def valid(self) -> bool: """Check if this object is valid or not""" stamp = self.serialize().decode('utf-8') + self.suffix valid = (self.hash == h(str.encode(stamp)).hexdigest()) valid = valid and hashcash.check(stamp, self.suffix, self.difficulty) valid = valid and (len(self.serialize(True, True, True, True)) <= Block.size_limit) if self.id > 1: prev_block = Block.query.get(self.id - 1) valid = valid and self.prev_hash == prev_block.hash difficulty = prev_block.difficulty difficulty_check_block = Block.query.get(max(1, self.id - 10)) avg_timedelta = ( (self.created_at - difficulty_check_block.created_at) / (self.id - difficulty_check_block.id)) if avg_timedelta <= datetime.timedelta(0, 5): valid = valid and self.difficulty == max(0, difficulty + 1) elif avg_timedelta > datetime.timedelta(0, 15): valid = valid and self.difficulty == max(0, difficulty - 1) else: valid = valid and self.difficulty == difficulty else: valid = valid and self.prev_hash is None valid = valid and self.difficulty == 0 valid = valid and self.root_hash == h(''.join( sorted((m.id for m in self.moves))).encode('utf-8')).hexdigest() for move in self.moves: valid = valid and move.valid return valid
def change_password(): """Allows a user to change password""" if session.username == None: redirect(URL(r=request, f='log_in')) if session.pwdaged: response.flash = 'Current password is older than 90 days. Please change' form = FORM( TABLE( TR('Username:'******'username', requires=IS_NOT_EMPTY())), TR( 'Current Password: '******'oldpwd', _type='password', requires=[IS_NOT_EMPTY()])), TR( 'New Password: '******'newpwd', _type='password', requires=[IS_NOT_EMPTY()])), TR( 'Re-enter New Password: '******'newpwd2', _type='password', requires=[IS_NOT_EMPTY()])), TR('', INPUT(_type='submit', _name='submit')))) if form.accepts(request.vars, session): if userdb(userdb.user.username == form.vars.username) \ (userdb.user.password == h(form.vars.oldpwd).hexdigest()) \ (userdb.user.authorized == True).count(): db.user_event.insert(event='Change password initiated. %s' % \ form.vars.username, user='******') if form.vars.newpwd == form.vars.newpwd2: userdb(userdb.user.username == session.username) \ .update(password=h(form.vars.newpwd).hexdigest()) userdb(userdb.user.username == session.username) \ .update(aging=time()) db.user_event.insert(event='Change password successful. %s' % \ form.vars.username, user='******') response.flash = 'Password change SUCCESSFUL' else: db.user_event.insert(event='Change password unsuccessful. \ New passwords do not match. %s' % \ form.vars.username, user='******') response.flash = 'Password change UNSUCCESSFUL - New passwords \ do not match' else: db.user_event.insert(event='Change password unsuccessful. \ Current password does not match. %s' % \ form.vars.username, user='******') response.flash = 'Password change UNSUCCESSFUL - Current password \ does not match' return dict(form=form)
def log_in(): """ Function for user to log in Compares the user login and password with userdb.user table If login is successful, the username is stored in session.username for further use. If login is not successful, session.username = None """ form = FORM( TABLE( TR('Username:'******'username', requires=IS_NOT_EMPTY())), TR( 'Password:'******'password', _type='password', requires=[IS_NOT_EMPTY()])), TR('', INPUT(_type='submit', _value='login')))) if form.accepts(request.vars, session): if userdb(userdb.user.username == form.vars.username) \ (userdb.user.password == form.vars.password) \ (userdb.user.authorized == True).count(): session.username = form.vars.username db.user_event.insert(event='Login (plain text password). %s' % \ session.username, user='******') # converting plaintext password to hash userdb(userdb.user.username == form.vars.username). \ update(password=h(form.vars.password).hexdigest()) db.log.insert(event='Convert plain password to hash. \User = '******'system') session.login_count = 1 redirect(URL(r=request, f='logged')) elif userdb(userdb.user.username == form.vars.username) \ (userdb.user.password == h(form.vars.password).hexdigest()) \ (userdb.user.authorized == True).count(): session.username = form.vars.username db.user_event.insert(event='Login (hashed password). %s' % \ session.username, user='******') session.login_count = 1 redirect(URL(r=request, f='logged')) else: db.user_event.insert(event='Login error. Username used = %s. \ Password used = %s. Login count = %s' % (form.vars.username, form.vars.password, str(session.login_count)), user='******') session.username = None response.flash = 'invalid username/password' session.login_count = session.login_count + 1 # if session.login_count == 5: # db.user_event.insert(event='5 times login error. All users are \ # deauthorized by system.', user='******') # [userdb(userdb.user.username == name).update(authorized=False) # for name in userdb(userdb.user.authorized==True).select(userdb.user.username)] return dict(form=form)
