def write_user_file(username,
password,
admin,
email,
realname,
git_username,
git_password,
git_2fa=False):
#this is used to write information into a text file to serve as a debugging tool and log
#change logging=True to start logging
userdir = prefix + "users" + os.sep
f = open(userdir + username + '.ini', "w")
f.write('username='******'\n')
f.write('password='******'\n')
f.write('realname=' + realname + '\n')
f.write('admin=' + str(admin) + '\n')
f.write('email=' + email + '\n')
f.write('max-age=0' + '\n')
f.write('editable=Yes' + '\n')
f.write('numlogins = 85\nnumused = 2869\n')
# get oauth token for github. Add current date to note since they need to be unique or an error will occur
note = project + ", " + time.ctime()
try:
auth = github3.authorize(git_username, git_password, ['repo'], note,
"")
f.write('git_username='******'\n')
f.write('git_token=' + auth.token + '\n')
f.write('git_id=' + str(auth.id) +
'\n') # in case we ever need to update authorizations
f.write('git_2fa=' + str(git_2fa).lower() + '\n')
except:
# would be ideal to show an error, but just fail silently
pass
f.close()
def write_user_file(username, password, admin, email, realname, git_username,
git_password):
#this is used to write information into a text file to serve as a debugging tool and log
#change logging=True to start logging
userdir = prefix + "users" + os.sep
f = open(userdir + username + '.ini', "w")
f.write('username='******'\n')
f.write('password='******'\n')
f.write('realname=' + realname + '\n')
f.write('admin=' + str(admin) + '\n')
f.write('email=' + email + '\n')
f.write('max-age=0' + '\n')
f.write('numlogins = 85\nnumused = 2869\n')
f.write('git_username='******'\n')
f.write('git_password='******'\n')
f.close()
def encodestring(username, password):
"""Given a username and password return a new encoded string for use by decodecookie."""
ranstring = randomstring(10)
thishash = hashlib.sha1(password + ranstring).hexdigest()
return pass_enc('||'.join([username, thishash, ranstring]),
daynumber=True,
timestamp=True)
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie):
"""Process the results from edit account form submissions."""
from modules.dataenc import pass_enc, pass_dec
loginaction = theform['login'].value
if not loginaction == 'doeditaccountnojs': # only type of newlogin supported so far
sys.exit()
allentries = theform.keys()
vallist = allentries + [
entry for entry in edacckeys if entry not in allentries
]
formdict = getform(vallist, theform, nolist=True)
#
oldpass_hash = pwd_context.hash(formdict['pass0'], salt="")
storedpass_hash = pass_dec(userconfig['password'])[0]
pass1 = formdict['pass1']
pass2 = formdict['pass2']
#
email = validateemail(formdict)
oldemail = userconfig['email']
if not email:
msg = 'The email address you supplied appears to be invalid.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
if email != oldemail and (not oldpass_hash
or oldpass_hash != storedpass_hash):
msg = 'You must correctly enter your password to change your email address.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
userconfig['email'] = email
if not formdict['realname']:
msg = 'You need to enter a name for us to use.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
userconfig['realname'] = formdict['realname']
if pass1 or pass2:
if pass1 != pass2:
msg = "The two passwords don't match."
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
if len(pass1) < 5:
msg = "The password must be longer than 5 characters."
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
if not oldpass_hash or oldpass_hash != storedpass_hash:
msg = 'You must correctly enter your current password to change it.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie,
userconfig)
pass1_hash = pwd_context.hash(pass1, salt="")
userconfig['password'] = pass_enc(pass1_hash,
daynumber=True,
timestamp=True)
newcookie = makecookie(userconfig, pass1_hash,
ConfigObj(userdir + 'config.ini')['cookiepath'])
for entry in formdict:
if entry not in edacckeys:
userconfig[entry] = formdict[entry]
userconfig.write()
return action, userconfig, newcookie # XXXXX display values changed page
def confirm(theform, userdir, thisscript):
"""Confirm a login.
Either from an invite or from a user who has registered."""
from modules.dataenc import pass_dec, pass_enc
from login import encodestring
fail = False
try:
theval, daynumber, timestamp = pass_dec(theform['id'].value)
except:
# FIXME: bare except....
newloginfail()
tempstore = ConfigObj(userdir + 'temp.ini')
if not tempstore.has_key(theval):
newloginfail()
uservals = tempstore[theval]
del tempstore[theval]
username = uservals['username']
if username in tempstore['pending']:
tempstore['pending'].remove(username)
tempstore.write()
#
newconfig = ConfigObj(userdir + 'default.ini')
newpath = userdir + username + '.ini'
if os.path.isfile(newpath):
newloginfail()
newconfig.filename = newpath
# FIXME: should this be '' ?
action = None
for entry in uservals:
if entry == 'action':
action = uservals[entry]
elif entry == 'password':
password = uservals[entry]
newconfig[entry] = pass_enc(password, timestamp=True, daynumber=True)
else:
newconfig[entry] = uservals[entry]
newconfig.write()
#
# next we need to create the cookie header to return it
from Cookie import SimpleCookie
thecookie = SimpleCookie()
thecookie['userid'] = encodestring(newconfig['username'], password)
config = ConfigObj(userdir + 'config.ini')
maxage = newconfig['max-age']
cookiepath = config['cookiepath']
if maxage and int(maxage): # possible cause of error here if the maxage value in a users file isn't an integer !!
thecookie['userid']['max-age'] = int(maxage)
if cookiepath:
thecookie['userid']['path'] = cookiepath
if config['adminmail']:
msg = 'A new user has created a login - "%s".\n\n' % thisscript
for entry in newconfig:
if entry != 'password':
msg += entry + ' : ' + newconfig[entry] + '\n'
# FIXME: should be mailme
sendmailme(config['adminmail'], msg, config['email_subject'],
config['adminmail'], html=False)
return action, newconfig, thecookie.output()
def createuser(userdir, realname, username, email, password, adminlev):
"""Create a new user."""
from time import time
from modules.dataenc import pass_enc
from modules.configobj import ConfigObj
user = ConfigObj(userdir+'default.ini')
user.filename = userdir + username + '.ini' # XXXX this does no checkign htat the name is valid and doesn't already exist !!
user['username'] = username
user['realname'] = realname
user['email'] = email
user['admin'] = adminlev
user['password'] = pass_enc(password, timestamp=True, daynumber=True)
user['created'] = str(time())
user.write()
def createuser(userdir, realname, username, email, password, adminlev):
"""Create a new user."""
from time import time
from modules.dataenc import pass_enc
from modules.configobj import ConfigObj
user = ConfigObj(userdir + 'default.ini')
user.filename = userdir + username + '.ini' # XXXX this does no checkign htat the name is valid and doesn't already exist !!
user['username'] = username
user['realname'] = realname
user['email'] = email
user['admin'] = adminlev
user['password'] = pass_enc(password, timestamp=True, daynumber=True)
user['created'] = str(time())
user.write()
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie):
"""Process the results from edit account form submissions."""
from modules.dataenc import pass_enc, pass_dec
loginaction = theform['login'].value
if not loginaction == 'doeditaccountnojs': # only type of newlogin supported so far
sys.exit()
allentries = theform.keys()
vallist = allentries + [entry for entry in edacckeys if entry not in allentries]
formdict = getform(vallist, theform, nolist=True)
#
oldpass = formdict['pass0']
storedpass = pass_dec(userconfig['password'])[0]
pass1 = formdict['pass1']
pass2 = formdict['pass2']
#
email = validateemail(formdict)
oldemail = userconfig['email']
if not email:
msg = 'The email address you supplied appears to be invalid.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
if email != oldemail and (not oldpass or oldpass != storedpass):
msg = 'You must correctly enter your password to change your email address.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
userconfig['email'] = email
if not formdict['realname']:
msg = 'You need to enter a name for us to use.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
userconfig['realname'] = formdict['realname']
if pass1 or pass2:
if pass1 != pass2:
msg = "The two passwords don't match."
