Esempio n. 1
0
def edit_user_password(username):
    # Updates password of a user on non PubCookie setups.
    message = None
    errors = []
    if session['user_auth_level'] >= 10000 or session['user_username'] == username: #  administrator access
        log_access('users/password')
        if request.method == 'POST':
            log_access('users/password', 'posted form')
            user_id = request.form['user_id']
            current_pw = request.form['cur_password'] if 'cur_password' in request.form else ''
            new_pw = request.form['new_password']
            again_pw = request.form['again_password']
            user = model.get_user(user_id)
            current_hash_pw = auth.hash_password(current_pw)
            if session['user_auth_level'] >= 10000 and session['user_id'] != user_id:
                current_hash_pw = user['password']

            if not user['password'] == current_hash_pw:
                errors.append("Current Password is incorrect")
            elif new_pw == '':
                errors.append("New password is empty")
            elif not new_pw == again_pw:
                errors.append("Passwords don't match")
            else:
                model.set_password(user_id, auth.hash_password(new_pw))
                message = "Saved."

        form=model.get_user_by_username(username)
        return render_template('user_edit_password.html',
                               form=form,
                               errors=errors,
                               message=message)
    else:
        log_access('users/password', 'access_denied changing password for: ' + username)
        return redirect(url_for('access_denied'))
Esempio n. 2
0
 def POST(self):
     user_id =  web.input().user_id
     pwd = web.input().pwd
     ident = model.get_user(user_id)
     '''
     try:
         if hashlib.sha1("sAlT754-"+passwd).hexdigest() == ident['pass']:
             session.login = 1
             session.privilege = ident['privilege']
             render = create_render(session.privilege)
             return render.login_ok()
         else:
             session.login = 0
             session.privilege = 0
             render = create_render(session.privilege)
             return render.login_error()
     except:
         session.login = 0
         session.privilege = 0
         render = create_render(session.privilege)
         return render.login_error()
         '''
     try:
         if pwd == ident['pwd']:
             session.user_id = user_id
             raise web.seeother('/user')
         else:
             return render.error_page('Wrong password!')
     except:
         return render.error_page("User not found!")
Esempio n. 3
0
    def POST(self):
        msg = None
        i = web.input()
        uid = i.get('userid')
        pwd = i.get('password')
        
        user_iter=model.get_user(uid,pwd)
        user = list(user_iter)
        user_info = web.ctx.session.userinfo
        if user:
            user_info['Name'] = user[0].username
            user_info['ID'] = uid
            user_info['Contact'] = user[0].contactname
            user_info['UnitAddr'] = user[0].unitaddress
            user_info['Tel'] = user[0].tel

            redirect_url = web.ctx.session.redirecturl
            #print next_page
            web.ctx.session.logged_in = True
            web.setcookie('backstep',-2,3600)
            if redirect_url:
                return web.seeother(redirect_url)
            else: #default
                return web.seeother('/member')
        else:
            msg="用户名或密码不正确"
            web.setcookie('login_id',uid,3600)
            return render.login()
Esempio n. 4
0
    def POST(self):
        if session.user.name == "Anonymous":
            raise web.seeother("/dashboard/login")

        function = web.input(function=None).function

        if function == "setpw":
            inp = web.input(password=None, password1=None, password2=None)
            current = model.get_user(name=session.user.name, password=inp.password)
            if not current:
                flash("error", "Current password incorrect")
            elif inp.password1 != inp.password2:
                flash("error", "New passwords don't match")
            else:
                model.set_user_password(session.user.name, inp.password1)
                flash("success", "Password changed")

        if function == "setmailmode":
            inp = web.input(mailmode=None)
            if inp.mailmode in ["none", "daily", "all"]:
                # FIXME: argh at the DB and session not being as one...
                model.set_user_mailmode(session.user.name, inp.mailmode)
                session.user.mailmode = inp.mailmode
                flash("success", "Mail mode set to '%s'" % inp.mailmode)
            else:
                flash("error", "Invalid mail mode")

