def do_change_pass(request):
if request.method == "POST":
ips = request.POST["ips"]
old_password = request.POST["old_password"]
new_password = request.POST["password"]
ip_list = ips.split(";")
for ip in ip_list:
ip = ip.strip()
if ip:
try:
op = Password.objects.get(p_ip=ip)
if old_password.strip():
cur_pass = old_password
else:
cur_pass = op.p_password
op.p_password = new_password
except:
if old_password.strip():
cur_pass = old_password
else:
cur_pass = "******"
op = Password(p_ip=ip, p_password=new_password)
op.save()
op_id = op
per_ip_pass(ip, cur_pass, new_password, op_id)
resp = "success"
else:
resp = "GET not allowed"
return HttpResponse(resp)
def add_password(self, username: str, algorithm_name: str, password: str,
label: str, account_name: str):
user = User.get(User.username == username)
algorithm = EncryptingAlgorithm.get(
EncryptingAlgorithm.name == algorithm_name)
Password.create(user=user,
algorithm=algorithm,
value=password,
label=label,
username=account_name)
def get_password(self, username: str, label: str):
user = User.get(User.username == username)
passw = Password.get_or_none(user=user, label=label)
if passw:
return passw.value, passw.username
else:
return None
def put(self):
"""
Add a new password to the users account
"""
errors = []
# TODO: Some form validation
for field in ['title', 'url', 'username', 'password']:
if not field in request.form:
errors.append({'field': field, 'code': 'missing_field'})
if len(errors) != 0:
message = {'message': 'Validation failed', 'errors': errors}
return restful.abort(422, message=message)
password = Password(request.form['title'], request.form['url'], request.form['username'],
request.form['password'], g.user.id)
db.session.add(password)
db.session.commit()
return password.json()
def password(hash):
pw = Password.get_by_hash(hash)
if pw:
# remove the password on access
db.session.delete(pw)
db.session.commit()
return render_template('password.html', password=pw)
abort(404)
def password(hash):
pw = Password.get_by_hash(hash)
if pw:
# remove the password on access
db.session.delete(pw)
db.session.commit()
return render_template('password.html', password=pw)
abort(404)
def build_password(line: str) -> Optional[Password]:
password_match = password_regex.match(line)
if not password_match:
return None
return Password(
min=int(password_match.group(1)),
max=int(password_match.group(2)),
letter=password_match.group(3),
value=password_match.group(4),
)
def create_password():
if request.method == 'POST':
password_dict = request.form.to_dict()
password_dict = encrypt_password(password_dict)
newPassword = Password.Password(password_dict['username'],
password_dict['platform'],
password_dict['password'])
db_session.add(newPassword)
db_session.commit()
return render_template('create.html.j2')
def handle_post(self, email):
if self.request.get("password_entity_key"):
password_key = ndb.Key(urlsafe=self.request.get("password_entity_key"))
password = password_key.get()
else:
password = Password(parent=utils.get_parent_key_for_email(email))
password.service = self.request.get("service")
password.username = self.request.get("username")
password.password = self.request.get("password")
password.put()
self.redirect(self.request.referer)
def share():
if request.method == 'POST':
pw = Password(
hash=get_token(10),
cipher=request.form.get('cipher'),
comment=request.form.get('comment'),
)
db.session.add(pw)
db.session.commit()
msg = 'Send the following link to the recipient.'
email = request.form.get('email')
if email:
send_share(email, pw)
msg = 'The following link has been sent to the recipient.'
flash('Password added.')
