def check_token(username): if request.method == 'GET': headers = request.headers if 'token' in headers: token = headers['token'] if database_helper.check_user_exists_email(username): if database_helper.check_user_logged_in_e_t(username, token): answer = { "success": True, "message": "Welcome Back", "data": "" } else: answer = { "success": False, "message": "Wrong Username or Token", "data": "" } else: answer = { "success": False, "message": "No such user ", "data": "" } else: answer = {"success": False, "message": "Missing data", "data": ""} return json.dumps(answer), 200
def recover_password(username): if request.method == 'GET': headers = request.headers if database_helper.check_user_exists_email(username): #Generate new password temp_pwd = secrets.token_hex(16) if database_helper.change_password_temp(username, temp_pwd): #Created a bot gmail account ... address = "*****@*****.**" pwd = "common6project6" #Setup and login SMTP server s = smtplib.SMTP(host='smtp.gmail.com', port=25) #Or 465 s.starttls() s.login(address, pwd) msg = MIMEMultipart() #Initialize and set message template value #message_template = read_template("template_recovery.txt") #message = message_template.substitute(PERSON_NAME=username, NEW_PASSWORD=temp_pwd) # setup the parameters of the message msg['From'] = address msg['To'] = username msg['Subject'] = "Twidder : Password Recovery" # add in the message body msg.attach( MIMEText( "Dear " + username + ",\n\n You seem to have forgotten your password,\n here is a temporary one that you can use to login :\n " + temp_pwd + "\nDon't forget to change your password once you're logged in ! \nLove, \nMom", 'plain')) # send the message via the server set up earlier. s.send_message(msg) del msg answer = { "success": True, "message": "Successfuly reset password, check your emails", "data": "" } else: answer = { "success": False, "message": "Error : Unable to change password", "data": "" } else: answer = {"success": False, "message": "No such user", "data": ""} return json.dumps(answer), 200 else: abort(404)
def post_message(): if request.method == 'POST': data = request.get_json() headers = request.headers if 'username' in data and 'message' in data and 'token' in headers: receiver = data['username'] message = data['message'] token = headers['token'] if database_helper.check_user_logged_in_token(token): if re.search(r"^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$", receiver): writer = database_helper.get_username_from_token(token) if database_helper.check_user_exists_email(receiver): if database_helper.post_message(receiver, writer, message): answer = { "success": True, "message": "Sucessfully posted message ", "data": "" } notify_socket_message(writer) notify_socket_message(receiver) else: answer = { "success": False, "message": "Unable to post message ", "data": "" } else: answer = { "success": False, "message": "No such user in the system", "data": "" } else: answer = { "success": False, "message": "The username is not an email adress ", "data": "" } else: answer = { "success": False, "message": "You are not logged in anymore", "data": "" } return json.dumps(answer), 200 else: abort(404)
def get_user_messages_by_email(username): if request.method == 'GET': headers = request.headers if 'token' in headers: token = headers['token'] if database_helper.check_user_logged_in_token(token): if re.search(r"^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$", username): if database_helper.check_user_exists_email(username): data = database_helper.retrieve_message_email(username) if not data: answer = { "success": False, "message": "You don't have any messages", "data": None } else: answer = { "success": True, "message": "Here are the messages", "data": data } else: answer = { "success": False, "message": "No such user in the system", "data": "" } else: answer = { "success": False, "message": "The username is not an email adress ", "data": "" } else: answer = { "success": False, "message": "You are not logged in anymore", "data": "" } return json.dumps(answer), 200 else: abort(404)
def sign_in(): if request.method == 'POST': data = request.get_json() if 'username' in data and 'password' in data: username = data['username'] if database_helper.check_user_exists_email(username): if database_helper.get_password(username) == data['password']: new_token = secrets.token_hex(16) if database_helper.check_user_logged_in_email(username): database_helper.overwrite_token(username, new_token) else: database_helper.save_token(username, new_token) answer = { "success": True, "message": "Sucessfully signed in !", "data": new_token } else: answer = { "success": False, "message": "Wrong username or password", "data": "" } else: answer = { "success": False, "message": "Wrong username or password", "data": "" } else: answer = { "success": False, "message": "Missing one or more field", "data": "" } return json.dumps(answer), 200 else: abort(404)
def sign_up(): if request.method == 'POST': data = request.get_json() if 'username' in data and 'password' in data and 'firstName' in data and 'lastName' in data and 'gender' in data and 'city' in data and 'country' in data: username = data['username'] password = data['password'] firstName = data['firstName'] lastName = data['lastName'] gender = data['gender'] city = data['city'] country = data['country'] infos = [ username, password, firstName, lastName, gender, city, country ] if len(username) > 30 or len(password) > 40 or len( firstName) > 20 or len(lastName) > 20 or len( gender) > 10 or len(city) > 20 or len(country) > 20: answer = { "success": False, "message": "One of the fields is too long", "data": "" } else: if re.search(r"^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$", username): if not database_helper.check_user_exists_email(username): if len(password) < 10: answer = { "success": False, "message": "Password too short", "data": "" } else: database_helper.save_user(infos) database_helper.set_profile_visits_user(username) answer = { "success": True, "message": "Sucessfully signed up !", "data": "" } else: answer = { "success": False, "message": "User already exists", "data": "" } else: answer = { "success": False, "message": "The username is not an email adress ", "data": "" } else: answer = { "success": False, "message": "Missing one or more field", "data": "" } return json.dumps(answer), 200 else: abort(404)