def sign_up(): data = request.get_json() already_exists = database_helper.check_if_email_exists(data['email']) if already_exists: return jsonify({'success': False, 'message': "User already exists."}) else: #do not need to check if a field is empty because html code does it (required) ########################## Password hashing ############################ # 1. Generate salt salt = os.urandom(32) salt = (binascii.hexlify(salt)).decode('utf-8') # 2. Append salt to the password password = data['password'] password = password + salt # 3. Hash the password and storing password = bcrypt.generate_password_hash(password).decode('utf-8') output_msg = database_helper.save_new_user( data['email'], password, data['firstname'], data['familyname'], data['gender'], data['city'], data['country'], salt) ######################################################################## if output_msg: return jsonify({ 'success': True, 'message': "Data saved succesfully" }) else: return jsonify({ 'success': False, 'message': "Something went wrong saving the data(maybe email already exists)" })
def post_message(): data = request.get_json() current_user_token = data['token'] message = data['message'] dest_email = data['email'] if current_user_token != None and dest_email != None: sender_mail = database_helper.get_email_by_token(current_user_token) sender_mail = sender_mail[0] if database_helper.check_if_email_exists( sender_mail) and database_helper.check_if_email_exists( dest_email): success_post = database_helper.post_message( sender_mail, message, dest_email) if success_post: return jsonify({ 'success': True, 'message': "Message posted succesfully" }) else: return jsonify({ 'success': False, 'message': "Something went wrong posting the message" }) else: return jsonify({ 'success': False, 'message': "Provided token or email do not exist" }) else: return jsonify({ 'success': False, 'message': "Token and destination email cannot be void" })
def sign_up(): data = request.get_json() already_exists = database_helper.check_if_email_exists(data['email']) if already_exists: return jsonify({'success': False, 'message': "User already exists."}) else: #do not need to check if a field is empty because html code does it (required) output_msg = database_helper.save_new_user( data['email'], data['password'], data['firstname'], data['familyname'], data['gender'], data['city'], data['country']) if output_msg: return jsonify({ 'success': True, 'message': "Data saved succesfully" }) else: return jsonify({ 'success': False, 'message': "Something went wrong saving the data(maybe email already exists)" })
def resetPswd(): form = EmailForm() if form.validate_on_submit(): emailDest = form.email.data if database_helper.check_if_email_exists(emailDest): #create a new secure password# stringSource = string.ascii_letters + string.digits + string.punctuation password = secrets.choice(string.ascii_lowercase) password += secrets.choice(string.ascii_uppercase) password += secrets.choice(string.digits) for i in range(6): password += secrets.choice(stringSource) char_list = list(password) secrets.SystemRandom().shuffle(char_list) password = ''.join(char_list) ######################## New password hashing ########################## # 1. Find the salt resultSalt = database_helper.get_users_salt(emailDest) salt = resultSalt['salt'] # 2. Append salt to the password passwordSecure = password + salt # 3. Hash the password and storing passwordSecure = bcrypt.generate_password_hash( passwordSecure).decode('utf-8') password_changed = database_helper.change_password( emailDest, passwordSecure, salt) ######################################################################## if password_changed: message = """\ Dear user, Your new password is : """ + password + """ The Twidder team""" msg = MIMEText(message) msg['To'] = email.utils.formataddr((emailDest, emailDest)) msg['From'] = email.utils.formataddr( ('Twidder team', '*****@*****.**')) msg['Subject'] = 'New Twidder password' try: # --- send the email --- server = smtplib.SMTP('smtp.gmail.com', 587) server.starttls() #enable security server.login( '*****@*****.**', 'liuTDDD97!') #login and pswd of the email account server.set_debuglevel( True ) # Dump communication with the receiving server straight to the console. server.sendmail('*****@*****.**', [emailDest], msg.as_string()) flash("An email has been sending to you.", 'success') #return redirect(url_for('root')) except smtplib.SMTPException: flash("Error: unable to send email", 'error') finally: server.quit() else: flash("Something went wrong changing the password", 'error') else: flash("Your email does not exist in our database.", 'error') return render_template('reset_pswd.html', form=form)
def post_message(): data = request.get_json() print(data) token = data['token'] message = data['message'] dest_email = data['email'] place = data['place'] public_key = data['publicKey'] authentication_data = database_helper.get_email_logged_user_new(public_key) stored_token = authentication_data['token'] sender_mail = database_helper.get_email_by_token(stored_token) sender_mail = sender_mail[0] equal_hashed_token = False ########################## Token verification ########################## # 1. Recreate the blob using the stored token blob = "" if dest_email != None: i = 0 while i < len(dest_email): blob = blob + dest_email[i] i = i + 3 i = 0 while i < len(message): blob = blob + message[i] i = i + 3 blob = stored_token + blob # 2. Hash it hash = hashlib.sha256(blob.encode()).hexdigest() # 3. Compare the two hashes if token == hash: equal_hashed_token = True print("Equal hashes get_users_data_by_token") ######################################################################## if dest_email == None: dest_email = sender_mail if stored_token != None and dest_email != None: if equal_hashed_token: if database_helper.check_if_email_exists( sender_mail) and database_helper.check_if_email_exists( dest_email): success_post = database_helper.post_message( sender_mail, message, dest_email, place) if success_post: return jsonify({ 'success': True, 'message': "Message posted succesfully" }) else: return jsonify({ 'success': False, 'message': "Something went wrong posting the message" }) else: return jsonify({ 'success': False, 'message': "Provided token or email do not exist" }) else: return jsonify({ 'success': False, 'message': "Hashes not equal in post_message" }) else: return jsonify({ 'success': False, 'message': "Token and destination email cannot be void" })