def badExit(index: int):
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
_mobile.elog('Request error - ' + str(index), 'reg')
headers.errorResponse(translation.getValue('bad_request'))
def wrongCred(index: int):
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
_mobile.elog('Credentials error - ' + str(index), 'auth')
headers.errorResponse(translation.getValue('user_not_found'))
badExit(1)
if 'login' not in jsonpost:
badExit(2)
if 'password' not in jsonpost:
badExit(3)
if 'device' not in jsonpost:
badExit(4)
if ('crc32_control' not in jsonpost) or ('crc32_str' not in jsonpost):
badExit(5)
crc32_control = int(jsonpost['crc32_control'])
if crc32_control != utils.crc32(str(jsonpost['crc32_str'])):
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
_mobile.elog('CRC32 control mistake', 'critical')
headers.errorResponse("CRC32 algorithm error")
if len(jsonpost['login']) < 4 or len(jsonpost['password']) < 4 or len(
jsonpost['device']) < 4:
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
_mobile.elog('Too short symbols', 'auth')
headers.errorResponse(translation.getValue('mobile_too_short'))
jsonpost['remember'] = -1
if auth.isMobile: # Yes only from Mobile!!!
#!/usr/local/bin/python3
import inspect
import os
import sys
currentdir = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
sys.path.insert(0, os.path.dirname(currentdir))
from _common.api import headers
from _common.api import auth
from _common.api import translation
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.htmlPage(False)
print("""<!DOCTYPE html>
<html lang='""" + auth.user_lang + """'>
<head>
<meta charset="utf-8" />
<title>""" + translation.getAppName(auth.user_lang) +
""" - Android application</title>
<meta name="description" content="The application will notify the user about various events. Widgets: Week, Colored Notes, Microphone, Calendar. Time and place reminder">
<meta name="keywords" content="Reminder, Android, Time and Place, Запоминатор, Напоминалка, Напоминатор, MachEs!">
<meta name="author" content="Arefev Leonid" />
<meta name="referrer" content="no-referrer" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
<link rel="icon" href="data:;base64,iVBORw0KGgo=" />
def wrongCred():
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
headers.errorResponse('@str.user_not_found','@str.error', 404)
def badExit(index: int = 0):
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
headers.errorResponse(
' @str.bad_request', '@str.error',400)
'select id,login,fail_login_counter,fail_login_timestamp,password,state from users where login="******" and state>0')
usr = mydb.fetchone()
if usr is None:
wrongCred()
if usr['fail_login_timestamp'] is None:
usr['fail_login_timestamp'] = 0
if usr['fail_login_counter'] is None:
usr['fail_login_counter'] = 0
timestamp_int = int(time.time() * 1000)
if (abs(timestamp_int - int(usr['fail_login_timestamp'])) < 60 * 1000) and (int(usr['fail_login_counter']) > 5):
auth.credentials = auth.buildCredentials(0, '', '', 0, 0)
headers.jsonAPI(False)
time.sleep(1)
headers.errorResponse('@str.wait_1_min', '@str.attention', 403)
timestamp_string = str(timestamp_int)
if usr['password'] != jsonpost['password'] or int(usr['state']) < 1:
mydb.execute(
'update users set fail_login_counter=(fail_login_counter+1),fail_login_timestamp=' + timestamp_string + ' where id=' + str(
usr['id']))
wrongCred() # auth fail
auth.user_id = int(usr['id']) # before! buildCredentials call
if auth.isMobile:
badExit() # using this form from mobile app APIs is not permitted
else: