def userSignup(args, sessid=0):
# password or site-precookie
# password is manually chosen, but site pre-cookie should be computed from hash(siteid + rootcookie)
if not MULTIUSER and sessid > 0:
raise ValueError("Multiuser not enabled, sessid > 0 not allowed.")
password = args.password
# global userid
salt = randstr(SALTLEN)
passwordhash = hash(password)
# always compute checks to prevent timing attacks,
# that could guess if password is in use.
not_new = passwordhash in data.salts
not_rare = ALLOWUSERPASSWORDS and not rare(password)
if not_new or not_rare:
raise ValueError(SIGNUPFAIL)
return
userid = randstr(IDLEN)
while(userid in data.users): #theoretically this could infinite loop, but when are we gonna have that many users?
userid = randstr(IDLEN)
username = args.username or ""
email = args.email or ""
if username in data.names:
raise ValueError("Sorry, that username is taken.")
return
if email in data.emails:
raise ValueError("Sorry, that email address is taken.")
sitecookie = hash(password + salt) # store this entire salt, because it is strictly private on the server.
data.authhashes.addRow(*authHashes(userid, password, AUTHHASHES))
data.authhashes.save()
data.cookies.addRow(sitecookie, userid, salt)
data.cookies.save()
data.salts.addRow(passwordhash, salt)
data.salts.save()
data.users.addRow(userid, username, email, sitecookie)
data.users.save()
if len(username):
data.names.addRow(username, userid)
data.names.save()
if len(email):
data.emails.addRow(email, userid, False)
data.emails.save()
print(f" New user created.")
print(f" User Id: '{userid}'")
print(f" SiteCookie: '{sitecookie}'")
name = username
if len(name) == 0:
name = userid
def autoSignup(args, sessid=0):
password = randstr(AUTOPASSLEN)
passwordhash = hash(password)
while(passwordhash in data.salts): #theoretically this could infinite loop, but when are we gonna have that many users?
password = randstr(AUTOPASSLEN)
passwordhash = hash(password)
SignupArguments = namedtuple('Arguments', "username password email")
signupargs = SignupArguments(args.username, password, args.email)
userSignup(signupargs, sessid)
print(" Password: " + password)
def updatePublicAccount(userid = None, currencylookup = None, newbalance = None, balancechange = None):
# TODO test this
if userid == None:
raise ValueError("cannot update account for 'None' user.")
if currencylookup == None:
raise ValueError("cannot update a 'None' account.")
if newbalance == None and balancechange == None:
raise ValueError("newbalance or balancechange required to update account.")
if newbalance != None and balancechange != None:
raise ValueError("updatePublicAccount: newbalance and balancechange were both specified. Choose one, not both.")
if not currencylookup in data.currencylookup:
raise ValueError("updatePublicAccount: there was no matching currency for provided 'currencylookup'")
currencyid = data.currencylookup[currencylookup].CurrencyId
privacctid = userid + ":" + currencyid
exists = privacctid in data.privaccts
balance = 0
pubacctid = None
if exists:
pubacctid = data.privaccts[privacctid].AcctId
acct = data.pubaccts[pubacctid]
balance = int(acct.Balance)
else:
pubacctid = randstr(IDLEN)
while(pubacctid in data.pubaccts): #theoretically this could infinite loop, but when are we gonna have that many users?
pubacctid = randstr(IDLEN)
if balancechange != None:
assert isinstance(balancechange, int), "balancechange was not an integer"
newbalance = balance + balancechange
assert isinstance(newbalance, int), "balancechange was not an integer"
if newbalance < 0:
raise ValueError("balance may not be less than zero.")
user = data.users[userid]
sitecookie = user.SiteCookie
sitepostcookie = hash(sitecookie)
acctversion = randstr(IDLEN)
acctsecret = hash(pubacctid + ":" + acctversion + ":" + sitepostcookie)
accthash = hash(pubacctid + ":" + userid + ":" + acctsecret)
if exists:
del data.pubaccts[pubacctid]
else:
data.privaccts.addRow(privacctid, pubacctid)
data.pubaccts.addRow(pubacctid, acctversion, accthash, currencyid, newbalance)
def authHashes(userid, password, n):
result = []
result.append(userid)
for i in range(n):
salt = randstr(SALTLEN)
authcookie = hash(password + salt)
authhash = hash(authcookie)
publicsalt = salt[:SALTLEN-SALTSECRET]
result.append(publicsalt)
result.append(authhash)
return result
def createCheck(args, sessid=0):
userid = getUser(sessid)
if userid == None:
raise ValueError(f"You must be logged in to issue a check.")
