def decodestring(cookiestring, userdir):
"""Given a username/password encoded into a string - decode it and check it's validity.
It checks the username against the one stored in the user file..
"""
# try decoding the string, if it's badly formed then it may raise an excpetion - in which case we just return False
try:
instring, daynumber, timestamp = pass_dec(cookiestring)
except:
return False
# check it's not a really old (or copied) cookie
if not unexpired(daynumber, timestamp, AGETEST):
return False
# we've extracted the timestamped string from the cookie string.
# Let's pull out the username and password hash
try:
username, pwd_hash = instring.split('||')
except ValueError:
return False
# Now we need to check it's a valid username and check the password
if username in RESERVEDNAMES or not os.path.isfile(userdir+username+'.ini'):
return False
user = ConfigObj(userdir+username+'.ini')
stamped_pwd_hash = user['password']
maxage = user['max-age']
cookiepath = ConfigObj(userdir+'config.ini')['cookiepath']
# the password is time stamped - so we need to decode it
try:
stored_pwd_hash, _, _= pass_dec(stamped_pwd_hash)
except:
return False
if pwd_hash != stored_pwd_hash:
return False
return user, pwd_hash, cookiepath
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie):
"""Process the results from edit account form submissions."""
from modules.dataenc import pass_enc, pass_dec
loginaction = theform['login'].value
if not loginaction == 'doeditaccountnojs': # only type of newlogin supported so far
sys.exit()
allentries = theform.keys()
vallist = allentries + [
entry for entry in edacckeys if entry not in allentries
]
formdict = getform(vallist, theform, nolist=True)
#
oldpass_hash = pwd_context.hash(formdict['pass0'], salt="")
storedpass_hash = pass_dec(userconfig['password'])[0]
pass1 = formdict['pass1']
pass2 = formdict['pass2']
#
email = validateemail(formdict)
oldemail = userconfig['email']
if not email:
msg = 'The email address you supplied appears to be invalid.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
if email != oldemail and (not oldpass_hash
or oldpass_hash != storedpass_hash):
msg = 'You must correctly enter your password to change your email address.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
userconfig['email'] = email
if not formdict['realname']:
msg = 'You need to enter a name for us to use.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
userconfig['realname'] = formdict['realname']
if pass1 or pass2:
if pass1 != pass2:
msg = "The two passwords don't match."
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
if len(pass1) < 5:
msg = "The password must be longer than 5 characters."
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
if not oldpass_hash or oldpass_hash != storedpass_hash:
msg = 'You must correctly enter your current password to change it.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
pass1_hash = pwd_context.hash(pass1, salt="")
userconfig['password'] = pass_enc(pass1_hash,
daynumber=True,
timestamp=True)
newcookie = makecookie(userconfig, pass1_hash,
ConfigObj(userdir + 'config.ini')['cookiepath'])
for entry in formdict:
if entry not in edacckeys:
userconfig[entry] = formdict[entry]
userconfig.write()
return action, userconfig, newcookie # XXXXX display values changed page
def confirm(theform, userdir, thisscript):
"""Confirm a login.
Either from an invite or from a user who has registered."""
from modules.dataenc import pass_dec, pass_enc
from login import encodestring
fail = False
try:
theval, daynumber, timestamp = pass_dec(theform['id'].value)
except:
# FIXME: bare except....
newloginfail()
tempstore = ConfigObj(userdir + 'temp.ini')
if not tempstore.has_key(theval):
newloginfail()
uservals = tempstore[theval]
del tempstore[theval]
username = uservals['username']
if username in tempstore['pending']:
tempstore['pending'].remove(username)
tempstore.write()
#
newconfig = ConfigObj(userdir + 'default.ini')
newpath = userdir + username + '.ini'
if os.path.isfile(newpath):
newloginfail()
newconfig.filename = newpath
# FIXME: should this be '' ?
action = None
for entry in uservals:
if entry == 'action':
action = uservals[entry]
elif entry == 'password':
password = uservals[entry]
newconfig[entry] = pass_enc(password, timestamp=True, daynumber=True)
else:
newconfig[entry] = uservals[entry]
newconfig.write()
#
# next we need to create the cookie header to return it
from Cookie import SimpleCookie
thecookie = SimpleCookie()
thecookie['userid'] = encodestring(newconfig['username'], password)
config = ConfigObj(userdir + 'config.ini')
maxage = newconfig['max-age']
cookiepath = config['cookiepath']
if maxage and int(maxage): # possible cause of error here if the maxage value in a users file isn't an integer !!
