def export_key(self): self.require_verification() form = Form(self.request, schema=forms.PassphraseSchema) if 'form.submitted' in self.request.POST and form.validate(): with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() key = session.query(Key).filter(Key.user_id==user.id, Key.name==self.key).first() pub = base64.b64decode(key.public_key) priv = base64.b64decode(key.private_key) priv = utils.decrypt(priv, pub, pub, form.data['passphrase']) filename = user.username + '.keypair.asc' content_type, encoding = mimetypes.guess_type(filename) logger.info('priv: %s', priv) with utils.tmpdir() as tmpd: tmp = os.path.join(tmpd, filename) with open(tmp, 'wb') as tmpf: tmpf.write('\n\n'.join((pub, priv))) tmpf.flush() response = FileResponse( tmp, request=self.request ) return response return dict( form=FormRenderer(form), username=self.username, key=self.key )
def toggle_sharability(self): self.require_login() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() user.sharable = not user.sharable session.add(user) return HTTPFound(location=self.request.route_url('user', userid=self.username))
def register(self): form = Form(self.request, schema=forms.RegistrationSchema) # Me add if 'form.submitted' in self.request.POST and form.validate(): username = form.data['username'] user = User(username=username, password=form.data['password'], name=form.data['name'], email=form.data['email'], created_at=time.time()) with utils.db_session(self.dbmaker) as session: userExist = session.query(User).filter( User.username == username).first() if not userExist: session.add(user) headers = remember(self.request, username) return HTTPFound( location=self.request.route_url('send_verify'), headers=headers) else: self.request.session.flash( u'This User is exist, please create another "Username" or "Email" !!!' ) return HTTPFound( location=self.request.route_url('register')) return dict(username=self.username)
def delete_key(self): self.require_verification() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username == self.username).first() key = session.query(Key).filter(Key.user_id == user.id, Key.name == self.key).first() session.delete(key) self.request.session.flash(u"successfully deleted key %s." % (self.key,)) return HTTPFound(location=self.request.route_url("keys"))
def require_key(self, errmsg=u'you must first create a key to do that'): self.require_verification() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter( User.username == self.username).first() if not user.keys: self.request.session.flash(errmsg) raise HTTPFound(location=self.request.route_url('keys'))
def delete_file(self): query_file = os.path.join(self.storage_dir, self.username, self.filename) with utils.db_session(self.dbmaker) as session: f = session.query(File).filter(File.name==self.filename).first() session.delete(f) os.remove(query_file) self.request.session.flash(u'successfully deleted file: %s.' % (self.filename, )) return HTTPFound(location=self.request.route_url('view_files'))
def delete_key(self): self.require_verification() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() key = session.query(Key).filter(Key.user_id==user.id, Key.name==self.key).first() session.delete(key) self.request.session.flash(u'successfully deleted key %s.' % (self.key, )) return HTTPFound(location=self.request.route_url('keys'))
def view_keys(self): with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username == self.username).first() keys = dict() for key in user.keys: keys[key.name] = dict(created_at=key.created_at) return dict(keys=keys, username=self.username)
def toggle_sharability(self): self.require_login() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter( User.username == self.username).first() user.sharable = not user.sharable session.add(user) return HTTPFound( location=self.request.route_url('user', userid=self.username))
def view_keys(self): with utils.db_session(self.dbmaker) as session: user = session.query(User).filter( User.username == self.username).first() keys = dict() for key in user.keys: keys[key.name] = dict(created_at=key.created_at) return dict(keys=keys, username=self.username)
def require_verification(self, errmsg=u'Account must be verified to do that'): self.require_login() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter( User.username == self.username).first() if user.verified_at is None: self.request.session.flash(errmsg) raise HTTPFound(location=self.request.route_url( 'user', userid=self.username))
def share_file(self): if 'form.submitted' in self.request.POST and form.validate(): passphrase = form.data['passphrase'] query_file = os.path.join(self.storage_dir, self.username, self.filename) share_user = self.request.params['share_user'] with utils.db_session(self.dbmaker) as session: owner = session.query(User).filter(User.username==self.username).one() f = session.query(File).filter(File.name==self.filename).one() u = session.query(User).filter(User.username==share_user).first() if u is None: del f.shared_users[:] else: for key in u.keys: f.keys.append(key) session.add(f) owner_pubs = [k.public_key for k in owner.keys] owner_privs = [k.private_key for k in owner.keys] recipients = owner_pubs + [k.public_key for k in f.keys] with open(query_file, 'rb') as o: data = o.read() decrypted = utils.decrypt(data, owner_privs, owner_pubs, passwd) with tempfile.NamedTemporaryFile() as tmp: tmp.write(decrypted) tmp.flush() tmp.seek(0) encrypted = utils.encrypt(tmp, recipients) tmp = tempfile.NamedTemporaryFile(dir=self.storage_dir, delete=False) tmp.write(encrypted) os.rename(tmp.name, query_file) self.request.session.flash( u'successfully shared file: %s with user %s' % (self.filename, share_user) ) return HTTPFound(location=self.request.route_url('view_files')) with utils.db_session(self.dbmaker) as session: sharable_users = session.query(User).filter(User.sharable==True) sharable_users = sharable_users.filter(User.username!=self.username).all() sharable_users = [u.username for u in sharable_users] return dict( username=self.username, filename=self.filename, sharable_users=sharable_users )
def user(self): self.require_login() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter( User.username == self.username).first() return dict(name=user.name, username=user.username, email=user.email, created_at=user.created_at, verified=user.verified_at is not None, sharable=user.sharable, filecount=len(user.files))
def user(self): self.require_login() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() return dict( name=user.name, username=user.username, email=user.email, created_at=user.created_at, verified=user.verified_at is not None, sharable=user.sharable, filecount=len(user.files) )
def unshare_file(self): query_file = os.path.join(self.storage_dir, self.username, self.filename) with utils.db_session(self.dbmaker) as session: f = session.query(File).filter(File.name==self.filename).first() u = session.query(User).filter(User.username==self.unshare_user).first() for key in u.keys: if key in f.keys: f.keys.remove(key) session.add(f) self.request.session.flash( u'no longer sharing file: %s with user: %s' % (self.filename, self.unshare_user) ) return HTTPFound(location=self.request.route_url('view_files'))
def genkey(self): self.require_verification() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username == self.username).first() if form.validate(): name = form.data["keyname"] passphrase = form.data["passphrase"] pub, priv = utils.keygen(name, user.email, passphrase) keyobj = Key(name, user.id, pub, priv) user.keys.append(keyobj) session.add(keyobj) session.add(user) self.request.session.flash(u"successfully generated key %s." % (name,)) return HTTPFound(location=self.request.route_url("keys"))
def genkey(self): self.require_verification() form = Form(self.request, schema=forms.GenKeySchema) with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() if form.validate(): name = form.data['keyname'] passphrase = form.data['passphrase'] pub, priv = utils.keygen(name, user.email, passphrase) keyobj = Key(name, user.id, pub, priv) user.keys.append(keyobj) session.add(keyobj) session.add(user) self.request.session.flash(u'successfully generated key %s.' % (name, )) return HTTPFound(location=self.request.route_url('keys'))
def register(self): if 'form.submitted' in self.request.POST and form.validate(): username = form.data['username'] user = User( username=username, password=form.data['password'], name=form.data['name'], email=form.data['email'], created_at=time.time() ) with utils.db_session(self.dbmaker) as session: session.add(user) headers = remember(self.request, username) return HTTPFound(location=self.request.route_url('send_verify'), headers=headers) return dict( username=self.username )
def export_key(self): self.require_verification() if "form.submitted" in self.request.POST and form.validate(): with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username == self.username).first() key = session.query(Key).filter(Key.user_id == user.id, Key.name == self.key).first() pub = base64.b64decode(key.public_key) priv = base64.b64decode(key.private_key) priv = utils.decrypt(priv, pub, pub, form.data["passphrase"]) filename = user.username + ".keypair.asc" content_type, encoding = mimetypes.guess_type(filename) logger.info("priv: %s", priv) with utils.tmpdir() as tmpd: tmp = os.path.join(tmpd, filename) with open(tmp, "wb") as tmpf: tmpf.write("\n\n".join((pub, priv))) tmpf.flush() response = FileResponse(tmp, request=self.request) return response return dict(username=self.username, key=self.key)
def verify(self): email = utils.verify_email(self.token, self.verification_key, self.verification_salt) if not email: self.request.session.flash(u'Unable to verify your email account') return HTTPFound(location=self.request.route_url('home')) if 'form.submitted' in self.request.POST: if not utils.authenticate_user(form, self.dbmaker): self.request.session.flash(u'Failed to verify your account credentials') return HTTPFound(location=self.request.route_url('home')) headers = remember(self.request, self.username) with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.email==email).first() (pub, priv) = utils.keygen(user.name, user.email, form.data['password']) user.verified_at = time.time() session.add(user) self.request.session.flash(u'Account verified!') return HTTPFound(location=self.request.route_url('keys')) return dict( username=self.username, token=self.token )
def verify(self): form = Form(self.request, schema=forms.RegistrationSchema) # Me add email = utils.verify_email(self.token, self.verification_key, self.verification_salt) if not email: self.request.session.flash(u'Unable to verify your email account') return HTTPFound(location=self.request.route_url('home')) if 'form.submitted' in self.request.POST: if not utils.authenticate_user(form, self.dbmaker): self.request.session.flash( u'Failed to verify your account credentials') return HTTPFound(location=self.request.route_url('home')) headers = remember(self.request, self.username) with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.email == email).first() (pub, priv) = utils.keygen(user.name, user.email, form.data['password']) user.verified_at = time.time() session.add(user) self.request.session.flash(u'Account verified!') return HTTPFound(location=self.request.route_url('keys')) return dict(username=self.username, token=self.token)
