def GET(self):
"""
Show info about a single project
:return: Project info page
"""
# Get session
session = web.ctx.session
# Get navbar
nav = get_nav_bar(session)
data = web.input(projectid=0)
try:
permissions = models.project.get_user_permissions(str(session.userid), data.projectid)
except:
permissions = [0,0,0]
categories = models.project.get_categories()
if data.projectid:
project = models.project.get_project_by_id(data.projectid)
tasks = models.project.get_tasks_by_project_id(data.projectid)
else:
project = [[]]
tasks = [[]]
render = web.template.render('templates/', globals={'get_task_files':models.project.get_task_files, 'session':session})
return render.project(nav, project_form, project, tasks,permissions, categories)
def GET(self):
"""
Get main page using the projects URL input variable to
determine which projects to show.
:return: index page
"""
session = web.ctx.session
nav = get_nav_bar(session)
data = web.input(projects=None)
categories = models.project.get_categories()
project_bulk_one = []
project_bulk_two = []
if data.projects == 'my':
project_bulk_one = models.project.get_projects_by_status_and_owner(
str(session.userid), "open")
project_bulk_two = models.project.get_projects_by_status_and_owner(
str(session.userid), "in progress")
elif data.projects == 'customer':
# TODO: Can customer projects be open?
project_bulk_one = models.project.get_projects_by_participant_and_status(
str(session.userid), "open")
project_bulk_two = models.project.get_projects_by_participant_and_status(
str(session.userid), "in progress")
elif data.projects == 'finished':
project_bulk_one = models.project.get_projects_by_status_and_owner(
str(session.userid), "finished")
project_bulk_two = models.project.get_projects_by_participant_and_status(
str(session.userid), "finished")
return render.index(nav, project_bulk_one, project_bulk_two,
data.projects, categories)
def GET(self):
"""
Get the apply view where users can sign up for a project
"""
# Get session
session = web.ctx.session
# Get navbar
nav = get_nav_bar(session)
if not session.has_key('csrf_token'):
from uuid import uuid4
session.csrf_token = uuid4().hex
data = web.input(projectid=0)
if data.projectid:
project = models.project.get_project_by_id(data.projectid)
else:
project = [[]]
tasks = [[]]
# Assemble form and set the user in context as an applicant with all permissions
apply_form = get_apply_form()
apply_permissions_form = get_apply_permissions_form()
applicants = [[session.userid, session.username]]
permissions = [["TRUE", "TRUE", "TRUE"]]
render = web.template.render('templates/',
globals={
"get_apply_permissions_form":
get_apply_permissions_form,
'session': session
})
return render.apply(nav, apply_form, get_apply_permissions_form,
project, applicants, permissions, "",
session.csrf_token)
def GET(self):
"""
Get the Change_password form
:return: A page with the Change_password form
"""
session = web.ctx.session
nav = get_nav_bar(session)
return render.forget_password(nav, forget_password_form, "")
def GET(self):
"""
Get the registration form
:return: A page with the registration form
"""
session = web.ctx.session
nav = get_nav_bar(session)
return render.register(nav, register_form, "")
def GET(self):
"""
Get the rest_password form
:return: A page with the Change_password form
"""
session = web.ctx.session
nav = get_nav_bar(session)
self.token = web.input().reset_token
return render.reset_password(nav, reset_password_form, "")
def POST(self):
"""
Post an application to the view, adding selected users to a project
"""
data = web.input(projectid=0,
add_user=None,
remove_user=None,
apply=None)
session = web.ctx.session
nav = get_nav_bar(session)
# Assemble form
applicants = [session.username]
apply_form = get_apply_form()
apply_permission_form = get_apply_permissions_form()
# Prepare globals
render = web.template.render('templates/',
globals={
"get_apply_permissions_form":
get_apply_permissions_form,
'session': session
})
if data.projectid:
project = models.project.get_project_by_id(data.projectid)
if data.add_user:
applicants, permissions = self.get_applicants(data, "add_user")
return render.apply(nav, apply_form,
get_apply_permissions_form, project,
applicants, permissions)
elif data.remove_user:
applicants, permissions = self.get_applicants(
data, "remove_user")
return render.apply(nav, apply_form,
get_apply_permissions_form, project,
applicants, permissions)
# Set users as working on project and set project status in progress
elif data.apply:
applicants, permissions = self.get_applicants(data, "")
for applicant, permission in zip(applicants, permissions):
models.project.set_projects_user(data.projectid,
str(applicant[0]),
permission[0],
permission[1],
permission[2])
models.project.update_project_status(data.projectid,
"in progress")
raise web.seeother(
('/project?projectid=' + str(data.projectid)))
def GET(self):
"""
Show the login page
:return: The login page showing other users if logged in
"""
session = web.ctx.session
nav = get_nav_bar(session)
# Log the user in if the rememberme cookie is set and valid
self.check_rememberme()
return render.login(nav, login_form, "")
def POST(self):
"""
Handle input data and change password in database
:return: Main page
"""
session = web.ctx.session
nav = get_nav_bar(session)
data = web.input(username="", email="")
forget_password = forget_password_form()
#print("-"*16)
#print("enter forget password")
# check each field is endered values.
if not forget_password.validates():
return render.forget_password(nav, forget_password,
"All fields must be valid.")
try:
# log ip information
ip_addr = web.ctx["ip"]
accessed_path = web.ctx["fullpath"]
# query user's email and google token (extra secruity)
user_email = forget_password_match(data.username, data.email,
ip_addr, accessed_path)
#print("-"*16)
#print(user_email)
# generate token
user_reset_token = generate_token()
#save token to database
update_reset_token(data.username, user_reset_token, ip_addr,
accessed_path)
#print("-" * 8 + "updated!")
# Send user email
reset_url = "http://localhost/reset_password?reset_token=" + user_reset_token
msg = "Please reset your password via this link.\n" + str(
reset_url)
#send mail
#self.send_mail(user_email, msg)
return render.forget_password(nav, forget_password_form,
"- Send to mail" + msg)
except Exception as e:
print(e)
return render.forget_password(nav, forget_password_form,
"- Something went wrong!")
def GET(self):
"""
Get the registration form
:return: A page with the registration form
"""
session = web.ctx.session
nav = get_nav_bar(session)
if not session.has_key('csrf_token'):
from uuid import uuid4
session.csrf_token = uuid4().hex
return render.register(nav, register_form, "", session.csrf_token)
def GET(self):
"""
Get the project registration form
:return: New project page
"""
session = web.ctx.session
nav = get_nav_bar(session)
# Retrive the required components to compose the form
project_form_elements = get_project_form_elements()
task_form_elements = get_task_form_elements()
user_form_elements = get_user_form_elements()
project_form = form.Form(*(project_form_elements + task_form_elements + user_form_elements))
return render.new_project(nav, project_form, project_buttons, "")
def GET(self):
"""
Get all open projects
:return: A page containing all open projects
"""
session = web.ctx.session
data = web.input(categoryid=0)
open_projects = []
if data.categoryid != 0:
open_projects = get_projects_by_status_and_category(
data.categoryid, "open")
nav = get_nav_bar(session)
categories = get_categories()
return render.open_projects(nav, categories, open_projects)
def POST(self):
"""
Handle input data and change password in database
:return: Main page
"""
session = web.ctx.session
nav = get_nav_bar(session)
data = web.input(token="")
two_fa = two_fa_form()
# check each field is endered values.
if not two_fa.validates():
return render.two_fa(nav, two_fa_form, "All fields must be valid.")