return render_template('share.html', password=pw, message=msg)
return redirect(url_for('index'))
def create_job(self, user, algorithm):
''' Creates a job '''
job = Job(
user_id=user.id,
job_name=unicode(self.get_argument('jobname')),
algorithm_id=algorithm.id,
)
self.dbsession.add(job)
self.dbsession.flush()
hashes = self.parse_line_seperated(algorithm)
for passwd in hashes:
password_hash = Password(
job_id=job.id,
algorithm_id=algorithm.id,
hexdigest=unicode(passwd),
)
self.dbsession.add(password_hash)
self.dbsession.flush()
return job
def new_password(request):
new = True
password = Password()
ldap_groups = get_ldap_groups(request.user.username)
ldap_groups_choices = [(lg, lg) for lg in ldap_groups]
if request.method == 'POST':
form = PasswordForm(request.POST,
instance=password,
ldap_groups_choices=ldap_groups_choices)
if form.is_valid():
form.save()
return HttpResponseRedirect(reverse("index"))
elif request.method == 'GET':
form = PasswordForm(instance=password,
ldap_groups_choices=ldap_groups_choices)
return direct_to_template(request, 'passwords/edit_password.html', {
'form': form,
'ldapGroups': LdapGroup.objects.all(),
'new': new
})
def test_is_valid(self):
password = Password(min=2, max=2, letter="a", value="aa")
assert password.is_valid_1()
def test_not_valid_min(self):
password = Password(min=2, max=2, letter="a", value="a")
assert not password.is_valid_1()
def test_not_valid_none(self):
password = Password(min=1, max=2, letter="a", value="bb")
assert not password.is_valid_2()
def get_password_labels(self, username: str):
user = User.get(User.username == username)
passw = Password.select().where(Password.user == user).dicts()
result = [row['label'] for row in passw]
return result
def addPassword(cls,new_password,service,email): new_password = cls.encryptPassword(new_password) new = Password(text=new_password, service=service, email=email) cls.session.add(new) cls.session.commit() print(f' Password added into Database!')
def get_query_for_all_OBJECTS_for_email(email):
""" Returns a query for all OBJECTS for this user. """
parent_key = get_parent_key_for_email(email)
return Password.query(ancestor=parent_key).order(Password.service)
def wrap(*args, **kwargs):
kind = None
# Grab the session cookie if it exists.
cookie = request.cookies.get(current_app.session_cookie_name, None)
# Try get the Auth header data.
try:
auth = request.headers['Authorization']
kind, _, value = auth.partition(' ')
if kind == 'Basic':
value = base64.standard_b64decode(bytes(value, 'utf8'))
id, _, pw = str(value, 'utf8').partition(':')
elif kind == 'Google' or kind == 'Facebook':
xtra = request.headers['X-Requested-With']
# elif kind == 'Token':
except (KeyError, base64.binascii.Error) as ex:
# print(type(ex))
return fn(*args, **kwargs)
# If there was an Auth header, autheticate with that info,
# and create a session.
if kind == 'Basic':
with db_session:
user = select(u for u in User
if u.email == id or u.username == id)[:]
if len(user) == 1:
if Password.verify(pw, user[0].password):
sessionize(user=user[0].to_dict())
else:
session.clear()
elif not user:
with db_session:
user = User(email=id, password=pw)
sessionize(user=user.to_dict())
else:
session.clear()
elif kind in ('Google', 'Facebook') and xtra == 'Fetch':
kind = kind.lower()
sec = client_secrets[kind]['web']
sec['provider'] = kind
sec['token'] = value
try:
value = oauth.upgrade_token(**sec)
ouser = oauth.get_user(provider=kind, **value)
print(ouser)
with db_session:
user_oauth = select(o for o in OAuth
if o.puid == ouser['id'])[:]
if len(user_oauth) == 1:
print(user_oauth[0].user)
user = user_oauth[0].user.to_dict(
('password', 'oauth'))
try:
user['picture'] =\
ouser['picture']['data']['url']
except TypeError as ex:
user['picture'] = ouser.get('picture', '')
sessionize(user=user)
elif not user_oauth:
# with db_session:
user = User(name=ouser.get('name'))
user_oauth = OAuth(
provider=kind,
puid=ouser.get('id'),
access_token=value.get('access_token', ''),
refresh_token=value.get('refresh_token', ''),
user=user)
commit()
user = user.to_dict(('password', 'oauth'))
try:
user['picture'] =\
ouser['picture']['data']['url']
except TypeError as ex:
user['picture'] = ouser.get('picture', '')
sessionize(user=user)
except oauth.HTTPError as ex:
abort(make_response(ex.text, ex.status_code))
elif kind is not None: # An unknown kind or kind 'None'
session.clear()
return fn(*args, **kwargs)
