def update_user(config, u, p, new_username, new_password):
if not (new_username or new_password):
sys.exit("Error: at least one of: [--new_username, --new_password]"
" options must be specified!")
try:
s = api.get_scoped_session(config.conf)
with s.begin():
user = api.user_get_by_username(s, u)
if not user:
sys.exit("Error: user does not exist!")
if not utils.checkpw(p, user.password):
sys.exit("Error: incorrect password!")
if new_username:
new_user = api.user_get_by_username(s, new_username)
if new_user:
sys.exit("Username: '******' already exists!" % new_username)
printv(config, "Updating user information")
if new_username:
user.username = new_username
if new_password:
user.password = utils.hashpw(new_password)
api.user_update(s, user)
print("Successfully updated user %s" % user.username)
except Exception as e:
sys.exit("Error: %s" % str(e))
def del_user(config, u, p, remove_data):
try:
s = api.get_scoped_session(config.conf)
with s.begin():
user = api.user_get_by_username(s, u)
if not user:
sys.exit("Error: user does not exist!")
if not utils.checkpw(p, user.password):
sys.exit("Error: incorrect password!")
if remove_data:
printv(config, "Removing user's categories data ...")
api.category_delete_all(s, user, True)
printv(config, "Removing user's items data ...")
api.item_delete_all(s, user)
printv(config, "Removing user ...")
api.user_delete(s, user)
user = api.user_get_by_username(s, u)
if user:
print("Error: unable to delete user: '******'" % u)
else:
print("Successfully deleted user: '******'" % u)
except Exception as e:
sys.exit("Error: %s" % str(e))
def _do_delete(self):
request_body = self.request.get_json()
# Extract required username field
try:
username = request_body['username']
except KeyError:
return self.error("Missing username!")
if not username:
return self.error("Empty username!")
# Extract required password field
try:
password = request_body['password']
except KeyError:
return self.error("Missing password!")
if not password:
return self.error("Empty password!")
try:
user = api.user_get_by_username(username, session=self.session)
if not user:
return self.error("User doesn't exist!")
if not utils.checkpw(password, user.password):
return self.error("Invalid password!")
api.user_delete_by_username(username, session=self.session)
return {'result': "success"}
except Exception:
return self.error("Unable to delete user from the database!")
def login():
if request.method == 'POST':
user = api.user_get_by_username(request.form['username'])
if user and utils.checkpw(request.form['password'], user.password):
session['username'] = request.form['username']
return redirect(url_for('index'))
else:
return redirect(url_for('login'))
elif 'username' in session:
return redirect(url_for('index'))
return '''
def _do_delete(self):
"""
Delete a user.
:returns: success result
"""
payload_dicts = [{
'name': "username",
'is_list': False,
'required': True
}, {
'name': "password",
'is_list': False,
'required': True
}]
payload_objects = self._check_payload(payload_dicts)
u = self._validate(payload_objects[0], 'username')
p = self._validate(payload_objects[1], 'password')
try:
user = api.user_get_by_username(self.session, u)
if not user:
raise bh.OppError("User does not exist!")
if not utils.checkpw(p, user.password):
raise bh.OppError("Incorrect password supplied!")
api.category_delete_all(self.session, user, True)
api.item_delete_all(self.session, user)
api.user_delete(self.session, user)
user = api.user_get_by_username(self.session, u)
if user:
bh.OppError("Unable to delete user: '******'" % u)
else:
return {'result': 'success'}
except bh.OppError as e:
raise bh.OppError(e.error, e.desc, e.status, e.headers)
except Exception:
raise bh.OppError("Unable to delate user: '******'" % u)
def _do_post(self, phrase):
request_body = self.request.get_json()
# Extract required username field
try:
username = request_body['username']
except KeyError:
return self.error("Missing username!")
if not username:
return self.error("Empty username!")
# Extract required old password field
try:
old_password = request_body['current_password']
except KeyError:
return self.error("Missing current password!")
if not old_password:
return self.error("Empty current password!")
# Extract required new password field
try:
new_password = request_body['new_password']
except KeyError:
return self.error("Missing new password!")
if not new_password:
return self.error("Empty new password!")
try:
user = api.user_get_by_username(username, session=self.session)
if not user:
return self.error("User doesn't exist!")
if not utils.checkpw(old_password, user.password):
return self.error("Invalid password!")
user.password = utils.hashpw(new_password)
api.user_update(user, session=self.session)
return {'result': "success"}
except Exception:
return self.error("Unable to update user in the database!")
def update_phrase(config, u, p, old_phrase, new_phrase):
if len(new_phrase) < 6:
sys.exit("Error: passphrase must be at least 6 characters long!")
try:
old_cipher = aescipher.AESCipher(old_phrase)
new_cipher = aescipher.AESCipher(new_phrase)
s = api.get_scoped_session(config.conf)
with s.begin():
user = api.user_get_by_username(s, u)
if not user:
sys.exit("Error: user does not exist!")
if not utils.checkpw(p, user.password):
sys.exit("Error: incorrect password!")
try:
if old_cipher.decrypt(user.phrase_check) != "OK":
sys.exit("Error: incorrect old passphrase supplied!")
except UnicodeDecodeError:
sys.exit("Error: incorrect old passphrase supplied!")
printv(config, "Updating user information")
user.phrase_check = new_cipher.encrypt("OK")
api.user_update(s, user)
printv(config, "Updating user's categories")
categories = api.category_getall(s, user)
for category in categories:
category.recrypt(old_cipher, new_cipher)
api.category_update(s, categories)
printv(config, "Updating user's items")
items = api.item_getall(s, user)
for item in items:
item.recrypt(old_cipher, new_cipher)
api.item_update(s, items)
print("All of user's data has been successfuly "
"re-encrypted with the new passphrase.")
except Exception as e:
sys.exit("Error: %s" % str(e))
def authenticate(username, password):
user = api.user_get_by_username(username)
if user and utils.checkpw(password, user.password):
return user
return None
def _do_post(self, phrase):
"""
Update a user.
:param phrase: not used
:returns: success result
"""
payload_dicts = [{
'name': "username",
'is_list': False,
'required': True
}, {
'name': "password",
'is_list': False,
'required': True
}, {
'name': "new_username",
'is_list': False,
'required': False
}, {
'name': "new_password",
'is_list': False,
'required': False
}]
payload_objects = self._check_payload(payload_dicts)
u = self._validate(payload_objects[0], 'username')
p = self._validate(payload_objects[1], 'password')
new_u = payload_objects[2].strip()
new_p = payload_objects[3].strip()
if not (new_u or new_p):
raise bh.OppError("at least one of: "
"[--new_username, --new_password] is required!")
try:
user = api.user_get_by_username(self.session, u)
if not user:
raise bh.OppError("User does not exist!")
if not utils.checkpw(p, user.password):
raise bh.OppError("Incorrect password supplied!")
if new_u:
new_user = api.user_get_by_username(self.session, new_u)
if new_user:
raise bh.OppError("Username: '******' already exists!" % new_u)
if new_u:
user.username = new_u
if new_p:
user.password = utils.hashpw(new_p)
api.user_update(self.session, user)
user = api.user_get_by_username(self.session, user.username)
if user:
return {'result': 'success'}
else:
raise bh.OppError("Unable to add user: '******'" % u)
except bh.OppError as e:
raise bh.OppError(e.error, e.desc, e.status, e.headers)
except Exception:
raise bh.OppError("Unable to update user: '******'" % u)
