def get_user_messages_by_email(): data = request.get_json() token = data['token'] email = data['email'] if token != None: public_key = data['publicKey'] authentication_data = database_helper.get_email_logged_user_new( public_key) stored_token = authentication_data['token'] equal_hashed_token = False ########################## Token verification ########################## # 1. Recreate the blob using the stored token blob = "" i = 0 while i < len(email): blob = blob + email[i] i = i + 3 blob = stored_token + blob # 2. Hash it hash = hashlib.sha256(blob.encode()).hexdigest() # 3. Compare the two hashes if token == hash: equal_hashed_token = True print("Equal hashes get_users_data_by_token") ######################################################################## if equal_hashed_token: if email != None: result = database_helper.get_user_messages_by_email(email) if result == None: return jsonify({ 'success': False, 'message': "No message with requested email" }) return jsonify(result) else: return jsonify({ 'success': False, 'message': "Email has to be provided" }) else: return jsonify({ 'success': False, 'message': "Hashes not equal get_user_messages_by_email" }) else: return jsonify({'success': False, 'message': "You are not signed in."})
def sign_out(token=None): data = request.get_json() token = data['token'] if token == None: return jsonify({'success': False, 'message': "You are not signed in."}) url = data['url'] public_key = data['publicKey'] authentication_data = database_helper.get_email_logged_user_new(public_key) stored_token = authentication_data['token'] equal_hashed_token = False ########################## Token verification ########################## # 1. Recreate the blob using the stored token blob = "" i = 0 while i < len(url): blob = blob + url[i] i = i + 3 blob = stored_token + blob # 2. Hash it hash = hashlib.sha256(blob.encode()).hexdigest() # 3. Compare the two hashes if token == hash: equal_hashed_token = True print("Equal hashes log_out") ######################################################################## if equal_hashed_token: succesful_sign_out = database_helper.sign_out(stored_token) if succesful_sign_out: return jsonify({ 'success': True, 'message': "Succesfully signed out" }) else: return jsonify({ 'success': False, 'message': "Something went wrong when trying to sign out" }) else: return jsonify({ 'success': False, 'message': "The hashes is not the same" })
def post_message(): data = request.get_json() print(data) token = data['token'] message = data['message'] dest_email = data['email'] place = data['place'] public_key = data['publicKey'] authentication_data = database_helper.get_email_logged_user_new(public_key) stored_token = authentication_data['token'] sender_mail = database_helper.get_email_by_token(stored_token) sender_mail = sender_mail[0] equal_hashed_token = False ########################## Token verification ########################## # 1. Recreate the blob using the stored token blob = "" if dest_email != None: i = 0 while i < len(dest_email): blob = blob + dest_email[i] i = i + 3 i = 0 while i < len(message): blob = blob + message[i] i = i + 3 blob = stored_token + blob # 2. Hash it hash = hashlib.sha256(blob.encode()).hexdigest() # 3. Compare the two hashes if token == hash: equal_hashed_token = True print("Equal hashes get_users_data_by_token") ######################################################################## if dest_email == None: dest_email = sender_mail if stored_token != None and dest_email != None: if equal_hashed_token: if database_helper.check_if_email_exists( sender_mail) and database_helper.check_if_email_exists( dest_email): success_post = database_helper.post_message( sender_mail, message, dest_email, place) if success_post: return jsonify({ 'success': True, 'message': "Message posted succesfully" }) else: return jsonify({ 'success': False, 'message': "Something went wrong posting the message" }) else: return jsonify({ 'success': False, 'message': "Provided token or email do not exist" }) else: return jsonify({ 'success': False, 'message': "Hashes not equal in post_message" }) else: return jsonify({ 'success': False, 'message': "Token and destination email cannot be void" })
def change_password(): data = request.get_json() token = data['token'] old_password = data['old_password'] new_password = data['new_password'] if token != None: public_key = data['publicKey'] loggedUserData = database_helper.get_email_logged_user_new(public_key) email = loggedUserData['email'] stored_token = loggedUserData['token'] equal_hashed_token = False ########################## Token verification ########################## # 1. Recreate the blob using the stored token blob = "" i = 0 while i < len(old_password): blob = blob + old_password[i] i = i + 3 print("blob oldPswd: " + blob) i = 0 while i < len(new_password): blob = blob + new_password[i] i = i + 3 print("blob newPswd: " + blob) blob = stored_token + blob print("blob: " + blob) # 2. Hash it hash = hashlib.sha256(blob.encode()).hexdigest() print(hash) # 3. Compare the two hashes if token == hash: equal_hashed_token = True print("Equal hashes change_password") print(equal_hashed_token) ######################################################################## if equal_hashed_token: inputed_password = old_password ####################### Old password validation ######################## # 1. Retrive user's salt from the database authentication_data = database_helper.get_users_salt(email) # 2. Append salt to the inputed password inputed_password = inputed_password + authentication_data['salt'] # 3. Compare the hash generated from the inputed password with the one in # the database exists = False if (bcrypt.check_password_hash(authentication_data['password'], inputed_password)): exists = True ######################################################################## if exists == False: return jsonify({'success': False, 'message': "Wrong password"}) ######################## New password hashing ########################## # 1. Generate salt salt = os.urandom(32) salt = (binascii.hexlify(salt)).decode('utf-8') # 2. Append salt to the password password = new_password password = password + salt # 3. Hash the password and storing password = bcrypt.generate_password_hash(password).decode('utf-8') password_changed = database_helper.change_password( email, password, salt) ######################################################################## if password_changed and exists: return jsonify({ 'success': True, 'message': "Password succesfully changed" }) else: return jsonify({ 'success': False, 'message': "Something went wrong changing the password" }) else: print("hashes are not the same") return jsonify({ 'success': False, 'message': "The hashes is not the same" }) else: return jsonify({'success': False, 'message': "You are not signed in."})