def getAuthKey(): givenCredentials = util.RequestParser(request).parseJson() if not (util.RequestParser.dictHasKeys(givenCredentials, ('email', 'passwordhash')) and util.RequestParser.hashValid(givenCredentials.get('passwordhash'))): abort(400, errors['missingDetails']) user = checkRights(givenCredentials['email'], False) calcSaltHash = util.hashString(givenCredentials['passwordhash'] + str(user.salt)) authDict = { 'authKey' : user.authKey, } return (json.dumps(authDict) if calcSaltHash == user.passwordhash else abort(401, errors['wrongUser']))
def createModifyUser(authKey): currentUser = checkRights(authKey, False) givenUser = util.RequestParser(request).parseJson() if isinstance(currentUser, Admin): user = (connection.getUser(givenUser.get('id')) if givenUser.get('id') != None else connection.getUser(givenUser.get('email'))) if user == None and util.RequestParser.dictHasKeys(givenUser, ('email', 'firstname', 'lastname', 'is_admin', 'is_active')) and (givenUser.get('password') or givenUser.get('passwordhash')): user = (Admin() if givenUser['is_admin'] == True else User()) user.salt = random.randint(1000000000000000, 9999999999999999) elif user == None: abort(400, errors['missingDetails']) elif givenUser.get('is_admin') != None: dict = user.asSerialised() if givenUser['is_admin'] == True and isinstance(user, User): dict['is_admin'] = True user = Admin(dict) elif givenUser['is_admin'] == False and isinstance(user, Admin): dict['is_admin'] = False user = User(dict) user.email = givenUser.get('email') if givenUser.get('password'): print "sendmail" """emailtext = u"Hallo " + user.firstname + , vielen Dank, dass du dich entschieden hast unsere tolle [awesome] App zu verwenden. Dein Passwort lautet: + givenUser['password'] + u Wir empfehlen dir eindringlich das Passwort nach der Erstanmeldung zu aendern. Viel Spaß mit unserer atemberaubenden Applikation. King Max Porno""" #[email protected] emailtext = "Benutzername: " + givenUser['email'] + "\n\nPasswort: " + givenUser['password'] util.Email(givenUser['email'], "PocketBib Passwort erhalten", emailtext).send() user.passwordhash = util.hashString(givenUser['password']) else: user.passwordhash = givenUser.get('passwordhash') user.firstname = givenUser.get('firstname') user.lastname = givenUser.get('lastname') user.building = givenUser.get('building') user.roomnr = givenUser.get('roomnr') user.note = givenUser.get('note') user.telephone = givenUser.get('telephone') user.is_active = givenUser.get('is_active') return json.dumps({"id" : user.save()}) elif givenUser.get('email') == currentUser.email: #nur eigenes Konto bearbeiten currentUser.passwordhash = givenUser.get('passwordhash') currentUser.building = givenUser.get('building') currentUser.roomnr = givenUser.get('roomnr') currentUser.telephone = givenUser.get('telephone') currentUser.note = givenUser.get('note') return json.dumps({"id" : currentUser.save()}) else: abort(403, errors["wrongUser"])
def setPasswordHash(self, passwordhash): if passwordhash != None and util.RequestParser.hashValid(passwordhash): self.__passwordhash = util.hashString(passwordhash + str(self.__salt))
def testSha1(self): print "Test: Hash Sha1" self.failUnlessEqual(util.hashString("test"), "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3")
def __updateAuthKey(self): self.__authKey = util.hashString(self.passwordhash + self.email + str(isinstance(self, Admin)) + str(self.is_active))