def get_password(pass_id):
"""This view processes getting of password.
It processes '/api/password/<int:pass_id>' route and accepts GET requests.
It takes password id, retrieves it's content and returns it.
:Parameters:
- `pass_id`: id of the password to retrieve.
:Returns:
template with password's content.
"""
cur_user = flask_login.current_user
result = db.get_password(pass_id, cur_user.uid)
if result:
resource_name, login, password = result
else:
template = get_template('service_message.html')
return template.render(current_user=cur_user,
message='Error! You dont have rights to access '
'this page or page has not been found!')
decrypted_pass = CRYPTING_OBJ.decrypt(password.encode('utf-8'))
template = get_template('password.html')
return template.render(resource_name=resource_name,
login=login,
password=decrypted_pass,
current_user=cur_user)
def login_api():
"""This view processes user's login.
It processes '/api/login' route and accepts POST requests.
If user with given email exists and password has been verified correctly,
then random temporary email will be generated key and the link with this
key will be send to user's email. Otherwise client will be redirected to
'/login' page.
:Returns:
template which tells about success or redirection to login page.
"""
usr = user.get_user_by_email(request.form.get('email', ''))
if usr and usr.verify_password(request.form.get('password')):
rand_password = binascii.b2a_hex(os.urandom(15))
db.set_temp_pass(rand_password, usr.uid)
link = 'https://passkeeper.com/api/session_auth?email=%s&password=%s'\
% (usr.email, rand_password)
email_template = get_template('email_template')
send_email(usr.email, email_template.render(reciever=usr.email,
link=link))
return get_template('link_to_profile.html').render()
return redirect('/login')
def edit_password(pass_id):
"""This view processes password editing.
It processes '/api/password/edit/<int:pass_id>' route and accepts POST
requests. It requires newPassword to be in the request.form dict.
This view encrypts newPassword with CRYPTING_OBJ and inserts it to db.
:Parameters:
- `pass_id`: id of the password to change.
:Returns:
template with success or failure messages, depending on result.
"""
current_user = flask_login.current_user
encrypted_pass = CRYPTING_OBJ.encrypt(request.form['newPassword']
.encode('utf-8'))
rows_affected = db.change_password(request.form['newLogin'],
encrypted_pass, pass_id,
current_user.uid)
if rows_affected:
message = 'Password has been changed!'
else:
message = 'Password has not been changed. Some error has occured!'
template = get_template('service_message.html')
return template.render(current_user=current_user, message=message)
def register_view():
"""This view returns register template.
It processes '/register' route and accepts GET requests.
:Returns:
register.html template.
"""
return get_template('register.html').render()
def login():
"""This view returns login template.
It processes '/login' route and accepts GET requests.
:Returns:
login.html template.
"""
return get_template('login.html').render()
def profile():
"""This view returns profile template.
It processes '/profile' and '/' routes and accepts GET requests.
:Returns:
profile.html template.
"""
cur_user = flask_login.current_user
resources = db.get_resources(cur_user.uid)
return get_template('profile.html').render(current_user=cur_user,
resources=resources)
def change_password(pass_id):
"""This view returns change_password template.
It processes '/edit_password/<int:pass_id>' route and accepts
GET requests.
:Parameters:
- `pass_id`: id of the password to change.
:Returns:
change_pass.html template.
"""
cur_user = flask_login.current_user
return get_template('change_pass.html').render(current_user=cur_user,
pass_id=pass_id)
def session_auth():
"""This view processes session authetication.
It processes '/api/session_auth' route and accepts GET reequests.
Usually client is accessed to this route with link, which client recieves
in email box, after first login. If the url has valid email and temporary
password, then client will be redirected to '/profile' view, otherwise
message about bad url will be shown.
:Returns:
redirect to '/profile' view or template about error.
"""
usr = user.get_user_by_email(request.args.get('email'))
if usr:
temp_pass = db.get_temp_pass(usr.uid)[0]
if temp_pass == request.args.get('password'):
if flask_login.login_user(usr, remember=True):
return redirect('/profile')
return get_template('bad_url.html').render()
def delete_password(pass_id):
"""This view processes password deleting.
It processes '/api/password/delete/<int:pass_id>' route and accepts GET
requests. It takes id of the password to delete and deletes it from db.
:Parameters:
- `pass_id`: id of the password to delete.
:Returns:
template with success or failure message, depending on result.
"""
current_user = flask_login.current_user
rows_affected = db.delete_password(pass_id, current_user.uid)
if rows_affected:
message = 'Password has been deleted!'
else:
message = 'Password has not been deleted. Some error has occured!'
template = get_template('service_message.html')
return template.render(current_user=current_user, message=message)
def add_password():
"""This view processes adding new passwords.
It processes '/api/password' route and accepts POST requests.
It requires resourceName, password to be in the request.form dict.
This view encrypts password with CRYPTING_OBJ and inserts it to db.
:Returns:
template with success or failure messages, depending on result.
"""
try:
cur_user = flask_login.current_user
encrypted_pass = CRYPTING_OBJ.encrypt(request.form['password']
.encode('utf-8'))
db.insert_password(request.form['resourceName'], request.form['login'],
encrypted_pass, cur_user.uid)
message = 'Password has been added successfully!'
except:
message = 'Some error has been occured and password hasnt been added!'
template = get_template('service_message.html')
return template.render(current_user=cur_user, message=message)
