargs):
    """
    Get user data
    :param Auth: authorization token in header, string, True
    :param username: requested user username, string, True
    :return:  200, OK
    :return:  400
    """

    log = request.log

    _db = get_md2db()
    dbc = _db.cursor()

    username = request.get_argument('username', default='')
    username = qu_esc(username)

    q = "select id, username from users where username = '******'".format(username)
    dbc.execute(q)

    if dbc.rowcount != 1:
        log.critical('Users {} found'.format(dbc.rowcount))
        return base_common.msg.error(amsgs.USER_NOT_FOUND)

    db_user = dbc.fetchone()

    user = {'uid': db_user['id'], 'username': db_user['username']}

    return base_common.msg.post_ok(user)
Example #7
0
def do_get(request, *args, **kwargs):
    """
    Get user data
    :param Auth: authorization token in header, string, True
    :param username: requested user username, string, True
    :return:  200, OK
    :return:  400
    """

    log = request.log

    _db = get_db()
    dbc = _db.cursor()

    username = request.get_argument('username', default='')
    username = qu_esc(username)

    q = "select id, username from users where username = '******'".format(username)
    dbc.execute(q)

    if dbc.rowcount != 1:
        log.critical('Users {} found'.format(dbc.rowcount))
        return base_common.msg.error(amsgs.USER_NOT_FOUND)

    db_user = dbc.fetchone()

    user = {'uid': db_user['id'], 'username': db_user['username']}

    return base_common.msg.post_ok(user)
Example #8
0
def do_post(request, *args, **kwargs):
    """
    User logout
    :param Auth: authorization token in header, string, True
    :return:  200, OK
    :return:  400
    """

    log = request.log

    _db = get_db()
    dbc = _db.cursor()

    tk = request.auth_token

    q = "select username from users u join session_token t on u.id = t.id_user where t.id = '{}'".format(
        qu_esc(tk))
    dbc.execute(q)

    if dbc.rowcount != 1:
        log.critical('Users {} found'.format(dbc.rowcount))
        return base_common.msg.error(msgs.USER_NOT_FOUND)

    db_user = dbc.fetchone()

    user = {'username': db_user['username']}

    return base_common.msg.post_ok(user)
Example #9
0
def __get_assigned_token(dbc,log,uid):

    q = "select id from session_token where id_user = '******' and not closed".format(qu_esc(uid))
    dbc.execute(q)
    if dbc.rowcount != 1:
        return False

    return dbc.fetchone()['id']
Example #10
0
def __get_assigned_token(dbc, log, uid):

    q = "select id from session_token where id_user = '******' and not closed".format(
        qu_esc(uid))
    dbc.execute(q)
    if dbc.rowcount != 1:
        return False

    return dbc.fetchone()['id']
Example #11
0
def close_session_by_token(dbc, tk, log):

    q = "update session_token set closed = true where id = '{}'".format(qu_esc(tk))

    try:
        dbc.execute(q)
    except Exception as e:
        log.critical('Close session: {}'.format(e))
        return False

    return True
Example #12
0
def prepare_hash2params_query(h_id, data):
    """
    Prepare query for insert data into hash_2_params
    """

    n = datetime.datetime.now()
    q = "INSERT INTO hash_2_params (id, hash, time_created, data) " "VALUES (null, '{}', '{}', '{}')".format(
        h_id, str(n), qu_esc(data)
    )

    return q
Example #13
0
def close_session_by_token(dbc, tk, log):

    q = "update session_token set closed = true where id = '{}'".format(
        qu_esc(tk))

    try:
        dbc.execute(q)
    except Exception as e:
        log.critical('Close session: {}'.format(e))
        return False

    return True
Example #14
0
def prepare_hash2params_query(h_id, data):
    """
    Prepare query for insert data into hash_2_params
    """

    n = datetime.datetime.now()
    q = "INSERT INTO hash_2_params (id, hash, time_created, data) " \
        "VALUES (null, '{}', '{}', '{}')".format(
            h_id,
            str(n),
            qu_esc(data)
        )

    return q
Example #15
0
def do_post(request, *args, **kwargs):
    """
    User login
    :param username: users username, string, True
    :param password: users password, string, True
    :return:  200, OK
    :return:  404
    """

    log = request.log
    _db = get_db()
    dbc = _db.cursor()

    try:
        username = request.get_argument('username')
        password = request.get_argument('password')
    except tornado.web.MissingArgumentError:
        log.critical('Missing argument')
        return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)

