def __init__(self):
self.p1 = Protein(1, "p1", "P1", 1, -1)
self.p2 = Protein(2, "p2", "P2", 1, -1)
self.p3 = Protein(3, "p3", "P3", 2, -1)
self.p4 = Protein(4, "p4", "P4", 1, -1)
self.pg1 = ProteinGroup(1, "g1", [], {self.p1, self.p2})
self.pg2 = ProteinGroup(2, "g2", [], {self.p1, self.p3, self.p4})
self.pg3 = ProteinGroup(3, "g3", [self.pg1])
self.pg4 = ProteinGroup(4, "g4", [self.pg1, self.pg2, self.pg3])
self.ug1 = UserGroup(1, "all", {}, [(self.pg1, 0x01)])
self.ug2 = UserGroup(2, "jr", {self.ug1}, [])
self.ug3 = UserGroup(3, "ys", {self.ug1}, [(self.pg2, 0x06),
(self.pg3, 0x02)])
self.u1 = User(1, "jrenggli", "[email protected]", 42, {self.ug2})
self.u2 = User(2, "yschaerli", "[email protected]", 8282, {self.ug2, self.ug3})
def resetpass(token):
try:
email = timed_serializer.loads(token,
salt=conf.email_salt,
max_age=7200)
except Exception as e:
return "Could not parse token"
if not string_validator.is_valid_email(email):
return "Invalid email"
user = User(email=email)
if user.verify_token != token:
return "Invalid token"
if request.method == 'POST':
if request.form['password'] != request.form['password2']:
return render_template('signup.html',
sitekey=conf.recaptcha_sitekey,
server_error="Passwords do not match!")
else:
user.new_password(request.form['password'])
user.verify_token = ""
user.update()
return redirect("/login", code=302)
else:
if user.hash is not None:
return render_template('resetpass.html', user_token=token)
else:
return "Invalid token"
def register():
if request.method == 'POST':
request_json = request.get_json()
name = request_json.get('name')
email = request_json.get('email')
if User.query.filter_by(email=email).first():
return jsonify(
{'message': 'The email has already been registered'}), 401
password = request_json.get('password')
role = request_json.get('role')
company_code = request_json.get('company_code')
user_public_id = str(uuid.uuid4())
user = User(user_public_id, name, email, role, company_code)
user.hash_password(password)
try:
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=user.email)
refresh_token = create_refresh_token(identity=user.email)
response_object = {}
response_object[
'message'] = 'Register of {} was Successful'.format(user.email)
response_object['access_token'] = access_token
response_object['refresh_token'] = refresh_token
return jsonify(response_object), 200
except:
return jsonify({'message': 'Something went wrong'}), 500
def register():
if request.method == 'GET':
return render_template('register.html')
else:
data = urllib.parse.unquote(request.data.decode('utf-8')).split('&')
data = [d.split('=')[1] for d in data]
username = data[0]
password = data[1]
if user.exists(username):
return "false"
else:
# Username is unique
# The account gets added to the database
u = User()
pw_hash, salt = user.hash_password(password)
u.username = username
u.password_hash = pw_hash
u.salt = salt
user.add(u)
return "true"
def add_user(cls, username: str, password: str, is_admin: bool) -> bool:
"""Add user to system"""
user = User()
user.username = username
user.password = cls.__password_encryption(password)
user.is_admin = is_admin
return user.save() == 1
def initiate_reset(self, data):
# Validate data
needed = ["email", "password"]
for item in needed:
if item not in data:
return False
if data["password"]: # Attempt to keep bots at bay
return False
# Find user
email = data["email"].lower()
cursor = self.__database.cursor()
# Send mail
for row in cursor.execute(self.__user_select + "WHERE email=?",
(email, )):
user = User(*row)
assert user
translator = user.get_dictionary()
timeout = int(translator.get("_reset_expiration_user_"))
(sid, expires) = self.__create_session(exp_minutes=timeout)
cursor.execute(self.__session_insert,
(sid, email, self.SESSION_RESET, expires))
logging.debug("Initiate reset for " + email)
mail = Email(user.get_email(), translator, "_reset_subject_")
variables = {"__reset_link": sid, "__name": user.get_name()}
mail.load_body("reset", variables)
mail.run()
self.__database.commit()
return True
logging.debug("Reset failed")
return False
def post(self, payload):
"""Create a new user. Only authenticating user can post
User ID is defined by the verified subject in the access token
"""
logger.info(f"POST request to create user "
f"{payload['sub']} from {request.remote_addr}")
message = ""
try:
user = User(**api.payload)
user.id = payload['sub']
api.payload['id'] = payload['sub']
user.insert()
code = 201
except ValueError as e:
code = 422
message = str(e)
except IntegrityError:
code = 422
message = "Cannot add to existing user. " \
"Use Patch request instead"
except Exception as e:
logger.debug(e)
code = 400
message = "The request data format is not valid"
if code != 201:
abort(code, message)
return api.payload, 201
def callback():
# Get authorization code Google sent back to you
code = request.args.get("code")
# Find out what URL to hit to get tokens that allow you to ask for things on behalf of a user
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
# Prepare and send a request to get tokens
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
# Parse the tokens
client.parse_request_body_response(json.dumps(token_response.json()))
