def GET(self): """ Show info about a single project :return: Project info page """ # Get session session = web.ctx.session # Get navbar nav = get_nav_bar(session) data = web.input(projectid=0) try: permissions = models.project.get_user_permissions(str(session.userid), data.projectid) except: permissions = [0,0,0] categories = models.project.get_categories() if data.projectid: project = models.project.get_project_by_id(data.projectid) tasks = models.project.get_tasks_by_project_id(data.projectid) else: project = [[]] tasks = [[]] render = web.template.render('templates/', globals={'get_task_files':models.project.get_task_files, 'session':session}) return render.project(nav, project_form, project, tasks,permissions, categories)
def GET(self): """ Get main page using the projects URL input variable to determine which projects to show. :return: index page """ session = web.ctx.session nav = get_nav_bar(session) data = web.input(projects=None) categories = models.project.get_categories() project_bulk_one = [] project_bulk_two = [] if data.projects == 'my': project_bulk_one = models.project.get_projects_by_status_and_owner( str(session.userid), "open") project_bulk_two = models.project.get_projects_by_status_and_owner( str(session.userid), "in progress") elif data.projects == 'customer': # TODO: Can customer projects be open? project_bulk_one = models.project.get_projects_by_participant_and_status( str(session.userid), "open") project_bulk_two = models.project.get_projects_by_participant_and_status( str(session.userid), "in progress") elif data.projects == 'finished': project_bulk_one = models.project.get_projects_by_status_and_owner( str(session.userid), "finished") project_bulk_two = models.project.get_projects_by_participant_and_status( str(session.userid), "finished") return render.index(nav, project_bulk_one, project_bulk_two, data.projects, categories)
def GET(self): """ Get the apply view where users can sign up for a project """ # Get session session = web.ctx.session # Get navbar nav = get_nav_bar(session) if not session.has_key('csrf_token'): from uuid import uuid4 session.csrf_token = uuid4().hex data = web.input(projectid=0) if data.projectid: project = models.project.get_project_by_id(data.projectid) else: project = [[]] tasks = [[]] # Assemble form and set the user in context as an applicant with all permissions apply_form = get_apply_form() apply_permissions_form = get_apply_permissions_form() applicants = [[session.userid, session.username]] permissions = [["TRUE", "TRUE", "TRUE"]] render = web.template.render('templates/', globals={ "get_apply_permissions_form": get_apply_permissions_form, 'session': session }) return render.apply(nav, apply_form, get_apply_permissions_form, project, applicants, permissions, "", session.csrf_token)
def GET(self): """ Get the Change_password form :return: A page with the Change_password form """ session = web.ctx.session nav = get_nav_bar(session) return render.forget_password(nav, forget_password_form, "")
def GET(self): """ Get the registration form :return: A page with the registration form """ session = web.ctx.session nav = get_nav_bar(session) return render.register(nav, register_form, "")
def GET(self): """ Get the rest_password form :return: A page with the Change_password form """ session = web.ctx.session nav = get_nav_bar(session) self.token = web.input().reset_token return render.reset_password(nav, reset_password_form, "")
def POST(self): """ Post an application to the view, adding selected users to a project """ data = web.input(projectid=0, add_user=None, remove_user=None, apply=None) session = web.ctx.session nav = get_nav_bar(session) # Assemble form applicants = [session.username] apply_form = get_apply_form() apply_permission_form = get_apply_permissions_form() # Prepare globals render = web.template.render('templates/', globals={ "get_apply_permissions_form": get_apply_permissions_form, 'session': session }) if data.projectid: project = models.project.get_project_by_id(data.projectid) if data.add_user: applicants, permissions = self.get_applicants(data, "add_user") return render.apply(nav, apply_form, get_apply_permissions_form, project, applicants, permissions) elif data.remove_user: applicants, permissions = self.get_applicants( data, "remove_user") return render.apply(nav, apply_form, get_apply_permissions_form, project, applicants, permissions) # Set users as working on project and set project status in progress elif data.apply: applicants, permissions = self.get_applicants(data, "") for applicant, permission in zip(applicants, permissions): models.project.set_projects_user(data.projectid, str(applicant[0]), permission[0], permission[1], permission[2]) models.project.update_project_status(data.projectid, "in progress") raise web.seeother( ('/project?projectid=' + str(data.projectid)))
