def do_login():
if login.current_user.is_authenticated():
return redirect(request.args.get('next') or url_for('index'))
if request.method == "POST":
try:
user = User().getObjectsByKey(
"username",
unicode(request.form.get("username")).lower(),
limit=1)[0]
except Exception as e:
traceback.print_exc(file=sys.stdout)
user = None
print "User not found"
time.sleep(
1 + random.random()
) # Wait for some time to make sure we don't reveal that the username is not known
if user is not None and user.checkPassword(
urllib2.unquote(request.form.get("password").encode('utf-8'))):
print "Username and password correct"
login.login_user(user)
return redirect(request.args.get('next') or url_for('index'))
print "Password incorrect"
return render_template(
"/users/login.html",
name="Log in",
error="This username/password combination does not exist.")
else:
return render_template("/users/login.html", name="Log in")
def userEdit(id):
try:
user = User().getObjectsByKey("_id", id)[0]
except Exception as e:
return abort(404)
try:
user.public_key = base64.b64decode(user.public_key)
except:
pass # Skip over new users
return render_template("users/edit.html",
name="Edit user",
user=user,
active="users")
def userSign(id):
try:
user = User().getObjectsByKey("_id", id)[0]
except Exception as e:
return abort(404)
try:
devices = map(DeviceRegistration.wrap, user.u2f_devices)
except:
devices = []
challenge = start_authenticate(devices)
user.u2f_challenge = challenge.json
return challenge.json
def userDelete(id):
try:
user = User().getObjectsByKey("_id", id)[0]
except:
return abort(404)
if request.method != "POST":
return abort(405)
user.remove()
return json.dumps({
"success": "true",
"new_csrf": generate_csrf_token()
})
def userEnroll(id):
try:
user = User().getObjectsByKey("_id", id)[0]
except Exception as e:
return abort(404)
try:
devices = map(DeviceRegistration.wrap, user.u2f_devices)
except:
devices = []
app_id = "http://127.0.0.1"
print app_id
enroll = start_register(app_id, devices)
user.u2f_enroll = enroll.json
return enroll.json
def usersIndex():
users = User().matchObjects({}, limit=25)
return render_template("users/index.html",
name="Users overview",
users=users,
active="users")
def load_user(userid):
try:
print "Getting user", userid
return User().getObjectsByKey("_id", userid)[0]
except Exception as e:
print e
return None
def index():
users = User().matchObjects({}, limit=5)
documents = Document().matchObjects({},
limit=10,
fields={
"title": True,
"author": True,
"secure": True,
"summary": True,
"document_type": True
})
# Parse blog feed
blogRssUrl = "http://blog.yuras.nl/rss/"
blogFeed = feedparser.parse(blogRssUrl)
news = {}
for entry in blogFeed.entries:
news[entry.link] = entry.title
return render_template("homepage/index.html",
name="Dashboard",
users=users,
documents=documents,
news=news,
active="dashboard")
def userPasswordEdit(id):
try:
user = User().getObjectsByKey("_id", id)[0]
except Exception as e:
return abort(404)
return render_template("users/password-edit.html",
name="Respin password",
user=user,
active="users")
def installYurasFinal():
data = dict(request.form)
user = User()
username = unicode(data.get("name")[0].lower())
password = unicode(data.get("password")[0].lower())
email = unicode(data.get("email")[0].lower())
user.setPassword(password)
user.username = username
user.email = email
user.firstname = username
user.save()
return render_template("install/final.html",
name="You are done installing Yuras!")
def userBind(id):
try:
user = User().getObjectsByKey("_id", id)[0]
except Exception as e:
return abort(404)
data = request.data.get("data", None)
enroll = user.u2f_enroll
binding, cert = complete_register(enroll, data, [])
try:
devices = map(DeviceRegistration.wrap, user.u2f_devices)
except:
devices = []
devices.append(binding)
user.u2f_devices = [d.json for d in devices]
print "U2F device enrolled. Username: %s" % user.username
print "Attestation certificate:\n%s" % cert.as_text()
return json.dumps(True)
def userVerify(id):
try:
user = User().getObjectsByKey("_id", id)[0]
except Exception as e:
return abort(404)
try:
devices = map(DeviceRegistration.wrap, user.u2f_devices)
except:
devices = []
challenge = user.u2f_challenge
c, t = verify_authenticate(devices, challenge, data)
return json.dumps({'touch': t, 'counter': c})
def userSave(id):
try:
user = User().getObjectsByKey("_id", id)[0]
except Exception as e:
return abort(404)
data = dict(request.form)
oldPassword = urllib2.unquote(
data.get("old-password", [""])[0].decode("utf-8"))
newPassword = urllib2.unquote(
data.get("new-password", [""])[0].decode("utf-8"))
newPasswordAgain = urllib2.unquote(
data.get("new-password-again", [""])[0].decode("utf-8"))
if len(newPassword) > 0:
if not user.checkPassword(oldPassword):
return redirect(
request.args.get("back", "/users/%s/edit" % id) +
"?error=password-incorrect")
if newPassword != newPasswordAgain:
return redirect(
request.args.get("back", "/users/%s/edit" % id) +
"?error=password-nomatch")
if len(newPassword) < 8:
return redirect(
request.args.get("back", "/users/%s/edit" % id) +
"?error=password-tooshort")
if newPassword in User.getMostCommonPasswords():
return redirect(
request.args.get("back", "/users/%s/edit" % id) +
"?error=password-toocommon")
user.setPassword(newPassword)
user.username = data["username"][0]
user.firstname = data["firstname"][0]
user.lastname = data["lastname"][0]
user.email = data["email"][0]
user.save()
return redirect(
request.args.get("back", "/users/%s/edit" % id) + "?success=true")
def userCreate():
user = User()
user.save()
_id = user._id
return redirect("/users/%s/edit" % _id)
def installYuras():
if len(User().matchObjects({})) > 0:
return abort(500)
return render_template("install/index.html", name="Install Yuras")
