def create_user(self): """ Add user to the database """ if User.by_handle(self.get_argument("handle", "")) is not None: raise ValidationError("This handle is already registered") if self.get_argument("pass1", "") != self.get_argument("pass2", ""): raise ValidationError("Passwords do not match") user = User() user.handle = self.get_argument("handle", "") user.password = self.get_argument("pass1", "") user.bank_password = self.get_argument("bpass", "") user.name = self.get_argument("playername", "") user.email = self.get_argument("email", "") team = self.get_team() self.dbsession.add(user) self.dbsession.add(team) self.dbsession.commit() # Avatar avatar_select = self.get_argument("user_avatar_select", "") if avatar_select and len(avatar_select) > 0: user._avatar = avatar_select elif hasattr(self.request, "files") and "avatar" in self.request.files: user.avatar = self.request.files["avatar"][0]["body"] team.members.append(user) if not options.teams: if avatar_select and len(avatar_select) > 0: team._avatar = avatar_select elif hasattr(self.request, "files") and "avatar" in self.request.files: team.avatar = self.request.files["avatar"][0]["body"] self.dbsession.add(user) self.dbsession.add(team) self.dbsession.commit() self.event_manager.user_joined_team(user) return user
def post(self, *args, **kwargs): ''' Checks submitted username and password ''' user = User.by_handle(self.get_argument('account', '')) password_attempt = self.get_argument('password', '') if user is not None: if user.validate_password(password_attempt): if not user.locked: if self.game_started(user): self.successful_login(user) if self.config.story_mode and user.logins == 1 and not user.has_permission( ADMIN_PERMISSION): self.redirect('/user/missions/firstlogin') else: self.redirect('/user') else: self.render('public/login.html', errors=None, info=["The game has not started yet"]) else: self.render('public/login.html', info=None, errors=["Your account has been locked"]) else: self.failed_login() else: if password_attempt is not None: PBKDF2.crypt(password_attempt, "BurnTheHashTime") self.failed_login()
def post(self, *args, **kwargs): """ Checks submitted username and password """ user = User.by_handle(self.get_argument("account", "")) password_attempt = self.get_argument("password", "") if user is not None: if user.validate_password(password_attempt): if not user.locked: self.successful_login(user) if (self.config.story_mode and user.logins == 1 and not user.is_admin()): self.redirect("/user/missions/firstlogin") else: self.redirect("/user") else: self.render( "public/login.html", info=None, errors=["Your account has been locked"], ) else: self.failed_login() else: if password_attempt is not None: PBKDF2.crypt(password_attempt, "BurnTheHashTime") self.failed_login()
def form_validation(self): if (bool( re.match(r"^[a-zA-Z0-9_\-\.]{3,16}$", self.get_argument("handle", ""))) is False): raise ValidationError("Invalid handle format") email = self.get_argument("email", None) if options.require_email and (not email or not len(email) > 0): raise ValidationError("Email address is required") if (email and bool( re.match( r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$", self.get_argument("email", ""), )) is False): raise ValidationError("Invalid email format") if (self.get_argument("playername", None) and bool( re.match(r"^[a-zA-Z0-9 ]{3,64}$", self.get_argument("playername", ""))) is False): raise ValidationError("Invalid playername format") if (User.by_handle(self.get_argument("handle", ""), case_sensitive=False) is not None): raise ValidationError("This handle is already registered") if (options.require_email and User.by_email( self.get_argument("email", None)) is not None): raise ValidationError("This email address is already registered") if self.get_argument("pass1", "") != self.get_argument("pass2", ""): raise ValidationError("Passwords do not match")