try:
# log ip information
ip_addr = web.ctx["ip"]
accessed_path = web.ctx["fullpath"]
# query user's name (username) and token (extra secruity)
token = data.reset_token
username = search_for_token(token, ip_addr, accessed_path)
#print("-"*16)
#print(username)
rel = os.path.realpath(
os.path.join(os.getcwd(), os.path.dirname("token_img")))
with open(os.path.join(rel, 'secrets.json'), 'r') as opened_file:
secrets = json.load(opened_file)
for label, key in sorted(list(secrets.items())):
print("===" * 8 + "\n" + data.token)
print(get_totp_token(key), type(get_totp_token(key)))
if data.token == get_totp_token(key):
result = update_token_to_null(label, ip_addr,
accessed_path)
raise web.seeother("/login")
print("{}:\t{}".format(label, get_totp_token(key)))
session.ip = None
session.header = None
except Exception as e:
print(e)
except:
print(exit[0])
return render.login(nav, two_fa_form, "- Something went wrong!")
def POST(self):
"""
Handle input data and change password in database
:return: Main page
"""
session = web.ctx.session
nav = get_nav_bar(session)
data = web.input(reset_token="", new_password="")
reset_password_colum = reset_password_form()
# check each field is endered values.
if not reset_password_colum.validates():
return render.reset_password(nav, reset_password_form,
"All fields must be valid.")
try:
# log ip information
ip_addr = web.ctx["ip"]
accessed_path = web.ctx["fullpath"]
# query user's name (username) and token (extra secruity)
token = data.reset_token
username = search_for_user(token, ip_addr, accessed_path)
#print("-"*16)
#print(username)
#update token to null database
result_update_token = update_token_to_null(username, token,
ip_addr, accessed_path)
print("-" * 16 + "updated!")
# generate new password
new_salt = generate_salt()
hashed_password = hashed_value(data.new_password, new_salt)
hashed_password = new_salt + hashed_password
# update password
result_update_password = update_user_password(
username, hashed_password, ip_addr, accessed_path)
raise web.seeother("/")
except Exception as e:
print(e)
except:
print(exit[0])
return render.login(nav, reset_password_form,
"- Something went wrong!")
def GET(self):
"""
Show the login page
:return: The login page showing other users if logged in
"""
session = web.ctx.session
nav = get_nav_bar(session)
# Log the user in if the rememberme cookie is set and valid
self.check_rememberme()
if not session.has_key('csrf_token'):
session.csrf_token = uuid4().hex
return render.login(nav, login_form, "", session.csrf_token)
def GET(self, verification_key):
"""
Get the verification form
:return: A page with the verification form
"""
user_was_verified = models.user.verify_user_by_email(verification_key)
session = web.ctx.session
nav = get_nav_bar(session)
if (user_was_verified):
return render.verify(nav, "Success", "")
log("VERIFY", web.ctx['ip'],
[('Username', session.username),
("Response: ", "Verify OK, user verified")])
return render.verify(nav, "", "User was verified")
def GET(self):
"""
Get the project registration form
:return: New project page
"""
session = web.ctx.session
nav = get_nav_bar(session)
if not session.has_key('csrf_token'):
from uuid import uuid4
session.csrf_token = uuid4().hex
# Retrive the required components to compose the form
project_form_elements = get_project_form_elements()
task_form_elements = get_task_form_elements()
user_form_elements = get_user_form_elements()
project_form = form.Form(*(project_form_elements + task_form_elements +
user_form_elements))
return render.new_project(nav, project_form, project_buttons, "",
session.csrf_token)
def GET(self):
"""
Get the Validate_account form
:return: A page with the Validate_account form
"""
session = web.ctx.session
nav = get_nav_bar(session)
try:
# get access information
ip_addr = web.ctx["ip"]
path = web.ctx["fullpath"]
session.ip = ip_addr
session.header = web.ctx.env['HTTP_USER_AGENT']
# get toke via url
data = web.input()
token = data.reset_token
print(token)
#TODO search for token and return username
username = search_for_token(token, ip_addr, path)
print(username)
#TODO verify the account and clear the token of the account
#result = update_token_to_null(username, ip_addr, path)
#print(result)
# show validate account message and redirect to home page
render.validate_account(nav, "Your acount: {} has been verified!".format(username))
raise web.seeother("/two_fa")
except Exception as e:
print(e)
except:
render.validate_account(nav, "An internal error occur")
def GET(self):
"""
Get the rest_password form
:return: A page with the Change_password form
"""
session = web.ctx.session
nav = get_nav_bar(session)
# get access information
ip_addr = web.ctx["ip"]
path = web.ctx["fullpath"]
session.ip = ip_addr
session.header = web.ctx.env['HTTP_USER_AGENT']
# get toke via url
data = web.input()
token = data.reset_token
#TODO search for token and return username
username = search_for_token(token, ip_addr, path)
#TODO verify the account and clear the token of the account
#result = update_token_to_null(username, ip_addr, path)
#print(result)
# show validate account message and redirect to home page
try:
if session.ip == web.ctx["ip"] and session.header == web.ctx.env['HTTP_USER_AGENT']\
and username:
current_dir = os.getcwd()
print("==" * 8 + "\n" + current_dir)
return render.two_fa(nav, two_fa_form, "static/picture.png",
"Not validate!")
