def reset():
status = Status()
form = Form(request.forms)
token = request.query.token
s = URLSafeTimedSerializer(secret_key, max_age=3600, salt=salt)
try:
username = s.loads(token)
except:
return abort(500, 'bad signature')
else:
if request.method == 'POST' and form.validate():
new_pbkdf2 = to_bytes(pbkdf2_sha256.encrypt(form.password.data))
try:
conn = db.engine.connect()
conn.execute(users.update().values(
pbkdf2=new_pbkdf2).where(users.c.id == username))
conn.close()
except exc.SQLAlchemyError as message:
status.danger = message
else:
status.success = 'Password Changed. Please log in.'
return render_template('/status.html',
status=status)
return render_template('/action/reset.html',
status=status,
form=form,
username=username,
token=token)
def edit_account():
#allows users to update their acocunt info such as name, pword, email address
user = mongo.db.users.find_one({"_id": session['username']})
if user and pbkdf2_sha256.verify(request.form.get('current-password'), user['password']):
#check if password and repeat password match
if request.form.get('new-password') == request.form.get('new-validate-password'):
# check if user is changing email address
if user['email'] == request.form.get('email'):
mongo.db.users.update_one({'_id': session['username']}, {"$set": {
'name': request.form.get('name'),
'password': pbkdf2_sha256.encrypt(request.form.get('new-password'))}}, upsert=True)
user = mongo.db.users.find_one({"_id": session['username']})
return start_session(user)
# if you changing email address check its not already in use
elif mongo.db.users.find_one({"email": request.form.get('email')}):
return jsonify({"error": "Email address already in use"}), 400
else:
mongo.db.users.update_one({'_id': session['username']}, {"$set": {
'name': request.form.get('name'),
'email': request.form.get('email'),
'password': pbkdf2_sha256.encrypt(request.form.get('new-password'))}}, upsert=True)
return jsonify({"error": "Passwords must match"}), 400
return jsonify({"error": "Current password - Authentication failed"}), 401
def p(s, e):
u, n = '', ''
w = s.headers.get
x = v(w('Cookie'))
if 'a' in x and 'b' in x:
n = x['a'].value
u = j.get(n, [[]])
u[1] = [s for s in u[1] if s[1] > l()]
u = x['b'].value in [s[0] for s in u[1]] and u
if e and u:
return r(
s,
c('<`>[:checked~z{A}z{WY}[{A}ul{@:0}</`$label>EWYqcheckbox"/$h2_Z:0"jh2$pHF8px;B!⚙</p$z>Cl!EF0JLogoutI>Cr!PGEQb!New pGEQc!EJReset pGIz$/label$ul>'
) +
''.join(
c('<liHA*-top:1px solid black;!CetX"_!EBώXI$p_V100%% - 100px);overflow-wrap:break-word;text-decoration:X!X</p>CedX"_F16px!EBxIli>'
) % (k, 4 + int(e[1]), e[1] and 'line-through', e[0], k)
for k, e in u[2].items()) +
c('</ul>Cn!EAk;V100%);Z-?:-45px;@-?:45px]l!EAk;B+I>'))
o, p = urllib.parse.parse_qs(s.rfile.read(int(w('Content-Length')
or '0'))), s.path
a, b, i = [o.get(y, [b''])[0].decode(d) for y in [b'a', b'b', b'c']]
a, x = a.replace('.', '').replace('/', ''), p[1:2]
y = None
if p[1:3] == 'uL':
if not (a in j and q.verify(b, j[a][0])): e = c('K or p^')
elif x == 'u':
if a in j: e = c('K X already taken') % (a)
else: j[a] = [q.encrypt(b, rounds=k, salt_size=16), [], {}]
elif not u: e = ' '
f = c('CuM"Hfloat:left!KEA]a!PGEAQb!EJMI>')
if e:
return r(
s,
c('<h2jh2$p>X</p>XX') %
(e, f, f.replace('left', c('?')).replace(c('M'), 'Login')))
if x == 'u':
t = secrets.token_urlsafe()
j[a][1].append((t, l() + 7**8))
y, y['a'], y['b'], u = v(), a, t, j[a]
if x == 'l': y, y['a'], y['b'] = v(), '', ''
if x == 'r':
if q.verify(b, u[0]) < 1: return r(s, c('<p>P^</p>'), 401)
u[0:2] = [q.encrypt(i, rounds=k, salt_size=16), []]
m = u[2]
if x == 'n': m[str(uuid.uuid4())] = [o[b'l'][0].decode(d), False]
i = p[3:]
if x == 'e':
if i not in m: return r(s, '', 404)
m[i][1] = m[i][1] < 1
if p[2:3] == 'd': del m[i]
f = open((a or n) + '.u', 'w+')
f.write(u[0] + '\n')
f.write(
c('X\nXX\nX') % (len(u[1]), ''.join(
'%s,%s\n' % (s[0].replace('\n', '\a'), s[1])
for s in u[1]), len(m.values()), ''.join('%s,%s,%s\n' %
(e[1], k, e[0])
for k, e in m.items())))
r(s, '', 301, y)
def reset_password(request):
print("reset_password")
if request.method == 'GET':
try:
jwt.decode(request.GET['token'], settings.JWT_SECRET_KEY)['email']
return render(request, 'user/reset_password.html')
except Exception as e:
return redirect('users:index')
elif request.method == 'POST':
data = request.POST.dict()