def create_user(self): ''' Add user to the database ''' if User.by_handle(self.get_argument('handle', '')) is not None: raise ValidationError("This handle is already registered") if self.get_argument('pass1', '') != self.get_argument('pass2', ''): raise ValidationError("Passwords do not match") user = User() user.handle = self.get_argument('handle', '') user.password = self.get_argument('pass1', '') user.bank_password = self.get_argument('bpass', '') user.name = self.get_argument('playername', '') user.email = self.get_argument('email','') team = self.get_team() self.dbsession.add(user) self.dbsession.add(team) self.dbsession.commit() # Avatar avatar_select = self.get_argument('user_avatar_select', '') if avatar_select and len(avatar_select) > 0: user._avatar = avatar_select elif hasattr(self.request, 'files') and 'avatar' in self.request.files: user.avatar = self.request.files['avatar'][0]['body'] team.members.append(user) if not options.teams: if avatar_select and len(avatar_select) > 0: team._avatar = avatar_select elif hasattr(self.request, 'files') and 'avatar' in self.request.files: team.avatar = self.request.files['avatar'][0]['body'] self.dbsession.add(user) self.dbsession.add(team) self.dbsession.commit() self.event_manager.user_joined_team(user) return user
def create_user(self): ''' Add user to the database ''' if User.by_handle(self.get_argument('handle', '')) is not None: raise ValidationError("This hacker name is already registered") if self.get_argument('pass1', '') != self.get_argument('pass2', ''): raise ValidationError("Passwords do not match") user = User() user.handle = self.get_argument('handle', '') user.password = self.get_argument('pass1', '') user.bank_password = self.get_argument('bpass', '') user._name = self.get_argument('playername', '') team = self.get_team() self.dbsession.add(user) self.dbsession.add(team) self.dbsession.commit() # Avatar avatar_select = self.get_argument('user_avatar_select', '') if avatar_select and len(avatar_select) > 0: user._avatar = avatar_select elif hasattr(self.request, 'files') and 'avatar' in self.request.files: user.avatar = self.request.files['avatar'][0]['body'] team.members.append(user) if not options.teams: if avatar_select and len(avatar_select) > 0: team._avatar = avatar_select elif hasattr(self.request, 'files') and 'avatar' in self.request.files: team.avatar = self.request.files['avatar'][0]['body'] self.dbsession.add(user) self.dbsession.add(team) self.dbsession.commit() self.event_manager.user_joined_team(user) return user
def wrapper(self, *args, **kwargs): if self.session is not None: user = User.by_handle(self.session["handle"]) if user is not None and user.has_permission(permission): return method(self, *args, **kwargs) logging.warn("Attempted unauthorized access from %s to %s" % (self.request.remote_ip, self.request.uri)) self.redirect(self.application.settings["forbidden_url"])
def wrapper(self, *args, **kwargs): if self.session is not None: user = User.by_handle(self.session['handle']) if user is not None and user.has_permission(permission): return method(self, *args, **kwargs) logging.warn("Attempted unauthorized access from %s to %s" % ( self.request.remote_ip, self.request.uri, )) self.redirect(self.application.settings['forbidden_url'])
def create_user(): user = User.by_handle("HacKer") if user is None: user = User() user.handle = "HacKer" user.password = "******" user.bank_password = "******" dbsession.add(user) dbsession.commit() return user
def get_current_user(self): """ Get current user object from database """ if self.session is not None: try: return User.by_handle(self.session["handle"]) except KeyError: logging.exception("Malformed session: %r" % self.session) except: logging.exception("Failed call to get_current_user()") return None
def post(self, *args, **kwargs): """ Checks submitted username and password """ user = User.by_handle(self.get_argument("account", "")) password_attempt = self.get_argument("password", "") if user is not None: if user.validate_password(password_attempt): self.valid_login(user) else: self.failed_login() else: if password_attempt is not None: PBKDF2.crypt(password_attempt, "BurnTheHashTime") self.failed_login()
def create_user(self, team): ''' Add user to the database ''' if User.by_handle(self.get_argument('handle', '')) is not None: raise ValidationError("This hacker name is already registered") if self.get_argument('pass1', '') != self.get_argument('pass2', ''): raise ValidationError("Passwords do not match") user = User() user.handle = self.get_argument('handle', '') user.password = self.get_argument('pass1', '') user.bank_password = self.get_argument('bpass', '') team.members.append(user) self.dbsession.add(user) self.dbsession.add(team) self.dbsession.commit() self.event_manager.user_joined_team(user) return user