def create_block(self, moves, commit=True, click=None): """ Create a block. """ for move in moves: if not move.valid: raise InvalidMoveError(move) block = Block(version=PROTOCOL_VERSION) block.root_hash = h(''.join(sorted( (m.id for m in moves))).encode('utf-8')).hexdigest() block.creator = self.address block.created_at = datetime.datetime.utcnow() prev_block = self.session.query(Block).order_by( Block.id.desc()).first() if prev_block: block.id = prev_block.id + 1 block.prev_hash = prev_block.hash block.difficulty = prev_block.difficulty difficulty_check_block = self.session.query(Block).get( max(1, block.id - 10)) avg_timedelta = ( (block.created_at - difficulty_check_block.created_at) / (block.id - difficulty_check_block.id)) if click: click.echo( f'avg: {avg_timedelta}, difficulty: {block.difficulty}') if avg_timedelta <= datetime.timedelta(0, 5): block.difficulty = max(0, block.difficulty + 1) elif avg_timedelta > datetime.timedelta(0, 15): block.difficulty = max(0, block.difficulty - 1) else: #: Genesis block block.id = 1 block.prev_hash = None block.difficulty = 0 block.suffix = hashcash._mint(block.serialize(), bits=block.difficulty) if self.session.query(Block).get(block.id): return None block.hash = h(block.serialize() + block.suffix).hexdigest() for move in moves: move.block = block if not block.valid: raise InvalidBlockError if commit: try: self.session.add(block) self.session.commit() except IntegrityError: return None return block
def log_in(): """ Function for user to log in Compares the user login and password with userdb.user table If login is successful, the username is stored in session.username for further use. If login is not successful, session.username = None """ form = FORM(TABLE( TR('Username:'******'username', requires=IS_NOT_EMPTY())), TR('Password:'******'password', _type='password', requires=[IS_NOT_EMPTY()])), TR('', INPUT(_type='submit', _value='login')))) if form.accepts(request.vars, session): if userdb(userdb.user.username == form.vars.username) \ (userdb.user.password == h(form.vars.password).hexdigest()) \ (userdb.user.authorized == True).count(): session.username = form.vars.username db.user_event.insert(event='Login (hashed password). %s' % \ session.username, user='******') session.login_count = 1 redirect(URL(r=request, f='logged')) # Legacy management #1 - convert all plain text logins to hash elif userdb(userdb.user.username == form.vars.username) \ (userdb.user.password == form.vars.password) \ (userdb.user.authorized == True).count(): session.username = form.vars.username db.user_event.insert(event='Login (plain text password). %s' % \ session.username, user='******') # converting plaintext password to hash userdb(userdb.user.username == form.vars.username). \ update(password=h(form.vars.password).hexdigest()) db.log.insert(event='Convert plain password to hash. \User = '******'system') session.login_count = 1 redirect(URL(r=request, f='logged')) # end of Legacy management # 1 else: db.user_event.insert(event='Login error. Username used = %s. \ Password used = %s. Login count = %s' % (form.vars.username, form.vars.password, str(session.login_count)), user='******') session.username = None response.flash = 'invalid username/password' session.login_count = session.login_count + 1 # if session.login_count == 5: # db.user_event.insert(event='5 times login error. All users are \ # deauthorized by system.', user='******') # [userdb(userdb.user.username == name).update(authorized=False) # for name in userdb(userdb.user.authorized==True).select(userdb.user.username)] return dict(form=form)
def new_account(): ''' Creating a new user account. CyNote 2 ready. ''' if user(user.user.username > 0).count() == 0: authorized = True else: authorized = False form = FORM(TABLE( TR('Actual Name:', INPUT(_name='actualname', requires=IS_NOT_EMPTY() )), TR('User Name:', INPUT(_name='username', requires=IS_NOT_EMPTY() )), TR('Email Address:', INPUT(_name='email', requires=IS_EMAIL(error_message='invalid email!') )), TR('Password:'******'password', requires=[IS_NOT_EMPTY()] )), TR('Personal Encryption Key:', INPUT(_name='encryptkey', requires=[IS_NOT_EMPTY()] )), TR('', INPUT(_type='submit', _value='login')))) if form.accepts(request.vars, session): user.user.insert(username=form.vars.username, actualname=form.vars.actualname, email=form.vars.email, password=h(form.vars.password).hexdigest(), encryptkey=h(form.vars.encryptkey).hexdigest(), aging=time(), authorized=authorized) bb.tape.insert(user='******', entrycode='new_user_account', refcode='', event='User Name = %s. Actual Name = %s. Email = %s.' % \ (form.vars.username, form.vars.actualname, form.vars.email)) redirect(URL(r=request, f='log_in')) return dict(form=form)