token = request.GET['token']
email = jwt.decode(token, settings.JWT_SECRET_KEY)['email']
try:
agent = Agent.objects.get(email=email)
agent.password = pbkdf2_sha256.encrypt(data['password'],
rounds=12000,
salt_size=32)
agent.save()
except Agent.DoesNotExist as e:
print(e)
try:
focal = EmpresaFocal.objects.get(email=email)
focal.password = pbkdf2_sha256.encrypt(data['password'],
rounds=12000,
salt_size=32)
focal.save()
except EmpresaFocal.DoesNotExist as e:
print(e)
args = {"message": "Tu contraseƱa ha sido actualizada"}
return render(request, 'user/reset_password.html', args)
else:
return HttpResponse(status=405)
def post(self, request):
form = RegisterForm(request.POST)
login_form = LoginForm(request.POST)
if request.method == 'POST' and 'register' in request.POST:
if form.is_valid():
first = form.cleaned_data['firstname']
last = form.cleaned_data['lastname']
nickname = form.cleaned_data['nickname']
password = form.cleaned_data['password']
password_hashed = pbkdf2_sha256.encrypt(password,
rounds=1200,
salt_size=10)
email = form.cleaned_data['email']
terms = form.cleaned_data['aggrewithterm']
user = User(nickname=nickname,
firstname=first,
lastname=last,
password=password_hashed,
email=email)
user.save()
return HttpResponseRedirect('')
if request.method == 'POST' and 'login' in request.POST:
if login_form.is_valid():
nickname = login_form.cleaned_data['nickname']
ent_password = login_form.cleaned_data['password']
try:
user = User.objects.get(nickname=nickname)
except (KeyError, User.DoesNotExist):
context = {
'form':
form,
'app_name':
"my_Link",
"login_form":
login_form,
"err_msg":
"The username you entered doesn't belong to an account."
}
return render(request, self.template_name, context)
user_pass = user.password
if pbkdf2_sha256.verify(ent_password, user_pass):
response = HttpResponseRedirect(
reverse('polls:userdetail', args=(user.id, )))
auth = "auth"
auth_hased = pbkdf2_sha256.encrypt(auth,
rounds=1200,
salt_size=10)
response.set_cookie("auth", auth_hased)
return response
else:
context = {
'form': form,
'app_name': "my_Link",
"login_form": login_form,
"err_msg": "Your password was incorrect."
}
return render(request, self.template_name, context)
def generate_password_and_salt(password):
salt = pbkdf2_sha256.encrypt(
faker.password(), rounds=20000, salt_size=16)
binary_salt = bytes(salt, 'utf-8')
password = pbkdf2_sha256.encrypt(
password, rounds=20000, salt_size=22, salt=binary_salt)
return password, salt
def password():
status = Status()
form = Form(request.forms)
username = open_session()['u']
if request.method == 'POST' and form.validate():
conn = db.engine.connect()
result = conn.execute(
select([
users.c.pbkdf2]).where(
users.c.id == username))
conn.close()
row = result.fetchone()
verify = pbkdf2_sha256.verify(
form.current_password.data, row['pbkdf2'])
if verify:
new_pbkdf2 = to_bytes(pbkdf2_sha256.encrypt(
form.new_password.data))
conn = db.engine.connect()
conn.execute(
users.update().values(
pbkdf2=new_pbkdf2).where(
users.c.id == username))
conn.close()
status.success = "Changed password"
else:
status.warning = "Wrong password for this account"
return dict(status=status,
form=form)
def create_user(username, password):
# check for nd.edu email
address = username[-6:-1] + username[len(username) - 1]
if address == "nd.edu":
# check for existence of username already
conn = sqlite3.connect(db_path)
with conn:
c = conn.cursor()
sql = "select * from userInfo where username = "******"'" + username + "'"
c.execute(sql)
user = c.fetchone()
if user:
return False, "User already exists"
else: # add user to the db
pass_hash = pbkdf2_sha256.encrypt(password, rounds=200, salt_size=16)
#sql = 'insert into userInfo values("' + username + '", "' + pass_hash + '")'
data = [username, pass_hash]
c.executemany('INSERT INTO userInfo VALUES(?,?)',(data,))
#c.execute(sql)
return True, "User created successfully"
else:
return False, "Please register with a valid nd.edu email address"
def change_password(username, password):
pass_hash = pbkdf2_sha256.encrypt(password, rounds=200, salt_size=16)
conn = sqlite3.connect(db_path)
with conn:
c = conn.cursor()
sql = "update userInfo set password = '******' where username = '******'"
c.execute(sql)
def user_erase_password(self, new):
"""
Method that erase password with a new one when we forgot the former one.
