def sign_up():
data = request.get_json()
already_exists = database_helper.check_if_email_exists(data['email'])
if already_exists:
return jsonify({'success': False, 'message': "User already exists."})
else: #do not need to check if a field is empty because html code does it (required)
########################## Password hashing ############################
# 1. Generate salt
salt = os.urandom(32)
salt = (binascii.hexlify(salt)).decode('utf-8')
# 2. Append salt to the password
password = data['password']
password = password + salt
# 3. Hash the password and storing
password = bcrypt.generate_password_hash(password).decode('utf-8')
output_msg = database_helper.save_new_user(
data['email'], password, data['firstname'], data['familyname'],
data['gender'], data['city'], data['country'], salt)
########################################################################
if output_msg:
return jsonify({
'success': True,
'message': "Data saved succesfully"
})
else:
return jsonify({
'success':
False,
'message':
"Something went wrong saving the data(maybe email already exists)"
})
def post_message():
data = request.get_json()
current_user_token = data['token']
message = data['message']
dest_email = data['email']
if current_user_token != None and dest_email != None:
sender_mail = database_helper.get_email_by_token(current_user_token)
sender_mail = sender_mail[0]
if database_helper.check_if_email_exists(
sender_mail) and database_helper.check_if_email_exists(
dest_email):
success_post = database_helper.post_message(
sender_mail, message, dest_email)
if success_post:
return jsonify({
'success': True,
'message': "Message posted succesfully"
})
else:
return jsonify({
'success':
False,
'message':
"Something went wrong posting the message"
})
else:
return jsonify({
'success': False,
'message': "Provided token or email do not exist"
})
else:
return jsonify({
'success': False,
'message': "Token and destination email cannot be void"
})
def sign_up():
data = request.get_json()
already_exists = database_helper.check_if_email_exists(data['email'])
if already_exists:
return jsonify({'success': False, 'message': "User already exists."})
else: #do not need to check if a field is empty because html code does it (required)
output_msg = database_helper.save_new_user(
data['email'], data['password'], data['firstname'],
data['familyname'], data['gender'], data['city'], data['country'])
if output_msg:
return jsonify({
'success': True,
'message': "Data saved succesfully"
})
else:
return jsonify({
'success':
False,
'message':
"Something went wrong saving the data(maybe email already exists)"
})
def resetPswd():
form = EmailForm()
if form.validate_on_submit():
emailDest = form.email.data
if database_helper.check_if_email_exists(emailDest):
#create a new secure password#
stringSource = string.ascii_letters + string.digits + string.punctuation
password = secrets.choice(string.ascii_lowercase)
password += secrets.choice(string.ascii_uppercase)
password += secrets.choice(string.digits)
for i in range(6):
password += secrets.choice(stringSource)
char_list = list(password)
secrets.SystemRandom().shuffle(char_list)
password = ''.join(char_list)
######################## New password hashing ##########################
# 1. Find the salt
resultSalt = database_helper.get_users_salt(emailDest)
salt = resultSalt['salt']
# 2. Append salt to the password
passwordSecure = password + salt
# 3. Hash the password and storing
passwordSecure = bcrypt.generate_password_hash(
passwordSecure).decode('utf-8')
password_changed = database_helper.change_password(
emailDest, passwordSecure, salt)
########################################################################
if password_changed:
message = """\
Dear user,
Your new password is : """ + password + """
The Twidder team"""
msg = MIMEText(message)
msg['To'] = email.utils.formataddr((emailDest, emailDest))
msg['From'] = email.utils.formataddr(
('Twidder team', '*****@*****.**'))
msg['Subject'] = 'New Twidder password'
try:
# --- send the email ---
server = smtplib.SMTP('smtp.gmail.com', 587)
server.starttls() #enable security
server.login(
'*****@*****.**',
'liuTDDD97!') #login and pswd of the email account
server.set_debuglevel(
True
) # Dump communication with the receiving server straight to the console.
server.sendmail('*****@*****.**',
[emailDest], msg.as_string())
flash("An email has been sending to you.", 'success')
#return redirect(url_for('root'))
except smtplib.SMTPException:
flash("Error: unable to send email", 'error')
finally:
server.quit()
else:
flash("Something went wrong changing the password", 'error')
else:
flash("Your email does not exist in our database.", 'error')
return render_template('reset_pswd.html', form=form)
def post_message():
data = request.get_json()
print(data)
token = data['token']
message = data['message']
dest_email = data['email']
place = data['place']
public_key = data['publicKey']
authentication_data = database_helper.get_email_logged_user_new(public_key)
stored_token = authentication_data['token']
sender_mail = database_helper.get_email_by_token(stored_token)
sender_mail = sender_mail[0]
equal_hashed_token = False
########################## Token verification ##########################
# 1. Recreate the blob using the stored token
blob = ""
if dest_email != None:
i = 0
while i < len(dest_email):
blob = blob + dest_email[i]
i = i + 3
i = 0
while i < len(message):
blob = blob + message[i]
i = i + 3
blob = stored_token + blob
# 2. Hash it
hash = hashlib.sha256(blob.encode()).hexdigest()
# 3. Compare the two hashes
if token == hash:
equal_hashed_token = True
print("Equal hashes get_users_data_by_token")
########################################################################
if dest_email == None:
dest_email = sender_mail
if stored_token != None and dest_email != None:
if equal_hashed_token:
if database_helper.check_if_email_exists(
sender_mail) and database_helper.check_if_email_exists(
dest_email):
success_post = database_helper.post_message(
sender_mail, message, dest_email, place)
if success_post:
return jsonify({
'success': True,
'message': "Message posted succesfully"
})
else:
return jsonify({
'success':
False,
'message':
"Something went wrong posting the message"
})
else:
return jsonify({
'success':
False,
'message':
"Provided token or email do not exist"
})
else:
return jsonify({
'success': False,
'message': "Hashes not equal in post_message"
})
else:
return jsonify({
'success': False,
'message': "Token and destination email cannot be void"
})