# Now that you have tokens let's find and hit the URL
# from Google that gives you the user's profile information,
# including their Google profile image and email
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
# You want to make sure their email is verified.
# The user authenticated with Google, authorized your
# app, and now you've verified their email through Google!
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
picture = userinfo_response.json()["picture"]
users_name = userinfo_response.json()["given_name"]
else:
return "User email not available or not verified by Google.", 400
# Create a user in your db with the information provided by Google
user = User(id_=unique_id,
name=users_name,
email=users_email,
profile_pic=picture)
# Doesn't exist? Add it to the database.
if not User.get(unique_id):
User.create(unique_id, users_name, users_email, picture)
new_user = True
return new_user
# Begin user session by logging the user in
login_user(user, remember=True, duration=timedelta(days=30))
# Send user back to homepage
return redirect(url_for("home"))
def insert_user(username, state):
session = Session()
user = User(username, state)
res = session.query(User).filter(User.name == username).all()
if len(res) < 1:
session.add(user)
session.commit()
session.close()
else:
print('User already exists')
def user_rules():
if not session.get('logged_in'):
return jsonify({"status": False})
user = User(session['user_email'])
resp = {}
resp['rules'] = rules.fill_rules(user.get_rules())
resp['days'] = user.get_days()
return jsonify(resp)
def last_report():
if not session.get('logged_in'):
return redirect("/login", code=302)
user = User(email=session['user_email'])
if user:
return render_template('last_report.html',
last_scored_reports=user.last_scored_list,
last_unscored_reports=user.last_unscored_list)
else:
return "ERROR: User not found!"
def forgot():
if request.method == 'POST':
if not string_validator.is_valid_email(request.form['email']):
return render_template('forgot.html',
sitekey=conf.recaptcha_sitekey,
server_error="Invalid email address")
else:
# Captcha
if conf.recaptcha_sitekey and conf.recaptcha_secret:
captcha_response = request.form['g-recaptcha-response']
captcha_verify = requests.post(
'https://www.google.com/recaptcha/api/siteverify',
data={
'secret': conf.recaptcha_secret,
'response': captcha_response
})
captcha_verify_json = json.loads(captcha_verify.text)
if captcha_verify_json['success'] is False:
return render_template('forgot.html',
sitekey=conf.recaptcha_sitekey,
server_error="Captcha failure")
user = User(email=request.form['email'])
if user.hash is None:
return render_template('forgot.html',
sitekey=conf.recaptcha_sitekey,
server_error="Account not found")
verify_token = timed_serializer.dumps(user.email,
salt=conf.email_salt)
url = conf.domain + "/resetpass/" + verify_token
user.verify_token = verify_token
user.update()
render_map = {
"url": url,
}
send_email("forget_email.html", "VulnFeed Password Reset",
render_map, user.email)
return render_template(
'forgot.html',
sitekey=conf.recaptcha_sitekey,
success_message=
"A password recover email has been sent to your email address")
else:
return render_template('forgot.html', sitekey=conf.recaptcha_sitekey)
def test_eq(self):
""" Equals method
"""
web1 = Web("test")
web2 = Web("test")
web3 = Web("na")
user = User("test")
self.assertEqual(web1, web2)
self.assertNotEqual(web1, web3)
self.assertNotEqual(web1, user)
self.assertNotEqual(web1, None)
async def register(self, ctx):
if ctx.channel.id == self.channel_id:
try:
user = User.objects(name=str(ctx.author)).get()
response = f'{user.name} of level {user.level} exists!!'
await ctx.channel.send(response)
except DoesNotExist:
user = User(name=str(ctx.author), level=1)
user.save()
response = f'{user.name} created with level {user.level}. Have fun!!'