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
if len(pass1) < 5:
msg = "The password must be longer than 5 characters."
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
if not oldpass or oldpass != storedpass:
msg = 'You must correctly enter your current password to change it.'
display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
userconfig['password'] = pass_enc(pass1, daynumber=True, timestamp=True)
newcookie = makecookie(userconfig, pass1, ConfigObj(userdir+'config.ini')['cookiepath'])
for entry in formdict:
if entry not in edacckeys:
userconfig[entry] = formdict[entry]
userconfig.write()
return action, userconfig, newcookie # XXXXX display values changed page
def update_password(user, new_pass):
f = open(prefix + 'users' + os.sep + user + '.ini', 'r')
ff = f.read().split('\n')
f.close()
new_file = []
for line in ff:
if line != '':
line_split = line.split('=')
if line_split[0].strip().startswith('password'):
newline = 'password = '******'users' + os.sep + user + '.ini', 'w').close()
g = open('users/' + user + '.ini', 'a')
for l in new_file:
g.write(l + '\n')
g.close()
def savedetails(userdir, formdict, action=None):
"""
Given the form from a validated new login, it saves the details to the
temporary store.
It also cleans up any out of date ones that haven't been used.
"""
from modules.dateutils import returndate, daycount
from modules.dataenc import pass_enc
#
tempstore = ConfigObj(userdir + 'temp.ini')
if action:
formdict['action'] = action
year, month, day = returndate()
today = daycount(year, month, day)
#
for section in tempstore:
if section[4:].isdigit():
if int(section[4:]) > today + 30:
name = tempstore[section]['username']
tempstore['pending'].remove(name)
del tempstore[section]
#
ran = randomstring(4)
while tempstore.has_key(ran + str(today)):
ran = randomstring(4)
key = ran + str(today)
tempstore[key] = {}
store = tempstore[key]
for entry in formdict:
if entry == 'pass1' or entry == 'pass2':
store['password'] = pwd_context.hash(formdict[entry], salt="")
elif entry == 'login':
pass
else:
store[entry] = formdict[entry]
if not tempstore.has_key('pending'):
tempstore['pending'] = []
tempstore['pending'].append(formdict['username'])
tempstore.write()
return pass_enc(key, timestamp=True, daynumber=True)
def savedetails(userdir, formdict, action=None):
"""
Given the form from a validated new login, it saves the details to the
temporary store.
It also cleans up any out of date ones that haven't been used.
"""
from modules.dateutils import returndate, daycount
from modules.dataenc import pass_enc
#
tempstore = ConfigObj(userdir + 'temp.ini')
if action:
formdict['action'] = action
year, month, day = returndate()
today = daycount(year, month, day)
#
for section in tempstore:
if section[4:].isdigit():
if int(section[4:]) > today + 30:
name = tempstore[section]['username']
tempstore['pending'].remove(name)
del tempstore[section]
#
ran = randomstring(4)
while tempstore.has_key(ran+str(today)):
ran = randomstring(4)
key = ran+str(today)
tempstore[key] = {}
store = tempstore[key]
for entry in formdict:
if entry == 'pass1' or entry == 'pass2':
store['password'] = formdict[entry]
elif entry == 'login':
pass
else:
store[entry] = formdict[entry]
if not tempstore.has_key('pending'):
tempstore['pending'] = []
tempstore['pending'].append(formdict['username'])
tempstore.write()
return pass_enc(key, timestamp=True, daynumber=True)
def gitdox_migrate_userconfig(o, config):
"""GitDox's scheme for user objects changed after version 0.9.1. This function
checks the config to see if it uses the old scheme, and changes it if it does."""
