def valid(self) -> bool:
"""Check if this object is valid or not"""
stamp = self.serialize().decode('utf-8') + self.suffix
valid = (self.hash == h(str.encode(stamp)).hexdigest())
valid = valid and hashcash.check(stamp, self.suffix, self.difficulty)
valid = valid and (len(self.serialize(True, True, True, True)) <=
Block.size_limit)
if self.id > 1:
prev_block = Block.query.get(self.id - 1)
valid = valid and self.prev_hash == prev_block.hash
difficulty = prev_block.difficulty
difficulty_check_block = Block.query.get(max(1, self.id - 10))
avg_timedelta = (
(self.created_at - difficulty_check_block.created_at) /
(self.id - difficulty_check_block.id))
if avg_timedelta <= datetime.timedelta(0, 5):
valid = valid and self.difficulty == max(0, difficulty + 1)
elif avg_timedelta > datetime.timedelta(0, 15):
valid = valid and self.difficulty == max(0, difficulty - 1)
else:
valid = valid and self.difficulty == difficulty
else:
valid = valid and self.prev_hash is None
valid = valid and self.difficulty == 0
valid = valid and self.root_hash == h(''.join(
sorted((m.id for m in self.moves))).encode('utf-8')).hexdigest()
for move in self.moves:
valid = valid and move.valid
return valid
def change_password():
"""Allows a user to change password"""
if session.username == None:
redirect(URL(r=request, f='log_in'))
if session.pwdaged:
response.flash = 'Current password is older than 90 days. Please change'
form = FORM(
TABLE(
TR('Username:'******'username', requires=IS_NOT_EMPTY())),
TR(
'Current Password: '******'oldpwd',
_type='password',
requires=[IS_NOT_EMPTY()])),
TR(
'New Password: '******'newpwd',
_type='password',
requires=[IS_NOT_EMPTY()])),
TR(
'Re-enter New Password: '******'newpwd2',
_type='password',
requires=[IS_NOT_EMPTY()])),
TR('', INPUT(_type='submit', _name='submit'))))
if form.accepts(request.vars, session):
if userdb(userdb.user.username == form.vars.username) \
(userdb.user.password == h(form.vars.oldpwd).hexdigest()) \
(userdb.user.authorized == True).count():
db.user_event.insert(event='Change password initiated. %s' % \
form.vars.username,
user='******')
if form.vars.newpwd == form.vars.newpwd2:
userdb(userdb.user.username == session.username) \
.update(password=h(form.vars.newpwd).hexdigest())
userdb(userdb.user.username == session.username) \
.update(aging=time())
db.user_event.insert(event='Change password successful. %s' % \
form.vars.username,
user='******')
response.flash = 'Password change SUCCESSFUL'
else:
db.user_event.insert(event='Change password unsuccessful. \
New passwords do not match. %s' % \
form.vars.username,
user='******')
response.flash = 'Password change UNSUCCESSFUL - New passwords \
do not match'
else:
db.user_event.insert(event='Change password unsuccessful. \
Current password does not match. %s' % \
form.vars.username,
user='******')
response.flash = 'Password change UNSUCCESSFUL - Current password \
does not match'
return dict(form=form)
def log_in():
"""
Function for user to log in
Compares the user login and password with userdb.user table
If login is successful, the username is stored in session.username
for further use. If login is not successful, session.username = None
"""
form = FORM(
TABLE(
TR('Username:'******'username', requires=IS_NOT_EMPTY())),
TR(
'Password:'******'password',
_type='password',
requires=[IS_NOT_EMPTY()])),
TR('', INPUT(_type='submit', _value='login'))))
if form.accepts(request.vars, session):
if userdb(userdb.user.username == form.vars.username) \
(userdb.user.password == form.vars.password) \
(userdb.user.authorized == True).count():
session.username = form.vars.username
db.user_event.insert(event='Login (plain text password). %s' % \
session.username,
user='******')
# converting plaintext password to hash
userdb(userdb.user.username == form.vars.username). \
update(password=h(form.vars.password).hexdigest())
db.log.insert(event='Convert plain password to hash. \User = '******'system')
session.login_count = 1
redirect(URL(r=request, f='logged'))
elif userdb(userdb.user.username == form.vars.username) \
(userdb.user.password == h(form.vars.password).hexdigest()) \
(userdb.user.authorized == True).count():
session.username = form.vars.username
db.user_event.insert(event='Login (hashed password). %s' % \
session.username,
user='******')
session.login_count = 1
