def deactivate_device_as_second_factor(user_id):
DBusers.set_second_factor_option(user_id, 2, 0)
if SecondFactorHandler.check_for_second_factor(user_id):
DBusers.set_second_factor_option(user_id, 1, 1)
return 'Device as second factor deactivated (Email second factor activated. You can deactivate this too if ' \
'you want)'
else:
return ''
def create_account(self, email, password):
email_check = DBusers.get_user_id(email)
if InputValidator.email_validator(email) and len(password) > 0 and len(
email_check) == 0:
user_id = DBusers.insert_user(email, password)
DirHandler.check_user_dirs(str(user_id))
LoginHandler.prepare_login(DBusers.check_user(email, password),
user_id, email)
raise cherrypy.HTTPRedirect('/index')
else:
raise cherrypy.HTTPRedirect('/sign?message=Invalid Email')
def prepare_user_settings(user_id):
user_settings = DBusers.get_user_settings(user_id)
user = DBusers.get_user(user_id)
user_settings['email'] = user[0]['email']
user_settings['status'] = SettingsHandler.prepare_status(
user_settings['2FA-App'], user_settings['2FA-Mail'])
user_settings['2FA-App'] = SettingsHandler.prepare_app(
user_settings['2FA-App'])
user_settings['2FA-Mail'] = SettingsHandler.prepare_email(
user_settings['2FA-Mail'])
return user_settings
def login_account(self, email, password):
if InputValidator.email_validator(email):
user_id = DBusers.get_user_id(email)[0]
if len(user_id) > 0:
user = DBusers.check_user(email, password)
return LoginHandler.prepare_login(user, str(user_id['id']),
email)
else:
return ResponseHandler.forbidden_response('Not authorized')
else:
return ResponseHandler.bad_request_response(
'Not a valid email address')
def authenticate_app(self, email, password, device_id, device_name):
print(device_id)
user = DBusers.check_user(email, password)
user_count = len(user)
cherrypy.serving.response.headers['Content-Type'] = 'application/json'
if user_count > 0:
cherrypy.session['user_id'] = user['id']
cherrypy.session['2fa_status'] = 0
user_id = str(user['id'])
user_settings = DBusers.get_user_settings(user_id)
if user_settings['2FA-App'] and user_settings['2FA-App'] == 1:
devices = DBdevices.get_by_user_id(user_id)
print(str(devices))
if len(devices) > 0 and any(x['device_id'] == device_id
for x in devices):
device = {}
for x in devices:
if x['device_id'] == device_id:
device = x
if device['device_is_active'] and device[
'device_is_active'] == 1:
cherrypy.session['2fa_status'] = 1
response = {'status': 200, 'message': 'Success'}
print('response', str(response))
return response
else:
response = {
'status': 403,
'message':
'Device must be activated in web-interface'
}
return response
else:
DBdevices.insert(user_id, device_id, device_name)
response = {
'status':
403,
'message':
'Device added, but must be activated in web-interface'
}
return response
else:
response = {'status': 403, 'message': 'App auth inactive'}
return response
else:
response = {
'status': 403,
'message': 'No such user found or password wrong'
}
return response
def update_account_info(user_id, user_mail, email, password, old_password):
email_change_status = ''
password_change_status = ''
if not user_mail == email:
email_change_status = DBusers.update_email(user_id, email)
if not password == '':
if SettingsHandler.varify_old_password(user_id, old_password):
if not password == old_password:
password_change_status = DBusers.update_password(
user_id, password)
else:
password_change_status = 'Please dont use your old password'
else:
password_change_status = 'Old password was wrong.'
return email_change_status + password_change_status
def get_user_settings(self, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
return DBusers.get_user_settings(user_id)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def request_otp_app(self, device_id):
device = DBdevices.get_by_device_id(device_id)
if len(device) == 0:
return
user_id = str(device[0]['user_id'])
user_settings = DBusers.get_user_settings(user_id)
if user_settings['2FA-App'] == 1:
otp = OtpHandler.create_otp(user_id)
DBotp.insert(user_id, otp)
return otp
def new_password(self, password, token, email):
if InputValidator.email_validator(email):
user_id = DBusers.get_user_id(email)[0]['id']
if user_id:
if HashHandler.check_token(user_id, token, 2):
if len(DBusers.check_user(email, password)) == 0:
DBtokens.delete(user_id, 2)
return ResponseHandler.success_response(
DBusers.update_password(user_id, password))
else:
return ResponseHandler.forbidden_response(
'Do not use your old password!')
else:
return ResponseHandler.forbidden_response('Wrong token')
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
else:
return ResponseHandler.bad_request_response(
'Not a valid email address')
def request_password_reset(self, email):
if InputValidator.email_validator(email):
user_id = DBusers.get_user_id(email)[0]['id']
if user_id:
return ResponseHandler.success_response(
LoginHandler.send_reset_token(user_id, email))
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
else:
return ResponseHandler.bad_request_response(
'Not a valid email address')
def password_reset(self, token, email):
if InputValidator.email_validator(email):
user_id = DBusers.get_user_id(email)[0]['id']
if user_id:
if HashHandler.check_token(user_id, token, 2):
return ResponseHandler.success_response('Correct token')
else:
return ResponseHandler.forbidden_response('Wrong token')
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
else:
return ResponseHandler.bad_request_response(
'Not a valid email address')
def prepare_login(user, user_id, email):
user_logs = LLogHandler.check_login_logs(user_id)
login_count = LLogHandler.count_tries(user_id, user_logs, email)
if len(user) > 0 and login_count:
DirHandler.check_user_dirs(user_id)
auth_token = HashHandler.create_auth_token(
user_id, cherrypy.request.headers, cherrypy.session.id)
user_settings = DBusers.get_user_settings(user_id)
cherrypy.session['user_id'] = user_id
cherrypy.session['user_mail'] = email
cherrypy.session['2fa_verified'] = 0
cherrypy.session['auth_token'] = auth_token
return LoginHandler.finalize_login(user_id, user_settings,
auth_token, email)
else:
return LoginHandler.fail_login(login_count)
def varify_old_password(user_id, old_password):
db_old_password = DBusers.get_password(user_id)[0]['password']
return HashHandler.verify_hash(db_old_password, old_password, 'sha512',
10000)
def activate_device_as_second_factor(user_id):
DBusers.set_second_factor_option(user_id, 1, 0)
DBusers.set_second_factor_option(user_id, 2, 1)
return 'Device as second factor activated'
def activate_email_as_second_factor(user_id):
DBusers.set_second_factor_option(user_id, 1, 1)
DBusers.set_second_factor_option(user_id, 2, 0)
return 'Email as second factor activated (device second factor deactivated)'
def deactivate_email_as_second_factor(user_id):
DBusers.set_second_factor_option(user_id, 1, 0)
return 'Email as second factor deactivated (You are now not secured by a second factor)'
def check_for_second_factor(user_id):
settings = DBusers.get_user_settings(user_id)
if settings['2FA-Mail'] == 1 or settings['2FA-Mail'] == 1:
return True
else:
return False
def deactivate_both_second_factor_options(user_id):
DBusers.set_second_factor_option(user_id, 1, 0)
DBusers.set_second_factor_option(user_id, 2, 0)
return 'Successfully disabled second factor'