def GET(self): """ Show the login page :return: The login page showing other users if logged in """ session = web.ctx.session nav = get_nav_bar(session) # Log the user in if the rememberme cookie is set and valid self.check_rememberme() return render.login(nav, login_form, "")
def POST(self): """ Handle input data and change password in database :return: Main page """ session = web.ctx.session nav = get_nav_bar(session) data = web.input(username="", email="") forget_password = forget_password_form() #print("-"*16) #print("enter forget password") # check each field is endered values. if not forget_password.validates(): return render.forget_password(nav, forget_password, "All fields must be valid.") try: # log ip information ip_addr = web.ctx["ip"] accessed_path = web.ctx["fullpath"] # query user's email and google token (extra secruity) user_email = forget_password_match(data.username, data.email, ip_addr, accessed_path) #print("-"*16) #print(user_email) # generate token user_reset_token = generate_token() #save token to database update_reset_token(data.username, user_reset_token, ip_addr, accessed_path) #print("-" * 8 + "updated!") # Send user email reset_url = "http://localhost/reset_password?reset_token=" + user_reset_token msg = "Please reset your password via this link.\n" + str( reset_url) #send mail #self.send_mail(user_email, msg) return render.forget_password(nav, forget_password_form, "- Send to mail" + msg) except Exception as e: print(e) return render.forget_password(nav, forget_password_form, "- Something went wrong!")
def GET(self): """ Get the registration form :return: A page with the registration form """ session = web.ctx.session nav = get_nav_bar(session) if not session.has_key('csrf_token'): from uuid import uuid4 session.csrf_token = uuid4().hex return render.register(nav, register_form, "", session.csrf_token)
def GET(self): """ Get the project registration form :return: New project page """ session = web.ctx.session nav = get_nav_bar(session) # Retrive the required components to compose the form project_form_elements = get_project_form_elements() task_form_elements = get_task_form_elements() user_form_elements = get_user_form_elements() project_form = form.Form(*(project_form_elements + task_form_elements + user_form_elements)) return render.new_project(nav, project_form, project_buttons, "")
def GET(self): """ Get all open projects :return: A page containing all open projects """ session = web.ctx.session data = web.input(categoryid=0) open_projects = [] if data.categoryid != 0: open_projects = get_projects_by_status_and_category( data.categoryid, "open") nav = get_nav_bar(session) categories = get_categories() return render.open_projects(nav, categories, open_projects)
def POST(self): """ Handle input data and change password in database :return: Main page """ session = web.ctx.session nav = get_nav_bar(session) data = web.input(token="") two_fa = two_fa_form() # check each field is endered values. if not two_fa.validates(): return render.two_fa(nav, two_fa_form, "All fields must be valid.") try: # log ip information ip_addr = web.ctx["ip"] accessed_path = web.ctx["fullpath"] # query user's name (username) and token (extra secruity) token = data.reset_token username = search_for_token(token, ip_addr, accessed_path) #print("-"*16) #print(username) rel = os.path.realpath( os.path.join(os.getcwd(), os.path.dirname("token_img"))) with open(os.path.join(rel, 'secrets.json'), 'r') as opened_file: secrets = json.load(opened_file) for label, key in sorted(list(secrets.items())): print("===" * 8 + "\n" + data.token) print(get_totp_token(key), type(get_totp_token(key))) if data.token == get_totp_token(key): result = update_token_to_null(label, ip_addr, accessed_path) raise web.seeother("/login") print("{}:\t{}".format(label, get_totp_token(key))) session.ip = None session.header = None except Exception as e: print(e) except: print(exit[0]) return render.login(nav, two_fa_form, "- Something went wrong!")
