def request_new_otp(self):
user_id = InputValidator.check_session_value('user_id')
if user_id and AuthHandler.check_auth_token_db(user_id):
user_id = str(user_id)
user_mail = InputValidator.check_session_value('user_mail')
otp_option = InputValidator.check_session_value('otp_option')
return ResponseHandler.success_response(
OtpHandler.prepare_otp_send(user_id, otp_option, user_mail))
else:
ResponseHandler.unauthorized_response('You are unauthorized')
def caesar_cipher(self, message, shift, option, auth_token):
user_id = InputValidator.check_session_value('user_id')
if not InputValidator.int_validator(int(shift)):
return ResponseHandler.bad_request_response(
'Your Shift value has to be an int')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
return ResponseHandler.success_response(
CaesarCipher(int(shift)).cipher(message, option))
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def update_account_info(self, email, password, old_password, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(
auth_token) and InputValidator.email_validator(email):
user_id = str(user_id)
user_mail = InputValidator.check_session_value('user_mail')
message = SettingsHandler.update_account_info(
user_id, user_mail, email, password, old_password)
return ResponseHandler.success_response(message)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def file_upload(self, file, file_description, auth_token):
user_id = InputValidator.check_session_value('user_id')
if not InputValidator.file_validator(file):
ResponseHandler.bad_request_response(
'You didnt submit a valid file')
return cherrypy.HTTPRedirect('/')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
FileHandler.write_file(user_id, file, file_description)
raise cherrypy.HTTPRedirect('/')
else:
ResponseHandler.unauthorized_response('You are unauthorized')
raise cherrypy.HTTPRedirect('/sign')
def index(self):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token_db(user_id):
return ResponseHandler.prepare_index(user_id)
else:
ResponseHandler.unauthorized_response('You are unauthorized')
raise cherrypy.HTTPRedirect('/sign')
def verify_otp(self, otp, auth_token):
user_id = InputValidator.check_session_value('user_id')
if user_id and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
return LoginHandler.prepare_otp_login(user_id, otp)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def prepare_otp_login(user_id, otp):
user_logs = LLogHandler.check_login_logs(user_id)
if LLogHandler.count_tries(
user_id, user_logs,
InputValidator.check_session_value('user_mail')):
return LoginHandler.finalize_otp_login(user_id, otp)
else:
return ResponseHandler.too_many_requests_response('Too many tries')
def hash_message(self, hash_function, message, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
return ResponseHandler.success_response(
HashHandler.choose_hash_function(hash_function, message))
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def caesar_cipher_crack(self, message, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
return ResponseHandler.success_response(
CaesarCipher(0).crack_cipher(message))
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def get_user_settings(self, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
return DBusers.get_user_settings(user_id)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def get_user_devices(self, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
devices = DBdevices.get_by_user_id(user_id)
return devices
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def file_decrypt(self, file_id, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
return ResponseHandler.success_response(
FileEncryptor.decrypt(user_id, file_id))
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def check_otp_verified(self):
user_id = InputValidator.check_session_value('user_id')
if user_id and AuthHandler.check_auth_token_db(user_id):
check_value = DBotp.check_verification(user_id)
if check_value:
LoginHandler.verify_login(user_id)
return ResponseHandler.success_response(str(check_value))
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def vigenere_cipher_crack(self, message, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
clean_message = CipherHelper.remove_special_chars(message)
return ResponseHandler.success_response(
VigenereCipher().crack_cipher(clean_message))
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def file_update(self, file_id, file_description, file_name, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
message = FileHandler.change_file_name(user_id, file_id, file_name,
file_description)
return ResponseHandler.success_response(message)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def delete_user_device(self, device_id, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
DBdevices.delete(device_id, user_id)
deleted_message = f'Device was deleted. \n {SecondFactorHandler.check_for_active_device(user_id)}'
return ResponseHandler.success_response(deleted_message)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def create_account(self, email, password):
email_check = DBusers.get_user_id(email)
if InputValidator.email_validator(email) and len(password) > 0 and len(
email_check) == 0:
user_id = DBusers.insert_user(email, password)
DirHandler.check_user_dirs(str(user_id))
LoginHandler.prepare_login(DBusers.check_user(email, password),
user_id, email)