except:
print(exit[0])
return web.seeother("/")
def POST(self):
"""
Log in to the web application and register the session
:return: The login page showing other users if logged in
reference: https://www.vitoshacademy.com/hashing-passwords-in-python/
reference: https://stackoverflow.com/questions/34046634/insert-into-a-mysql-database-timestamp/34047276
"""
session = web.ctx.session
nav = get_nav_bar(session)
data = web.input(username="",
password="",
login="",
forget="",
remember=False)
print(data)
current_time = time.time()
try:
# log ip information
ip_addr = web.ctx["ip"]
accessed_path = web.ctx["fullpath"]
request_header = web.ctx.env['HTTP_USER_AGENT']
msg_request = accessed_path + request_header
#check data password exits and click on
if data.password and data.login == "login":
#get user's salt and password with attempt try
log_time_date = datetime.datetime.fromtimestamp(
current_time).strftime('%Y-%m-%d %H:%M:%S')
record_user_login(data.username, ip_addr, msg_request,
log_time_date)
#print("logged_login")
stored_password = models.user.get_user_hashed_password(
data.username, ip_addr, accessed_path)
# match with database
# get salt value, type<str>
salt = stored_password[:64]
password = stored_password[64:]
# Validate login credential
hashed_password_validate = hashed_value(data.password, salt)
test_password = (salt + hashed_password_validate)
# If there is a matching user/password in the database the user is logged in
try_times = 0
try_times = models.user.get_qurery_frequency(
data.username, ip_addr, accessed_path)
print(try_times)
if hashed_password_validate == password:
# look for the attemptions to try count
user = models.user.match_user(data.username, test_password,
ip_addr, accessed_path)
# run google authenticator to log in
if data.totp:
username = self.google_2fa_token(data.totp)
if user[1] == username:
self.login(user[1], user[0], data.remember)
raise web.seeother("/")
elif try_times < 3:
return render.login(
nav, login_form,
"- Login Attemp {} time(s)".format(str(try_times)))
elif try_times >= 3:
return render.login(
nav, login_form,
"- Invalid tryout, Resume login in 30 minuts")
else:
return render.login(nav, login_form,
"- User authentication failed")
# click on forget password
elif data.forget == "forget":
raise web.seeother("/forget_password")
else:
return render.login(nav, login_form,
"- Please provide password")
#password_hash = hashlib.md5(b'TDT4237' + data.password.encode('utf-8')).hexdigest()
except Exception as e:
print("An execute error in login: {}".format(e))
return render.login(nav, login_form, "- Something went wrong!")