        raise web.seeother("/settings")
Esempio n. 5
0
 def GET(self, name=None):
     user = model.get_user(name=name)
     if user:
         pages = model.get_pages(item_user=user.name)
         comments_on = model.get_comments(session.user.name, item_user=user.name)
         comments_by = model.get_comments(session.user.name, user_name=user.name)
         return render.user(user.name, pages, comments_on, comments_by)
Esempio n. 6
0
    def POST(self):
        inp = web.input(close_after=False, item_host=None, item_path=None, item_name=None, content=None, item_user=None)

        model.new_comment(session.user.name, inp.item_host, inp.item_path, inp.item_name, inp.content, inp.item_user)

        page_owner = model.get_user(name=inp.item_user)
        if page_owner.mailmode == "all":
            web.sendmail(
                'Comment on This! <*****@*****.**>',
                page_owner.email,
                '[CoT] New comment on '+get_domain(inp.item_host),
                session.user.name+" posted a comment on "+inp.item_host+inp.item_path+"#"+inp.item_name+":"+
                "\n\n"+inp.content+
                "\n\n    -- The Comment on This Team"
            )

        if inp.close_after:
            return render.comment_thanks()
        else:
            raise web.seeother(
                "/comment"+
                "?item_host="+web.urlquote(inp.item_host)+
                "&item_path="+web.urlquote(inp.item_path)+
                "&item_name="+web.urlquote(inp.item_name)
            )
Esempio n. 7
0
    def GET(self, id):
	user = model.get_user(id)
        userdetails = {
            'address1'      : user.addr1,
	    'address2'      : user.addr2,
            'city'          : user.city,
            'country'       : user.country,
            'email'         : user.email,
            'first_names'   : user.firstname,
            'last_name'     : user.lastname,
            'login'         : user.login,
            'password'      : user.password,
            'phone'         : user.phone,
            'prefix'        : user.prefix,
            'state'         : user.state,
            'zip'           : user.zip
        }

        checkProxySetting()
        p = ProxyTransport()
        ## PUT IN YOUR PROXY HERE ##
        p.set_proxy('proxy.domain.com:8080')

        try:
        ## UNCOMMENT TO USE PROXY ##
          #server = xmlrpclib.Server(XMLRPC_SERVER, transport=p, verbose=1)
          
          server = xmlrpclib.Server(XMLRPC_SERVER, verbose=1)

        except xmlrpclib.ProtocolError, detail:
          print "\nError: There is a error with your url:\n\t%s" % detail
          sys.exit(-1)
Esempio n. 8
0
	def POST(self):
		# get the md5-password from database by username
		# compare with the two password.
		# if ok, generate the session.
		i = web.input(username='', password='')

		if i.username == '' or i.password == '':
			return render.admin.login('password or username should not be null.')

		#TODO to implement.
		user = model.get_user(i.username) 
		if not user: 
			return render.admin.login('no such user.')
		
		pwd = i.password + salt
		md5_pwd = md5.new(pwd).hexdigest()
		if md5_pwd != user.password:
			return render.admin.login('password incorrect.')

		web.ctx.session.loggedin = 1
		# TODO: should use a more readable var. 
		web.ctx.session.user_id = user.id
		web.ctx.session.username = user.name

		raise web.seeother('/admin')
Esempio n. 9
0
def create_user():
    data = request.get_json()
    new_username = data.get("newUsername")
    new_password = data.get("newPassword")
    confirmed_password = data.get("confirmedPassword")

    existing_user = model.get_user(new_username)
    if existing_user:
        msg = "User already exists"
    elif new_password == confirmed_password:
        msg = model.create_user(new_username, new_password)
        if model.get_user(new_username):
            pass 
    else:
        msg = "Passwords do not match"
    return msg
Esempio n. 10
0
def make_user(username, password):
    existing = model.get_user(username)
    if existing:
        print "Updating existing user"
        model.update_user(username, password)
    else:
        print "Creating new user"
        model.add_user(username, password)
Esempio n. 11
0
    def POST(self):
        inp = web.input(name=None, email=None, token=None)