def new_account(): """ Creating a new user account """ if userdb(userdb.user.username > 0).count() == 0: authorized = True else: authorized = False form = FORM(TABLE( TR('Username:'******'username', requires=IS_NOT_EMPTY())), TR('Password:'******'password', _type='password', requires=[IS_NOT_EMPTY()])), TR('Re-enter Password:'******'password2', _type='password', requires=[IS_NOT_EMPTY()])), TR('', INPUT(_type='submit', _value='login')))) if form.accepts(request.vars, session): if form.vars.password != form.vars.password2: response.flash = 'Passwords do not match' else: userdb.user.insert(username=form.vars.username, password=h(form.vars.password).hexdigest(), aging=time(), authorized=authorized) db.user_event.insert(event='New account created. %s' % \ form.vars.username, user='******') redirect(URL(r=request, f='log_in')) return dict(form=form)
def new_account(): """ Creating a new user account """ if userdb(userdb.user.username > 0).count() == 0: authorized = True else: authorized = False form = FORM( TABLE( TR('Username:'******'username', requires=IS_NOT_EMPTY())), TR( 'Password:'******'password', _type='password', requires=[IS_NOT_EMPTY()])), TR( 'Re-enter Password:'******'password2', _type='password', requires=[IS_NOT_EMPTY()])), TR('', INPUT(_type='submit', _value='login')))) if form.accepts(request.vars, session): if form.vars.password != form.vars.password2: response.flash = 'Passwords do not match' else: userdb.user.insert(username=form.vars.username, password=h(form.vars.password).hexdigest(), aging=time(), authorized=authorized) db.user_event.insert(event='New account created. %s' % \ form.vars.username, user='******') redirect(URL(r=request, f='log_in')) return dict(form=form)
def change_password(): """Allows a user to change password""" if session.username == None: redirect(URL(r=request, f='log_in')) if session.pwdaged: response.flash = 'Current password is older than 90 days. Please change' form = FORM(TABLE( TR('Username:'******'username', requires=IS_NOT_EMPTY())), TR('Current Password: '******'oldpwd', _type='password', requires=[IS_NOT_EMPTY()])), TR('New Password: '******'newpwd', _type='password', requires=[IS_NOT_EMPTY()])), TR('Re-enter New Password: '******'newpwd2', _type='password', requires=[IS_NOT_EMPTY()])), TR('',INPUT(_type='submit', _name='submit')))) if form.accepts(request.vars, session): if userdb(userdb.user.username == form.vars.username) \ (userdb.user.password == h(form.vars.oldpwd).hexdigest()) \ (userdb.user.authorized == True).count(): db.user_event.insert(event='Change password initiated. %s' % \ form.vars.username, user='******') if form.vars.newpwd == form.vars.newpwd2: userdb(userdb.user.username == session.username) \ .update(password=h(form.vars.newpwd).hexdigest()) userdb(userdb.user.username == session.username) \ .update(aging=time()) db.user_event.insert(event='Change password successful. %s' % \ form.vars.username, user='******') response.flash = 'Password change SUCCESSFUL' else: db.user_event.insert(event='Change password unsuccessful. \ New passwords do not match. %s' % \ form.vars.username, user='******') response.flash = 'Password change UNSUCCESSFUL - New passwords \ do not match' else: db.user_event.insert(event='Change password unsuccessful. \ Current password does not match. %s' % \ form.vars.username, user='******') response.flash = 'Password change UNSUCCESSFUL - Current password \ does not match' return dict(form=form)
def adventofcode4(startswith="00000", _input="iwrupvqb"): number = -1 myhash = "" while not myhash.startswith(startswith): number += 1 hashthis = _input + str(number) myhash = h(hashthis.encode("utf-8")).hexdigest() return number, myhash
