Esempio n. 1
0
def register():	
	if request.method == "POST":

		print "REGISTRATION"

		expire_date = datetime.now()
		expire_date = expire_date + timedelta(days=0, seconds=config.MAX_LIFE)
		
		username = request.form["username"]
		hashed_password = request.form["password"]
		
		cur_timestamp = datetime.now()
		cur_timestamp = str(cur_timestamp)
		cookie = hashlib.sha512(app.secret_key + username + cur_timestamp).hexdigest()

		db = DbController()
		if db.add_user(username, hashed_password, cookie, cur_timestamp):
			response = make_response(json.dumps({'success' : True, 'cookie' : cookie, 'time_stamp': cur_timestamp, 'expire_date': str(expire_date)}), status.HTTP_200_OK)
			
			cookie_data = {"username": username, "user_cookie": cookie, "time_stamp": cur_timestamp}
			response.set_cookie("cookie_data", value=json.dumps(cookie_data), expires=expire_date, max_age=config.MAX_LIFE)
			return response
		else:
			response = make_response(json.dumps({'success' : False, 'error' : 'Username Is Already In Use.'}), status.HTTP_200_OK)
			return response
Esempio n. 2
0
 def deleteById(self, id):
     try:
         db = DbController()
         query = "DELETE FROM tbl_orders where id = %s"
         db.execute(query, [id])
     except Exception as e:
         raise e
Esempio n. 3
0
def login():
	if request.method == "POST":
		db = DbController()
		expire_date = datetime.now()
		expire_date = expire_date + timedelta(days=0, seconds=config.MAX_LIFE)
		username = request.form["username"]
		hashed_password = request.form["password"]


		print username
		print hashed_password

		if db.verify_user(username, hashed_password):
			cur_timestamp = datetime.now()
			cur_timestamp = str(cur_timestamp)
			cookie = hashlib.sha512(app.secret_key + username + cur_timestamp).hexdigest()
			db.update_cookie(username, cookie, cur_timestamp)
			response = make_response(json.dumps({'success' : True, "cookie": cookie, 'time_stamp': cur_timestamp, 'expire_date': str(expire_date)}), status.HTTP_200_OK)
			
			cookie_data = {"username": username, "user_cookie": cookie, "time_stamp": cur_timestamp}
			response.set_cookie("cookie_data", value=json.dumps(cookie_data), expires=expire_date, max_age=config.MAX_LIFE)
			return response
		else :
			response = make_response(json.dumps({'success' : False, 'error' : 'Incorrect Password'}), status.HTTP_200_OK)
			return response
Esempio n. 4
0
def login():
	if request.method == "POST":
		db = DbController()
		expire_date = datetime.datetime.now()
		expire_date = expire_date + datetime.timedelta(days=config.MAX_LIFE)
		username = request.form["username"]
		hashed_password = request.form["password"]
		hashed_password_1 = app.secret_key
		private_key = request.files["private_key"]
		private_key_data = private_key.stream.read()
		public_key_data = db.get_user_public_key(username)

		private_key = RSA.importKey(open('resources/private.pem', 'r').read())
		public_key = RSA.importKey(open('resources/public.pem', 'r').read())

		crypt = private_key.decrypt(hashed_password_1)
		decrypt = public_key.encrypt(crypt, None)

		if db.verify_user(username, hashed_password):
			cur_timestamp = datetime.datetime.now()
			cookie = hashlib.sha512(app.secret_key + username + hashed_password + str(cur_timestamp)).hexdigest()
			response = make_response(redirect("/home"))
			response.set_cookie("username", value=cookie, expires=expire_date)
			return response, json.dumps({'success' : True})
		else :
			response = make_response(redirect(""))
			if not db.is_username_available(username):
				return response, json.dumps({'success' : False, 'error' : 'Unknown User'})
			else:
				return response, json.dumps({'success' : False, 'error' : 'Incorrect Password'})
Esempio n. 5
0
 def findByCustomerId(self, customer_id):
     try:
         db = DbController()
         query = "SELECT * FROM tbl_orders where customer_id = %s"
         return db.executeSelect(query, [customer_id])
     except Exception as e:
         raise e
Esempio n. 6
0
def welcome():
	if request.method == "GET":
		db = DbController()
		db.create_user_table()
		print request.cookies
		if request.cookies.get("username"):
			return redirect("/home")
		return render_template("/html/index.html")
Esempio n. 7
0
 def test_execute(self):
     """
     Test db execute
     """
     dbObject = DbController()
     cfg = dbConfig()
     query = 'SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = %s'
     value = dbObject.execute(query, [cfg["db"]])
     self.assertEqual(dbObject.rowCount, 1)
Esempio n. 8
0
 def save(self):
     try:
         db = DbController()
         query = "INSERT INTO tbl_orders (id, customer_id, order_id, order_item_id, num_items, revenue, created_at_date) VALUES (NULL, %s, %s, %s, %s, %s, %s)"
         data = (self.customer_id, self.order_id, self.order_item_id,
                 self.num_items, self.revenue, self.created_at_date)
         db.execute(query, data)
         self.id = db.lastInsertedId
     except Exception as e:
         raise e
Esempio n. 9
0
def logout():
    if request.method == "POST":
        db = DbController()
        username = request.form["username"]
        user_cookie = request.form["user_cookie"]
        time_stamp = request.form["time_stamp"]
        db.update_cookie(username, "", time_stamp)
        response = make_response(json.dumps({'success': True}),
                                 status.HTTP_200_OK)
        response.set_cookie("cookie_data", expires=0)
        return response
Esempio n. 10
0
 def setUp(self):
     """
     Clean tbl_orders 
     """  
     db = DbController()
     query = "DELETE FROM tbl_orders"
     db.execute(query)
     """
     create object
     """      
     self.customer_id = "37d67f5feef4cb754056a54841e43ad9"
     self.order_id = 4662083 
     self.order_item_id = 21257304
     self.num_items = 1
     self.revenue = 24.79
     self.created_at_date = "2017-09-01"
     self.orderObject = Order(self.customer_id,self.order_id,self.order_item_id,self.num_items,self.revenue,self.created_at_date)
Esempio n. 11
0
 def test_constructor(self):
     """
     Test db controller
     """
     dbObject = DbController()
     cfg = dbConfig()
     self.assertEqual(dbObject.host, cfg["host"])
     self.assertEqual(dbObject.user, cfg["user"])
     self.assertEqual(dbObject.passwd, cfg["passwd"])
     self.assertEqual(dbObject.db, cfg["db"])
Esempio n. 12
0
def register():	
	if request.method == "POST":
		expire_date = datetime.datetime.now()
		expire_date = expire_date + datetime.timedelta(days=config.MAX_LIFE)
		username = request.form["username"]
		hashed_password = request.form["password"]
		public_key = request.files["public_key"]
		public_key_data = public_key.stream.read().decode('utf-8').strip()

		cur_timestamp = datetime.datetime.now()
		cookie = hashlib.sha512(app.secret_key + username + hashed_password + str(cur_timestamp)).hexdigest()

		db = DbController()
		if db.add_user(username, hashed_password, cookie, public_key_data):
			response = make_response(redirect("/home"))
			response.set_cookie("username", value=cookie, expires=expire_date)
			return response, json.dumps({'success' : True})
		else :
			response = make_response(redirect(""))
			return response, json.dumps({'success' : False, 'error' : 'Username Is Already In Use.'})
Esempio n. 13
0
def validate_cookie(username, user_cookie, time_stamp):
	db = DbController()
	stored_user_cookie = db.get_cookie(username)
	if stored_user_cookie is not None:
		stored_time_stamp = stored_user_cookie['time_stamp']
		stored_user_cookie = stored_user_cookie['cookie']
	else:
		return False

	cur_timestamp = datetime.now()
	time_stamp = datetime.strptime(time_stamp, "%Y-%m-%d %H:%M:%S.%f")
	expire_date = time_stamp + timedelta(days=0, seconds=config.MAX_LIFE)

	if expire_date < cur_timestamp:
		return False

	validating_cookie = hashlib.sha512(app.secret_key + username + str(time_stamp)).hexdigest()