        # creating a new user
        if inp.name and inp.email and inp.token:
            ex = model.get_user(name=inp.name)
            if ex:
                return render.janrain(inp.name, inp.email, inp.token, "Username taken")

            ex = model.get_user(email=inp.email)
            if ex:
                return render.janrain(inp.name, inp.email, inp.token, "Email already in use")

            model.new_user(inp.name, inp.email, token=inp.token)

            user = model.get_user(token=inp.token)
            session.user = User(user)
            raise web.seeother("/")

        # already got a user
        elif inp.token:
            data = urllib2.urlopen("https://rpxnow.com/api/v2/auth_info?apiKey=%s&token=%s" % (config.get("janrain", "apikey"), inp.token)).read()
            resp = json.loads(data)
            if resp['stat'] == "ok":
                prof = resp['profile']
                jid = prof['identifier']
                user = model.get_user(token=jid)
                user_mail = model.get_user(email=prof.get('email'), token='')
                if user:
                    # this janrain ID is in our system
                    model.set_user_meta_by_email(user.email, data)
                    session.user = User(user)
                    raise web.seeother("/")
                elif prof.get("email") and user_mail:
                    # they used a new account with known email
                    model.set_user_token_by_email(prof['email'], jid)
                    model.set_user_meta_by_email(prof['email'], data)
                    session.user = User(user_mail)
                    raise web.seeother("/")
                else:
                    return render.janrain(prof.get('preferredUsername', ''), prof.get('email', ''), jid)
            else:
                return "Error logging in"

        return "Missing token"
Esempio n. 12
0
    def POST(self):
        inp = web.input(name=None, email=None, password1=None, password2=None)

        if inp.password1 != inp.password2:
            return render.dashboard_new(error="Passwords don't match")

        if model.get_user(name=inp.name):
            return render.dashboard_new(error="Username taken")

        if model.get_user(email=inp.email):
            return render.dashboard_new(error="A user already has that address")

        model.new_user(inp.name, inp.email, inp.password1)
        session.user = User(model.get_user(name=inp.name, password=inp.password1))

        go_to = web.cookies().get("login-redirect", "/dashboard")
        web.setcookie("login-redirect", "", expires=-1)
        raise web.seeother(go_to)
Esempio n. 13
0
File: main.py Progetto: zs1621/papa
 def GET(self):
     receive = web.input();
     if receive:
         user = model.get_user(receive.p)
         data = simplejson.dumps(user.list())
         print len(user)
         return data
     else:
         return "error request"
Esempio n. 14
0
def list_tasks():
  db = model.connect_db()
  tasks_from_db = model.get_tasks(db, None)
  user_id_list = []
  for dictionary in tasks_from_db:
    user_id_list.append(dictionary["user_id"])
  for user_id in user_id_list:
    users_from_db = model.get_user(db, user_id)
  return render_template("list_tasks.html", tasks=tasks_from_db,users=users_from_db)
Esempio n. 15
0
def get_user_info():
    model.conn_db()
    id = request.args.get("id")
    user = model.get_user(id)
    posts = user.get_posts()
    comments = user.get_comments()
    votes = user.get_votes()

    html = render_template("user.html", user=user, posts=posts, comments=comments, votes=votes)
    return html
Esempio n. 16
0
File: app.py Progetto: smialy/ssrp
def authenticate():
    user = model.get_user(request.form['login'])
    if user:
        _M = request.form['m']
        srp = session.pop('srp', None)
        if srp:
            K, M = srp
            if _M == str(M):
                user.authenticated = True
                login_user(user)
                return jsonify(error=False);
    
    return jsonify(error=True, message="Incorect session");
Esempio n. 17
0
    def POST(self):
        inp = web.input(name=None, email=None)

        if not inp.name and not inp.email:
            return render.dashboard_reset(error="Missing name or email")

        user = model.get_user(name=inp.name) or model.get_user(email=inp.email)

        if not user or user.name == "Anonymous":
            return render.dashboard_login(error="No user with those details")

        pw = generate_password()
        model.set_user_password(user.name, pw)
        web.sendmail(
            'Comment on This! <*****@*****.**>',
            user.email,
            '[CoT] Password Reset',
            "Your new password is "+pw+
            "\n\nLog in at http://www.commentonthis.net/dashboard/login"+
            "\n\nSee you in a moment!"+
            "\n\n    -- The Comment on This Team"
        )

        return render.dashboard_reset_sent()
Esempio n. 18
0
def book_added_weblaunches(api_token):
    bookings = model._load_weblaunch_bookings()

    for chat_id, weblaunch_ids in bookings.iteritems():
        user = model.get_user(chat_id)
        beer_bot = BeerBot(user['username'], user['password'])

        start = beer_bot.get_weblaunch_start()
        if not start:
            return

        for weblaunch_id in weblaunch_ids:
            beer_bot.create_booking(weblaunch_id=int(weblaunch_id), quantity=1)

        model._save_weblaunch_bookings({})
Esempio n. 19
0
    def POST(self):
        inp = web.input(name=None, password=None, return_to="/dashboard")

        if not inp.name or not inp.password:
            return render.dashboard_login(inp.name, "Missing name or password")

        user = model.get_user(name=inp.name, password=inp.password)

        if not user:
            return render.dashboard_login(inp.name, "No user with those details")

        session.user = User(user)

        go_to = web.cookies().get("login-redirect", "/dashboard")
        web.setcookie("login-redirect", "", expires=-1)
        raise web.seeother(go_to)
Esempio n. 20
0
File: app.py Progetto: smialy/ssrp
def handshake():
    try:
        user = model.get_user(request.form['login'])
        if user:
            A = request.form['a']
            svr = ssrp.Server(user.login, user.salt, int(user.v), int(A));
            salt, B = svr.challenge()
            session['srp'] = (svr.K, svr.M)
            if salt is None or B is None:
                return jsonify(error=True, message="Authentication failed");
            return jsonify(error=False, salt=salt, b=str(B));
        return jsonify(error=True, message="Not found user");
    except:
        exceptionType, exceptionValue, exceptionTraceback = sys.exc_info()
        print(exceptionType, exceptionValue)
        traceback.print_tb(exceptionTraceback)
        return jsonify(error=True, message="Internal error");
Esempio n. 21
0
def process_login():
	"""Allow a user to login"""

	email2 = request.form.get('email')
	password2 = request.form.get('password')
	note = ""

	print "email and pass", email2, password2
	
	if email2:
		user = model.get_user(email2, password2)
		#if user is correctly identified in the system
		if user == True:
			session['email'] = email2
			note = "Welcome %s" %(email2)
		else: #bad password
			note = "Please make sure you correctly entered your email and password"

	return render_template("login.html")
Esempio n. 22
0
def login():
    auth = request.authorization
    username = auth.username
    password = auth.password
    password_correct = model.is_password_valid(username, password)

    result = {}

    if password_correct:
        user = model.get_user(username)
        user.is_active = True
        user.is_authenticated = True
        login_user(user)
        url = url_for("main_page")
        result["state"] = "succeeded"
        result["url"] = url
    else:
        result["state"] = "failed"

    return jsonify(result)
Esempio n. 23
0
 def POST(self):
     i=web.input()
     uname=i.uname
     password=i.password
     """Validate username and password"""
     userexists=model.if_user_exists(uname)
     if userexists:
        chk=model.get_user(uname)
        for pwd in chk:
            stored_hash = pwd.password
            print ""+stored_hash
        
        if bcrypt.hashpw(password,stored_hash) == stored_hash:
           session.loggedin=True
           session.username=uname
           raise web.seeother('/index')
        else:
           invalidpassword="******"container\"><h2 class=\"heading\">To Do List</h2><br><img src=\"http://cdn.mysitemyway.com/etc-mysitemyway/icons/legacy-previews/icons-256/blue-metallic-orbs-icons-business/078888-blue-metallic-orb-icon-business-thumbs-down.png\" style=\" height:100px; width:100px;\"></img><br><h3 class=\"errormessage\">Password doesn't match with the entered username!</h3><br><a href=\"/\" class=\"heading\">Try to Login again</a></div>"
        return render.base(invalidpassword)
     else:
         return render.login_fail()
Esempio n. 24
0
def me():
    # My details page, allows users to update their basic information.
    message = None
    log_access('me')