    # password = format_password(username, password)

    q = "select id, password from users where username = '******'".format(
        qu_esc(username)
    )

    dbc.execute(q)
    if dbc.rowcount != 1:
        log.critical('{} users found: {}'.format(username, dbc.rowcount))
        return base_common.msg.error(msgs.USER_NOT_FOUND)

    us = dbc.fetchone()
    u_id = us['id']
    u_pwd = us['password']

    if not check_password(u_pwd, username, password):
        log.critical('Username {} wrong password: {}'.format(username, password))
        return base_common.msg.error(msgs.USER_NOT_FOUND)

    # ASSIGN TOKEN
    tk = get_token(u_id, dbc, log)
    if not tk:
        return base_common.msg.error(msgs.ERROR_LOGIN_USER)

    _db.commit()

    return base_common.msg.post_ok({'token': tk})
Example #16
0
def do_post(request, *args, **kwargs):
    """
    User login
    :param username: users username, string, True
    :param password: users password, string, True
    :return:  200, OK
    :return:  404
    """

    log = request.log
    _db = get_md2db()
    dbc = _db.cursor()

    try:
        username = request.get_argument('username')
        password = request.get_argument('password')
    except tornado.web.MissingArgumentError:
        log.critical('Missing argument')
        return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)

    # password = format_password(username, password)

    q = "select id, password from users where username = '******'".format(
        qu_esc(username)
    )

    dbc.execute(q)
    if dbc.rowcount != 1:
        log.critical('{} users found: {}'.format(username, dbc.rowcount))
        return base_common.msg.error(msgs.USER_NOT_FOUND)

    us = dbc.fetchone()
    u_id = us['id']
    u_pwd = us['password']

    if not check_password(u_pwd, username, password):
        log.critical('Username {} wrong password: {}'.format(username, password))
        return base_common.msg.error(msgs.USER_NOT_FOUND)

    # ASSIGN TOKEN
    tk = get_token(u_id, dbc, log)
    if not tk:
        return base_common.msg.error(msgs.ERROR_LOGIN_USER)

    _db.commit()

    return base_common.msg.post_ok({'token': tk})
Example #17
0
def do_post(request, *args, **kwargs):
    """
    Change password
    :param username: users new username, string, True
    :param password: users password, string, True
    :return:  200, OK
    :return:  404
    """

    log = request.log
    _db = get_md2db()
    dbc = _db.cursor()

    try:
        newusername = request.get_argument('username')
        password = request.get_argument('password')
    except tornado.web.MissingArgumentError:
        log.critical('Missing argument password')
        return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)

    tk = request.auth_token
    u_n, u_p, u_i = get_user_by_token(dbc, tk, log)
    newusername = qu_esc(newusername)
    password = qu_esc(password)

    if not check_password(u_p, u_n, password):
        log.critical('Wrong users password: {}'.format(password))
        return base_common.msg.error(msgs.WRONG_PASSWORD)

    # SAVE HASH FOR USERNAME CHANGE
    rh = BaseAPIRequestHandler(log)
    data = {'cmd': 'change_username', 'newusername': newusername, 'user_id': u_i, 'password': password}
    rh.set_argument('data', json.dumps(data))
    res = base_api.hash2params.save_hash.do_put(rh)
    if 'http_status' not in res or res['http_status'] != 200:
        return base_common.msg.error('Cannot handle forgot password')

    h = res['h']

    message = _get_email_message(request, h)