def POST(self): """ Handle input data and change password in database :return: Main page """ session = web.ctx.session nav = get_nav_bar(session) data = web.input(reset_token="", new_password="") reset_password_colum = reset_password_form() # check each field is endered values. if not reset_password_colum.validates(): return render.reset_password(nav, reset_password_form, "All fields must be valid.") try: # log ip information ip_addr = web.ctx["ip"] accessed_path = web.ctx["fullpath"] # query user's name (username) and token (extra secruity) token = data.reset_token username = search_for_user(token, ip_addr, accessed_path) #print("-"*16) #print(username) #update token to null database result_update_token = update_token_to_null(username, token, ip_addr, accessed_path) print("-" * 16 + "updated!") # generate new password new_salt = generate_salt() hashed_password = hashed_value(data.new_password, new_salt) hashed_password = new_salt + hashed_password # update password result_update_password = update_user_password( username, hashed_password, ip_addr, accessed_path) raise web.seeother("/") except Exception as e: print(e) except: print(exit[0]) return render.login(nav, reset_password_form, "- Something went wrong!")
def GET(self): """ Show the login page :return: The login page showing other users if logged in """ session = web.ctx.session nav = get_nav_bar(session) # Log the user in if the rememberme cookie is set and valid self.check_rememberme() if not session.has_key('csrf_token'): session.csrf_token = uuid4().hex return render.login(nav, login_form, "", session.csrf_token)
def GET(self, verification_key): """ Get the verification form :return: A page with the verification form """ user_was_verified = models.user.verify_user_by_email(verification_key) session = web.ctx.session nav = get_nav_bar(session) if (user_was_verified): return render.verify(nav, "Success", "") log("VERIFY", web.ctx['ip'], [('Username', session.username), ("Response: ", "Verify OK, user verified")]) return render.verify(nav, "", "User was verified")
def GET(self): """ Get the project registration form :return: New project page """ session = web.ctx.session nav = get_nav_bar(session) if not session.has_key('csrf_token'): from uuid import uuid4 session.csrf_token = uuid4().hex # Retrive the required components to compose the form project_form_elements = get_project_form_elements() task_form_elements = get_task_form_elements() user_form_elements = get_user_form_elements() project_form = form.Form(*(project_form_elements + task_form_elements + user_form_elements)) return render.new_project(nav, project_form, project_buttons, "", session.csrf_token)
def GET(self): """ Get the Validate_account form :return: A page with the Validate_account form """ session = web.ctx.session nav = get_nav_bar(session) try: # get access information ip_addr = web.ctx["ip"] path = web.ctx["fullpath"] session.ip = ip_addr session.header = web.ctx.env['HTTP_USER_AGENT'] # get toke via url data = web.input() token = data.reset_token print(token) #TODO search for token and return username username = search_for_token(token, ip_addr, path) print(username) #TODO verify the account and clear the token of the account #result = update_token_to_null(username, ip_addr, path) #print(result) # show validate account message and redirect to home page render.validate_account(nav, "Your acount: {} has been verified!".format(username)) raise web.seeother("/two_fa") except Exception as e: print(e) except: render.validate_account(nav, "An internal error occur")
def GET(self): """ Get the rest_password form :return: A page with the Change_password form """ session = web.ctx.session nav = get_nav_bar(session) # get access information ip_addr = web.ctx["ip"] path = web.ctx["fullpath"] session.ip = ip_addr session.header = web.ctx.env['HTTP_USER_AGENT'] # get toke via url data = web.input() token = data.reset_token #TODO search for token and return username username = search_for_token(token, ip_addr, path) #TODO verify the account and clear the token of the account #result = update_token_to_null(username, ip_addr, path) #print(result) # show validate account message and redirect to home page try: if session.ip == web.ctx["ip"] and session.header == web.ctx.env['HTTP_USER_AGENT']\ and username: current_dir = os.getcwd() print("==" * 8 + "\n" + current_dir) return render.two_fa(nav, two_fa_form, "static/picture.png", "Not validate!") except: print(exit[0]) return web.seeother("/")