    if request.method == 'POST':
        model.update_user(request.form)
        log_access('me', 'saved form')
        message = "Saved."
        if request.form['username'] != session['user_username']:
            auth.remove_auth()
            return redirect(url_for('me'))

    form=model.get_user(session['user_id'])
    return render_template('user_edit.html',
                           form=form,
                           message=message,
                           user_auth_levels=get_authorization_levels(session['user_auth_level']),
                           form_action_url=url_for('me'),
                           title="My Details",
                           delete_button = False,
                           change_password_button = True)
Esempio n. 25
0
 def GET(self):
     # FIXME: used by mobile
     session.user = User(model.get_user(name="Anonymous"))
     raise web.seeother("/")
Esempio n. 26
0
File: rhrn.py Progetto: shish/rhrn
    def __init__(self, row):
        self.row = row

    def dict(self):
        d = dict(self.row)
        del d["writer_ip"]
        d["avatar"] = User(model.get_user(d["writer"])).avatar
        d["date_posted"] = shorten_datetime(d["date_posted"])
        return d


session = web.session.Session(app,
                              web.session.DBStore(model.db, 'sessions'),
                              initializer={
                                  'user':
                                  User(model.get_user(name="Anonymous")),
                                  'flash': []
                              })


def flash(type, msg):
    session.flash.append((type, msg))


def flash_clear():
    session.flash = []


render_bare = web.template.render('./templates',
                                  globals={
                                      'session': session,
Esempio n. 27
0
    def __init__(self, row):
        self.row = row

    def dict(self):
        d = dict(self.row)
        del d["writer_ip"]
        d["avatar"] = User(model.get_user(d["writer"])).avatar
        d["date_posted"] = shorten_datetime(d["date_posted"])
        return d


if web.config.get('_session') is None:
    import rediswebpy
    #session = DefaultingSession(app, rediswebpy.RedisStore(prefix='session:rhrn:'), {
    session = DefaultingSession(app, rediswebpy.RedisStore(), {
        'user': User(model.get_user(name="Anonymous")),
        'flash': [],
    })
    web.config._session = session
else:
    session = web.config._session

def flash(type, msg):
    session.flash.append((type, msg))

def flash_clear():
    session.flash = []

render_bare = web.template.render('../templates', globals={
    'session': session,
    'shorten_url': shorten_url,
Esempio n. 28
0
File: utils.py Progetto: nip3o/beer
def create_beerbot(chat_id):
    from beer import BeerBot

    user = model.get_user(chat_id)
    return BeerBot(user['username'], user['password'])
Esempio n. 29
0
def get_user_creds():
    user_id = session.get("user_id")
    password = model.get_user(user_id).password
    credentials = {"username": user_id, "password": password}
    return jsonify(credentials)
Esempio n. 30
0
 def get(cls, id):
     userData = model.get_user(id)
     if not userData:
         return None
     return User(userData[0], userData[1])
Esempio n. 31
0
def load_user(user_id):
    user = model.get_user(user_id)
    return user
Esempio n. 32
0
def registration(first_msg_obj, conn):
    # Check structure of first_msg_obj
    expected = ["reg"]
    real = sorted(list(first_msg_obj.keys()))
    if expected != real:
        print("Invalid message structure")
        put_message(conn, '{"error": "Invalid message structure"}')
        return

    parted_obj = first_msg_obj["reg"]
    # Check structure of parted_obj
    expected = ["iv", "part1", "part2"]
    real = sorted(list(parted_obj.keys()))
    if expected != real:
        print("Invalid message structure")
        put_message(conn, '{"error": "Invalid message structure"}')
        return