def edit_user(self): ''' Update user objects in the database ''' try: user = User.by_uuid(self.get_argument('uuid', '')) if user is None: raise ValidationError("User does not exist") handle = self.get_argument('handle', '') if user.handle != handle: if User.by_handle(handle) is None: logging.info("Updated user handle %s -> %s" % ( user.handle, handle )) user.handle = handle else: raise ValidationError("Handle is already in use") hash_algorithm = self.get_argument('hash_algorithm', '') if hash_algorithm != user.algorithm: if hash_algorithm in user.algorithms: if 0 < len(self.get_argument('bank_password', '')): logging.info("Updated %s's hashing algorithm %s -> %s" % ( user.handle, user.algorithm, hash_algorithm, )) user.algorithm = hash_algorithm else: raise ValidationError( "You must provide a new bank password when updating the hashing algorithm") else: raise ValidationError("Not a valid hash algorithm") user.password = self.get_argument('password', '') if len(self.get_argument('bank_password', '')): user.bank_password = self.get_argument('bank_password', '') team = Team.by_uuid(self.get_argument('team_uuid', '')) if team is not None: if user not in team.members: logging.info("Updated %s's team %s -> %s" % ( user.handle, user.team_id, team.name )) user.team_id = team.id else: raise ValidationError("Team does not exist in database") self.dbsession.add(user) self.dbsession.commit() self.redirect('/admin/users') except ValidationError as error: self.render("admin/view/users.html", errors=[str(error), ] )
def transfer(self): user = self.get_current_user() source = Team.by_name(self.get_argument('source', '')) destination = Team.by_name(self.get_argument('destination', '')) try: amount = int(self.get_argument('amount', 0)) except ValueError: amount = 0 victim_user = User.by_handle(self.get_argument('user', None)) password = self.get_argument('password', '') user = self.get_current_user() # Validate what we got from the user if source is None: self.write({"error": "Source account does not exist"}) elif destination is None: self.write({"error": "Destination account does not exist"}) elif victim_user is None or not victim_user in source.members: self.write({"error": "User is not authorized for this account"}) elif victim_user in user.team.members: self.write({"error": "You cannot steal from your own team"}) elif not 0 < amount <= source.money: self.write({ "error": "Invalid transfer amount; must be greater than 0 and less than $%d" % source.money }) elif destination == source: self.write( {"error": "Source and destination are the same account"}) elif victim_user.validate_bank_password(password): logging.info("Transfer request from %s to %s for $%d by %s" % (source.name, destination.name, amount, user.handle)) xfer = self.theft(victim_user, destination, amount, password) self.write({ "success": "Confirmed transfer to '%s' for $%d (after 15%s commission)" % ( destination.name, xfer, '%', ) }) else: self.write({"error": "Incorrect password for account, try again"}) self.finish()
def post(self, *args, **kwargs): ''' Checks submitted username and password ''' user = User.by_handle(self.get_argument('account', '')) password_attempt = self.get_argument('password', '') if user is not None and user.validate_password(password_attempt): if not user.locked: if self.game_started(user): self.successful_login(user) if user.logins == 1 and not user.has_permission(ADMIN_PERMISSION): self.redirect('/user/missions/firstlogin') else: self.redirect('/user') else: self.render('public/login.html', errors=["The game has not started yet"]) else: self.render('public/login.html', errors=["Your account has been locked"]) else: self.failed_login()
def transfer(self): user = self.get_current_user() source = Team.by_name(self.get_argument('source', '')) destination = Team.by_name(self.get_argument('destination', '')) try: amount = int(self.get_argument('amount', 0)) except ValueError: amount = 0 victim_user = User.by_handle(self.get_argument('user', None)) password = self.get_argument('password', '') user = self.get_current_user() # Validate what we got from the user if source is None: self.write({"error": "Source account does not exist"}) elif destination is None: self.write({"error": "Destination account does not exist"}) elif victim_user is None or victim_user not in source.members: self.write({"error": "User is not authorized for this account"}) elif victim_user in user.team.members: self.write({"error": "You cannot steal from your own team"}) elif not 0 < amount <= source.money: self.write({ "error": "Invalid transfer amount; must be greater than 0 and less than $%d" % source.money }) elif destination == source: self.write({ "error": "Source and destination are the same account" }) elif victim_user.validate_bank_password(password): logging.info("Transfer request from %s to %s for $%d by %s" % ( source.name, destination.name, amount, user.handle )) xfer = self.theft(victim_user, destination, amount, password) self.write({ "success": "Confirmed transfer to '%s' for $%d (15%s commission)" % ( destination.name, xfer, '%' ) }) else: self.write({"error": "Incorrect password for account, try again"}) self.finish()
