def setUp(self):
self.userid = generate_key()
self.username = '******'
self.email = '*****@*****.**'
self.password = '******'
self.sessionid = None
self.connection = boto.dynamodb.connect_to_region('eu-west-1')
try:
username_item = self.connection.get_table('username').get_item(
hash_key=self.username)
self.connection.get_table('user').get_item(
hash_key=username_item['user']).delete()
username_item.delete()
# XXX scan these test user tags and delete them
except:
pass
try:
self.connection.get_table('email').get_item(
hash_key=self.email).delete()
except:
pass
self.connection.get_table('user').new_item(hash_key=self.userid,
attrs={
'username':
self.username,
'email':
self.email,
'password':
hash_password(
self.password),
}).put()
self.connection.get_table('username').new_item(hash_key=self.username,
attrs={
'user': self.userid,
}).put()
self.connection.get_table('email').new_item(hash_key=self.email,
attrs={
'user': self.userid,
}).put()
self.sessionid = generate_key()
self.connection.get_table('session').new_item(hash_key=self.sessionid,
attrs={
'user': self.userid,
'email': self.email,
'username':
self.username,
'timestamp':
timestamp()
}).put()
self.cookie = 'session_id=' + self.sessionid + ';'
def setUp(self):
self.userid = generate_key()
self.username = '******'
self.email = '*****@*****.**'
self.password = '******'
self.sessionid = None
self.connection = boto.dynamodb.connect_to_region('eu-west-1')
try:
username_item = self.connection.get_table('username').get_item(hash_key=self.username)
self.connection.get_table('user').get_item(hash_key=username_item['user']).delete()
username_item.delete()
# XXX scan these test user tags and delete them
except: pass
try: self.connection.get_table('email').get_item(hash_key=self.email).delete()
except: pass
self.connection.get_table('user').new_item(
hash_key=self.userid,
attrs={
'username': self.username,
'email': self.email,
'password': hash_password(self.password),
}
).put()
self.connection.get_table('username').new_item(
hash_key=self.username,
attrs={
'user': self.userid,
}
).put()
self.connection.get_table('email').new_item(
hash_key=self.email,
attrs={
'user': self.userid,
}
).put()
self.sessionid = generate_key()
self.connection.get_table('session').new_item(
hash_key=self.sessionid,
attrs={
'user': self.userid,
'email': self.email,
'username': self.username,
'timestamp': timestamp()
}
).put()
self.cookie = 'session_id=' + self.sessionid + ';'
def confirm_new_account(self):
# confirm new user account
try:
token = self.request.path[2]
activation_item = self.tables['activation'].get_item(hash_key=token)
if (timestamp() - activation_item['timestamp']) > (15 * 60):
self.response = Response(status=400)
return
user_id = generate_key()
user_item = self.tables['user'].new_item(hash_key=user_id, attrs={'email': activation_item['email'], 'username': activation_item['username'], 'password': activation_item['password']})
user_item.put()
email_item = self.tables['email'].new_item(hash_key=activation_item['email'], attrs={'user': user_id})
email_item.put()
username_item = self.tables['username'].new_item(hash_key=activation_item['username'], attrs={'user': user_id})
username_item.put()
activation_item.delete()
self.response = Response(status=201)
return
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.format_exception(exc_type, exc_value, exc_traceback)
self.response = Response(status=400)
return
def request_password_reset(self):
# request password reset
try:
# create new item in reset table
body = self.request.body
token = generate_key()
reset_item = self.tables['reset'].new_item(hash_key=token, attrs={'email': body['email'], 'timestamp': timestamp()})
reset_item.put()
# send email with reset token to given address
conn = boto.ses.connect_to_region('us-east-1')
msg_subject = 'XXX Service Name Here password reset requested'
msg_body = '' \
'You requested that we reset your XXX Service Name Here password. ' \
'To do so, please click the following link, or copy and paste it to your web browser:\n\n' \
'http://xxxservicedomain/user/reset/%s\n\n' \
'The link is valid until XXXX-XX-XX XX:XX:XX\n\n' \
'\tYours, &c.\n\tXXX Service Name Here' % token
conn.send_email('*****@*****.**', msg_subject, msg_body, [body['email']])
self.response = Response(status=204)
return
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.format_exception(exc_type, exc_value, exc_traceback)
self.response = Response(status=400)
return
def test_cookie(self):
c = cookie()
self.assertEqual(c, 'session_id=; Path=/; Expires=Tue, 31-Dec-2019 23:59:59 GMT')
key = generate_key()
c = cookie(key)
self.assertEqual(c, 'session_id=%s; Path=/; Expires=Tue, 31-Dec-2019 23:59:59 GMT' % key)
def test_cookie(self):
c = cookie()
self.assertEqual(
c, 'session_id=; Path=/; Expires=Tue, 31-Dec-2019 23:59:59 GMT')
key = generate_key()
c = cookie(key)
self.assertEqual(
c, 'session_id=%s; Path=/; Expires=Tue, 31-Dec-2019 23:59:59 GMT' %
key)
def do_post(self): # log in user