def POST(self): """ Log in to the web application and register the session :return: The login page showing other users if logged in reference: https://www.vitoshacademy.com/hashing-passwords-in-python/ reference: https://stackoverflow.com/questions/34046634/insert-into-a-mysql-database-timestamp/34047276 """ session = web.ctx.session nav = get_nav_bar(session) data = web.input(username="", password="", login="", forget="", remember=False) print(data) current_time = time.time() try: # log ip information ip_addr = web.ctx["ip"] accessed_path = web.ctx["fullpath"] request_header = web.ctx.env['HTTP_USER_AGENT'] msg_request = accessed_path + request_header #check data password exits and click on if data.password and data.login == "login": #get user's salt and password with attempt try log_time_date = datetime.datetime.fromtimestamp( current_time).strftime('%Y-%m-%d %H:%M:%S') record_user_login(data.username, ip_addr, msg_request, log_time_date) #print("logged_login") stored_password = models.user.get_user_hashed_password( data.username, ip_addr, accessed_path) # match with database # get salt value, type<str> salt = stored_password[:64] password = stored_password[64:] # Validate login credential hashed_password_validate = hashed_value(data.password, salt) test_password = (salt + hashed_password_validate) # If there is a matching user/password in the database the user is logged in try_times = 0 try_times = models.user.get_qurery_frequency( data.username, ip_addr, accessed_path) print(try_times) if hashed_password_validate == password: # look for the attemptions to try count user = models.user.match_user(data.username, test_password, ip_addr, accessed_path) # run google authenticator to log in if data.totp: username = self.google_2fa_token(data.totp) if user[1] == username: self.login(user[1], user[0], data.remember) raise web.seeother("/") elif try_times < 3: return render.login( nav, login_form, "- Login Attemp {} time(s)".format(str(try_times))) elif try_times >= 3: return render.login( nav, login_form, "- Invalid tryout, Resume login in 30 minuts") else: return render.login(nav, login_form, "- User authentication failed") # click on forget password elif data.forget == "forget": raise web.seeother("/forget_password") else: return render.login(nav, login_form, "- Please provide password") #password_hash = hashlib.md5(b'TDT4237' + data.password.encode('utf-8')).hexdigest() except Exception as e: print("An execute error in login: {}".format(e)) return render.login(nav, login_form, "- Something went wrong!")
def POST(self): # Get session session = web.ctx.session # Get data when user press "Create Project" button data = web.input(myfile={}, deliver=None, accepted=None, declined=None, projectid=0) # file itself fileitem = data['myfile'] #projects information permissions = models.project.get_user_permissions( str(session.userid), data.projectid) categories = models.project.get_categories() tasks = models.project.get_tasks_by_project_id(data.projectid) # Upload file (if present) try: if fileitem.filename: # Check if user has write permission if not permissions[1]: raise web.seeother( ('/project?projectid=' + data.projectid)) #upload filname with basename, to avoid path travsal fn = os.path.basename(fileitem.filename) # Create the project directory if it doesnt exist # create a folder named project under static folder path = 'static/project' + data.projectid if not os.path.isdir(path): command = 'mkdir ' + path os.popen(command) sleep(0.2) # create a folder called task path = path + '/task' + data.taskid if not os.path.isdir(path): command = 'mkdir ' + path os.popen(command) sleep(0.2) #check the filename suffix fn.lower().endswith(('.txt', '.pdf')) #extract file name itself filename_no_extension = os.path.splitext(fn)[0] #hash file name hashed_fileanme = hashlib.md5(filename_no_extension.encode()) #create the file path uploaded_file_path = os.path.join(path, "/", hashed_fileanme.hexdigest()) open(uploaded_file_path, 'wb').write(fileitem.file.read()) models.project.set_task_file(data.taskid, uploaded_file_path) except: # Throws exception if no file present # Get session session = web.ctx.session # Get navbar nav = get_nav_bar(session) data = web.input(projectid=0) if data.projectid: project = models.project.get_project_by_id(data.projectid) tasks = models.project.get_tasks_by_project_id(data.projectid) else: project = [[]] tasks = [[]] render = web.template.render('templates/', globals={ 'get_task_files': models.project.get_task_files, 'session': session }) return render.project( nav, project_form, project, tasks, permissions, categories, ) pass # Determine status of the targeted task all_tasks_accepted = True task_waiting = False task_delivered = False for task in tasks: if task[0] == int(data.taskid): if (task[5] == "waiting for delivery" or task[5] == "declined"): task_waiting = True if (task[5] == 'accepted'): task_delivered = True # Deliver task if data.deliver and not task_delivered: models.project.update_task_status(data.taskid, "delivered") # Accept task delivery elif data.accepted: models.project.update_task_status(data.taskid, "accepted") # If all tasks are accepted then update project status to finished all_tasks_accepted = True tasks = models.project.get_tasks_by_project_id(data.projectid) for task in tasks: if task[5] != "accepted": all_tasks_accepted = False if all_tasks_accepted: models.project.update_project_status(str(data.projectid), "finished") # Decline task delivery elif data.declined: models.project.update_task_status(data.taskid, "declined") raise web.seeother(('/project?projectid=' + data.projectid))