def form_validation(self): if (bool( re.match(r"^[a-zA-Z0-9_\-\.]{3,16}$", self.get_argument("handle", ""))) is False): raise ValidationError("Invalid handle format") if (self.get_argument("email", None) and bool( re.match( r"^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,3}$", self.get_argument("email", ""), )) is False): raise ValidationError("Invalid email format") if (self.get_argument("playername", None) and bool( re.match(r"^[a-zA-Z0-9 ]{3,64}$", self.get_argument("playername", ""))) is False): raise ValidationError("Invalid email format") if (User.by_handle(self.get_argument("handle", ""), case_sensitive=False) is not None): raise ValidationError("This handle is already registered") if self.get_argument("pass1", "") != self.get_argument("pass2", ""): raise ValidationError("Passwords do not match")
def post(self, *args, **kwargs): ''' Checks submitted username and password ''' user = User.by_handle(self.get_argument('account', '')) password_attempt = self.get_argument('password', '') if user is not None: if user.validate_password(password_attempt): if not user.locked: self.successful_login(user) if self.config.story_mode and user.logins == 1 and not user.is_admin(): self.redirect('/user/missions/firstlogin') else: self.redirect('/user') else: self.render('public/login.html', info=None, errors=["Your account has been locked"]) else: self.failed_login() else: if password_attempt is not None: PBKDF2.crypt(password_attempt, "BurnTheHashTime") self.failed_login()
def edit_user(self): """ Update user objects in the database """ try: user = User.by_uuid(self.get_argument("uuid", "")) if user is None: raise ValidationError("User does not exist") handle = self.get_argument("handle", "") if user.handle != handle: if User.by_handle(handle) is None: logging.info("Updated user handle %s -> %s" % (user.handle, handle)) user.handle = handle else: raise ValidationError("Handle is already in use") name = self.get_argument("name", "") email = self.get_argument("email", "") if user.name != name: logging.info("Updated user Name %s -> %s" % (user.name, name)) user.name = name if user.email != email: logging.info("Updated user Email %s -> %s" % (user.email, email)) user.email = email if options.banking: hash_algorithm = self.get_argument("hash_algorithm", "") if hash_algorithm != user.algorithm: if hash_algorithm in user.algorithms: if 0 < len(self.get_argument("bank_password", "")): logging.info( "Updated %s's hashing algorithm %s -> %s" % (user.handle, user.algorithm, hash_algorithm)) user.algorithm = hash_algorithm else: raise ValidationError( "You must provide a new bank password when updating the hashing algorithm" ) else: raise ValidationError("Not a valid hash algorithm") if len(self.get_argument("bank_password", "")): user.bank_password = self.get_argument("bank_password", "") password = self.get_argument("password", "") if password and len(password) > 0: user.password = password if hasattr(self.request, "files") and "avatarfile" in self.request.files: user.avatar = self.request.files["avatarfile"][0]["body"] else: avatar = self.get_argument("avatar", user.avatar) # allow for default without setting user._avatar = avatar team = Team.by_uuid(self.get_argument("team_uuid", "")) if team is not None: if user not in team.members: logging.info("Updated %s's team %s -> %s" % (user.handle, user.team_id, team.name)) user.team_id = team.id elif options.teams: raise ValidationError("Team does not exist in database") self.dbsession.add(user) admin = self.get_argument("admin", "false") if admin == "true" and not user.is_admin(): permission = Permission() permission.name = ADMIN_PERMISSION permission.user_id = user.id self.dbsession.add(permission) elif admin == "false" and user.is_admin(): permissions = Permission.by_user_id(user.id) for permission in permissions: if permission.name == ADMIN_PERMISSION: self.dbsession.delete(permission) self.dbsession.commit() self.redirect("/admin/users") except ValidationError as error: self.render("admin/view/users.html", errors=[str(error)])