"""
self.password = pbkdf2_sha256.encrypt(new, rounds=200000, salt_size=16)
self.save()
return True
def hash_passwords(self, data):
"""Change the content of the users database"""
import time
#TODO: remove printing passwords into log
_log.debug("hash_passwords\n\tdata={}".format(data))
updates_made = False
start = time.time()
for username in data:
user_data = data[username]
try:
is_pbkdf2 = pbkdf2_sha256.identify(user_data['password'])
except Exception as err:
_log.error("Failed to identify if password is PBKDF2 or not:"
"\n\tusername={}"
"\n\tuser_data={}"
"\n\terr={}".format(username, user_data, err))
raise
#If the password is in clear, let's hash it with a salt and store that instead
if ('password' in user_data) and not (is_pbkdf2):
try:
hash = pbkdf2_sha256.encrypt(user_data['password'], rounds=200000, salt_size=16)
except Exception as err:
_log.error("Failed to calculate PBKDF2 of password, err={}".format(err))
raise
user_data['password']=hash
updates_made = True
_log.debug("hashed_passwords"
"\n\tdata={}"
"\n\ttime it took to hash passwords={}".format(data, time.time()-start))
return updates_made
def form_valid(self, form):
self.object = form.save(commit=False)
self.object.Password = e.encrypt(self.object.Password,
rounds=12000,
salt_size=32)
self.object.save()
return super().form_valid(form)
def submitUser(self):
""" inserts user info into the database """
returnObj = {"user_id": 0}
query = ("INSERT INTO users"
"(first_name , last_name , email , username , password ,"
"paypal_account) VALUES (%(first_name)s, %(last_name)s,"
"%(email)s,%(username)s, %(password)s, %(paypal_account)s)")
# extract only user info from class __dict__
query_params = self.sanitizeParams()
# hash password
query_params['password'] = pbkdf2_sha256.encrypt(
query_params['password'], rounds=200000, salt_size=16)
try:
uid = self.executeModifyQuery(query, query_params)
uid = uid['id']
# add user_id to current instance
setattr(self, "user_user_id", uid)
obj = {'user_id': uid, 'data': 'redmond', 'meta_name': 'theme'}
# insert default theme for user
query = ("INSERT INTO users_metadata (user_id, meta_name, data) "
" VALUES (%(user_id)s, %(meta_name)s, %(data)s)")
self.executeModifyQuery(query, obj)
returnObj = self.getUserByID()
except self.db2._connector.IntegrityError as err:
returnObj['message'] = "Error: {}".format(err)
return returnObj
def post(self):
""" Post a new user to the database. Make a dictionary to pass to the db_handler."""
try:
validate(request.json, user_schema)
except Exception as e:
error_msg = str(e).split("\n")
return {"msg": "error with input data:" + str(error_msg[0])}, 400
user_data = {}
data = request.get_json()
user_data["username"] = data.get("username")
user_data["password"] = pbkdf2_sha256.encrypt(saslprep(
data.get("password")),
rounds=200000,
salt_size=16)
user_data["preferred_channel"] = data.get("preferred_channel")
user_data["channels"] = data.get("channels")
user_data["admin"] = False
response = self.db_handler.create_user(user_data)
if response == "used":
return {'msg': "Username already in use"}, 400
elif response is None:
return {"msg": "Error during data handling"}
else:
return {"msg": "User created", "user_id": response}, 200
def update(self, ID, name, email, password):
self.ID = ID
self.name = name
self.email = email
self.password = password
user = db.users.find_one({"_id": self.ID})
if not name:
name = user["name"]
if not email:
email = user["email"]
if not password:
password = user["password"]
if password:
password = pbkdf2_sha256.encrypt(password)
db.users.update_one(
{"_id": self.ID},
{"$set": {
"name": name,
"email": email,
"password": password,
}})
def post(self):
""" Function responsible to create a new user, with all the parameters being requires """
try:
id = uuid.uuid4().hex
name = request.json['name']
username = request.json['username']
email = request.json['email']
password = request.json['password']
except:
return jsonify({'error': 'Incorrect parameters'}), 400
# Chek if all the parameters are in the request
if name and username and email and password and request.method == 'POST':
# Check for existing email addres and username
if collection.find_one({'username': username}):
return jsonify({"error": "Username already in use"}), 400
if collection.find_one({'email': email}):
return jsonify({"error": "Email already in use"}), 400
password = pbkdf2_sha256.encrypt(password)
collection.insert({
'_id': id,
'name': name,
'username': username,
'email': email,
'password': password
})
return jsonify({'success': 'user added'}), 200
return jsonify({'error': 'Incorrect parameters'}), 400
def admin_user_detail(user):
if not is_admin(session):
abort(403)
db_session = db.get_session()
try:
user_obj = db_session.query(db.Users).filter_by(username=user).one()
except NoResultFound:
abort(404)
raise
if request.method == "GET":
return render_template("admin_user_detail.html", user=user_obj)
else:
username = request.form['username']
password = request.form['password']
make_admin = False
try:
make_admin = request.form['admin']
make_admin = make_admin == "on"
except KeyError:
pass
if password != "": # If the password is empty it has not been changed
pwhash = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16)
user_obj.password = pwhash
if username != user: # If the username has been changed
user_obj.username = username
if make_admin != user_obj.admin:
user_obj.admin = make_admin
db_session.commit()
# TODO add a success message
return redirect(url_for('.admin_user_detail', user=username))
async def do_update(self, id, data):
"""
Update API Key `id`.
Specify `reset: true` to reset this API Key.