if self.session: # user already logged in
self.response = Response(status=400)
return
try:
credentials = self.request.body
if not credentials['login'] or not credentials[
'password']: # malformed credential payload
self.response = Response(status=400)
return
except: # malformed credential payload
self.response = Response(status=400)
return
if '@' in credentials['login']: # log in with email address
lookup = self.tables['email'].get_item(
hash_key=credentials['login'])
else: # log in with username
lookup = self.tables['username'].get_item(
hash_key=credentials['login'])
user = self.tables['user'].get_item(hash_key=lookup['user'])
if not user: # no such user
self.response = Response(status=400)
return
if not check_password(credentials['password'],
user['password']): # incorrect password
self.response = Response(status=401)
return
# create session
session_id = generate_key()
attrs = {
'timestamp': timestamp(),
'user': user['id'],
'email': user['email'],
'username': user['username']
}
session = self.tables['session'].new_item(hash_key=session_id,
attrs=attrs)
session.put()
# return session id
self.response = Response(status=200,
headers={'Set-Cookie': cookie(session_id)})
def request_new_account(self):
# request creation of new user account
try:
body = self.request.body
try: email_item = self.tables['email'].get_item(hash_key=body['email'])
except: email_item = None
try: username_item = self.tables['username'].get_item(hash_key=body['username'])
except: username_item = None
if email_item or username_item: # such a user already exists
self.response = Response(status=400, body='Username and/or email already registered')
return
attrs = {
'email': body['email'],
'username': body['username'],
'password': hash_password(body['password']),
'timestamp': timestamp(),
}
token = generate_key()
activation_item = self.tables['activation'].new_item(hash_key=token, attrs=attrs)
activation_item.put()
# send email with activation token to given address
conn = boto.ses.connect_to_region('us-east-1')
msg_subject = 'XXX Service Name Here new user account creation requested'
msg_body = '' \
'You requested that we create a new XXX Service Name Here user account for you. ' \
'To activate your account, please click the following link, or copy and paste it to your web browser:\n\n' \
'http://xxxservicedomain/user/activation/%s\n\n' \
'The link is valid until XXXX-XX-XX XX:XX:XX\n\n' \
'\tYours, &c.\n\tXXX Service Name Here' % token
conn.send_email('*****@*****.**', msg_subject, msg_body, [body['email']])
self.response = Response(status=204)
return
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.format_exception(exc_type, exc_value, exc_traceback)
self.response = Response(status=400)
return
def do_post(self): # log in user
if self.session: # user already logged in
self.response = Response(status=400)
return
try:
credentials = self.request.body
if not credentials['login'] or not credentials['password']: # malformed credential payload
self.response = Response(status=400)
return
except: # malformed credential payload
self.response = Response(status=400)
return
if '@' in credentials['login']: # log in with email address
lookup = self.tables['email'].get_item(hash_key=credentials['login'])
else: # log in with username
lookup = self.tables['username'].get_item(hash_key=credentials['login'])
user = self.tables['user'].get_item(hash_key=lookup['user'])
if not user: # no such user
self.response = Response(status=400)
return
if not check_password(credentials['password'], user['password']): # incorrect password
self.response = Response(status=401)
return
# create session
session_id = generate_key()
attrs = { 'timestamp': timestamp(), 'user': user['id'], 'email': user['email'], 'username': user['username'] }
session = self.tables['session'].new_item(hash_key=session_id, attrs=attrs)
session.put()
# return session id
self.response = Response(status=200, headers={'Set-Cookie': cookie(session_id) })
import auth
import client2 as cl2
import os
print "Generating private key.."
key = auth.generate_key()
with open("temp_key.pem", "w") as f:
f.write(key)
cl2.auth.keyfile = "temp_key.pem"
success = False
while not success:
cl2.username = raw_input("Pick a username: "******"Attemping to register.."
if not success:
print "That username is taken."
print "Registered successfully."
print "Saving key as %s.pem" % (cl2.username)
with open(cl2.username+".pem", "w") as f:
f.write(key)
os.remove("temp_key.pem")
print "DO NOT share this file with anyone"
print "You're all set. Run 'python client.py' or 'python cursestest.py' to chat"
def generate_key():
if isfile("key.pem"):
print "delete or move key.pem first."
return
with open("key.pem", "w") as f:
f.write(auth.generate_key())
def test_key_generation(self):
key1 = generate_key()
self.assertTrue(len(key1) > 0)
key2 = generate_key()
self.assertNotEqual(key1, key2)
def test_key_generation(self):
key1 = generate_key()
self.assertTrue(len(key1) > 0)
key2 = generate_key()
self.assertNotEqual(key1, key2)