    # Decrypt part1
    globalized.debug("about to decrypt part1")
    part1_b64 = parted_obj["part1"]
    tup, error = part1_parts(part1_b64)
    if error:
        put_message(conn, error)
        return
    ts, username, secret_key, secret_key_b64 = tup
    ts_int = None
    try:
        ts_int = int(ts)
    except ValueError:
        print("timestamp is not int")
        put_message(conn, '{"error": "timestamp is not int"}')
        return

    globalized.debug("about to check time and username")
    now = int(time.time())
    if not (now - 2 * 60 < ts_int < now + 1 * 60):
        print("timestamp out of acceptable range")
        put_message(conn, '{"error": "timestamp out of acceptable range"}')
        return

    user = model.get_user(username)
    if user:
        print("username already exists")
        put_message(conn, '{"error": "username already exists"}')
        return

    # Get iv
    iv_b64 = parted_obj["iv"]
    iv, error = iv_from_b64(iv_b64)
    if error:
        put_message(conn, error)
        return

    # Decrypt part2
    globalized.debug("about to decrypt part2")
    part2_b64 = parted_obj["part2"]
    tup, error = part2_parts(part2_b64, secret_key, iv)
    if error:
        put_message(conn, error)
        return

    certificate, signature = tup

    # Verify signature
    to_hash = (ts + username + secret_key_b64).encode()
    pub_key = certificate.public_key()
    try:
        pub_key.verify(signature, to_hash, padding.PKCS1v15(), hashes.SHA256())
    except InvalidSignature:
        print("Invalid signature of part1")
        put_message(conn, '{"error": "Signature of part1 was invalid"}')
        return

    DH_parameters = dh.generate_parameters(5, 2048)
    DH_private = DH_parameters.generate_private_key()
    DH_public = DH_private.public_key()
    A = DH_public.public_numbers().y
    numbers = DH_parameters.parameter_numbers()
    g = numbers.g
    N = numbers.p

    to_sign = (ts + str(g) + str(N) + str(A)).encode()
    signature = sign_to_b64(to_sign)

    content_dic = {
        "ts": ts,
        "g": str(g),
        "N": str(N),
        "A": str(A),
        "signature": signature
    }
    content_bytes = json.dumps(content_dic).encode()
    iv2 = os.urandom(16)
    enc_content_b64 = aes_encrypt_to_b64(content_bytes, secret_key, iv2)

    msg_2_dic = {
        "content": enc_content_b64,
        "iv": base64.b64encode(iv2).decode()
    }
    msg_2 = json.dumps(msg_2_dic) + "\n"
    put_message(conn, msg_2)

    # Receive 3rd message
    message = None
    try:
        message = get_message(conn)
    except Exception as e:
        print(f"problem receiving 3rd message: {e}")
        put_message(conn, '{"error": "invalid 3rd message"}')
        return

    globalized.debug("checking parts of 3rd message")
    parts, error = parts_3rd_message(message, secret_key, pub_key)
    if error:
        put_message(conn, error)
        return

    B, new_username, new_ts = parts
    if new_username != username:
        print("username in 3rd message doesn't match")
        put_message(conn, '''{"error": "username doesn't match"}''')
        return
    if new_ts != ts:
        print("ts in 3rd message doesn't match")
        put_message(conn, '''{"error": "ts doesn't match"}''')
        return

    peer_public_numbers = dh.DHPublicNumbers(int(B), numbers)
    peer_public_key = peer_public_numbers.public_key()
    secret = DH_private.exchange(peer_public_key)

    # Store username, secret and certificate bytes
    res = model.add_user(username, secret,
                         certificate.public_bytes(serialization.Encoding.DER))