"""
reset = data.pop("reset", False)
old = await self._get_instance(id)
new = old.copy()
new.update(data)
await self._validate("api_key_update", new, id)
key = None
if reset:
key = self._generate()
new["key"] = pbkdf2_sha256.encrypt(key)
await self.middleware.call(
"datastore.update",
self._config.datastore,
id,
new,
)
return self._serve(await self._get_instance(id), key)
def user_create():
if not request.json:
abort(400)
if not all(k in request.json for k in ("name", "console", "email", "password", "timezone")):
abort(400)
c = g.db.cursor()
print request.json["name"]
c.execute("select * from users where name=?", (request.json["name"],))
print c.rowcount
if c.rowcount > 0:
abort(400)
# hash password
hashedpwd = pbkdf2_sha256.encrypt(request.json["password"], rounds=100000, salt_size=14)
c.execute("insert into users (name, email, console, password, timezone) values (?, ?, ?, ?, ?)",
(request.json["name"], request.json["email"], int(request.json["console"]),
hashedpwd, request.json["timezone"]))
g.db.commit()
return "OK"
def register():
if g.user is not None and g.user.is_authenticated:
return redirect(url_for('index'))
form = RegistrationForm()
if form.validate_on_submit():
session['remember_me'] = form.remember.data
user = User.query.filter_by(username = form.username.data).first()
if user is None and form.accept.data == True:
pw_hash = pbkdf2_sha256.encrypt(form.password.data, rounds=200000)
user = User(
username = form.username.data,
email = form.email.data,
password = pw_hash,
level = 1,
banned = False
)
db.session.add(user)
db.session.commit()
return redirect(url_for('login')) #Creation success
else:
return redirect(url_for('register')) #Duplicate username
return render_template(
'register.html',
title = 'Register',
form = form
)
def new_user():
username = request.json.get('username')
password = request.json.get('password')
email = request.json.get('email')
first_name = request.json.get('fname')
last_name = request.json.get('lname')
if not username or not password or not email:
return error(400, 1010,'Some login information was not provided')
hash = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16)
if db.session.query(db.Users).filter_by(username = username).first() is not None:
return error(400, 1020,'This username is not available') # existing user
if db.session.query(db.Users).filter_by(email = email).first() is not None:
return error(400, 1040,'A user with this email already exists') # existing user
user = db.Users(username = username)
user.password = hash
user.email = email
user.first_name = first_name
user.last_name = last_name
db.session.begin()
db.session.add(user)
db.session.commit()
return jsonify({'redirectUrl':'/',"params":"successful=true"})
def add_users():
""" Seed the users table with fake users """
# add 20 fake users to the database
for i in range(7, 28):
# securely store password
password_hash = pbkdf2_sha256.encrypt(
str(i),
rounds=200000,
salt_size=16)
email = str(i) + "@danielleyasso.com"
user = model.User(
username=str(i),
email=email,
password=password_hash,
preferences={})
model.db.session.add(user)
model.db.session.commit()
# set average rating (requires user id, so user must be in DB)
user.set_average_rating()
model.db.session.commit()
def admin_user_create():
if not is_admin(session):
abort(403)
if request.method == "GET":
return render_template("admin_create_user.html")
else:
try:
username = request.form['username']
password = request.form['password']
make_admin = False
try:
make_admin = request.form['admin']
make_admin = make_admin == "on"
except KeyError:
pass
db_session = db.get_session()
pwhash = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16)
user_obj = db.Users(username=username, password=pwhash, admin=make_admin)
db_session.add(user_obj)
db_session.commit()
return redirect(url_for('.admin_user_detail', user=username))
except KeyError:
abort(400)
def signup(request):
"""Sign up in the server"""
if request.method != "POST":
return HttpResponseBadRequest("Error: Send your data via POST.")
post = request.POST.dict()
# Check data validity.
if (set(post.keys()) != {"name", "username", "password"}
or not _is_name_valid(post["name"])
or not _is_username_valid(post["username"].lower())
or not _is_password_valid(post["password"])
):
return HttpResponseBadRequest("Error: Your POST data is corrupted.")
# Check if user already exists.
if User.objects.filter(username=post["username"].lower()):
return HttpResponseBadRequest("This user already exists.")
# Hash password.
password_hash = pbkdf2_sha256.encrypt(post["password"],
rounds=100000,
salt_size=16)
# Register.
date = datetime.datetime.now()
User.objects.create(name=post['name'],
username=post['username'].lower(),
password_hash=password_hash,
date_registered=date,
two_player_wins=0,
two_player_losses=0,
four_player_wins=0,
four_player_losses=0,
total_score=0)
return HttpResponse("Registration has been completed.")
def signup_user():
"""
This function requests information from the signup form, then returns the
user to the welcome page via redirect after storing user_id and user_email in session.
"""
user_email = request.form['email']
user_password = request.form['password']
user_first_name = request.form['first_name']
user_last_name = request.form['last_name']
already_registered = model.session.query(model.User).filter_by(email = user_email).first()
if already_registered:
flash("Looks like you already have an account. Want to try signing in?")
secure_password = pbkdf2_sha256.encrypt(user_password, rounds=200000, salt_size=16)
new_user = model.User(email = user_email, password = secure_password,
first_name = user_first_name, last_name = user_last_name)
model.session.add(new_user)
model.session.commit()
current_user = model.session.query(model.User).filter_by(email = user_email).first()
current_user_profile = model.User_Profile(user_id=current_user.id)
model.session.add(current_user_profile)
model.session.commit()
session['user_id'] = current_user.id
session['user_email'] = current_user.email
return redirect("/welcome")
def post(self):
""" create a new user
grab the arguments from the request using a parser """
parser = reqparse.RequestParser()
parser.add_argument("firstname")
parser.add_argument("lastname")
parser.add_argument("email")
parser.add_argument("password")
args = parser.parse_args()
firstname = args["firstname"]
lastname = args["lastname"]
email = args["email"]
password = args["password"]
# verify the information being passed through the request
if firstname is "" or lastname is "" or email is "" or password is "":
return "Bad user data", 400
user = query_db('SELECT email FROM user WHERE email == ?', (email, ))
if user is None:
# encrypt the password before storing it in the db
passhash = pbkdf2_sha256.encrypt(password,
rounds=10000,
salt_size=16)
user_id = query_db('INSERT into user (firstname,lastname,email,password) \
VALUES (?, ?, ?, ?)' , (firstname, lastname, email, passhash), \
commit=True)
return user_id, 201
else:
return "User already exists", 400
def user_erase_password(self, new):
"""
Method that erase password with a new one when we forgot the former one.