def POST(self):
# Get session
session = web.ctx.session
# Get data when user press "Create Project" button
data = web.input(myfile={},
deliver=None,
accepted=None,
declined=None,
projectid=0)
# file itself
fileitem = data['myfile']
#projects information
permissions = models.project.get_user_permissions(
str(session.userid), data.projectid)
categories = models.project.get_categories()
tasks = models.project.get_tasks_by_project_id(data.projectid)
# Upload file (if present)
try:
if fileitem.filename:
# Check if user has write permission
if not permissions[1]:
raise web.seeother(
('/project?projectid=' + data.projectid))
#upload filname with basename, to avoid path travsal
fn = os.path.basename(fileitem.filename)
# Create the project directory if it doesnt exist
# create a folder named project under static folder
path = 'static/project' + data.projectid
if not os.path.isdir(path):
command = 'mkdir ' + path
os.popen(command)
sleep(0.2)
# create a folder called task
path = path + '/task' + data.taskid
if not os.path.isdir(path):
command = 'mkdir ' + path
os.popen(command)
sleep(0.2)
#check the filename suffix
fn.lower().endswith(('.txt', '.pdf'))
#extract file name itself
filename_no_extension = os.path.splitext(fn)[0]
#hash file name
hashed_fileanme = hashlib.md5(filename_no_extension.encode())
#create the file path
uploaded_file_path = os.path.join(path, "/",
hashed_fileanme.hexdigest())
open(uploaded_file_path, 'wb').write(fileitem.file.read())
models.project.set_task_file(data.taskid, uploaded_file_path)
except:
# Throws exception if no file present
# Get session
session = web.ctx.session
# Get navbar
nav = get_nav_bar(session)
data = web.input(projectid=0)
if data.projectid:
project = models.project.get_project_by_id(data.projectid)
tasks = models.project.get_tasks_by_project_id(data.projectid)
else:
project = [[]]
tasks = [[]]
render = web.template.render('templates/',
globals={
'get_task_files':
models.project.get_task_files,
'session': session
})
return render.project(
nav,
project_form,
project,
tasks,
permissions,
categories,
)
pass
# Determine status of the targeted task
all_tasks_accepted = True
task_waiting = False
task_delivered = False
for task in tasks:
if task[0] == int(data.taskid):
if (task[5] == "waiting for delivery"
or task[5] == "declined"):
task_waiting = True
if (task[5] == 'accepted'):
task_delivered = True
# Deliver task
if data.deliver and not task_delivered:
models.project.update_task_status(data.taskid, "delivered")
# Accept task delivery
elif data.accepted:
models.project.update_task_status(data.taskid, "accepted")
# If all tasks are accepted then update project status to finished
all_tasks_accepted = True
tasks = models.project.get_tasks_by_project_id(data.projectid)
for task in tasks:
if task[5] != "accepted":
all_tasks_accepted = False
if all_tasks_accepted:
models.project.update_project_status(str(data.projectid),
"finished")
# Decline task delivery
elif data.declined:
models.project.update_task_status(data.taskid, "declined")
raise web.seeother(('/project?projectid=' + data.projectid))
def POST(self):
"""
Handle input data and register new user in database
:return: Main page
"""
# get session information
session = web.ctx.session
nav = get_nav_bar(session)
data = web.input()
register = register_form()
# check user is exites or not
if not register.validates():
return render.register(nav, register, "All fields must be valid.")
# Check if user exists
if get_user_id_by_name(data.username):
return render.register(nav, register,
"Invalid user, already exists.")
try:
"""
Using salt to protect user's password
And write in database.
"""
ip_addr = web.ctx["ip"]
path = web.ctx["fullpath"]
# generate salt value
salt = generate_salt()
# protect password with sha 256
hashed_password = hashed_value(data.password, salt)
# generate salted password string
password = (salt + hashed_password)
# set this account as unverified
temp_account = True
# generate a save url token
temp_token = generate_token()
#TODO: generate a google token
google_token_raw = generate_google_token()
google_token = self.get_google_auth_token(data.username,
google_token_raw)
try:
# send web mail
# Send user email
reset_url = "http://molde.idi.ntnu.no:80/two_fa?reset_token=" + temp_token
# for school
# reset_url = "http://molde.idi.ntnu.no:80" + temp_token
msg = "Please verfiy your account via this link.\n" + str(
reset_url)
print("======" * 8 + "Ready to send mail!")
#send_mail (currently it is currpted)
#self.send_mail(data.email, msg)
except:
pass
# write into database
set_user(data.username, password, data.full_name, data.company,
data.email, data.street_address, data.city, data.state,
data.postal_code, data.country, ip_addr, path,
temp_account, google_token, temp_token)
# msg for notification
return render.register(
nav, register_form,
"User registered and verified with email!\n" + reset_url)
except:
print(exit[0])
return render.register(nav, register_form, "Fail to register!")
def POST(self):
"""
Create a new project
:return: Redirect to main page
"""
session = web.ctx.session
nav = get_nav_bar(session)
# Try the different URL input parameters to determine how to generate the form
data = web.input(add_user=None, remove_user=None,
add_task=None, remove_task = None, create_project=None)
# Add a set of task fields to the form
if data.add_task:
project_form = self.compose_form(data, "add_task")
return render.new_project(nav, project_form, project_buttons, "")
# Remove a set of task fields from the form
if data.remove_task:
project_form = self.compose_form(data, "remove_task")
return render.new_project(nav, project_form, project_buttons, "")
if data.add_user:
project_form = self.compose_form(data, "add_user")
return render.new_project(nav, project_form, project_buttons, "")
if data.remove_user:
project_form = self.compose_form(data, "remove_user")
return render.new_project(nav, project_form, project_buttons, "")
# Post the form data and save the project in the database
if data.create_project:
project_form = self.compose_form(data, None)
if not project_form.validates():
return render.new_project(nav, project_form, project_buttons, "")
task_count = get_element_count(data, "task_title_")
user_count = get_element_count(data, "user_name_")
# If there already are users assignet to the project the status will be set to in progress
status = "open"
if len(data.user_name_0):
status = "in progress"
# Validate the input user names
for i in range(0, user_count):
if len(data["user_name_"+str(i)]) and not models.user.get_user_id_by_name(data["user_name_"+str(i)]):
return render.new_project(nav, project_form, project_buttons, "Invalid user: "******"user_name_"+str(i)])
# Save the project to the database
projectid = models.project.set_project(data.category_name, str(session.userid),
data.project_title, data.project_description, status)
# Save the tasks in the database
for i in range(0, task_count):
models.project.set_task(str(projectid), (data["task_title_" + str(i)]),
(data["task_description_" + str(i)]), (data["budget_" + str(i)]))
# Save the users in the database given that the input field is not empty
for i in range(0, user_count):
if len(data["user_name_"+str(i)]):
userid = models.user.get_user_id_by_name(data["user_name_"+str(i)])
read, write, modify = "FALSE", "FALSE", "FALSE"
try:
data["read_permission_"+str(i)]
read = "TRUE"
except Exception as e:
read = "FALSE"
pass
try:
data["write_permission_"+str(i)]
write = "TRUE"
except Exception as e:
write = "FALSE"
pass
try:
data["modify_permission_"+str(i)]
modify = "TRUE"
except Exception as e:
modify = "FALSE"
pass
models.project.set_projects_user(str(projectid), str(userid), read, write, modify)
raise web.seeother('/?projects=my')
def POST(self):
"""
Log in to the web application and register the session
:return: The login page showing other users if logged in
"""
session = web.ctx.session
nav = get_nav_bar(session)
data = web.input(username="", password="", remember=False)
inp = web.input()
if not ('csrf_token' in inp
and inp.csrf_token == session.pop('csrf_token', None)):
raise web.badrequest()
# Validate login credential with database query
user_exists = models.user.check_user_exists(data.username)
print("USEREXIST: {}".format(user_exists))
if not user_exists:
# Lockout if too many failed attempts
if not (write_to_logins(str(web.ctx['ip']))):
return render.login(
nav, login_form,
"- Too many login attempts in short amount of time")
log("LOGIN", web.ctx['ip'],
[('Username', data.username),
("Response: ", "Login failed, user does not exist")])