    # Send 4th message
    globalized.debug("preparing 4th message")
    resp = "OK" if res else "NO"
    to_sign = (ts + resp).encode()
    signature = sign_to_b64(to_sign)
    content_dic = {"ts": ts, "resp": resp, "signature": signature}
    content_bytes = json.dumps(content_dic).encode()
    iv4 = os.urandom(16)
    enc_content_b64 = aes_encrypt_to_b64(content_bytes, secret_key, iv4)

    msg_4_dic = {
        "content": enc_content_b64,
        "iv": base64.b64encode(iv4).decode()
    }
    msg_4 = json.dumps(msg_4_dic) + "\n"
    put_message(conn, msg_4)
Esempio n. 33
0
File: rhrn.py Progetto: shish/rhrn
 def GET(self):
     # FIXME: used by mobile
     session.user = User(model.get_user(name="Anonymous"))
     raise web.seeother("/")
Esempio n. 34
0
File: rhrn.py Progetto: shish/rhrn
 def POST(self):
     session.user = User(model.get_user(name="Anonymous"))
     raise web.seeother("/")
Esempio n. 35
0
def create_goal():
    if 'user_id' not in session:
        return "you must log in to create a goal"
    user_id = session["user_id"]
    user = get_user(user_id)
    return render_template('create_goal.html', user=user)
Esempio n. 36
0
 def POST(self):
     session.user = User(model.get_user(name="Anonymous"))
     raise web.seeother("/")
Esempio n. 37
0
 def dict(self):
     d = dict(self.row)
     del d["writer_ip"]
     d["avatar"] = User(model.get_user(d["writer"])).avatar
     d["date_posted"] = shorten_datetime(d["date_posted"])
     return d
Esempio n. 38
0
def update_profile():
    username = None
    user = None
    if 'username' in session:
        username = session['username']
        user = model.get_user(username)

    logging.debug("update_profile: Trying (%s)" % (username))

    if user.username == "administrator":
        flash("Profile updating has been disabled for user admin.", 'error')
        return render_template('profile.html', current_user=user)

    update = { "username": user.username, "ts":  str(int(time()))}

    new_name = request.form['name']
    if not new_name:
        new_name = user.name
    else:
        update["name"] = new_name

    new_about = request.form['about']
    if new_about != user.about and \
        not (new_about == 'None' and not user.about): # specific case when there is no about and it is not added one
        update["about"] = new_about


    new_photo = request.files['photo']
    if not new_photo:
        new_photo_filename = user.photo
    else:
        if not new_photo.filename.endswith(app.config['IMAGE_EXTENSIONS']):
            flash("Wrong file format. Only images allowed", 'error')
            return render_template('profile.html', current_user=user)
        new_photo_filename = ''.join(random.choices(string.ascii_lowercase + string.digits, k=8)) + '_' + secure_filename(new_photo.filename)
        new_photo.save(app.config['photos_folder'] + new_photo_filename)

        logging.debug("update_profile: filename (%s)" % new_photo_filename)
        logging.debug("update_profile: file (%s)" % new_photo)

        update["photo"] = new_photo_filename

    current_password = request.form['currentpassword']

    new_password = request.form['newpassword']
    update_hash: str
    iv = urandom(16)
    try:
        if not new_password:
            new_password = current_password
            update_hash = model.digest_text_to_b64(json.dumps(update, separators=(',', ':')))
            iv = None
        else:
            update['password'] = new_password

            # hash needs to be calculated before password encryption
            update_hash = model.digest_text_to_b64(json.dumps(update, separators=(',', ':')))

            b_64_pass = model.cipher_aes_to_b64(new_password.encode(), iv)
            update['password'] = b_64_pass
    except Exception as e:
        logging.debug("update_profile: Found exception(%s)" % e)
        return error("Error: Could not update the profile")

    if not bcrypt.checkpw(current_password.encode(), user.password.encode()):
        flash("Current password does not match registered password.", 'error')
        return render_template('profile.html', current_user=user)

