def add_user(username, email):
"""Create a user"""
__p1 = getpass.getpass()
__p2 = getpass.getpass("Confirm password:"******"Error: passwords do not match"
def adduser(username, email):
rval = False
__p1 = getpass.getpass()
__p2 = getpass.getpass("Confirm password:"******"Error: password do not match"
def adduser(username, email):
rval = False
__p1 = getpass.getpass()
__p2 = getpass.getpass("Confirm password:"******"Error: password do not match"
def change_password(user_id):
"""Change a user password"""
try:
_user = Users.get(user_id)
except:
print ("Not User found for ID: " + str(user_id))
print ("Changing Password for User: "******"Confirm password:"******"Error: passwords do not match")
def login():
if (request.method == 'POST' and 'username' in request.form and
'password' in request.form):
app_user = None
username = request.form['username']
password = request.form['password']
if 'username' in request.form and len(request.form['username']):
app_users = Users.find(username=username)
if len(app_users) != 1:
flash("login failed: check username and password")
app_user = None
else:
app_user = app_users[0]
if app_user and app_user.credentials_valid(password):
login_user(app_user)
return redirect(request.args.get("next") or url_for("nmap.nmap_index"))
return render_template("nmap_login.html")
def login():
if (request.method == 'POST' and 'username' in request.form
and 'password' in request.form):
app_user = None
username = request.form['username']
password = request.form['password']
if 'username' in request.form and len(request.form['username']):
app_users = Users.find(username=username)
if len(app_users) != 1:
flash("login failed: check username and password")
app_user = None
else:
app_user = app_users[0]
if app_user and app_user.credentials_valid(password):
login_user(app_user)
return redirect(
request.args.get("next") or url_for("nmap.nmap_index"))
return render_template("nmap_login.html")
def add_user():
"""add user"""
if not current_user.has_permission("admin"):
abort(403)
if request.method == 'POST':
# validate data
if ('username' in request.form and len(request.form['username']) and
'password' in request.form and len(request.form['password']) and
'email' in request.form and len(request.form['email'])):
# TODO is das hier fies?! hart nach str konvertieren?
_username = str(request.form['username'])
_password = str(request.form['password'])
_email = str(request.form['email'])
if 'inactive' in request.form:
inactive = 1
else:
inactive = 0
try:
new_user = Users.add(username=_username,
email=_email,
clear_pw=_password,
inactive=inactive)
flash("Successfully created " + _username + " with ID " +
str(new_user.id), 'success')
return redirect("/admin/users/1")
except ValueError as ve:
flash("Failed to add User: Username already in use.", "danger")
return redirect("/admin/users/1")
except Exception as e:
flash("Something went wrong.", "danger")
return redirect("/admin/users/1")
else:
return render_template("admin_add_user.html")
def login():
"""login route that either shows login or evaluates POSTed data"""
if (request.method == 'POST' and 'username' in request.form and
'password' in request.form):
app_user = None
username = request.form['username']
password = request.form['password']
if 'username' in request.form and len(request.form['username']):
app_users = Users.find(username=username)
if len(app_users) != 1:
# this should make time based user enumeration difficult
bcrypt.hashpw("faked calculation", bcrypt.gensalt())
flash("Login failed: Check Username and Password", "danger")
return render_template("login.html")
else:
app_user = app_users[0]
if app_user and app_user.credentials_valid(password):
# refresh last_login in DB as this is a fresh login
app_user.update_last_login()
if request.form.getlist("remember-me"):
login_user(app_user, remember=True)
else:
login_user(app_user)
try:
next_page = request.form['next_page']
return redirect(next_page)
except:
return redirect(url_for("nmap.nmap_index"))
else:
flash("Login failed: Check Username and Password", "danger")
next_page = request.args.get('next')
return render_template("login.html", next_page=next_page)
def load_user(user_id):
return Users.get(user_id)
def load_user(user_id):
return Users.get(user_id)
on the users computer it also has a exipry date, but could be changed by
the user, so this feature allows us to enforce the exipry date of the token
server side and not rely on the users cookie to exipre.
"""
max_age = app.config["REMEMBER_COOKIE_DURATION"].total_seconds()
#Decrypt the Security Token, data = [username, hashpass]
try:
data = login_serializer.loads(token, max_age=max_age)
# This payload is decoded and safe
except BadSignature, e:
print("Cookie has been tampered: " + str(e))
return None
#Find the User
user = Users.get(data[0])
#Check Password and return user or None
if user and data[1] == user.password:
return user
return None
@login_manager.user_loader
def load_user(user_id):
return Users.get(user_id)
@appmodule.route("/login", methods=["GET", "POST"])
def login():
"""login route that either shows login or evaluates POSTed data"""
if (request.method == 'POST' and 'username' in request.form and
'password' in request.form):
