def _check_temp_password(dict, password):
"""
Verifies a secondary (temp) password for the identity.
Params:
dict (dictionary): A Represention of an identity.
Pulled straight from database.
password (string): The temp password of the identity to authenticate.
Returns:
None
Raises:
AuthFailed - Temp password has expired.
"""
temp_password_hash = dict['temp_password_hash']
if temp_password_hash:
bcrypt = Bcrypt(app)
did_pass = bcrypt.check_password_hash(temp_password_hash, password)
if did_pass:
username = dict['username']
try:
connection = db.connection()
db.call(connection, 'delete_identity_temp_password',
[username])
db.commit(connection)
except Exception:
pass # Let's not let a db issue stop us from continuing here.
return did_pass
return False
def authenticate(username, password, totp=None):
"""
Authenticates an identity's credentials.
Params:
username (string): The username of the identity to authenticate.
password (string): The password of the identity to authenticate.
totp (string, optional): The one-time TOTP code. Needed if
two-factor is enable for the identity.
Returns:
(dictionary): Representation of an identity.
Raises:
AuthFailed - The credentials were incorrect.
"""
result = _verify_identity(username, password)
_check_totp(result, totp)
if result['locked']:
raise AuthFailed
did_pass = result['did_pass']
if did_pass is False:
# Now, and only now, is it safe to reject based on wrong password.
# Doing so earlier would leak information concerning the correctness
# of the password guess.
raise AuthFailed
# By now we know identity has authenticated correctly.
# Reset auth_attempt_count to 0.
identity_id = result['identity_id']
try:
connection = db.connection()
db.call(connection, 'update_identity_reset_auth_count', [identity_id])
db.commit(connection)
except Exception:
pass # Not too concerned about a db error here.
return result
def _verify_identity(username, password):
"""
Verifies the identity's username/password credentials.
Params:
username (string): The username of the identity to authenticate.
password (string): The password of the identity to authenticate.
Returns:
(dictionary): Representation of an identity.
Raises:
AuthFailed - No identity exists for that username.
"""
# Get the current bcrypt cost from config.
current_cost = app.config['BCRYPT_LOG_ROUNDS']
try:
connection = db.connection()
result = db.call(connection, 'fetch_identity_credentials', [username])
password_hash = result['password_hash']
identity_exists = True
db.close(connection)
except DBKeyDoesNotExistException: # The username does not exist.
# We could bail here, but not running the bcrypt
# function will leak the presence/non-presense of identity
# via timing attack.
# Use this sample hash so we have something to feed into
# bcrypt function. Make sure our bogus attempt uses the
# same cost as a stored hashes.
password_hash = (
'$2b$' + str(current_cost) +
# Rymths with assword
'$eCc5pM5y.eOhNPandfz8GuQry6cYz6vJW.QjqUAgw0C7YdaqrYyzS')
identity_exists = False
# We don't want to abort here.
pass # We want to run the hash function to avoid timing attack.
bcrypt = Bcrypt(app)
did_pass = bcrypt.check_password_hash(password_hash, password)
if identity_exists:
# If identity and password is correct,
# let's see if we should update the bcrypt cost.
if did_pass:
hash_array = password_hash.split('$')
hash_cost = int(hash_array[2]) # The hash cost
# If we have changed the bcrypt cost since this password
# was created, let's update it with the new cost.
if hash_cost != current_cost:
identity_id = result['identity_id']
bcrypt = Bcrypt(app)
password_hash = bcrypt.generate_password_hash(password)
connection = db.connection()
db.call(connection, 'update_identity_password_hash',
[identity_id, password_hash])
db.commit(connection)
else:
did_pass = _check_temp_password(result, password)
result['temp_session'] = True
else:
# Now we can bail if no identity exists.
raise AuthFailed
result['did_pass'] = did_pass
return result
def create_identity(username, password):
"""
Creates an identity.
Params:
username (string): The desired username of the newly created identity.
password (string): The desired password of the newly created identity.
Returns:
(identity): A newly created identity object.
Raises:
AlreadyExists - The username is already assigned to an identity.
"""
from app.controllers.models import role
from zapi_service.controllers.request import create_jwt
bcrypt = Bcrypt(app)
password_hash = bcrypt.generate_password_hash(password)
identity_id = db.identifier()
try:
connection = db.connection()
db.call(connection, 'create_identity',
[identity_id, username, password_hash])
except DBItemAlreadyExistsException:
raise AlreadyExists
# # DO NOT commit db query yet. Let's see if account gets
# # created sucessfully first.
# Turns out I have to commit here or db transaction times out.
db.commit(connection)
###########################################################
# If we are testing, stop here. This is somewhat of a problem
# because we're not testing account creation, but we don't
# want to have to run the accounts service to test.
if app.config['TESTING'] is True:
# db.commit(connection)
identity = session.create(identity_id)
return identity
###########################################################
jwt_dict = {
'idt': identity_id,
'adm': False,
'acc': '',
'pvd': '',
'rol': ['id_create']
}
encoded_jwt, token_valid_period = create_jwt(jwt_dict)
data = {'name': username}
try:
response = zapi.request.call('accounts',
encoded_jwt,
method='POST',
data=data)
account_id = response['account_id']
connection = db.connection()
user_role = db.call(connection, 'role_for_user', None)
user_role_id = user_role.get('role_id')
parameters = {'account_id': account_id, 'role_id': user_role_id}
role.add_to_identity(identity_id, parameters)
except Exception:
# If anything goes wrong with account creation
# fail here with DB error.
raise DBException
# Commit now that we know account was created sucessfully.
db.commit(connection)
identity = session.create(identity_id)
return identity
# Name : Jess Kwek
# Class: DISM/FT/1B/02
import smtplib
import database.db as db
from sqlite3 import Error
import random
conn = db.connection()
if conn is not None:
updatecart = """UPDATE users SET discount=0"""
try:
cur = conn.cursor()
cur.execute(updatecart)
conn.commit()
cur.close()
except Error as e:
print("Something has went wrong on our side, please try again later")
try:
cur = conn.cursor()
cur.execute("""SELECT email FROM users""")
email_tuple = cur.fetchall()
email_list = [x[0] for x in email_tuple]
chosen_one = random.choice(email_list)
server = smtplib.SMTP_SSL('smtp.gmail.com', 465)
server.ehlo()