コード例 #1
0
ファイル: views.py プロジェクト: DOCA-IIIT-Sricity/DOCA
def verifyotp(request):
    email = getEmail(request.session['session_key'])
    if request.method == "GET":
        table = Table('otp')
        response = table.scan(FilterExpression={'email': email}).values()

        if response['Count'] == 0:
            sendOtp(email, 1)

        else:
            for x in response['Items']:
                date_time = datetime.strptime(x['timestamp'], "%Y%m%d%H%M%S")
                is4verify = 1 if 'isRegister' in x else 0
                if datetime.now() > date_time + timedelta(minutes=15):
                    sendOtp(email, 1)
                    table.delete(FilterExpression={'otp': x['otp']})
                    break
                if is4verify == 0:
                    sendOtp(email, 1)
        return render(request, 'accounts/verification.html')

    if request.method == "POST":
        form = OTPVerificationForm(request.POST)
        if form.is_valid():
            generatedotp = form.cleaned_data['o1'] + form.cleaned_data[
                'o2'] + form.cleaned_data['o3'] + form.cleaned_data[
                    'o4'] + form.cleaned_data['o5'] + form.cleaned_data['o6']
            generatedotp = hashlib.sha256(
                (generatedotp + SECRET_KEY).encode()).hexdigest()
            table = Table('otp')
            response = table.scan(FilterExpression={
                'otp': generatedotp
            }).values()

            if response['Count'] == 1:
                if response['Items'][0]['otp'] == generatedotp:
                    table.delete(FilterExpression={
                        'otp': generatedotp,
                    })

                    table0 = Table('users')
                    print("has Updated")
                    table0.update(
                        FilterExpression={
                            'email': email,
                        },
                        UpdateExpression={
                            "isVerified": 1,
                        },
                    )
                    del request.session['session_key']
                    return HttpResponseRedirect('/accounts/login/')
                return render(request, 'accounts/verification.html',
                              {'err': 'OTP not match'})
            return HttpResponseRedirect('/accounts/login/')
コード例 #2
0
ファイル: views.py プロジェクト: DOCA-IIIT-Sricity/DOCA
def changePassword(request):
    if request.method == "GET":
        if 'tk' in request.GET:
            tk = request.GET['tk']
            tk = tk.encode('utf-8')
            jdata = jwt.decode(tk, SECRET_KEY, algorithms=['HS256'])

            if 'timestamp' not in jdata or 'email' not in jdata or 'signature' not in jdata:
                return render(request, 'global/400.html')

            if datetime.strptime(
                    jdata['timestamp'],
                    "%Y%m%d%H%M%S") + timedelta(minutes=5) < datetime.now():
                return render(request, 'global/400.html')

            email = jdata['email']
            timestamp0 = jdata['timestamp']
            signature = jdata['signature']
            genSignature = hashlib.sha256(
                (email + timestamp0 + SECRET_KEY).encode()).hexdigest()
            if signature != genSignature:
                return render(request, 'global/400.html')
            table = Table('forgototpsignatures')
            resp = table.scan(FilterExpression={
                'signature': signature
            }).values()

            if resp['Count'] != 1:
                return render(request, 'global/400.html')
            return render(request, 'accounts/change_password.html',
                          {'tk': tk.decode('utf-8')})
        return render(request, 'global/400.html')

    if request.method == "POST":
        form = ChangePasswordForm(request.POST)
        err = ""
        if form.is_valid():
            tk = form.cleaned_data['tk']
            paswd = form.cleaned_data['new_paswd']
            cpaswd = form.cleaned_data['cnfrm_paswd']
            if isvalidPassword(paswd) == False or isvalidPassword(
                    cpaswd) == False:
                err += "password should contain one Capital letter on small letter and one Number"
            if cpaswd != paswd:
                err += "password not matched"

            if err == "":
                tk = tk.encode('utf-8')
                jdata = jwt.decode(tk, SECRET_KEY, algorithms=['HS256'])

                if 'timestamp' not in jdata or 'email' not in jdata or 'signature' not in jdata:
                    return render(request, 'global/400.html')

                if datetime.strptime(jdata['timestamp'], "%Y%m%d%H%M%S"
                                     ) + timedelta(minutes=5) < datetime.now():
                    return render(request, 'global/400.html')

                email = jdata['email']
                timestamp0 = jdata['timestamp']
                signature = jdata['signature']
                genSignature = hashlib.sha256(
                    (email + timestamp0 + SECRET_KEY).encode()).hexdigest()
                if signature != genSignature:
                    return render(request, 'global/400.html')
                table = Table('forgototpsignatures')
                resp = table.scan(FilterExpression={
                    'signature': signature
                }).values()
                if resp['Count'] != 1:
                    return render(request, 'global/400.html')
                table.delete(FilterExpression={'signature': signature})
                hasedpassword = hashlib.sha256(
                    (paswd + SECRET_KEY).encode()).hexdigest()
                table = Table('users')
                table.update(
                    FilterExpression={'email': email},
                    UpdateExpression={'password': hasedpassword},
                )
                return HttpResponse("Password Changed Successfully")
            return render(request, 'accounts/change_password.html', {
                'err': err,
                'tk': tk
            })
        return render(request, 'accounts/change_password.html', {'err': err})