def POST(self): """ Handle input data and register new user in database :return: Main page """ # get session information session = web.ctx.session nav = get_nav_bar(session) data = web.input() register = register_form() # check user is exites or not if not register.validates(): return render.register(nav, register, "All fields must be valid.") # Check if user exists if get_user_id_by_name(data.username): return render.register(nav, register, "Invalid user, already exists.") try: """ Using salt to protect user's password And write in database. """ ip_addr = web.ctx["ip"] path = web.ctx["fullpath"] # generate salt value salt = generate_salt() # protect password with sha 256 hashed_password = hashed_value(data.password, salt) # generate salted password string password = (salt + hashed_password) # set this account as unverified temp_account = True # generate a save url token temp_token = generate_token() #TODO: generate a google token google_token_raw = generate_google_token() google_token = self.get_google_auth_token(data.username, google_token_raw) try: # send web mail # Send user email reset_url = "http://molde.idi.ntnu.no:80/two_fa?reset_token=" + temp_token # for school # reset_url = "http://molde.idi.ntnu.no:80" + temp_token msg = "Please verfiy your account via this link.\n" + str( reset_url) print("======" * 8 + "Ready to send mail!") #send_mail (currently it is currpted) #self.send_mail(data.email, msg) except: pass # write into database set_user(data.username, password, data.full_name, data.company, data.email, data.street_address, data.city, data.state, data.postal_code, data.country, ip_addr, path, temp_account, google_token, temp_token) # msg for notification return render.register( nav, register_form, "User registered and verified with email!\n" + reset_url) except: print(exit[0]) return render.register(nav, register_form, "Fail to register!")
def POST(self): """ Create a new project :return: Redirect to main page """ session = web.ctx.session nav = get_nav_bar(session) # Try the different URL input parameters to determine how to generate the form data = web.input(add_user=None, remove_user=None, add_task=None, remove_task = None, create_project=None) # Add a set of task fields to the form if data.add_task: project_form = self.compose_form(data, "add_task") return render.new_project(nav, project_form, project_buttons, "") # Remove a set of task fields from the form if data.remove_task: project_form = self.compose_form(data, "remove_task") return render.new_project(nav, project_form, project_buttons, "") if data.add_user: project_form = self.compose_form(data, "add_user") return render.new_project(nav, project_form, project_buttons, "") if data.remove_user: project_form = self.compose_form(data, "remove_user") return render.new_project(nav, project_form, project_buttons, "") # Post the form data and save the project in the database if data.create_project: project_form = self.compose_form(data, None) if not project_form.validates(): return render.new_project(nav, project_form, project_buttons, "") task_count = get_element_count(data, "task_title_") user_count = get_element_count(data, "user_name_") # If there already are users assignet to the project the status will be set to in progress status = "open" if len(data.user_name_0): status = "in progress" # Validate the input user names for i in range(0, user_count): if len(data["user_name_"+str(i)]) and not models.user.get_user_id_by_name(data["user_name_"+str(i)]): return render.new_project(nav, project_form, project_buttons, "Invalid user: "******"user_name_"+str(i)]) # Save the project to the database projectid = models.project.set_project(data.category_name, str(session.userid), data.project_title, data.project_description, status) # Save the tasks in the database for i in range(0, task_count): models.project.set_task(str(projectid), (data["task_title_" + str(i)]), (data["task_description_" + str(i)]), (data["budget_" + str(i)])) # Save the users in the database given that the input field is not empty for i in range(0, user_count): if len(data["user_name_"+str(i)]): userid = models.user.get_user_id_by_name(data["user_name_"+str(i)]) read, write, modify = "FALSE", "FALSE", "FALSE" try: data["read_permission_"+str(i)] read = "TRUE" except Exception as e: read = "FALSE" pass try: data["write_permission_"+str(i)] write = "TRUE" except Exception as e: write = "FALSE" pass try: data["modify_permission_"+str(i)] modify = "TRUE" except Exception as e: modify = "FALSE" pass models.project.set_projects_user(str(projectid), str(userid), read, write, modify) raise web.seeother('/?projects=my')