raise cherrypy.HTTPRedirect('/index')
else:
raise cherrypy.HTTPRedirect('/sign?message=Invalid Email')
def activate_user_device(self, device_id, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
DBdevices.deactivate_all(user_id)
return ResponseHandler.success_response(
SecondFactorHandler.activate_device(user_id, device_id))
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def update_settings_sec_fa(self, sec_fa, sec_fa_email, sec_fa_app,
auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
message = SettingsHandler.check_second_factor_options(
sec_fa, sec_fa_email, sec_fa_app, user_id)
return ResponseHandler.success_response(message)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def login_account(self, email, password):
if InputValidator.email_validator(email):
user_id = DBusers.get_user_id(email)[0]
if len(user_id) > 0:
user = DBusers.check_user(email, password)
return LoginHandler.prepare_login(user, str(user_id['id']),
email)
else:
return ResponseHandler.forbidden_response('Not authorized')
else:
return ResponseHandler.bad_request_response(
'Not a valid email address')
def request_password_reset(self, email):
if InputValidator.email_validator(email):
user_id = DBusers.get_user_id(email)[0]['id']
if user_id:
return ResponseHandler.success_response(
LoginHandler.send_reset_token(user_id, email))
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
else:
return ResponseHandler.bad_request_response(
'Not a valid email address')
def file_delete(self, file_id, is_encrypted, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
message = FileHandler.delete_file(
user_id, file_id, DBfiles.get_file_path(user_id, file_id),
is_encrypted)
return ResponseHandler.success_response(message)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def request_qr(self, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
otp = OtpHandler.create_otp(user_id)
DBotp.insert(user_id, otp)
img_string = QRHandler.create_qr_image(user_id, otp)
cherrypy.response.headers['Content-Type'] = "image/png"
return base64.b64encode(img_string)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def reset_settings_sec_fa(self, token):
user_id = InputValidator.check_session_value('user_id')
if user_id:
if HashHandler.check_token(user_id, token, 1):
SecondFactorHandler.deactivate_both_second_factor_options(
user_id)
return ResponseHandler.success_response(
'Successfully disabled second factor. Please login again.')
else:
return ResponseHandler.forbidden_response('Wrong token')
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def deactivate_user_device(self, device_id, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
deactivate_message = SecondFactorHandler.deactivate_device(
user_id, device_id)
deactivate_addition = SecondFactorHandler.check_for_active_device(
user_id)
return ResponseHandler.success_response(
f'{deactivate_message} {deactivate_addition}')
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
def password_reset(self, token, email):
if InputValidator.email_validator(email):
user_id = DBusers.get_user_id(email)[0]['id']
if user_id:
if HashHandler.check_token(user_id, token, 2):
return ResponseHandler.success_response('Correct token')
else:
return ResponseHandler.forbidden_response('Wrong token')
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
else:
return ResponseHandler.bad_request_response(
'Not a valid email address')
def file_download(self, file_id, auth_token):
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(
user_id) and AuthHandler.check_auth_token(auth_token):
user_id = str(user_id)
user_path = f'../storage/users/{user_id}'
absolute_file_path = os.path.abspath(
f'{user_path}{DBfiles.get_file_path(user_id, file_id)}')
file_name = DBfiles.get_file_name(file_id, user_id)
return serve_file(absolute_file_path,
disposition="attachment",
name=file_name)
else:
ResponseHandler.unauthorized_response('You are unauthorized')
raise cherrypy.HTTPRedirect('/sign')
def insert_user_device(self, device_id, device_name, user_id):
if not user_id:
user_id = InputValidator.check_session_value('user_id')
if AuthHandler.check_for_auth(user_id):
user_id = str(user_id)
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
device = DBdevices.get_by_device_id(device_id)
if len(device) > 0:
if device[0]['device_is_active']:
return 'Device already active'
else:
return 'Device already registered'
db_connection_state = DBdevices.insert(user_id, device_id, device_name)
if db_connection_state == 'success':
return 'Successfully inserted device'
elif db_connection_state == 'failed':
return 'Failed to insert device'
def new_password(self, password, token, email):
if InputValidator.email_validator(email):
user_id = DBusers.get_user_id(email)[0]['id']
if user_id:
if HashHandler.check_token(user_id, token, 2):
if len(DBusers.check_user(email, password)) == 0:
DBtokens.delete(user_id, 2)
return ResponseHandler.success_response(
DBusers.update_password(user_id, password))
else:
return ResponseHandler.forbidden_response(
'Do not use your old password!')
else:
return ResponseHandler.forbidden_response('Wrong token')
else:
return ResponseHandler.unauthorized_response(
'You are unauthorized')
else:
return ResponseHandler.bad_request_response(
'Not a valid email address')
def check_for_auth(user_id):
if InputValidator.check_session_value('2fa_status'):
return InputValidator.check_session_value('2fa_verified')
else:
return user_id