def manage_file(self): with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() f = session.query(File).filter(File.name==self.filename).first() username = user.username size = f.size uploaded_at = f.uploaded_at sharable_users = session.query(User).filter(User.sharable==True) sharable_users = sharable_users.filter(User.username!=self.username).all() sharable_users = [u.username for u in sharable_users] shared_with = ', '.join([k.user.username for k in f.keys]) return dict( username=username, filename=self.filename, uploaded_at=uploaded_at, size=size, sharable_users=sharable_users, shared_with=shared_with )
def send_verify(self): self.require_login() with utils.db_session(self.dbmaker) as session: email = session.query(User.email).filter(User.username==self.username).first() serializer = URLSafeTimedSerializer(self.verification_key) token = serializer.dumps(email, salt=self.verification_salt) token_url = self.request.route_url('verify', token=token) server = smtplib.SMTP(self.email_server, self.email_port) server.ehlo() server.starttls() server.login(self.email_user, self.email_password) body = '\r\n'.join(['To: %s' % (email, ), 'From: %s' % (self.email_user, ), 'Subject: %s' % ('Thanks for registering at whereikeep.info', ), '', 'Click here to complete registration %s' % (token_url, ) ]) server.sendmail(self.email_user, [email], body) self.request.session.flash(u'Registration email sent. '\ 'Follow instructions in email to complete registration') return HTTPFound(location=self.request.route_url('home'))
def view_file(self): if 'form.submitted' in self.request.POST and form.validate(): with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() f = session.query(File).filter(File.name==self.filename).first() proper_key = [k for k in f.keys if k.user.username == user.username] logger.info('owner: %s files: %s keys: %s', f.owner, user.files, f.keys) if f.owner != user.username and len(proper_key) == 0: self.request.session.flash(u'File not shared with you. are you a bad actor?') return HTTPFound(location=self.request.route_url('home')) privs = [] pubs = [] for k in proper_key: privs.append(k.private_key) pubs.append(k.public_key) query_file = os.path.join(self.storage_dir, f.owner.username, self.filename) if not os.path.isfile(query_file): return HTTPNotFound("file %s is not a thinger" % (self.filename, )) content_type, encoding = mimetypes.guess_type(query_file) with open(query_file, 'rb') as o: encrypted = o.read() decrypted = utils.decrypt(encrypted, privs, pubs, form.data['passphrase']) with utils.tmpdir() as tmpd: tmp = os.path.join(tmpd, self.filename) with open(tmp, 'wb') as tmpf: tmpf.write(decrypted) tmpf.flush() response = FileResponse( tmp, request=self.request, content_type=content_type, content_encoding=encoding ) return response return dict( username=self.username, filename=self.filename )
def upload_file(self): self.require_key() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() if 'uploaded_file' in self.request.POST and form.validate(): f = form.data['uploaded_file'] name = f['filename'] size = f['size'] self.request.session.flash(u'successfully uploaded file %s.' % (name, )) pubs = [] for key in user.keys: pubs.append(key.public_key) encrypted = utils.encrypt(f['file'], pubs) name = utils.store_file(encrypted, name, user.username, self.storage_dir) fileobj = File(name, size, user.id) fileobj.owner = user for key in user.keys: fileobj.keys.append(key) user.files.append(fileobj) session.add(user) return HTTPFound(location=self.request.route_url('view_files'))
def send_verify(self): self.require_login() with utils.db_session(self.dbmaker) as session: email = session.query( User.email).filter(User.username == self.username).first() serializer = URLSafeTimedSerializer(self.verification_key) token = serializer.dumps(email, salt=self.verification_salt) token_url = self.request.route_url('verify', token=token) server = smtplib.SMTP(self.email_server, self.email_port) server.ehlo() server.starttls() server.login(self.email_user, self.email_password) body = '\r\n'.join([ 'To: %s' % (email, ), 'From: %s' % (self.email_user, ), 'Subject: %s' % ('Thanks for registering at whereikeep.info', ), '', 'Click here to complete registration %s' % (token_url, ) ]) server.sendmail(self.email_user, [email], body) self.request.session.flash(u'Registration email sent. ' \ 'Follow instructions in email to complete registration') return HTTPFound(location=self.request.route_url('home'))
def view_files(self): self.require_verification() with utils.db_session(self.dbmaker) as session: user = session.query(User).filter(User.username==self.username).first() current_upload_size = sum([f.size for f in user.files]) username = user.username owned_files = dict() shared_files = dict() for f in user.files: shared_with = [k.user.username for k in f.keys] owned_file = dict(shared=shared_with, uploaded_at=f.uploaded_at, size=f.size) owned_files[f.name] = owned_file shared_files[f.name] = dict(size=f.size, owner=f.owner.username) sharable_users = session.query(User).filter(User.sharable==True) sharable_users = sharable_users.filter(User.username!=self.username).all() sharable_users = [u.username for u in sharable_users] return dict( current_upload_size=current_upload_size, username=username, uploaded_files=owned_files, sharable_users=sharable_users, shared_files=shared_files )