    # check if there was indeed an update to the user
    if len(update.keys()) == 2:
        flash("Please perform an update to your profile.", 'error')
        return render_template('profile.html', current_user=user)

    try:
        model.create_authorization(username, update, update_hash, iv)
    except Exception as e:
        logging.debug("update_profile: Found exception(%s)" % e)
        return error("Error: Could not update the profile")

    logging.debug("update_profile: Succesful (%s)" % (username))

    if user:
        flash("Waiting for authorization to update user %s profile" % username,)
        return render_template('profile.html', current_user=user)
def show_user():
    model.connect_to_db()
    idnum = request.args.get("id")
    u = model.get_user(idnum)
    return render_template("show_user.html", user=u)
Esempio n. 40
0
def user_name_chk(user_name):
    check = model.get_user(user_name)  #returns row
    if check is None:
        return -1  #user not found
    else:
        return 1  #user_name exists
Esempio n. 41
0
def auth_request(first_msg_obj):
    # Check structure of first_msg_obj
    expected = ["auth"]
    real = sorted(list(first_msg_obj.keys()))
    if expected != real:
        print("Invalid message structure")
        return None, '{"error": "Invalid message structure"}'

    parts = first_msg_obj["auth"]
    # Check structure of parts
    expected = ["content", "iv", "username"]
    real = sorted(list(parts.keys()))
    if expected != real:
        print("Invalid message structure")
        return None, '{"error": "Invalid message structure"}'

    # Get username
    username = parts["username"]
    if type(username) != str:
        print("Username isn't str")
        return None, '''{"error": "Username isn't str"}'''

    # Get user
    user = model.get_user(username)
    if not user:
        print("username not registered")
        return None, '{"error": "username not registered"}'

    _, shared_secret, der_cert = user

    certificate = None
    try:
        certificate = x509.load_der_x509_certificate(der_cert)
    except Exception as e:
        print(f"Error with loading cert: {e}")
        return None, '{"error": "Could not load cert"}'

    # Get iv
    iv_b64 = parts["iv"]
    iv, error = iv_from_b64(iv_b64)
    if error:
        return None, error

    secret_key = sha256(shared_secret)
    content_b64 = parts["content"]
    content, error = decrypt_aes_b64_to_dic(content_b64, secret_key, iv)
    if error:
        return None, error

    # check structure of content
    expected = ["hash", "resp", "signature", "ts"]
    real = sorted(list(content.keys()))
    if expected != real:
        print("Invalid content structure")
        return None, '{"error": "Invalid content structure"}'

    ts = content["ts"]
    ts_int = None
    try:
        ts_int = int(ts)
    except ValueError:
        print("timestamp is not int")
        return None, '{"error": "timestamp is not int"}'

    now = int(time.time())
    if not (now - 2 * 60 < ts_int < now + 1 * 60):
        print("timestamp out of acceptable range")
        return None, '{"error": "timestamp out of acceptable range"}'

    update_hash = content["hash"]
    if type(update_hash) != str:
        print("hash isn't str")
        return None, '''{"error": "hash isn't str"}'''

    resp = content["resp"]
    signature_b64 = content["signature"]
    signature = None

    try:
        signature = base64.b64decode(signature_b64)
    except Exception as e:
        print(f"invalid base64 for signature: {e}")
        return None, '{"error": "base64 of signature was invalid"}'

    # Verify signature
    to_sign = (str(ts) + resp + update_hash).encode()
    pub_key = certificate.public_key()
    try:
        pub_key.verify(signature, to_sign, asymmetric.padding.PKCS1v15(),
                       hashes.SHA256())
    except InvalidSignature:
        print("Invalid signature")
        return None, '{"error": "Signature was invalid"}'

    return (username, ts, secret_key, update_hash, resp), None
Esempio n. 42
0
File: rhrn.py Progetto: shish/rhrn
 def dict(self):
     d = dict(self.row)
     del d["writer_ip"]
     d["avatar"] = User(model.get_user(d["writer"])).avatar
     d["date_posted"] = shorten_datetime(d["date_posted"])
     return d
Esempio n. 43
0
def setting(id):
    """Render Circlet status and current Circlet attribute"""
    return render_template('settings.html', user=get_user(id))
Esempio n. 44
0
 def POST(self):
     data = web.data()
     user = json.loads(data)['username']
     s = model.get_user(user)
     return s