old_pass, _, _ = pass_dec(o['password'])
if not old_pass.startswith('$6$rounds=656000$$'):
o['password'] = pass_enc(pwd_context.hash(old_pass, salt=""))
o.write()
if 'git_password' in o and o['git_password'] != "" \
and 'git_username' in o and o['git_username'] != "":
old = pass_dec(o['git_password'])[0]
username = o['git_username']
note = config['project'] + ", " + ctime()
try:
auth = github3.authorize(username, old, ['repo'], note, "")
o['git_token'] = auth.token
o['git_id'] = auth.id
del o['git_password']
o.write()
except:
pass # fail silently
def confirm(theform, userdir, thisscript):
"""Confirm a login.
Either from an invite or from a user who has registered."""
from modules.dataenc import pass_dec, pass_enc
from login import encodestring
fail = False
try:
theval, daynumber, timestamp = pass_dec(theform['id'].value)
except:
# FIXME: bare except....
newloginfail()
tempstore = ConfigObj(userdir + 'temp.ini')
if not tempstore.has_key(theval):
newloginfail()
uservals = tempstore[theval]
del tempstore[theval]
username = uservals['username']
if username in tempstore['pending']:
tempstore['pending'].remove(username)
tempstore.write()
#
newconfig = ConfigObj(userdir + 'default.ini')
newpath = userdir + username + '.ini'
if os.path.isfile(newpath):
newloginfail()
newconfig.filename = newpath
# FIXME: should this be '' ?
action = None
for entry in uservals:
if entry == 'action':
action = uservals[entry]
elif entry == 'password':
password = uservals[entry]
pwd_hash = pwd_context.hash(password, salt="")
newconfig[entry] = pass_enc(pwd_hash,
timestamp=True,
daynumber=True)
else:
newconfig[entry] = uservals[entry]
newconfig.write()
#
# next we need to create the cookie header to return it
from Cookie import SimpleCookie
thecookie = SimpleCookie()
pwd_hash = pwd_context.hash(password, salt="")
thecookie['userid'] = encodestring(newconfig['username'], pwd_hash)
config = ConfigObj(userdir + 'config.ini')
maxage = newconfig['max-age']
cookiepath = config['cookiepath']
if maxage and int(
maxage
): # possible cause of error here if the maxage value in a users file isn't an integer !!
thecookie['userid']['max-age'] = int(maxage)
if cookiepath:
thecookie['userid']['path'] = cookiepath
if config['adminmail']:
msg = 'A new user has created a login - "%s".\n\n' % thisscript
for entry in newconfig:
if entry != 'password':
msg += entry + ' : ' + newconfig[entry] + '\n'
# FIXME: should be mailme
sendmailme(config['adminmail'],
msg,
config['email_subject'],
config['adminmail'],
html=False)
return action, newconfig, thecookie.output()
from modules.dataenc import pass_enc
from passlib.apps import custom_app_context
from modules.configobj import ConfigObj
if raw_input:
p = raw_input("Enter a password for user `admin`:\n")
else:
p = input("Enter a password for user `admin`:\n")
try:
admin = ConfigObj('users/admin.ini')
admin['password'] = pass_enc(custom_app_context.hash(p, salt=""))
admin.write()
print("Successfully changed password for admin.")
except Exception as e:
print("Could not change password for admin.")
raise e
def encodestring(username, pwd_hash):
"""Given a username and password return a new encoded string for use by decodecookie."""
return pass_enc('||'.join([username, pwd_hash]), daynumber=True, timestamp=True)
def encodestring(username, password):
"""Given a username and password return a new encoded string for use by decodecookie."""
ranstring = randomstring(10)
thishash = hashlib.sha1(password + ranstring).hexdigest()
return pass_enc('||'.join([username, thishash, ranstring]), daynumber=True, timestamp=True)