def POST(self): """ Log in to the web application and register the session :return: The login page showing other users if logged in """ session = web.ctx.session nav = get_nav_bar(session) data = web.input(username="", password="", remember=False) inp = web.input() if not ('csrf_token' in inp and inp.csrf_token == session.pop('csrf_token', None)): raise web.badrequest() # Validate login credential with database query user_exists = models.user.check_user_exists(data.username) print("USEREXIST: {}".format(user_exists)) if not user_exists: # Lockout if too many failed attempts if not (write_to_logins(str(web.ctx['ip']))): return render.login( nav, login_form, "- Too many login attempts in short amount of time") log("LOGIN", web.ctx['ip'], [('Username', data.username), ("Response: ", "Login failed, user does not exist")]) session.csrf_token = uuid4().hex return render.login(nav, login_form, "- User authentication failed", session.csrf_token) user = None stored_password = models.user.get_password_by_user_name(data.username) if (verify_password(stored_password, data.password)): user = models.user.match_user(data.username, stored_password) userid = get_user_id_by_name(data.username) session.unauth_username = data.username session.unauth_userid = userid session.unauth_remember = 1 if data.remember else 0 user = get_user(session.unauth_userid) email = user[0][5] qr_verification_key = get_key(session.unauth_username) if qr_verification_key != None: url = generate_url("beelance", email, qr_verification_key) session.auth_url = url user_is_verified = models.user.check_if_user_is_verified_by_username( data.username) # If there is a matching user/password in the database the user is logged in if user: if not user_is_verified: session.csrf_token = uuid4().hex # Lockout if failed attempts if not (write_to_logins(str(web.ctx['ip']))): return render.login( nav, login_form, "- Too many login attempts in short amount of time", session.csrf_token) log("LOGIN", web.ctx['ip'], [('Username', data.username), ("Password", stored_password), ("Response: ", "Login failed, User not verified")]) return render.login(nav, login_form, "- User not verified", session.csrf_token) if qr_verification_key == None: # Lockout if failed attempts session.csrf_token = uuid4().hex if not (write_to_logins(str(web.ctx['ip']))): return render.login( nav, login_form, "- Too many login attempts in short amount of time", session.csrf_token) log("LOGIN", web.ctx['ip'], [ ('Username', data.username), ("Password", stored_password), ("Response: ", "Login failed, docker might have restarted") ]) return render.login( nav, login_form, "- User authentication failed. This might be because docker demon has restarted", session.csrf_token) else: log("LOGIN", web.ctx['ip'], [('Username', data.username), ("Password", stored_password), ("Response: ", "Login accepted, forwarded to two factor auth")]) raise web.seeother("/qr_verify") else: log("LOGIN", web.ctx['ip'], [('Username', data.username), ("Password", stored_password), ("Response: ", "Login failed, username/password mismatch")]) session.csrf_token = uuid4().hex # Lockout if failed attempts if not (write_to_logins(str(web.ctx['ip']))): return render.login( nav, login_form, "- Too many login attempts in short amount of time", session.csrf_token) return render.login(nav, login_form, "- User authentication failed", session.csrf_token)
def POST(self): """ Post an application to the view, adding selected users to a project """ data = web.input(projectid=0, add_user=None, remove_user=None, apply=None) session = web.ctx.session nav = get_nav_bar(session) inp = web.input() if not ('csrf_token' in inp and inp.csrf_token == session.pop('csrf_token', None)): raise web.badrequest # Assemble form applicants = [session.username] apply_form = get_apply_form() apply_permission_form = get_apply_permissions_form() # Prepare globals render = web.template.render('templates/', globals={ "get_apply_permissions_form": get_apply_permissions_form, 'session': session }) if data.projectid: project = models.project.get_project_by_id(data.projectid) if data.add_user: session.csrf_token = uuid4().hex applicants, permissions = self.get_applicants(data, "add_user") if (applicants, permissions) == (None, None): applicants = [[session.userid, session.username]] permissions = [["TRUE", "TRUE", "TRUE"]] return render.apply(nav, apply_form, get_apply_permissions_form, project, applicants, permissions, "Invalid: user does not exist", session.csrf_token) elif data.remove_user: applicants, permissions = self.get_applicants( data, "remove_user") return render.apply(nav, apply_form, get_apply_permissions_form, project, applicants, permissions, "", session.csrf_token) else: return render.apply(nav, apply_form, get_apply_permissions_form, project, applicants, permissions, "", session.csrf_token) # Set users as working on project and set project status in progress elif data.apply: applicants, permissions = self.get_applicants(data, "") for applicant, permission in zip(applicants, permissions): models.project.set_projects_user(data.projectid, str(applicant[0]), permission[0], permission[1], permission[2]) models.project.update_project_status(data.projectid, "in progress") raise web.seeother( ('/project?projectid=' + str(data.projectid)))
def POST(self): """ Handle input data and register new user in database :return: Main page """ session = web.ctx.session nav = get_nav_bar(session) inp = web.input() if not ('csrf_token' in inp and inp.csrf_token == session.pop('csrf_token', None)): raise web.badrequest if not session.has_key('csrf_token'): from uuid import uuid4 session.csrf_token = uuid4().hex data = web.input() register = register_form() if not register.validates(): return render.register(nav, register, "All fields must be valid.", session.csrf_token) # Check if user exists if models.user.check_user_exists(data.username): return render.register(nav, register, "Invalid user, already exists.", session.csrf_token) # Check if password is strong enough password_checked_if_valid = validate_password(data.password, [ data.username, data.full_name, data.company, data.email, data.street_address, data.city, data.state, data.country ]) password_feedback = password_checked_if_valid[1] add_to_secrets(data.username) if not password_checked_if_valid[0]: return render.register(nav, register, "Password: "******"Verification" message = "To confirm your registration, visit the link https://localhost:452/verify{}".format( verification_key) web.sendmail("*****@*****.**", data.email, topic, message) return render.register(nav, register_form, "User registered!", session.csrf_token)
def POST(self): """ Handle input data and change password in database :return: Main page """ session = web.ctx.session nav = get_nav_bar(session) data = web.input(old_password="", new_password="", comfirm_new_password="") change_password = change_password_form() # get current time current_time = time.time() # check each field is endered values. if not change_password.validates(): return render.change_password(nav, change_password, "All fields must be valid.") try: # log ip information ip_addr = web.ctx["ip"] accessed_path = web.ctx["fullpath"] #get user's salt and password with attempt try log_time_date = datetime.datetime.fromtimestamp( current_time).strftime('%Y-%m-%d %H:%M:%S') # return old password in database stored_password = models.user.get_user_hashed_password( session.username, ip_addr, accessed_path) #check data password exits if data.comfirm_new_password: # match with database # get salt value, type<str> salt = stored_password[:64] # password from database, type <str> password = stored_password[64:] # old password to validate is right or not hashed_old_password = hashed_value(data.old_password, salt) if password == hashed_old_password and data.new_password == data.comfirm_new_password: # get new slat value new_salt = generate_salt() hashed_new_password = hashed_value( data.comfirm_new_password, new_salt) new_password = (new_salt + hashed_new_password) #update new hased value to database #print(hashed_new_password, session.username) models.user.update_user_password(session.username, new_password, ip_addr, accessed_path) #print("updated password!") # after update, return to index raise web.seeother("/") # validate value for password elif password != data.hashed_old_password: return render.login(nav, change_password_form, "- Please check old password again!") # check the new password is same or not elif data.old_password == data.new_password: return render.login(nav, change_password_form, "- Same password") # other sictuation else: return render.login( nav, change_password_form, "- The new password and comfirm new password are not match!" ) else: return render.login(nav, change_password_form, "- Please provide password") #password_hash = hashlib.md5(b'TDT4237' + data.password.encode('utf-8')).hexdigest() except: return render.login(nav, change_password_form, "- Something went wrong!")