    # SAVE EMAILS FOR SENDING
    rh1 = BaseAPIRequestHandler(log)
    rh1.set_argument('sender', support_mail)
    rh1.set_argument('receiver', newusername)
    rh1.set_argument('message', message)
    res = base_api.mail_api.save_mail.do_put(rh1)
    if 'http_status' not in res or res['http_status'] != 204:
        return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)

    message2 = _get_email_warning(u_n, newusername)

    rh2 = BaseAPIRequestHandler(log)
    rh2.set_argument('sender', support_mail)
    rh2.set_argument('receiver', u_n)
    rh2.set_argument('message', message2)
    res = base_api.mail_api.save_mail.do_put(rh2)
    if 'http_status' not in res or res['http_status'] != 204:
        return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)

    return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
Example #18
0
def do_post(request, *args, **kwargs):
    """
    Change password
    :param username: users new username, string, True
    :param password: users password, string, True
    :return:  200, OK
    :return:  404
    """

    log = request.log
    _db = get_db()
    dbc = _db.cursor()

    try:
        newusername = request.get_argument('username')
        password = request.get_argument('password')
    except tornado.web.MissingArgumentError:
        log.critical('Missing argument password')
        return base_common.msg.error(msgs.MISSING_REQUEST_ARGUMENT)

    tk = request.auth_token
    # u_n, u_p, u_i = get_user_by_token(dbc, tk, log)
    dbuser = get_user_by_token(dbc, tk, log)
    newusername = qu_esc(newusername)
    password = qu_esc(password)

    if not check_password(dbuser.password, dbuser.username, password):
        log.critical('Wrong users password: {}'.format(password))
        return base_common.msg.error(msgs.WRONG_PASSWORD)

    # SAVE HASH FOR USERNAME CHANGE
    rh = BaseAPIRequestHandler(log)
    data = {
        'cmd': 'change_username',
        'newusername': newusername,
        'user_id': dbuser.user_id,
        'password': password
    }
    rh.set_argument('data', json.dumps(data))
    res = base_api.hash2params.save_hash.do_put(rh)
    if 'http_status' not in res or res['http_status'] != 200:
        return base_common.msg.error('Cannot handle forgot password')

    h = res['h']

    message = _get_email_message(request, h)

    # SAVE EMAILS FOR SENDING
    rh1 = BaseAPIRequestHandler(log)
    rh1.set_argument('sender', support_mail)
    rh1.set_argument('receiver', newusername)
    rh1.set_argument('message', message)
    res = base_api.mail_api.save_mail.do_put(rh1)
    if 'http_status' not in res or res['http_status'] != 204:
        return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)

    message2 = _get_email_warning(dbuser.username, newusername)

    rh2 = BaseAPIRequestHandler(log)
    rh2.set_argument('sender', support_mail)
    rh2.set_argument('receiver', dbuser.username)
    rh2.set_argument('message', message2)
    res = base_api.mail_api.save_mail.do_put(rh2)
    if 'http_status' not in res or res['http_status'] != 204:
        return base_common.msg.error(msgs.CANNOT_SAVE_MESSAGE)

    return base_common.msg.post_ok(msgs.CHANGE_USERNAME_REQUEST)
Example #19
0
def do_post(request, *args, **kwargs):
    """
    User logout
    :param Auth: authorization token in header, string, True
    :return:  200, OK
    :return:  400
    """

    log = request.log

    _db = get_db()
    dbc = _db.cursor()

    tk = request.auth_token

    q = "select username from users u join session_token t on u.id = t.id_user where t.id = '{}'".format(qu_esc(tk))
    dbc.execute(q)

    if dbc.rowcount != 1:
        log.critical('Users {} found'.format(dbc.rowcount))
        return base_common.msg.error(msgs.USER_NOT_FOUND)

    db_user = dbc.fetchone()

    user = {'username': db_user['username']}

    return base_common.msg.post_ok(user)
Example #20
0
def _check_user_registered(dbc, uname):

    q = "select id from users where username = '******'".format(qu_esc(uname))
    dbc.execute(q)
    return dbc.rowcount != 0
Example #21
0
def _check_user_registered(dbc,uname):

    q="select id from users where username = '******'".format(qu_esc(uname))
    dbc.execute(q)
    return dbc.rowcount !=0
Example #22
0
def __get_user_by_token(dbc, tk, log):

    q = "select id, id_user, created, closed from session_token where id = '{}'".format(qu_esc(tk))

    try:
        dbc.execute(q)
    except Exception as e:
        log.critical('Get session: {}'.format(e))
        return False

    if dbc.rowcount != 1:
        log.critical('Found {} sessions'.format(dbc.rowcount))
        return False

    return True