	if (str(stored_user_cookie) == str(user_cookie)) and (str(stored_user_cookie) == validating_cookie):
		return True
	return False
Esempio n. 14
0
def logout():
	if request.method == "GET":
		db = DbController()
		response = make_response(redirect("/"))
		response.set_cookie("cookie_data", expires=0)
		return response
Esempio n. 15
0
		print hashed_password

		if db.verify_user(username, hashed_password):
			cur_timestamp = datetime.now()
			cur_timestamp = str(cur_timestamp)
			cookie = hashlib.sha512(app.secret_key + username + cur_timestamp).hexdigest()
			db.update_cookie(username, cookie, cur_timestamp)
			response = make_response(json.dumps({'success' : True, "cookie": cookie, 'time_stamp': cur_timestamp, 'expire_date': str(expire_date)}), status.HTTP_200_OK)
			
			cookie_data = {"username": username, "user_cookie": cookie, "time_stamp": cur_timestamp}
			response.set_cookie("cookie_data", value=json.dumps(cookie_data), expires=expire_date, max_age=config.MAX_LIFE)
			return response
		else :
			response = make_response(json.dumps({'success' : False, 'error' : 'Incorrect Password'}), status.HTTP_200_OK)
			return response


@app.route("/logout", methods=["GET"])
def logout():
	if request.method == "GET":
		db = DbController()
		response = make_response(redirect("/"))
		response.set_cookie("cookie_data", expires=0)
		return response

if __name__ == "__main__":
	db = DbController()
	db.create_user_table()
	db.create_nonce_table()
	app.run(config.SERVER_HOST, config.SERVER_PORT)
Esempio n. 16
0
def login():
    if request.method == "POST":
        db = DbController()
        expire_date = datetime.now()
        expire_date = expire_date + timedelta(days=0, seconds=config.MAX_LIFE)
        username = request.form["username"]
        encrypted_login_message = request.form["password"]

        encrypted_login_message = base64.b64decode(encrypted_login_message)

        if not db.is_username_available(username):
            response = make_response(
                json.dumps({
                    'success': False,
                    'error': 'Unknown User'
                }), status.HTTP_200_OK)
            return response
        else:
            public_key = db.get_user_public_key(username)
            public_key = public_key.encode('ascii', 'ignore')
            public_key = RSA.importKey(public_key)
            encrypted_login_message = public_key.encrypt(
                encrypted_login_message, None)
            encrypted_login_message = encrypted_login_message[0]
            encrypted_login_message = json.loads(encrypted_login_message)

            encrypted_hashed_password_with_nonce = encrypted_login_message[
                "encrypted_hashed_password"]
            nonce = encrypted_login_message["nonce"]

            if db.verify_nonce(nonce):
                response = make_response(
                    json.dumps({
                        'success': False,
                        'error': 'No Nonce Found. Try Again.'
                    }), status.HTTP_200_OK)
                return response

            if db.verify_user(username, encrypted_hashed_password_with_nonce,
                              nonce):
                cur_timestamp = datetime.now()
                cur_timestamp = str(cur_timestamp)
                cookie = hashlib.sha512(app.secret_key + username +
                                        cur_timestamp).hexdigest()
                db.update_cookie(username, cookie, cur_timestamp)
                response = make_response(
                    json.dumps({
                        'success': True,
                        "cookie": cookie,
                        'time_stamp': cur_timestamp,
                        'expire_date': str(expire_date)
                    }), status.HTTP_200_OK)

                random.seed(random.randint(1, sys.maxint))
                nonce = random.randint(1, sys.maxint)

                while not db.verify_nonce(nonce):
                    nonce = random.randint(1, sys.maxint)
                db.add_nonce(nonce)

                cookie_data = {
                    "username": username,
                    "user_cookie": cookie,
                    "time_stamp": cur_timestamp
                }
                response.set_cookie("cookie_data",
                                    value=json.dumps(cookie_data),
                                    expires=expire_date,
                                    max_age=config.MAX_LIFE)
                response.set_cookie("nonce", value=str(nonce))
                return response
            else:
                response = make_response(
                    json.dumps({
                        'success': False,
                        'error': 'Incorrect Password'
                    }), status.HTTP_200_OK)
                return response