def edit_user(self): ''' Update user objects in the database ''' try: user = User.by_uuid(self.get_argument('uuid', '')) if user is None: raise ValidationError("User does not exist") handle = self.get_argument('handle', '') if user.handle != handle: if User.by_handle(handle) is None: logging.info("Updated user handle %s -> %s" % ( user.handle, handle )) user.handle = handle else: raise ValidationError("Handle is already in use") name = self.get_argument('name', '') email = self.get_argument('email', '') if user.name != name: logging.info("Updated user Name %s -> %s" % ( user.name, name )) user.name = name if user.email != email: logging.info("Updated user Email %s -> %s" % ( user.email, email )) user.email = email if options.banking: hash_algorithm = self.get_argument('hash_algorithm', '') if hash_algorithm != user.algorithm: if hash_algorithm in user.algorithms: if 0 < len(self.get_argument('bank_password', '')): logging.info("Updated %s's hashing algorithm %s -> %s" % ( user.handle, user.algorithm, hash_algorithm, )) user.algorithm = hash_algorithm else: raise ValidationError( "You must provide a new bank password when updating the hashing algorithm") else: raise ValidationError("Not a valid hash algorithm") if len(self.get_argument('bank_password', '')): user.bank_password = self.get_argument('bank_password', '') password = self.get_argument('password', '') if password and len(password) > 0: user.password = password if hasattr(self.request, 'files') and 'avatarfile' in self.request.files: user.avatar = self.request.files['avatarfile'][0]['body'] else: avatar = self.get_argument('avatar', user.avatar) #allow for default without setting user._avatar = avatar team = Team.by_uuid(self.get_argument('team_uuid', '')) if team is not None: if user not in team.members: logging.info("Updated %s's team %s -> %s" % ( user.handle, user.team_id, team.name )) user.team_id = team.id elif options.teams: raise ValidationError("Team does not exist in database") self.dbsession.add(user) admin = self.get_argument('admin', 'false') if admin == 'true' and not user.is_admin(): permission = Permission() permission.name = ADMIN_PERMISSION permission.user_id = user.id self.dbsession.add(permission) elif admin == 'false' and user.is_admin(): permissions = Permission.by_user_id(user.id) for permission in permissions: if permission.name == ADMIN_PERMISSION: self.dbsession.delete(permission) self.dbsession.commit() self.redirect('/admin/users') except ValidationError as error: self.render("admin/view/users.html", errors=[str(error), ] )
def edit_user(self): ''' Update user objects in the database ''' try: user = User.by_uuid(self.get_argument('uuid', '')) if user is None: raise ValidationError("User does not exist") handle = self.get_argument('handle', '') if user.handle != handle: if User.by_handle(handle) is None: logging.info("Updated user handle %s -> %s" % (user.handle, handle)) user.handle = handle else: raise ValidationError("Handle is already in use") name = self.get_argument('name', '') email = self.get_argument('email', '') if user.name != name: logging.info("Updated user Name %s -> %s" % (user.name, name)) user.name = name if user.email != email: logging.info("Updated user Email %s -> %s" % (user.email, email)) user.email = email if options.banking: hash_algorithm = self.get_argument('hash_algorithm', '') if hash_algorithm != user.algorithm: if hash_algorithm in user.algorithms: if 0 < len(self.get_argument('bank_password', '')): logging.info( "Updated %s's hashing algorithm %s -> %s" % ( user.handle, user.algorithm, hash_algorithm, )) user.algorithm = hash_algorithm else: raise ValidationError( "You must provide a new bank password when updating the hashing algorithm" ) else: raise ValidationError("Not a valid hash algorithm") if len(self.get_argument('bank_password', '')): user.bank_password = self.get_argument('bank_password', '') password = self.get_argument('password', '') if password and len(password) > 0: user.password = password if hasattr(self.request, 'files') and 'avatarfile' in self.request.files: user.avatar = self.request.files['avatarfile'][0]['body'] else: avatar = self.get_argument('avatar', user.avatar) #allow for default without setting user._avatar = avatar team = Team.by_uuid(self.get_argument('team_uuid', '')) if team is not None: if user not in team.members: logging.info("Updated %s's team %s -> %s" % (user.handle, user.team_id, team.name)) user.team_id = team.id elif options.teams: raise ValidationError("Team does not exist in database") self.dbsession.add(user) self.dbsession.commit() self.redirect('/admin/users') except ValidationError as error: self.render("admin/view/users.html", errors=[ str(error), ])