lookup = args.currency + ":" + NAMESPACE;
currencyid = getCurrencyId(lookup)
amt = int(args.amount)
updatePublicAccount(userid, lookup, balancechange = -amt)
checksecret = randstr(IDLEN)
checkhash = hash(checksecret)
while(checkhash in data.checks):
checksecret = randstr(IDLEN)
checkhash = hash(checksecret)
data.checks.addRow(checkhash, currencyid, amt)
data.checks.save()
data.pubaccts.save()
print(f"Check Secret: \"{checksecret}\"")
print(f"Check issued for {amt} units of {lookup}")
def newRoot(args):
rootcookie = randstr(ROOTCOOKIELEN)
print("root-cookie: " + rootcookie)
print("TODO save")
import numpy
import perfmon
import yaml
import webview
import appdb
import util
import shutil
import copy
UIAUTOMATOR_DUMPFILE = "/sdcard/window_dump.xml"
UIAUTO_DUMP_ALL = "/sdcard/win*.xml"
webview_empty_re = re.compile("WebView[^/>]+/>")
logger = logging.getLogger("sense")
prefix = "appmodel" + util.randstr(4)
last_screen_name = "appmodelLast" + util.randstr(4) + ".png"
@perfmon.op("sense", "grab_full")
def grab_full(dev, no_img=False):
xml_hier = grab_hier_xml(dev)
actname = grab_actname(dev)
ret = {'xml': xml_hier, 'act': actname}
if not no_img:
scrfile = grab_screen(dev)
ret['scr'] = scrfile
return ret
def mintCoin(args, sessid=0):
userid = getUser(sessid)
# anonymously issued coins are all deposited into a bearer check.
name = args.coinname
namespace = NAMESPACE
supply = int(args.supply)
if supply < 0:
raise ValueError("Can only mint non-negative amounts of a currency.")
issuer = userid
anonymous = (userid == None)
locked = True if anonymous else False # anonymously created currencies must be locked.
lookup = name + ":" + namespace
if anonymous:
print("TODO: issue check for supply of anonymous currency.");
pass #TODO anonymously created currencies have all their balance put into one check.
elif lookup in data.currencylookup:
#TODO allow issuers to issue more.
raise ValueError("That currency already exists")
else:
currencyid = randstr(IDLEN)
while(currencyid in data.currencies): #theoretically this could infinite loop, but when are we gonna have that many users?
currencyid = randstr(IDLEN)
data.currencies.addRow(currencyid, NAMESPACE, name, issuer, supply, locked)
data.currencylookup.addRow(lookup, currencyid)
user = data.users[userid]
sitecookie = user.SiteCookie
sitepostcookie = hash(sitecookie)
# TODO obfuscate pubaccts
# compute pubacct info
acctid = randstr(IDLEN)
while(acctid in data.pubaccts): #theoretically this could infinite loop, but when are we gonna have that many users?
acctid = randstr(IDLEN)
acctversion = randstr(IDLEN)
# for when you update an account, do this.
# while(acctversion == data.pubaccts[acctid]): # it should be okay, if the account version conflicts with a previous version, as it exists primarily, to make it difficult to track a specific account history, as account versions exist primarily to mitigate against potential replay attacks.
# acctversion = randstr(IDLEN)
updatePublicAccount(userid, lookup, supply)
data.privaccts.addRow(userid + ":" + currencyid, acctid)
acctsecret = hash(acctid + ":" + acctversion + ":" + sitepostcookie)
accthash = hash(acctid + ":" + userid + ":" + acctsecret)
data.pubaccts.addRow(acctid, acctversion, accthash, currencyid, supply)
hint = ""
if supply > 9999:
power = int(math.log(supply, 10))
lead = int(supply / 10**(power-1))/10
hint = f" ({lead} x 10^{power})"
print(f"Minted {supply}{hint} units of currency {lookup} to \"{user.Username}\"({userid})")
data.pubaccts.save()
data.privaccts.save()
data.currencies.save()
data.currencylookup.save()
import skimage.transform
import numpy
import perfmon
import yaml
import webview
import appdb
import util
import shutil
UIAUTOMATOR_DUMPFILE = "/sdcard/window_dump.xml"
UIAUTO_DUMP_ALL = "/sdcard/win*.xml"
webview_empty_re = re.compile("WebView[^/>]+/>")
logger = logging.getLogger("sense")
prefix = "appmodel" + util.randstr(4)
@perfmon.op("sense", "grab_full")
def grab_full(dev, no_img=False):
xml_hier = grab_hier_xml(dev)
actname = grab_actname(dev)
ret = {'xml': xml_hier, 'act': actname}
if not no_img:
scrfile = grab_screen(dev)
ret['scr'] = scrfile
return ret
@perfmon.op("sense", "grab_xml")