thecookie['userid']['max-age'] = int(maxage)
if cookiepath:
thecookie['userid']['path'] = cookiepath
if config['adminmail']:
msg = 'A new user has created a login - "%s".\n\n' % thisscript
for entry in newconfig:
if entry != 'password':
msg += entry + ' : ' + newconfig[entry] + '\n'
# FIXME: should be mailme
sendmailme(config['adminmail'], msg, config['email_subject'],
config['adminmail'], html=False)
return action, newconfig, thecookie.output()
def gitdox_migrate_userconfig(o, config):
"""GitDox's scheme for user objects changed after version 0.9.1. This function
checks the config to see if it uses the old scheme, and changes it if it does."""
old_pass, _, _ = pass_dec(o['password'])
if not old_pass.startswith('$6$rounds=656000$$'):
o['password'] = pass_enc(pwd_context.hash(old_pass, salt=""))
o.write()
if 'git_password' in o and o['git_password'] != "" \
and 'git_username' in o and o['git_username'] != "":
old = pass_dec(o['git_password'])[0]
username = o['git_username']
note = config['project'] + ", " + ctime()
try:
auth = github3.authorize(username, old, ['repo'], note, "")
o['git_token'] = auth.token
o['git_id'] = auth.id
del o['git_password']
o.write()
except:
pass # fail silently
def get_git_credentials(user,admin):
if admin==0:
return
scriptpath = os.path.dirname(os.path.realpath(__file__)) + os.sep
userdir = scriptpath + "users" + os.sep
userfile = userdir + user + '.ini'
f=open(userfile,'r').read().split('\n')
user_dict={}
for line in f:
if line!='':
l=line.split(' = ')
user_dict[l[0]]=l[1]
git_username=user_dict['git_username']
git_password=pass_dec(user_dict['git_password'])
return git_username,git_password[0]
def decodestring(cookiestring, userdir):
"""Given a username/password encoded into a string - decode it and check it's validity.
It checks the username against the one stored in the user file..
"""
# try decoding the string, if it's badly formed then it may raise an excpetion - in which case we just return False
try:
instring, daynumber, timestamp = pass_dec(cookiestring)
except:
return False
# check it's not a really old (or copied) cookie
if not unexpired(daynumber, timestamp, AGETEST):
return False
# we've extracted the timestamped string from the cookie string.
# Let's pull out the username and password hash
try:
username, passhash, ranstring = instring.split('||')
except ValueError:
return False
if not len(ranstring) == 10:
return False
# Now we need to check it's a valid username and check the password
if username in RESERVEDNAMES or not os.path.isfile(userdir+username+'.ini'):
return False
user = ConfigObj(userdir+username+'.ini')
stampedpass = user['password']
maxage = user['max-age']
cookiepath = ConfigObj(userdir+'config.ini')['cookiepath']
# the password is time stamped - so we need to decode it
try:
password, daynumber, timestamp = pass_dec(stampedpass)
except:
return False
thishash = hashlib.sha1(password+ranstring).hexdigest()
if thishash != passhash:
return False
return user, password, cookiepath
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie):
"""Process the results from edit account form submissions."""
from modules.dataenc import pass_enc, pass_dec
loginaction = theform['login'].value
if not loginaction == 'doeditaccountnojs': # only type of newlogin supported so far
sys.exit()
allentries = theform.keys()
vallist = allentries + [entry for entry in edacckeys if entry not in allentries]
formdict = getform(vallist, theform, nolist=True)
#
oldpass = formdict['pass0']
storedpass = pass_dec(userconfig['password'])[0]
pass1 = formdict['pass1']
pass2 = formdict['pass2']
#
email = validateemail(formdict)
oldemail = userconfig['email']
if not email:
msg = 'The email address you supplied appears to be invalid.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
if email != oldemail and (not oldpass or oldpass != storedpass):
msg = 'You must correctly enter your password to change your email address.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
userconfig['email'] = email
if not formdict['realname']:
msg = 'You need to enter a name for us to use.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
userconfig['realname'] = formdict['realname']
if pass1 or pass2:
if pass1 != pass2:
msg = "The two passwords don't match."
