def get_user_data_by_email(): user_email = request.args.get("user_email") email = request.args.get("email") time_stamp = request.args.get("time") blob = user_email + email if check_hash(blob, email, request.args.get("hash"), time_stamp): return json.dumps({ 'success': False, 'message': 'You are trying to hack a user. You should be ashamed of yourself!' }) token = database_helper.get_token(email) if token is None: return json.dumps({ 'success': False, 'message': 'User is not logged in' }) else: data = database_helper.get_user(user_email) tok = database_helper.get_token(user_email) if data is not None: if user_email != email: # If the user is not checking his own page, we update the looked-at-user's view count da = database_helper.get_user(email) database_helper.updateViews(user_email, da[3]) if tok is not None and tok in wslist: # here we send the user's view count (which could be the sender himself if he just started his home page) d = database_helper.getViews(user_email) send_message( wslist[tok], json.dumps({ 'messageType': 'views', 'message': [d[0], d[1]] })) retData = { 'firstname': data[0], 'familyname': data[1], 'email': data[2], 'gender': data[3], 'city': data[4], 'country': data[5] } return json.dumps({ 'success': True, 'message': 'Data retrieval successful', "data": retData }) else: return json.dumps({ 'success': False, 'message': 'The user does not exist' })
def show_media(): """ Returns all the media a given user has """ email = request.args.get("email") time_stamp = request.args.get("time") token = database_helper.get_token(email) if token is None: return json.dumps({ 'success': False, 'message': 'User is not logged in' }) blob = email if check_hash(blob, email, request.args.get("hash"), time_stamp): return json.dumps({ 'success': False, 'message': 'You are trying to hack a user. You should be ashamed of yourself!' }) data = database_helper.getUserMedia(email) return json.dumps({ 'success': True, 'message': 'Data retrieval successful', 'data': data })
def post_message(): email = request.form["email"] message = request.form["message"] user_email = request.form["user_email"] time_stamp = request.form["time"] blob = message + user_email + email if check_hash(blob, email, request.form["hash"], time_stamp): return json.dumps({ 'success': False, 'message': 'You are trying to hack a user. You should be ashamed of yourself!' }) if database_helper.check_email(user_email) is False: return json.dumps({ 'success': False, 'message': 'User does not exist!' }) token = database_helper.get_token(email) if token is None: return json.dumps({ 'success': False, 'message': 'User is not logged in' }) else: if message is "": return json.dumps({ 'success': False, 'message': 'Message cannot be empty' }) else: database_helper.post_message(email, user_email, message) return json.dumps({'success': True, 'message': 'Message posted'})
def get_user_messages_by_email(): user_email = request.args.get("user_email") email = request.args.get("email") time_stamp = request.args.get("time") blob = user_email + email if check_hash(blob, email, request.args.get("hash"), time_stamp): return json.dumps({ 'success': False, 'message': 'You are trying to hack a user. You should be ashamed of yourself!' }) token = database_helper.get_token(email) if token is None: return json.dumps({ 'success': False, 'message': 'User is not logged in' }) else: data = database_helper.get_messages(user_email) retData = [] for d in data: retData.append({"writer": d[1], "content": d[0]}) return json.dumps({ 'success': True, 'message': 'Data retrieval successful', "data": retData })
def check_hash(blob, email, hash, time_stamp): """ This is run on every server call except login and signup We create a hash using a 'blob' which is the text we have sent and compare it to the hash which was created on the client in the exact same way. If they are different we return True which means this is not a correct server call """ if time.time() - int(time_stamp) > 10: return True blob = blob.replace('\r\n', '') + time_stamp + database_helper.get_token(email) hashed = hashlib.sha512(blob).hexdigest() return hashed != hash
def signin(): email = request.form["email"] password = request.form["password"] data = database_helper.get_password(email) if data is None: return json.dumps({ 'success': False, 'message': 'The email or password is incorrect' }) if not bcrypt.check_password_hash(data, password): return json.dumps({ 'success': False, 'message': 'The email or password is incorrect' }) token = database_helper.get_token(email) if token is not None: database_helper.remove_token(token) if (token in wslist): try: wslist[token].send( json.dumps({ 'messageType': 'logout', 'message': "You just got logged out!" })) except WebSocketError: pass wslist[token].close() wslist.pop(token) token = os.urandom(32) token = base64.b64encode(token).decode('utf-8)') database_helper.insert_token(email, token) # When someone logs in, we send a message to all logged in users to update their 'logged in users' count for user in wslist: send_message( wslist[user], json.dumps({ 'messageType': 'loggedInStats', 'message': [ database_helper.getLoggedInUsersCount(), database_helper.getAllUserCount() ] })) return json.dumps({ 'success': True, 'message': 'Successfully logged in', 'data': token })