"""
self.password = pbkdf2_sha256.encrypt(new, rounds=200000, salt_size=16)
self.save()
return True
def add_account(self, username, password):
if self.already_used(username):
return False, 'this username is used'
password = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16)
self.db.users.insert({'username': username, 'password': password})
return True, 'Successfully Insert'
def post(self, request, reset):
try:
user = Users.objects.get(reset=reset)
if user.reset:
message = f"""\
<html>
<head></head>
<body style="text-align:left;">
<header><img src="https://i.imgur.com/gIpGJRb.png" height="200px" width="200px"></header><br><br>
<div style="text-align:left; font-size:20px;">
Hi {user.name},<br><br>
Greetings from Bingo Creator!<br><br>
This email has been sent because you just changed your password<br><br>
If it wasn't done by you,<br>
contact us immediately at [email protected]<br><br>
</div>
<p style="font-size:20px;">
Thank you,<br>
Bingo Creator
</p><br><br>
If you face any problems, feel free to send your queries at [email protected]
</body>
</html>
"""
send_email(user, message)
user.password = pbkdf2_sha256.encrypt(request.POST['password'],
rounds=12000,
salt_size=32)
user.reset = secrets.token_hex(4)
user.save()
return redirect('login')
except:
return redirect('login')
def register_create(request, template_name='login/register_form.html'):
form = RegisterForm(request.POST or None)
if request.method == 'POST':
user_id =request.POST['user_id']
password = request.POST['password']
confirm_password = request.POST['confirm_password']
email = request.POST['email']
is_active = request.POST['is_active']
if password == confirm_password:
enc_password = pbkdf2_sha256.encrypt('password',rounds=29000,salt_size=32)
User.objects.create(
user_id = user_id,
password = enc_password,
confirm_password = enc_password,
email = email,
is_active = is_active
)
# form.save()
return redirect('register_list')
else:
# messages.error(request,'Password and Confirm Password is not match')
return render(request, template_name, {
'form': form,
'error_message':'Password and Confirm Password is not matchsss',
})
return render(request, template_name, {'form': form})
def tryregister(request):
login_name = request.POST['login_name']
login_password = request.POST['login_password']
try:
user_data = User.objects.get(username=login_name)
except (KeyError, User.DoesNotExist):
if len(login_name) > 0 and len(login_password) > 0:
enc_password = pbkdf2_sha256.encrypt(login_password,
rounds=12000,
salt_size=32)
new_entry = User(username=login_name, password=enc_password)
new_entry.save()
return HttpResponseRedirect(reverse('login:login'))
else:
return render(
request, 'login.html', {
'error_message': "Please give in a username and password",
'hasAccount': 0,
'login_name': login_name,
'login_password': login_password
})
else:
return render(
request, 'login.html', {
'error_message': "That username already exists",
'hasAccount': 0,
'login_name': login_name,
'login_password': login_password
})
def conf_sign_in():
"""Conf sign-in"""
fname = request.form.get('fname')
lname = request.form.get('lname')
email = request.form.get('email')
password = request.form.get('password')
hashing = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16)
age = request.form.get('age')
zipcode = request.form.get('zipcode')
q1 = User.query.filter_by(email=email).first()
if q1 == None:
if age:
u1 = User(first_name=fname,
last_name=lname,
email=email,
password=hashing,
age=int(age),
zipcode=int(zipcode))
else:
u1 = User(first_name=fname,
last_name=lname,
email=email,
password=password,
zipcode=int(zipcode))
db.session.add(u1)
db.session.commit()
return render_template('conf_sign_in.html',
email=email,
passw=password)
else:
flash("It is already taken, please choose something else")
return redirect('/sign_in')
def createUser(self, user):
password = user.get('password')
try:
user['password'] = pbkdf2_sha256.hash(password)
except AttributeError:
user['password'] = pbkdf2_sha256.encrypt(password)
recovery = user.get('recovery')
if recovery:
try:
user['recovery'] = pbkdf2_sha256.hash(recovery)
except AttributeError:
user['recovery'] = pbkdf2_sha256.encrypt(recovery)
return self.dbInsertObject('user', user,
['username', 'password', 'email'])
def register(request):
########## REGISTER ########
if request.POST:
username = request.POST.get('user')
password = request.POST.get('password')
Repassword = request.POST.get('passwordRepeat')
email = request.POST.get('email')
if (password == Repassword):
if (Usuario.objects.filter(nombre=username)):
messages.info(request, 'El usuario ya existe')
return HttpResponseRedirect("/register")
if (Usuario.objects.filter(email=email)):
messages.info(request, 'El email ya existe')
return HttpResponseRedirect("/register")
enc_password = pbkdf2_sha256.encrypt(password, rounds=12000, salt_size=32)
user = Usuario(nombre=username, contraseƱa=enc_password, email=email)
user.save()
return HttpResponseRedirect("/")
else:
messages.info(request, 'Las contraseƱas no coinciden')
return HttpResponseRedirect("/register")
return render(request, 'social/register.html')
def _create_admin(self):
admin_data = {
"username": "******",
"password": pbkdf2_sha256.encrypt(saslprep("admin")),
"admin": True,
"preferred_channel": "email",
"channels": {
"email": {
"address": "*****@*****.**"
},
"facebook": {
"user_id": "user"
},
"telegram": {
"user_id": "user"
},
"irc": {
"nickname": "user",
"network": "user"
},
"slack": {
"channel": "user",
"username": "******"
}
}
}
cursor = self.user_collection.find({'username': '******'})
if cursor.count() == 0:
self.user_collection.insert_one(admin_data)
return
else:
return
def on_post(self,req,resp):
"""
Handle POST requests.