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
if len(pass1) < 5:
msg = "The password must be longer than 5 characters."
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
if not oldpass or oldpass != storedpass:
msg = 'You must correctly enter your current password to change it.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
userconfig['password'] = pass_enc(pass1, daynumber=True, timestamp=True)
newcookie = makecookie(userconfig, pass1, ConfigObj(userdir+'config.ini')['cookiepath'])
for entry in formdict:
if entry not in edacckeys:
userconfig[entry] = formdict[entry]
userconfig.write()
return action, userconfig, newcookie # XXXXX display values changed page
def checkpass(username, password, userdir, thisscript, action):
"""Check the password from a new login."""
# XXXX log failed login attempts
if username in RESERVEDNAMES:
return False
if not os.path.isfile(userdir+username+'.ini'):
return False
user = ConfigObj(userdir+username+'.ini')
stampedpass = user['password']
cookiepath = ConfigObj(userdir+'config.ini')['cookiepath']
# we need to un-time stamp the password
realpass, daynumber, timestamp = pass_dec(stampedpass)
if realpass != password:
return False
#open('xxxtest.txt', 'w').write(str(user))
# if we've got this far then the login was successful and we need to return a cookie
thecookie = makecookie(user, password, cookiepath)
return action, user, thecookie
def checkpass(username, password, userdir, thisscript, action):
"""Check the password from a new login."""
# XXXX log failed login attempts
if username in RESERVEDNAMES:
return False
if not os.path.isfile(userdir+username+'.ini'):
return False
user = ConfigObj(userdir+username+'.ini')
stampedpass = user['password']
cookiepath = ConfigObj(userdir+'config.ini')['cookiepath']
# we need to un-time stamp the password
realpass, daynumber, timestamp = pass_dec(stampedpass)
if realpass != password:
return False
#open('xxxtest.txt', 'w').write(str(user))
# if we've got this far then the login was successful and we need to return a cookie
thecookie = makecookie(user, password, cookiepath)
return action, user, thecookie
def confirm(theform, userdir, thisscript):
"""Confirm a login.
Either from an invite or from a user who has registered."""
from modules.dataenc import pass_dec, pass_enc
from login import encodestring
fail = False
try:
theval, daynumber, timestamp = pass_dec(theform['id'].value)
except:
# FIXME: bare except....
newloginfail()
tempstore = ConfigObj(userdir + 'temp.ini')
if not tempstore.has_key(theval):
newloginfail()
uservals = tempstore[theval]
del tempstore[theval]
username = uservals['username']
if username in tempstore['pending']:
tempstore['pending'].remove(username)
tempstore.write()
#
newconfig = ConfigObj(userdir + 'default.ini')
newpath = userdir + username + '.ini'
if os.path.isfile(newpath):
newloginfail()
newconfig.filename = newpath
# FIXME: should this be '' ?
action = None
for entry in uservals:
if entry == 'action':
action = uservals[entry]
elif entry == 'password':
password = uservals[entry]
pwd_hash = pwd_context.hash(password, salt="")
newconfig[entry] = pass_enc(pwd_hash,
timestamp=True,
daynumber=True)
else:
newconfig[entry] = uservals[entry]
newconfig.write()
#
# next we need to create the cookie header to return it
from Cookie import SimpleCookie
thecookie = SimpleCookie()
pwd_hash = pwd_context.hash(password, salt="")
thecookie['userid'] = encodestring(newconfig['username'], pwd_hash)
config = ConfigObj(userdir + 'config.ini')
maxage = newconfig['max-age']
cookiepath = config['cookiepath']
if maxage and int(
maxage
): # possible cause of error here if the maxage value in a users file isn't an integer !!
thecookie['userid']['max-age'] = int(maxage)
if cookiepath:
thecookie['userid']['path'] = cookiepath
if config['adminmail']:
msg = 'A new user has created a login - "%s".\n\n' % thisscript
for entry in newconfig:
if entry != 'password':
msg += entry + ' : ' + newconfig[entry] + '\n'
# FIXME: should be mailme
sendmailme(config['adminmail'],
msg,
config['email_subject'],
config['adminmail'],
html=False)
return action, newconfig, thecookie.output()