redirect(URL(r=request, f='logged'))
else:
db.user_event.insert(event='Login error. Username used = %s. \
Password used = %s. Login count = %s' %
(form.vars.username, form.vars.password,
str(session.login_count)),
user='******')
session.username = None
response.flash = 'invalid username/password'
session.login_count = session.login_count + 1
# if session.login_count == 5:
# db.user_event.insert(event='5 times login error. All users are \
# deauthorized by system.', user='******')
# [userdb(userdb.user.username == name).update(authorized=False)
# for name in userdb(userdb.user.authorized==True).select(userdb.user.username)]
return dict(form=form)
def create_block(self, moves, commit=True, click=None):
""" Create a block. """
for move in moves:
if not move.valid:
raise InvalidMoveError(move)
block = Block(version=PROTOCOL_VERSION)
block.root_hash = h(''.join(sorted(
(m.id for m in moves))).encode('utf-8')).hexdigest()
block.creator = self.address
block.created_at = datetime.datetime.utcnow()
prev_block = self.session.query(Block).order_by(
Block.id.desc()).first()
if prev_block:
block.id = prev_block.id + 1
block.prev_hash = prev_block.hash
block.difficulty = prev_block.difficulty
difficulty_check_block = self.session.query(Block).get(
max(1, block.id - 10))
avg_timedelta = (
(block.created_at - difficulty_check_block.created_at) /
(block.id - difficulty_check_block.id))
if click:
click.echo(
f'avg: {avg_timedelta}, difficulty: {block.difficulty}')
if avg_timedelta <= datetime.timedelta(0, 5):
block.difficulty = max(0, block.difficulty + 1)
elif avg_timedelta > datetime.timedelta(0, 15):
block.difficulty = max(0, block.difficulty - 1)
else:
#: Genesis block
block.id = 1
block.prev_hash = None
block.difficulty = 0
block.suffix = hashcash._mint(block.serialize(), bits=block.difficulty)
if self.session.query(Block).get(block.id):
return None
block.hash = h(block.serialize() + block.suffix).hexdigest()
for move in moves:
move.block = block
if not block.valid:
raise InvalidBlockError
if commit:
try:
self.session.add(block)
self.session.commit()
except IntegrityError:
return None
return block
def log_in():
"""
Function for user to log in
Compares the user login and password with userdb.user table
If login is successful, the username is stored in session.username
for further use. If login is not successful, session.username = None
"""
form = FORM(TABLE(
TR('Username:'******'username',
requires=IS_NOT_EMPTY())),
TR('Password:'******'password', _type='password',
requires=[IS_NOT_EMPTY()])),
TR('', INPUT(_type='submit', _value='login'))))
if form.accepts(request.vars, session):
if userdb(userdb.user.username == form.vars.username) \
(userdb.user.password == h(form.vars.password).hexdigest()) \
(userdb.user.authorized == True).count():
session.username = form.vars.username
db.user_event.insert(event='Login (hashed password). %s' % \
session.username,
user='******')
session.login_count = 1
redirect(URL(r=request, f='logged'))
# Legacy management #1 - convert all plain text logins to hash
elif userdb(userdb.user.username == form.vars.username) \
(userdb.user.password == form.vars.password) \
(userdb.user.authorized == True).count():
session.username = form.vars.username
db.user_event.insert(event='Login (plain text password). %s' % \
session.username,
user='******')
# converting plaintext password to hash
userdb(userdb.user.username == form.vars.username). \
update(password=h(form.vars.password).hexdigest())
db.log.insert(event='Convert plain password to hash. \User = '******'system')
session.login_count = 1
redirect(URL(r=request, f='logged'))
# end of Legacy management # 1
else:
db.user_event.insert(event='Login error. Username used = %s. \
Password used = %s. Login count = %s' %
(form.vars.username, form.vars.password, str(session.login_count)),
user='******')
session.username = None
response.flash = 'invalid username/password'
session.login_count = session.login_count + 1
# if session.login_count == 5:
# db.user_event.insert(event='5 times login error. All users are \
# deauthorized by system.', user='******')
# [userdb(userdb.user.username == name).update(authorized=False)
# for name in userdb(userdb.user.authorized==True).select(userdb.user.username)]
return dict(form=form)
def new_account():
'''
Creating a new user account.