"""
username = req.media.get('username')
password = req.media.get('password')
# Check if parameters not empty
if None in (username, password):
raise falcon.HTTPBadRequest('Bad Request', 'Invalid Parameters')
# Hash user password
hashed = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16)
# Now create main user for account
user = User(username=username, password=hashed)
self.db_conn.add(user)
# Attempt database changes commit
try:
# Create User
self.db_conn.commit()
except SQLAlchemyError as e:
# Rollback Changes
self.db_conn.rollback()
# Send error
logger.error(f'Database Error: (Code: {e.orig.args[0]} Message: {e.orig.args[1]})')
raise falcon.HTTPInternalServerError('Internal Server Error', 'An error ocurred while communicating with the database.')
resp.media = {'success': 'user_created'}
resp.status = falcon.HTTP_201
def register(request):
if request.method == "POST":
enroll = request.POST.get('enroll')
email = request.POST.get('email')
password = request.POST.get('pass')
cpassword = request.POST.get('cpass')
user_enroll = UserRegister.objects.filter(enroll=enroll)
user_email = UserRegister.objects.filter(email=email)
if user_enroll and not user_email:
messages.info(request, "Enrollment is already exist!")
return redirect('register')
if user_email and not user_enroll:
messages.info(request, "Email is already exist!")
return redirect('register')
if user_enroll and user_email:
messages.info(request, "Enrollment & Email is already exist!")
return redirect('register')
if password != cpassword:
messages.info(request, "Please Enter the same password")
return redirect('register')
if password == cpassword:
enc_password = pbkdf2_sha256.encrypt(password,
rounds=12000,
salt_size=32)
user = UserRegister(enroll=enroll,
email=email,
password=enc_password)
user.save()
request.session['enroll'] = enroll
return redirect('profile')
return render(request, 'register.html')
def register():
if request.method == 'GET':
return render_template("register.html")
elif request.method == 'POST':
#add testcase if data is not stored in the database then we have to render the registerpage with error
#Get all the parameter from the request
#Check password and repassword before storing the data
# Encrypt the password before stroing
username = request.form.get("username")
userpassword = request.form.get("password")
repassword = request.form.get("repassword")
mobile = request.form.get("mobile")
if userpassword == repassword:
userpassword = pbkdf2_sha256.encrypt(userpassword,
rounds=20000,
salt_size=20)
db.execute(
"INSERT into users(user_name,user_password,mobile) values (:username, :userpassword, :mobile)",
{
"username": username,
"userpassword": userpassword,
"mobile": mobile
})
db.commit()
# Add validation if the password and repassword doesn't match
return render_template("register.html")
def startRecovery(self):
key = str(uuid.uuid4().hex.upper()[:32])
try:
self.recovery = pbkdf2_sha256.hash(key)
except AttributeError:
self.recovery = pbkdf2_sha256.encrypt(key)
return key
def _form_view_one(request, template_name='index.html', form_class=ContactForm):
if request.method == 'POST':
form = form_class(request.POST)
if form.is_valid():
# Open database connection
db = pymysql.connect("localhost", "root", "", "djangoproject")
# prepare a cursor object using cursor() method
cursor = db.cursor()
# catch form field data
username = request.POST.get('username')
password = request.POST.get('password1')
hashpassword = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16)
# Prepare SQL query to INSERT a record into the database.
sql = "insert into users VALUES('', '%s', '%s')" % \
(username, hashpassword)
try:
# Execute the SQL command
cursor.execute(sql)
# Commit your changes in the database
db.commit()
except:
# Rollback in case there is any error
db.rollback()
# disconnect from server
db.close()
pass # does nothing, just trigger the validation
else:
form = form_class()
return render(request, template_name, {'form': form})
def verify_password(password, db_password, salt):
binary_salt = bytes(salt, 'utf-8')
password = pbkdf2_sha256.encrypt(
password, rounds=20000, salt_size=16, salt=binary_salt)
return password == db_password
def EncryptPassword(password):
userPassword = password
userPassword = pbkdf2_sha256.encrypt(userPassword,
rounds=12000,
salt_size=32)
password = userPassword
return password
def submitEmailPassword():
for k in request.forms.keys():
print k, request.forms[k]
username = request.forms.get('email')
password = request.forms.get('password')
password_hashed = base64.urlsafe_b64encode(pbkdf2_sha256.encrypt(password, rounds=NOF_HASH_ROUNDS, salt_size=16))
username_encrypted = base64.urlsafe_b64encode(encrypt(ENCRYPTION_PASSWORD, username))
usersTable = db.table('users')
existingUser = usersTable.search(where('key') == username_encrypted)
if existingUser:
if pbkdf2_sha256.verify(existingUser['values']['password'],password_hashed):
pass
else:
print "wrong login"
else:
usersTable.insert({'key':username_encrypted, 'values':{'password':password_hashed}})
videosTable = db.table('videos')
existing_cookie = request.get_cookie('sebifyme',secret=GLOBAL_COOKIE_SECRET)
uid = existing_cookie['uid']
elements = videosTable.search((where('values').has('uploaded_by_uid') == uid) & (where('values').has('uploaded_by_user') == None))
for el in elements:
currentValues = el['values']
