def setDBPort(self, port): if self._mc: raise spxException( 'Connection is already done, disconnect before changing database settings' ) self._dbport = port
def setDBUsername(self, username): if self._mc: raise spxException( 'Connection is already done, disconnect before changing database settings' ) self._dbuser = username
def setDBPassword(self, password): if self._mc: raise spxException( 'Connection is already done, disconnect before changing database settings' ) self._dbpass = password
def setDBHost(self, host): if self._mc: raise spxException( 'Connection is already done, disconnect before changing database settings' ) self._dbhost = host
def decrypt(self, key): if len(key) != 32: raise spxException(rc=-1, msg='Wrong key length') buf = base64.b64decode(self.content) iv = buf[:AES.block_size] content = buf[AES.block_size:] cipher = AES.new(key, AES.MODE_CFB, iv) content = cipher.decrypt(content).decode() sig = content[:len(spxSnippet.signature)] if sig == spxSnippet.signature: self.content = content[len(spxSnippet.signature):] """ if we have the right signature and email/reference exist, we can also decrypt those """ if len(self.email) > 0: self.email = cipher.decrypt(base64.b64decode( self.email)).decode() if len(self.reference) > 0: self.reference = cipher.decrypt( base64.b64decode(self.reference)).decode() return True return False
def setDBName(self, name): if self._mc: raise spxException( 'Connection is already done, disconnect before changing database name' ) self._dbname = name
def dictToObj(self, d, isBck=False): if not 'content' in d or len(d['content']) == 0: raise spxException(rc=-1, msg='content not provided') if not 'createdBy' in d: raise spxException(rc=-1, msg='createdBy not provided') self.isRaw = False self.isFile = False self.isConfirm = False if 'isConfirm' in d: if d['isConfirm'] is True or d['isConfirm'] == 1: self.isConfirm = True if 'isRaw' in d: if d['isRaw'] is True or d['isRaw'] == 'True' or d['isRaw'] == 1: self.isRaw = True if self.isConfirm is True: if not 'email' in d or len(d['email']) == 0: raise spxException( rc=-2, msg='email address not provided but confirmation is enabled' ) else: self.email = d['email'] if not self.__validateEmail(): raise spxException( rc=-3, msg='email address provided is not valid') if not 'reference' in d or len(d['reference']) == 0: raise spxException( rc=-3, msg='reference not provided but confirmation is enblaed') else: self.reference = d['reference'] if 'isFile' in d: if d['isFile'] is True or d['isFile'] == 'True' or d['isFile'] == 1: self.isFile = True if 'name' in d: self.name = d['name'] self.content = d['content'] self.createdBy = d['createdBy']
def stripFile(self): """ should remove: data:*/*;base64, from the begining of the field """ tmp = self.content.split(',', 1) if len(tmp) != 2: raise spxException(rc=-6, msg='File format incorrect') self.content = tmp[1]
def disconnect(self): if not self._mc: raise spxException( 'MongoDB is not connected, cannot use disconnect()') self._mc.close() self._mc = None self._db = None
def fetchFromId(self): mc = spxMongo() e = mc.getCollection(type(self)._collection).find_one( self._buildDoc(type(self)._attr_ids)) if not e: raise spxException( rc=spxMongoObject.ENOTFOUND, msg='fetchFromId(): Can\'t find entry in the database') self.setFromDB(e)
def get(self, uid=None, key=None): ret = {} if uid is None or key is None: spxLogger.logAction('GET_SNIP', request.remote_addr, 'DENY') return Response( json.dumps({ 'rc': -1, 'error': 'You are not authorized to use this function' }), 403, [('Content-Type', 'application/json')]) mc = getMongo() try: snip = spxSnippet(id=ObjectId(uid)) snip.fetchFromId() if not snip.decrypt(key): raise spxException( rc=-1, msg='Decryption failed, please check your key') if snip.isConfirm: snip.sendConfirmation( spxSnippetHandler.app.config['SMTP_SERVER'], spxSnippetHandler.app.config['MAIL_FROM'], remote_addr=request.remote_addr) ret = snip """ remove the snippet """ snip.delete() spxLogger.logAction('GET_SNIP', request.remote_addr, 'ALLOW', obj=uid) except spxException as e: spxLogger.logAction('GET_SNIP', request.remote_addr, 'FAIL', obj=e) ret = { 'rc': e.rc, 'error': 'Sorry, the snippet you are trying to retrieve does not exist or was already accessed. Please contact the person who sent you the secure snippet so they can re-create the snippet and send you a new link.' } except InvalidId: spxLogger.logAction('GET_SNIP', request.remote_addr, 'FAIL', obj=uid) ret = {'rc': -1, 'error': 'The ID you provided is malformed'} except Exception as e: spxLogger.logAction('GET_SNIP', request.remote_addr, 'FAIL', obj=e) ret = {'rc': -1, 'error': 'Something wrong happenned'} return Response(json.dumps(ret, cls=spxJSONEncoder), 200, [('Content-Type', 'application/json')])
def sendConfirmation(self, smtp_addr, mail_from, remote_addr='Unknown'): if len(smtp_addr) == 0: raise spxException(rc=-5, msg='SMTP address is not configured') if len(mail_from) == 0: raise spxException(rc=-5, msg='source email address is not configured') text = 'Hello,\n\nHere is your read confirmation for the snippet with refernce: ' + self.reference + '\n' text += 'The IP who has retreived the snippet was: ' + remote_addr + '\n\n' text += 'Best,\n\n--Secure Snippet\n' msg = MIMEMultipart() msg['Subject'] = '[SNIPPET] Read confirmation: ' + self.reference msg['From'] = mail_from msg['To'] = self.email text = MIMEText(text) msg.attach(text) with smtplib.SMTP(smtp_addr) as smtp: smtp.sendmail(mail_from, self.email, msg.as_string()) smtp.quit()
def findMany(self, cls=None, collection=None, where={}): if cls is None and collection is None: raise spxException('findMany(): need at least collection or cls') if collection is None: collection = cls._collection if cls is None: if collection not in spxMongo._cols: raise spxException( 'findMany(): cannot find collection in registered list') cls = spxMongo._cols[collection] rs = self.getCollection(collection).find(where) ret = [] for i in rs: o = cls() o.setFromDB(i) ret.append(o) return ret
def connect(self): if self._mc is not None: raise spxException( 'MongoDB is already connected, use disconnect() first') uri = 'mongodb://' if self._dbuser is not None: uri = uri + self._dbuser if self._dbpass is not None: uri = uri + ':' + self._dbpass uri = uri + '@' uri = uri + self._dbhost + ':' + str(self._dbport) + '/' + self._dbname self._mc = MongoClient(host=uri) self._db = self._mc[self._dbname]
def save(self): mc = spxMongo() rs = mc.getCollection(type(self)._collection).replace_one( self._buildDoc(type(self)._attr_ids), self._buildDoc()) if rs.matched_count < 1: raise spxException('replace_one() filter matched no objects')
def getCollection(self, col): if self._db is None: raise spxException('getCollection(): MongoDB is not connected') return self._db[col]
def getMongo(self): if self._mc is None: raise spxException('getMongo(): MongoDB is not connected') return self._mc
def delete(self): mc = spxMongo() rs = mc.getCollection(type(self)._collection).delete_one( self._buildDoc(type(self)._attr_ids)) if rs.deleted_count < 1: raise spxException('delete() filter matched no objects')