def __do_post():
postdata = sys.stdin.read()
try:
postdata = json.loads(postdata)
except json.JSONDecodeError:
raise HTTPError("Malformed Request. Data is not JSON-decodable")
raise HTTPError("Undhandled POST request", 500)
def __main():
if not 'REQUEST_METHOD' in os.environ:
raise HTTPError("Missing REQUEST_METHOD")
if os.environ['REQUEST_METHOD'] == 'GET':
return __do_get()
raise HTTPError("Undhandled REQUEST_METHOD", 405)
def __groupstatus(request):
if not 'authtoken' in request:
raise HTTPError("Missing Authtoken")
status = groupstate(request['authtoken'])
if status is None:
raise HTTPError("Authtoken is not valid. Please relogin")
return status
def submitkey(authtoken, key):
"""Verifies a key, and submits it. Returns the groups status"""
group = auth.verify_token(authtoken)
if group is None:
raise HTTPError("Invalid Authtoken, please relogin", 401)
group_status = json.loads(groupstate(authtoken))
if int(group_status['remain_guess']) < 1:
raise HTTPError(groupstate(authtoken), 403)
key = cleanstring(key)
database = sqlite3.connect('database.sqlite3')
submitted = database.execute(('SELECT count() FROM claims'
' WHERE groupname=:groupname AND key=:key'),
{
"groupname": group,
"key": key
}).fetchone()[0]
if submitted != 0:
raise HTTPError(groupstate(authtoken), 410)
badkey = database.execute(('SELECT count() FROM badkeys'
' WHERE groupname=:groupname AND key=:key'), {
"groupname": group,
"key": key
}).fetchone()[0]
if badkey != 0:
raise HTTPError(groupstate(authtoken), 410)
keyexist = database.execute(
'SELECT count() FROM keys WHERE LOWER(key)=:key', {
'key': key
}).fetchone()[0]
if keyexist == 0:
database.execute(
'INSERT INTO badkeys(groupname, key) values(:groupname, :key)', {
'groupname': group,
'key': key
})
database.commit()
raise HTTPError(groupstate(authtoken), 400)
database.execute(
'INSERT INTO claims(groupname, key) values(:groupname, :key)', {
'groupname': group,
'key': key
})
database.commit()
return groupstate(authtoken)
def __get_token(request):
if not 'email' in request:
raise HTTPError("Missing email")
try:
token = get_token(request['email'])
if token == None:
raise HTTPError("No such recipient")
send_token(request['email'], token)
return ""
except ValueError as err:
raise HTTPError(err.args[0])
def __do_post():
"""do_post() handles POST-requests"""
postdata = sys.stdin.read()
try:
postdata = json.loads(postdata)
except json.JSONDecodeError:
raise HTTPError("Input data not JSON-decoable")
if 'action' in postdata and postdata['action'] == 'login':
return __performlogin(postdata)
if 'action' in postdata and postdata['action'] == 'authtoken':
return __verify_token(postdata)
raise HTTPError("Unhandled Request")
def __do_post():
postdata = sys.stdin.read()
try:
postdata = json.loads(postdata)
except json.JSONDecodeError:
raise HTTPError("Malformed Request. Data not JSON-decodable")
if 'action' in postdata and postdata['action'] == "request_token":
return __get_token(postdata)
if 'action' in postdata and postdata['action'] == 'reset_password':
return __reset_password(postdata)
raise HTTPError("Not Implemented", 500)
def claim_share_qr(authtoken):
groupinfo = auth.verify_token(request, extra_data=True)
if groupinfo is None:
raise HTTPError("Bad Authtoken")
newtoken = auth.create_authtoken(groupinfo["name"],
generate_time=groupinfo["authtime"])
return newtoken
def login(groupname, password):
"""Tries to log in, returns a token if successful"""
if not groupname or not password:
raise HTTPError("Missing username or password")
database = sqlite3.connect('database.sqlite3')
result = database.execute(
'SELECT salt, password FROM groups WHERE name = ?',
(groupname, )).fetchone()
if result is None:
raise HTTPError("Group not found", 403)
password_hash = hash_password(password, result[0])
if password_hash == result[1]:
token = create_authtoken(groupname)
return token
raise HTTPError("Incorrect groupname/password", 403)
def __reset_password(request):
try:
reset_password(request['email'], request['token'], request['password'])
group = groups.find_group_by_email(request['email'])
token = auth.login(group, request['password'])
return json.dumps(token)
except ValueError as err:
raise HTTPError(err.args[0])
def __do_post():
postdata = sys.stdin.read()
try:
postdata = json.loads(postdata)
except json.JSONDecodeError:
raise HTTPError("Malformed POST data. Not JSON-decodable")
if 'action' in postdata and postdata['action'] == "create":
if not 'groupname' in postdata or\
not 'password' in postdata or\
not 'contact' in postdata:
raise HTTPError("Missing required create parameters")
return json.dumps(
__create_group(postdata['groupname'], postdata['password'],
postdata['contact']))
raise HTTPError("Unhandled POST action")
def send_magic_link(authtoken, recipient):
"""Sends a new authtoken to the supplied recipient"""
if not (isinstance(authtoken, str) and isinstance(recipient, str)):
raise TypeError("All authtoken and recipient must be strings")
if resources.verify_email(recipient) is False:
raise HTTPError("Bad Email Address")
groupname = auth.verify_token(authtoken)
if groupname is None:
raise HTTPError("Bad authtoken", 401)
newtoken = auth.create_authtoken(groupname)
with open("templates/email_magic_link.txt", mode="r") as file_pointer:
message = file_pointer.read()
message = message % (groupname, newtoken)
subject = "Skvaderhack Login for %s" % (groupname, )
sender = "*****@*****.**"
sendemail.send_email(recipient, subject, message, sender)
def __submitkey(postdata):
if not 'authtoken' in postdata or not 'key' in postdata:
raise HTTPError("Missing Required Attributes")
return submitkey(postdata['authtoken'], postdata['key'])
def __do_get():
raise HTTPError("This script is NOT GET-able", 403)
def __do_get():
raise HTTPError("This script is not GET-able", 405)
def __create_group(groupname, password, contact):
try:
create_group(groupname, password, contact)
return auth.login(groupname, password)
except ValueError as error:
raise HTTPError(json.dumps(error.args))
def __verify_token(request):
group = verify_token(request['token'])
if group is None:
raise HTTPError("Invalid Authtoken", 401)
RETURN_HEADERS.append('Stauts: 200')
return json.dumps(group)