currentValues['uploaded_by_user'] = username_encrypted
videosTable.update({'values':currentValues}, eids=[el.eid])
website_content = template('video',video_name='joke.mp4')
return website_content
def login(request):
if request.POST.get('usr') and request.POST.get('pswrd'):
PstUsrnme = request.POST.get('usr').lower().replace(" ", "")
ChckUsr = Users.objects.filter(usrnme=PstUsrnme)
if ChckUsr:
pss = Users.objects.get(usrnme=PstUsrnme).psswrd
if pbkdf2_sha256.verify(request.POST.get('pswrd'), pss):
request.session['usrnme'] = PstUsrnme
return redirect('/userKey')
else:
return HttpResponse(
"<script>alert('Wrong username or password');window.location.href = '/';</script>"
)
else:
post = Users()
post.usrnme = request.POST.get('usr')
post.psswrd = pbkdf2_sha256.encrypt(request.POST.get('pswrd'),
rounds=12000,
salt_size=32)
post.save()
request.session['usrnme'] = PstUsrnme
return HttpResponse(
"<script>alert('User created');window.location.href = '/userKey';</script>"
)
else:
return redirect("/")
def changed(request):
if request.session.get('usn') != None:
if request.method == 'POST':
uid = User.objects.get(usn=request.session['usn'])
if not pbkdf2_sha256.verify(request.POST.get('password0'),
uid.password):
return render(
request, "nie_hub/changed.html",
{"msg": "The Current Password you entered is wrong"})
else:
if request.POST.get('password1') == request.POST.get(
'password2'):
uid.password = pbkdf2_sha256.encrypt(
request.POST.get('password1'),
rounds=12000,
salt_size=32)
uid.save()
return render(request, "nie_hub/changed.html",
{"msg": "Password changed successfully!"})
else:
return render(
request, "nie_hub/changed.html",
{"msg": "The Passwords you entered don't match!"})
else:
return HttpResponse("<h2>You are not logged in<h2>")
def new_register():
insert_user(request.form['username'],
pbkdf2_sha256.encrypt(request.form['password']),
request.form['email'])
user_data = get_login_user(request.form['username'])
do_login(user_data[0]['user_passwd'], user_data[0]['user_id'],
request.form['username'], request.form['password'])
def main():
parser = argparse.ArgumentParser()
parser.add_argument(
"-c", "--config",
default="config.json", metavar="FILE", dest="config_path",
help="Path to the config.json to be used")
parser.add_argument(
"-d", "--default",
default="config_default.json", dest="config_default_path",
help="Path to the config_default.json to be used")
parser.add_argument(
"--only-mail",
dest="only_mail", action="store_true",
help="Run the mail collecting server, but not the web server")
parser.add_argument(
"--only-web",
dest="only_web", action="store_true",
help="Run the web server, but not the mail collecting server")
parser.add_argument(
"-p", "--make-passhash",
dest="make_passhash", action="store_true",
help="Create a password hash to include in the configuration")
args = parser.parse_args()
config = Config.read(args.config_default_path, args.config_path)
config.module_path = os.path.dirname(os.path.dirname(__file__))
helper.setup_logging(config)
logging.debug('Starting with command line %r' % sys.argv)
if args.make_passhash:
pw = getpass.getpass()
if len(pw) < 10:
raise ValueError('Password too short')
pw2 = getpass.getpass('Repeat password: '******'Passwords are not equal!')
from passlib.hash import pbkdf2_sha256
print(pbkdf2_sha256.encrypt(pw))
return 0
if args.only_mail:
mail_handler.mail_main(config)
assert False, 'mail_main should never terminate'
if args.only_web:
korrekturserver.web_main(config)
assert False, 'webserver should never terminate'
mail_thread = threading.Thread(
target=mail_handler.mail_main, args=(config,))
mail_thread.daemon = True
mail_thread.start()
web_thread = threading.Thread(
target=korrekturserver.web_main, args=(config,))
web_thread.daemon = True
web_thread.start()
mail_thread.join()
assert False, 'mail server should never terminate'
def handle(self, packet_msg):
username = packet_msg.get('username')
password = packet_msg.get('password')
password2 = packet_msg.get('password2')
email = packet_msg.get('email', '')
nickname = packet_msg.get('nickname')
if not username or not password or not nickname or not password2:
self.send_error('Fill all fields', 400)
return
if len(username) < 5 or len(username) > 32:
self.send_error('Username should be between 5 and 32 characters long', 400)
return
if len(nickname) < 5 or len(nickname) > 32:
self.send_error('Nickname should be between 5 and 32 characters long', 400)
return
if email and (len(email) < 3 or len(email) > 128):
self.send_error('Email should be between 3 and 128 characters long', 400)
return
if len(password) < 8:
self.send_error('Password should be at least 8 characters long', 400)
return
if password != password2:
self.send_error('Passwords don\'t match!', 400)
return
# Make sure the nickname is not yet reserved
s = db_session()
try:
s.query(User).filter_by(nickname=nickname).one()
self.send_error('Nickname is already reserved', 405)
s.close()
return
except NoResultFound:
pass
# Make sure the username is not yet reserved
try:
s.query(User).filter_by(username=username).one()
self.send_error('Username is already reserved', 405)
s.close()
return
except NoResultFound:
pass
pw_hash = pbkdf2_sha256.encrypt(password)
user = User(username=username, password=pw_hash, email=email, nickname=nickname, level=USERLEVELS['user'])
s.add(user)
s.commit()