await ctx.channel.send(response)
def update_user_rules():
if not session.get('logged_in'):
return jsonify({"status": False})
user = User(session['user_email'])
# try:
new_config = request.get_json()
user.set_rules(new_config['rules'])
user.set_days(new_config['days'])
user.update()
return jsonify({"status": True})
def register():
form = RegisterForm()
if request.method == 'POST':
print(config.database_uri())
for u in User.query.all():
print(u.username)
password = randomStringwithDigits()
new_user = User(username=form.email.data,
email=form.email.data,
password=generate_password_hash(password,
method='sha256'))
try:
db.session.add(new_user)
db.session.commit()
mail_to = form.email.data
mail_from = config.mail_from()
content = render_template('mail/register.html',
username=form.email.data,
password=password)
message = create_mail(mail_to, mail_from, content)
try:
sg = SendGridAPIClient(config.mail_sengrid_api_key())
response = sg.send(message)
except Exception as e:
print(e.message)
return render_template(
"main.html",
form=form,
error='User created but message can not be sent',
ezeeai_url=config.ezeeai_url())
return render_template("finish.html",
mail=form.email.data,
ezeeai_url=config.ezeeai_url())
except IntegrityError:
return render_template(
"main.html",
form=form,
error='Email is already used. Check your inbox. ',
ezeeai_url=config.ezeeai_url())
except Exception:
print(e.message)
return render_template("main.html",
form=form,
error='User not created. Please try again',
ezeeai_url=config.ezeeai_url())
return render_template("finish.html",
mail=None,
ezeeai_url=config.ezeeai_url())
def create_user(user_id: int, username: str, language: str,
chat_id: str) -> User:
user = User(telegram_id=str(user_id),
username=username,
language=language,
chat_id=chat_id)
try:
user.save()
except:
print("error in create user")
return user
def update_status(username, state):
session = Session()
res = session.query(User).filter(User.name == username).all()
if len(res) < 1:
user = User(username, state)
session.add(user)
session.commit()
session.close()
if len(res) == 1:
user = session.query(User).filter(User.name == username).first()
user.state = state
session.commit()
session.close()
async def create_user(user_signup: UserSignup):
print("SIGNING UP")
email = user_signup.email
try:
usr = User.objects.get({'_id': email})
if usr:
raise HTTPException(status_code=400, detail="email already in use")
except DBerrors.DoesNotExist:
# hash password
user_signup.password = pwd_context.hash(user_signup.password)
# save new user
User(email=user_signup.email, name=user_signup.name, password=user_signup.password).save()
return "user created"
def login():
if request.method == 'POST':
if address_failed_login(request.remote_addr):
return render_template(
'login.html',
server_error=
"You have exceeded the number of fail logins. Try again later")
user_email = request.form['email']
if not string_validator.is_valid_email(user_email):
session['logged_in'] = False
session['user_email'] = ""
message = "Incorrect user/password"
message = ""
user = User(email=user_email)
if user.login(request.form['password']) and user.is_confirmed():
session['logged_in'] = True
session['user_email'] = user_email
clear_failed_login(request.remote_addr)
session['csrftoken'] = serializer.dumps(binascii.hexlify(
os.urandom(128)).decode('utf-8'),
salt=conf.email_salt)
if user.feed_id is None:
user.generate_feed_id()
user.update()
return redirect("/", code=302)
# User doesn't exist
elif user.hash == None:
session['logged_in'] = False
session['user_email'] = ""
message = "Incorrect user/password"
# User is not confirmed
elif not user.is_confirmed():
session['logged_in'] = False
session['user_email'] = ""
message = "You have not verified your email address"
else:
session['logged_in'] = False
session['user_email'] = ""
message = "Incorrect user/password"
return render_template('login.html', server_error=message)
else:
return render_template('login.html')
def login():
if request.method == 'POST':
message = ""
user = User(request.form['email'])
if user.login(request.form['password']):
session['logged_in'] = True
session['user_email'] = request.form['email']
return redirect("/", code=302)
else:
session['logged_in'] = False
session['user_email'] = ""
message = "Incorrect user/password"
return render_template('login.html', server_error=message)
else:
return render_template('login.html')
def register():
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username = request.json.get('username', None)
password = request.json.get('password', None)
if not username:
return jsonify({"msg": "Missing username parameter"}), 400
if not password:
return jsonify({"msg": "Missing password parameter"}), 400
with orm.db_session():
hashed_passwd = hash_password(username, password)
User(username=username, password=hashed_passwd)
orm.commit()
return jsonify(result="User registered"), 200
def find_user(self, data):
# Validate data
needed = ["email", "password", "password_bis"]
for item in needed:
if item not in data:
return None, None
if data["password_bis"]: # Attempt to keep bots at bay
return None, None
email = data["email"].lower()
password = data["password"]
cursor = self.__database.cursor()
# Verify the registration was activated
for _ in cursor.execute(
self.__session_select + "WHERE email = ? AND state = ?",
(email, self.SESSION_REGISTER)):
logging.warning("Not activated yet")
return None, None
#find id + salt
for info_row in cursor.execute(
"SELECT rid, salt FROM Users \
WHERE email = ?", (email, )):
(pwd_salt, pwd_hash) = self.__hash(info_row[1], password)
for row in cursor.execute(
self.__user_select + "WHERE rid = ? AND password = ?",
(info_row[0], pwd_hash)):
user = User(*row)
# Remove all existing sessions of this user
cursor.execute("DELETE FROM Sessions WHERE email = ?",
(email, ))
# Create a new session
(sid, expires) = self.__create_session(7)
cursor.execute(self.__session_insert,
(sid, email, self.SESSION_STANDARD, expires))
self.__database.commit()
return user, Cookie("session", "{1}".format(email, sid),
expires)
return None, None
def register():
body = request.get_json()
errors = register_schema.validate(body)
if errors:
return jsonify({'error': errors}), 400
user = User(**body)
user.hash_password()
user.email_verification_token = random_str()
# Create default project for user
# INSERT INTO project (name) VALUES (%s)
# INSERT INTO user (...) VALUES ()
# INSERT INTO user_project (user_id, project_id, `role`) VALUES (%s, %s, %s)
project = Project(name='First project')
user_project = UserProject(user=user, project=project, role=UserProjectRole.ADMIN)
project.user_project.append(user_project)
db.session.add(user)
db.session.commit()
welcome_email(user)
return jsonify(user_schema.dump(user)), 201
def find_session(self, cookie):
if cookie.name().lower() == "session":
sid = cookie.value()
cursor = self.__database.cursor()
for s_row in cursor.execute(
self.__session_select + "WHERE eid=? AND state=?",
(sid, self.SESSION_STANDARD)):
# Verify expiration
(expires, state, email) = self.__load_session(s_row)
if expires < datetime.now():
cursor.execute("DELETE FROM Sessions WHERE eid = ?",
(sid, ))
self.__database.commit()
return None
for row in cursor.execute(
self.__user_select + "WHERE email = ?", (s_row[2], )):
return User(*row)
return None
def profile():
if not session.get('logged_in'):
return redirect("/login", code=302)
user = User(email=session['user_email'])
raw_data = json.dumps(user.get_minimized_raw(),
indent=4,
separators=(',', ': '))
user_rules = rules.get_rules(user=user.id)
return render_template(
'profile.html',
email=user.email,
last_status=user.last_status,
rule_count=len(user.get_rules()),
last_sent=user.get_last_run_date().strftime('%m/%d/%Y'),
my_rules=user_rules,
raw_profile=raw_data,
feed_id=user.feed_id)
def verify(token):
try:
email = timed_serializer.loads(token,
salt=conf.email_salt,
max_age=86400)
except Exception as e:
return "Could not parse token"
if not string_validator.is_valid_email(email):
return "Invalid email"
user = User(email=email)
if user.hash is not None and user.verify_token == token:
user.set_confirmed()
user.verify_token = ""
user.update()
return render_template(
'success_to_login.html',
message="Your address has been verified. You can now login!")
else:
return "Invalid token"
def update_user_rules():
if not session.get('logged_in'):
return jsonify({"status": False})
user = User(email=session['user_email'])
try:
new_config = request.get_json()
user.set_rules(new_config['rules'])
user.set_days(new_config['days'])
try:
serializer.loads(new_config['csrftoken'], salt=conf.email_salt)
except Exception as e:
return "Could not parse CSRF token"
if new_config['csrftoken'] != session['csrftoken']:
return jsonify({"status": True})
user.update()
return jsonify({"status": True})
except Exception as e:
print(e)
return jsonify({"status": False})
def login():
if address_failed_login(request.remote_addr):
return render_template(
'login.html',
server_error=
"You have exceeded the number of fail logins. Try again later")
if request.method == 'POST':
message = ""
user = User(request.form['email'])
if user.login(request.form['password']):
session['logged_in'] = True
session['user_email'] = request.form['email']
clear_failed_login(request.remote_addr)
return redirect("/", code=302)
else:
session['logged_in'] = False
session['user_email'] = ""
message = "Incorrect user/password"
return render_template('login.html', server_error=message)
else:
return render_template('login.html')
def delete():
if not session.get('logged_in'):
return redirect("/login", code=302)
user = User(email=session['user_email'])
if request.method == 'POST':
if 'delete_token' in request.form:
try:
serializer.loads(request.form['delete_token'],
salt=conf.email_salt)
except Exception as e:
return "Could not parse token"
if request.form['delete_token'] == session['csrftoken']:
user.delete()
del user
return redirect("/logout", code=302)
else:
return "Nope"
else:
return render_template('delete.html',
delete_token=session['csrftoken'])