CyNote 2 ready.
'''
if user(user.user.username > 0).count() == 0:
authorized = True
else:
authorized = False
form = FORM(TABLE(
TR('Actual Name:',
INPUT(_name='actualname',
requires=IS_NOT_EMPTY()
)),
TR('User Name:',
INPUT(_name='username',
requires=IS_NOT_EMPTY()
)),
TR('Email Address:',
INPUT(_name='email',
requires=IS_EMAIL(error_message='invalid email!')
)),
TR('Password:'******'password',
requires=[IS_NOT_EMPTY()]
)),
TR('Personal Encryption Key:',
INPUT(_name='encryptkey',
requires=[IS_NOT_EMPTY()]
)),
TR('', INPUT(_type='submit', _value='login'))))
if form.accepts(request.vars, session):
user.user.insert(username=form.vars.username,
actualname=form.vars.actualname,
email=form.vars.email,
password=h(form.vars.password).hexdigest(),
encryptkey=h(form.vars.encryptkey).hexdigest(),
aging=time(),
authorized=authorized)
bb.tape.insert(user='******',
entrycode='new_user_account',
refcode='',
event='User Name = %s. Actual Name = %s. Email = %s.' % \
(form.vars.username,
form.vars.actualname,
form.vars.email))
redirect(URL(r=request, f='log_in'))
return dict(form=form)
def new_account():
"""
Creating a new user account
"""
if userdb(userdb.user.username > 0).count() == 0: authorized = True
else: authorized = False
form = FORM(TABLE(
TR('Username:'******'username',
requires=IS_NOT_EMPTY())),
TR('Password:'******'password', _type='password',
requires=[IS_NOT_EMPTY()])),
TR('Re-enter Password:'******'password2',
_type='password',
requires=[IS_NOT_EMPTY()])),
TR('', INPUT(_type='submit', _value='login'))))
if form.accepts(request.vars, session):
if form.vars.password != form.vars.password2:
response.flash = 'Passwords do not match'
else:
userdb.user.insert(username=form.vars.username,
password=h(form.vars.password).hexdigest(),
aging=time(),
authorized=authorized)
db.user_event.insert(event='New account created. %s' % \
form.vars.username,
user='******')
redirect(URL(r=request, f='log_in'))
return dict(form=form)
def new_account():
"""
Creating a new user account
"""
if userdb(userdb.user.username > 0).count() == 0: authorized = True
else: authorized = False
form = FORM(
TABLE(
TR('Username:'******'username', requires=IS_NOT_EMPTY())),
TR(
'Password:'******'password',
_type='password',
requires=[IS_NOT_EMPTY()])),
TR(
'Re-enter Password:'******'password2',
_type='password',
requires=[IS_NOT_EMPTY()])),
TR('', INPUT(_type='submit', _value='login'))))
if form.accepts(request.vars, session):
if form.vars.password != form.vars.password2:
response.flash = 'Passwords do not match'
else:
userdb.user.insert(username=form.vars.username,
password=h(form.vars.password).hexdigest(),
aging=time(),
authorized=authorized)
db.user_event.insert(event='New account created. %s' % \
form.vars.username,
user='******')
redirect(URL(r=request, f='log_in'))
return dict(form=form)
def change_password():
"""Allows a user to change password"""
if session.username == None:
redirect(URL(r=request, f='log_in'))
if session.pwdaged:
response.flash = 'Current password is older than 90 days. Please change'
form = FORM(TABLE(
TR('Username:'******'username',
requires=IS_NOT_EMPTY())),