s.close()
# Send simple notification
log.info(u"Registered new user %s.", username)
self.send_message({})
def __init__(self, user, passwd, email):
self.username = user
self.email = email
self.password = pbkdf2_sha256.encrypt(passwd, rounds=200000, salt_size=16)
self.created = datetime.now()
self.admin = False
self.rating_mu = 25.000
self.rating_sigma = 8.333
def create_pass_thread(uuid, pw):
pw = crypt.encrypt(pw, rounds=200000, salt_size=16)
conn = zxJDBC.connect(mysql_database, mysql_user, mysql_pass, "com.mysql.jdbc.Driver")
curs = conn.cursor()
curs.execute("INSERT INTO secret VALUES (?,?)", (uuid,pw,))
conn.commit()
curs.close()
conn.close()
def addUser(cur, user):
# TODO all user stuff
u=user.getDict();
pwd=pbkdf2_sha256.encrypt(u["password"], rounds=rounds, salt_size=saltLength)
try:
groupID=cur.execute("""INSERT INTO Users VALUES(DEFAULT, %s, first_name, last_name, password);""" , (u['userID'], u['notes'], j['team']))
return True
except:
return False
def createUser(info, group = None, code = None):
userExist = db.users.find_one({'email' : info['email']})
if userExist: return False #user previously exists
if not code: #new group must be created
vaultID = vault.createClinic(group)
if not vaultID: return False
newClinic = db.clinics.insert_one({
'name' : group, 'vault' : vaultID})
if not newClinic: return False
code = str(newClinic.inserted_id)
#you created it
info['owner'] = True
info['approved'] = True
else: #verify that desired clinic exists
if not ObjectId.is_valid(code):
return false
oldClinic = db.clinics.find_one({
'_id' : ObjectId(code)})
if not oldClinic: return False
#joining something
info['owner'] = False
info['approved'] = False
info['confirmed'] = False
info['clinic'] = ObjectId(code)
hash = pbkdf2_sha256.encrypt(info['password'], rounds = 100000, salt_size = 10)
info['password'] = hash #store password in an encrypted, salted form
user = db.users.insert_one(info)
if not user: return False
userMsg = Message('Your ' + title + ' Account', #app title
sender = ('Example Administrator', '*****@*****.**'),
recipients = [(info['first'] + ' ' + info['last'], info['email'])])
userMsg.body = template('newUser.txt', user = info, ID = user.inserted_id)
userMsg.html = template('newUser.html', user = info, ID = user.inserted_id)
mail.send(userMsg)
if not info['owner']:
owner = db.users.find_one({'clinic' : ObjectId(code)})
appMsg = Message('Signup Notification', #approval queue
sender = ('Example Administrator', '*****@*****.**'),
recipients = [(owner['first'] + ' ' + owner['last'], owner['email'])])
appMsg.body = template('approveUser.txt', owner = owner, user = info)
appMsg.html = template('approveUser.html', owner = owner, user = info)
mail.send(appMsg)
#email validation?
return True
def generate_hash(password):
"""
Static function that generate a hashed password
@param string password: password to be hashed
@return string: hashed password
"""
return pbkdf2_sha256.encrypt(password, rounds=100, salt_size=16)
def create_user(username, password):
pass_hash = pbkdf2_sha256.encrypt(password, rounds=200, salt_size=16)
conn = sqlite3.connect(db_path)
with conn:
c = conn.cursor()
sql = 'insert into passwords values("' + username + '", "' + pass_hash + '")'
c.execute(sql)
def create_user(user_info):
filename = "./databases/users/" + str(user_info["username"]).encode('ascii', 'ignore') + ".json"
user_info["user_level"] = int(user_info["user_level"])
if os.path.isfile(filename):
return False
else:
open(filename, "w+").write("{}")
user_info["password"] = pbkdf2_sha256.encrypt(user_info["password"])
json.dump(user_info, open(filename, "w"))
return True
def user_set_password(self, old, new):
"""
This method must be used to set the password of a user
Return True if the password have be changed, False otherwise
"""
if (old == None and user.password == None) or pbkdf2_sha256.verify(old, user.password):
self.password = pbkdf2_sha256.encrypt(new, rounds=200000, salt_size=16)
self.save()
return True
return False
def hash_password(password):
"""
Hashes a string according to Meerkat's password hashing policy.
Args:
password (str) The unhashed password
Returns:
str The hashed password
"""
return pbkdf2_sha256.encrypt(password)
def change_pass():
current_pass = request.args.get('current_pass')
new_pass = request.args.get('new_pass')
if pbkdf2_sha256.verify(current_pass, current_user.password):
if new_pass:
new_pass = pbkdf2_sha256.encrypt(new_pass, rounds=8000, salt_size=10)
db.changePassword(current_user.id , new_pass)
return jsonify({"status": "password_changed"})
return jsonfiy({"status": "no_password"})
else:
return jsonify({"status": "wrong_user_pass"})
def create_admin(_username, _password):
database_init(settings.DATABASE_CONFIG)
pw_hash = pbkdf2_sha256.encrypt(_password)
s = session_get()
user = User(username=_username, password=pw_hash, level=USERLEVELS['admin'])
s.add(user)
try:
s.commit()
print("User '{}' created.".format(_username))
except IntegrityError:
print("User {} already exists.".format(_username))
def setup_class(self):
# Creates a new database for the unit test to use
self.app = Flask(__name__)
db.init_db()
self.test_email = "*****@*****.**"
self.test_psw = "test_pass"
self.test_hashed_psw = pbkdf2_sha256.encrypt(self.test_psw, rounds=200000, salt_size=16)
with self.app.app_context():
self.populate_db() # add test data.