def new_account(): ''' Creating a new user account. CyNote 2 ready. ''' if user(user.user.username > 0).count() == 0: authorized = True else: authorized = False form = FORM( TABLE( TR('Actual Name:', INPUT(_name='actualname', requires=IS_NOT_EMPTY())), TR('User Name:', INPUT(_name='username', requires=IS_NOT_EMPTY())), TR( 'Email Address:', INPUT(_name='email', requires=IS_EMAIL(error_message='invalid email!'))), TR('Password:'******'password', requires=[IS_NOT_EMPTY()])), TR('Personal Encryption Key:', INPUT(_name='encryptkey', requires=[IS_NOT_EMPTY()])), TR('', INPUT(_type='submit', _value='login')))) if form.accepts(request.vars, session): user.user.insert(username=form.vars.username, actualname=form.vars.actualname, email=form.vars.email, password=h(form.vars.password).hexdigest(), encryptkey=h(form.vars.encryptkey).hexdigest(), aging=time(), authorized=authorized) bb.tape.insert(user='******', entrycode='new_user_account', refcode='', event='User Name = %s. Actual Name = %s. Email = %s.' % \ (form.vars.username, form.vars.actualname, form.vars.email)) redirect(URL(r=request, f='log_in')) return dict(form=form)
def log_in(): ''' Function for user to log in. Compares the user login, password, and personal encryption key with user.user table If login is successful, the username is stored in session.username for further use. If login is not successful, session.username = None CyNote 2 ready. ''' form = FORM( TABLE( TR('User Name:', INPUT(_name='username', requires=IS_NOT_EMPTY())), TR( 'Password:'******'password', _type='password', requires=[IS_NOT_EMPTY()])), TR( 'Personal Encryption Key:', INPUT(_name='encryptkey', _type='password', requires=[IS_NOT_EMPTY()])), TR('', INPUT(_type='submit', _value='login')))) if form.accepts(request.vars, session): if user(user.user.username == form.vars.username) \ (user.user.password == h(form.vars.password).hexdigest()) \ (user.user.encryptkey == h(form.vars.encryptkey).hexdigest()) \ (user.user.authorized == True).count(): session.username = form.vars.username session.encryptkey = form.vars.encryptkey session.ID = str(1000000000 * random()) bb.tape.insert(user=session.username, entrycode='user_login_success', refcode=session.ID, event='User Name = %s. Session ID = %s. Password hash = %s. Encryptkey hash = %s' % \ (session.username, session.ID, h(form.vars.password).hexdigest(), h(form.vars.encryptkey).hexdigest())) session.login_count = 1 redirect(URL(r=request, f='logged')) else: bb.tape.insert(user='******', entrycode='user_login_fail', refcode='', event='User name used = %s. Given password hash = %s. Given encryptkey hash = %s. Login count = %s' % \ (form.vars.username, h(form.vars.password).hexdigest(), h(form.vars.encryptkey).hexdigest(), str(session.login_count))) session.username = None response.flash = 'invalid username/password' if session.login_count == None: session.login_count = 0 session.login_count = session.login_count + 1 return dict(form=form)
def log_in(): ''' Function for user to log in. Compares the user login, password, and personal encryption key with user.user table If login is successful, the username is stored in session.username for further use. If login is not successful, session.username = None CyNote 2 ready. ''' form = FORM(TABLE( TR('User Name:', INPUT(_name='username', requires=IS_NOT_EMPTY() )), TR('Password:'******'password', _type='password', requires=[IS_NOT_EMPTY()] )), TR('Personal Encryption Key:', INPUT(_name='encryptkey', _type='password', requires=[IS_NOT_EMPTY()] )), TR('', INPUT(_type='submit', _value='login')))) if form.accepts(request.vars, session): if user(user.user.username == form.vars.username) \ (user.user.password == h(form.vars.password).hexdigest()) \ (user.user.encryptkey == h(form.vars.encryptkey).hexdigest()) \ (user.user.authorized == True).count(): session.username = form.vars.username session.encryptkey = form.vars.encryptkey session.ID = str(1000000000 * random()) bb.tape.insert(user=session.username, entrycode='user_login_success', refcode=session.ID, event='User Name = %s. Session ID = %s. Password hash = %s. Encryptkey hash = %s' % \ (session.username, session.ID, h(form.vars.password).hexdigest(), h(form.vars.encryptkey).hexdigest())) session.login_count = 1 redirect(URL(r=request, f='logged')) else: bb.tape.insert(user='******', entrycode='user_login_fail', refcode='', event='User name used = %s. Given password hash = %s. Given encryptkey hash = %s. Login count = %s' % \ (form.vars.username, h(form.vars.password).hexdigest(), h(form.vars.encryptkey).hexdigest(), str(session.login_count))) session.username = None response.flash = 'invalid username/password' if session.login_count == None: session.login_count = 0 session.login_count = session.login_count + 1 return dict(form=form)
def hash(self) -> str: """ Get move hash """ return h(self.serialize(include_signature=True)).hexdigest()
def apply_sha256(input_str): # Returns hash in hexadecimal return h(input_str.encode()).hexdigest()