TR('Current Password: '******'oldpwd', _type='password',
requires=[IS_NOT_EMPTY()])),
TR('New Password: '******'newpwd', _type='password',
requires=[IS_NOT_EMPTY()])),
TR('Re-enter New Password: '******'newpwd2',
_type='password', requires=[IS_NOT_EMPTY()])),
TR('',INPUT(_type='submit', _name='submit'))))
if form.accepts(request.vars, session):
if userdb(userdb.user.username == form.vars.username) \
(userdb.user.password == h(form.vars.oldpwd).hexdigest()) \
(userdb.user.authorized == True).count():
db.user_event.insert(event='Change password initiated. %s' % \
form.vars.username,
user='******')
if form.vars.newpwd == form.vars.newpwd2:
userdb(userdb.user.username == session.username) \
.update(password=h(form.vars.newpwd).hexdigest())
userdb(userdb.user.username == session.username) \
.update(aging=time())
db.user_event.insert(event='Change password successful. %s' % \
form.vars.username,
user='******')
response.flash = 'Password change SUCCESSFUL'
else:
db.user_event.insert(event='Change password unsuccessful. \
New passwords do not match. %s' % \
form.vars.username,
user='******')
response.flash = 'Password change UNSUCCESSFUL - New passwords \
do not match'
else:
db.user_event.insert(event='Change password unsuccessful. \
Current password does not match. %s' % \
form.vars.username,
user='******')
response.flash = 'Password change UNSUCCESSFUL - Current password \
does not match'
return dict(form=form)
def adventofcode4(startswith="00000", _input="iwrupvqb"):
number = -1
myhash = ""
while not myhash.startswith(startswith):
number += 1
hashthis = _input + str(number)
myhash = h(hashthis.encode("utf-8")).hexdigest()
return number, myhash
def new_account():
'''
Creating a new user account.
CyNote 2 ready.
'''
if user(user.user.username > 0).count() == 0:
authorized = True
else:
authorized = False
form = FORM(
TABLE(
TR('Actual Name:',
INPUT(_name='actualname', requires=IS_NOT_EMPTY())),
TR('User Name:', INPUT(_name='username', requires=IS_NOT_EMPTY())),
TR(
'Email Address:',
INPUT(_name='email',
requires=IS_EMAIL(error_message='invalid email!'))),
TR('Password:'******'password',
requires=[IS_NOT_EMPTY()])),
TR('Personal Encryption Key:',
INPUT(_name='encryptkey', requires=[IS_NOT_EMPTY()])),
TR('', INPUT(_type='submit', _value='login'))))
if form.accepts(request.vars, session):
user.user.insert(username=form.vars.username,
actualname=form.vars.actualname,
email=form.vars.email,
password=h(form.vars.password).hexdigest(),
encryptkey=h(form.vars.encryptkey).hexdigest(),
aging=time(),
authorized=authorized)
bb.tape.insert(user='******',
entrycode='new_user_account',
refcode='',
event='User Name = %s. Actual Name = %s. Email = %s.' % \
(form.vars.username,
form.vars.actualname,
form.vars.email))
redirect(URL(r=request, f='log_in'))
return dict(form=form)
def log_in():
'''
Function for user to log in.
Compares the user login, password, and personal encryption key with
user.user table
If login is successful, the username is stored in session.username
for further use. If login is not successful, session.username = None
CyNote 2 ready.