session.csrf_token = uuid4().hex
return render.login(nav, login_form,
"- User authentication failed",
session.csrf_token)
user = None
stored_password = models.user.get_password_by_user_name(data.username)
if (verify_password(stored_password, data.password)):
user = models.user.match_user(data.username, stored_password)
userid = get_user_id_by_name(data.username)
session.unauth_username = data.username
session.unauth_userid = userid
session.unauth_remember = 1 if data.remember else 0
user = get_user(session.unauth_userid)
email = user[0][5]
qr_verification_key = get_key(session.unauth_username)
if qr_verification_key != None:
url = generate_url("beelance", email, qr_verification_key)
session.auth_url = url
user_is_verified = models.user.check_if_user_is_verified_by_username(
data.username)
# If there is a matching user/password in the database the user is logged in
if user:
if not user_is_verified:
session.csrf_token = uuid4().hex
# Lockout if failed attempts
if not (write_to_logins(str(web.ctx['ip']))):
return render.login(
nav, login_form,
"- Too many login attempts in short amount of time",
session.csrf_token)
log("LOGIN", web.ctx['ip'],
[('Username', data.username),
("Password", stored_password),
("Response: ", "Login failed, User not verified")])
return render.login(nav, login_form, "- User not verified",
session.csrf_token)
if qr_verification_key == None:
# Lockout if failed attempts
session.csrf_token = uuid4().hex
if not (write_to_logins(str(web.ctx['ip']))):
return render.login(
nav, login_form,
"- Too many login attempts in short amount of time",
session.csrf_token)
log("LOGIN", web.ctx['ip'], [
('Username', data.username), ("Password", stored_password),
("Response: ", "Login failed, docker might have restarted")
])
return render.login(
nav, login_form,
"- User authentication failed. This might be because docker demon has restarted",
session.csrf_token)
else:
log("LOGIN", web.ctx['ip'],
[('Username', data.username),
("Password", stored_password),
("Response: ",
"Login accepted, forwarded to two factor auth")])
raise web.seeother("/qr_verify")
else:
log("LOGIN", web.ctx['ip'],
[('Username', data.username), ("Password", stored_password),
("Response: ", "Login failed, username/password mismatch")])
session.csrf_token = uuid4().hex
# Lockout if failed attempts
if not (write_to_logins(str(web.ctx['ip']))):
return render.login(
nav, login_form,
"- Too many login attempts in short amount of time",
session.csrf_token)
return render.login(nav, login_form,
"- User authentication failed",
session.csrf_token)
def POST(self):
"""
Post an application to the view, adding selected users to a project
"""
data = web.input(projectid=0,
add_user=None,
remove_user=None,
apply=None)
session = web.ctx.session
nav = get_nav_bar(session)
inp = web.input()
if not ('csrf_token' in inp
and inp.csrf_token == session.pop('csrf_token', None)):
raise web.badrequest
# Assemble form
applicants = [session.username]
apply_form = get_apply_form()
apply_permission_form = get_apply_permissions_form()
# Prepare globals
render = web.template.render('templates/',
globals={
"get_apply_permissions_form":
get_apply_permissions_form,
'session': session
})
if data.projectid:
project = models.project.get_project_by_id(data.projectid)
if data.add_user:
session.csrf_token = uuid4().hex
applicants, permissions = self.get_applicants(data, "add_user")
if (applicants, permissions) == (None, None):
applicants = [[session.userid, session.username]]
permissions = [["TRUE", "TRUE", "TRUE"]]
return render.apply(nav, apply_form,
get_apply_permissions_form, project,
applicants, permissions,
"Invalid: user does not exist",
session.csrf_token)
elif data.remove_user:
applicants, permissions = self.get_applicants(
data, "remove_user")
return render.apply(nav, apply_form,
get_apply_permissions_form, project,
applicants, permissions, "",
session.csrf_token)
else:
return render.apply(nav, apply_form,
get_apply_permissions_form, project,
applicants, permissions, "",
session.csrf_token)
# Set users as working on project and set project status in progress
elif data.apply:
applicants, permissions = self.get_applicants(data, "")
for applicant, permission in zip(applicants, permissions):
models.project.set_projects_user(data.projectid,
str(applicant[0]),
permission[0],
permission[1],
permission[2])
models.project.update_project_status(data.projectid,
"in progress")
raise web.seeother(
('/project?projectid=' + str(data.projectid)))
def POST(self):
"""
Handle input data and register new user in database
:return: Main page
"""
session = web.ctx.session
nav = get_nav_bar(session)
inp = web.input()
if not ('csrf_token' in inp
and inp.csrf_token == session.pop('csrf_token', None)):
raise web.badrequest
if not session.has_key('csrf_token'):
from uuid import uuid4
session.csrf_token = uuid4().hex
data = web.input()
register = register_form()
if not register.validates():
return render.register(nav, register, "All fields must be valid.",
session.csrf_token)
# Check if user exists
if models.user.check_user_exists(data.username):
return render.register(nav, register,
"Invalid user, already exists.",
session.csrf_token)
# Check if password is strong enough
password_checked_if_valid = validate_password(data.password, [
data.username, data.full_name, data.company, data.email,
data.street_address, data.city, data.state, data.country
])
password_feedback = password_checked_if_valid[1]
add_to_secrets(data.username)
if not password_checked_if_valid[0]:
return render.register(nav, register,
"Password: "******"Verification"
message = "To confirm your registration, visit the link https://localhost:452/verify{}".format(
verification_key)
web.sendmail("*****@*****.**", data.email, topic, message)
return render.register(nav, register_form, "User registered!",
session.csrf_token)
def POST(self):
"""
Handle input data and change password in database
:return: Main page
"""
session = web.ctx.session
nav = get_nav_bar(session)
data = web.input(old_password="",
new_password="",
comfirm_new_password="")
change_password = change_password_form()
# get current time
current_time = time.time()
# check each field is endered values.
if not change_password.validates():
return render.change_password(nav, change_password,
"All fields must be valid.")
try:
# log ip information
ip_addr = web.ctx["ip"]
accessed_path = web.ctx["fullpath"]
#get user's salt and password with attempt try
log_time_date = datetime.datetime.fromtimestamp(
current_time).strftime('%Y-%m-%d %H:%M:%S')
# return old password in database
stored_password = models.user.get_user_hashed_password(
session.username, ip_addr, accessed_path)
#check data password exits
if data.comfirm_new_password:
# match with database
# get salt value, type<str>
salt = stored_password[:64]
# password from database, type <str>
password = stored_password[64:]
# old password to validate is right or not
hashed_old_password = hashed_value(data.old_password, salt)
if password == hashed_old_password and data.new_password == data.comfirm_new_password:
# get new slat value
new_salt = generate_salt()
hashed_new_password = hashed_value(
data.comfirm_new_password, new_salt)
new_password = (new_salt + hashed_new_password)
#update new hased value to database
#print(hashed_new_password, session.username)
models.user.update_user_password(session.username,
new_password, ip_addr,
accessed_path)
#print("updated password!")
# after update, return to index
raise web.seeother("/")
# validate value for password
elif password != data.hashed_old_password:
return render.login(nav, change_password_form,
"- Please check old password again!")
# check the new password is same or not
elif data.old_password == data.new_password:
return render.login(nav, change_password_form,
"- Same password")
# other sictuation
else:
return render.login(
nav, change_password_form,
"- The new password and comfirm new password are not match!"
)
else:
return render.login(nav, change_password_form,
"- Please provide password")
#password_hash = hashlib.md5(b'TDT4237' + data.password.encode('utf-8')).hexdigest()
except:
return render.login(nav, change_password_form,
"- Something went wrong!")