'''
form = FORM(
TABLE(
TR('User Name:', INPUT(_name='username', requires=IS_NOT_EMPTY())),
TR(
'Password:'******'password',
_type='password',
requires=[IS_NOT_EMPTY()])),
TR(
'Personal Encryption Key:',
INPUT(_name='encryptkey',
_type='password',
requires=[IS_NOT_EMPTY()])),
TR('', INPUT(_type='submit', _value='login'))))
if form.accepts(request.vars, session):
if user(user.user.username == form.vars.username) \
(user.user.password == h(form.vars.password).hexdigest()) \
(user.user.encryptkey == h(form.vars.encryptkey).hexdigest()) \
(user.user.authorized == True).count():
session.username = form.vars.username
session.encryptkey = form.vars.encryptkey
session.ID = str(1000000000 * random())
bb.tape.insert(user=session.username,
entrycode='user_login_success',
refcode=session.ID,
event='User Name = %s. Session ID = %s. Password hash = %s. Encryptkey hash = %s' % \
(session.username,
session.ID,
h(form.vars.password).hexdigest(),
h(form.vars.encryptkey).hexdigest()))
session.login_count = 1
redirect(URL(r=request, f='logged'))
else:
bb.tape.insert(user='******',
entrycode='user_login_fail',
refcode='',
event='User name used = %s. Given password hash = %s. Given encryptkey hash = %s. Login count = %s' % \
(form.vars.username,
h(form.vars.password).hexdigest(),
h(form.vars.encryptkey).hexdigest(),
str(session.login_count)))
session.username = None
response.flash = 'invalid username/password'
if session.login_count == None: session.login_count = 0
session.login_count = session.login_count + 1
return dict(form=form)
def log_in():
'''
Function for user to log in.
Compares the user login, password, and personal encryption key with
user.user table
If login is successful, the username is stored in session.username
for further use. If login is not successful, session.username = None
CyNote 2 ready.
'''
form = FORM(TABLE(
TR('User Name:',
INPUT(_name='username',
requires=IS_NOT_EMPTY()
)),
TR('Password:'******'password', _type='password',
requires=[IS_NOT_EMPTY()]
)),
TR('Personal Encryption Key:',
INPUT(_name='encryptkey', _type='password',
requires=[IS_NOT_EMPTY()]
)),
TR('', INPUT(_type='submit', _value='login'))))
if form.accepts(request.vars, session):
if user(user.user.username == form.vars.username) \
(user.user.password == h(form.vars.password).hexdigest()) \
(user.user.encryptkey == h(form.vars.encryptkey).hexdigest()) \
(user.user.authorized == True).count():
session.username = form.vars.username
session.encryptkey = form.vars.encryptkey
session.ID = str(1000000000 * random())
bb.tape.insert(user=session.username,
entrycode='user_login_success',
refcode=session.ID,
event='User Name = %s. Session ID = %s. Password hash = %s. Encryptkey hash = %s' % \
(session.username,
session.ID,
h(form.vars.password).hexdigest(),
h(form.vars.encryptkey).hexdigest()))
session.login_count = 1
redirect(URL(r=request, f='logged'))
else:
bb.tape.insert(user='******',
entrycode='user_login_fail',
refcode='',
event='User name used = %s. Given password hash = %s. Given encryptkey hash = %s. Login count = %s' % \
(form.vars.username,
h(form.vars.password).hexdigest(),
h(form.vars.encryptkey).hexdigest(),
str(session.login_count)))
session.username = None
response.flash = 'invalid username/password'
if session.login_count == None: session.login_count = 0
session.login_count = session.login_count + 1
return dict(form=form)
def hash(self) -> str:
""" Get move hash """
return h(self.serialize(include_signature=True)).hexdigest()
def apply_sha256(input_str):
# Returns hash in hexadecimal
return h(input_str.encode()).hexdigest()