def view_media(): """ Returns the file the user has "clicked" on and shows it to the users """ email = request.args.get("email") name = request.args.get("name") time_stamp = request.args.get("time") token = database_helper.get_token(email) if token is None: return blob = name + email if check_hash(blob, email, request.args.get("hash"), time_stamp): return filePath = database_helper.getMedia(name, email)[0] return send_from_directory("media", filePath)
def upload_media(): """ Receivte a file and store it in /media/username """ email = request.form["email"] file = request.files["file"] filetype = request.form["filetype"] time_stamp = request.form["time"] blob = filetype + email if check_hash(blob, email, request.form["hash"], time_stamp): return json.dumps({ 'success': False, 'message': 'You are trying to hack a user. You should be ashamed of yourself!' }) token = database_helper.get_token(email) if token is None: return json.dumps({ 'success': False, 'message': 'User is not logged in' }) if file.filename == '': return json.dumps({ 'success': False, 'message': 'No file to be uploaded' }) if file: # Check if the "user" has a folder, else we create one to store the files if not os.path.isdir('./media/' + email): os.makedirs('./media/' + email) # Make sure the filename is not bad, example ../../.. etc, so we don't get users trying to hack the server filename = secure_filename(file.filename) filePath = email + "/" + filename if database_helper.getMedia(filename, email) is not None: return json.dumps({ 'success': False, 'message': 'File already exists' }) # We both save the file on disk as well as save the path in the database file.save(os.path.join("media", filePath)) database_helper.saveMedia(filename, filePath, email, filetype) return json.dumps({'success': True, 'message': 'Upload successful'})
def sign_in(): data = request.get_json() email = str(data['email']) passw = data['password'] #print("-----------------------------") #print(email) print("hejsan") #print(passw) token = database_helper.get_token(email) #if(email in users): #users[email].send("logout") #if(token is not None and email in users): # users[email].send("logout") #ret = database_helper.logout_user(token, email) #print("users: ", users) if (email in users): #users[email].close() #database_helper.logout_user(token) database_helper.logout_user(token, email) print(json.dumps({'msg': "logout"})) users[email].send(json.dumps({"msg": "logout"})) print(json.dumps({'msg': "logout"})) #users[email].send("logout") del users[email] #generate token letters = 'abcdefghiklmnopqrstuvwwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890' token = '' for i in range(36): index = randint(0, len(letters) - 1) token += letters[index] #try to login user result = database_helper.login_user(email, passw, token) if (result): return create_response(True, 'Successfully signed in', token) return create_response(False, 'Wrong username or password', token)
def signout(): email = request.form["email"] time_stamp = request.form["time"] token = database_helper.get_token(email) blob = email if check_hash(blob, email, request.form["hash"], time_stamp): return json.dumps({ 'success': False, 'message': 'You are trying to hack a user. You should be ashamed of yourself!' }) if token: database_helper.remove_token(token) if token in wslist: wslist.pop(token) # When someone logs out, we send a message to all logged in users to update their 'logged in users' count for user in wslist: send_message( wslist[user], json.dumps({ 'messageType': 'loggedInStats', 'message': [ database_helper.getLoggedInUsersCount(), database_helper.getAllUserCount() ] })) return json.dumps({ 'success': True, 'message': 'The user was logged out' }) else: return json.dumps({ 'success': False, 'message': 'User is not logged in' })
def sign_in(): email = get_param_or_default("email") user = db.find_user(email) if (user == None): err(ERR_INVALID_USER_PASSWORD) return json.dumps(output) user = json.loads(user) if user != None: if db.get_token(user["email"]) == None: password = user["password"] typed_password = get_param_or_default("password") if typed_password == password: token = generate_token() db.log_user(email, token) success(SUC_USER_LOGGED_IN,token) else: err(ERR_INVALID_USER_PASSWORD) else: err(ERR_USER_ALREADY_CONNECTED) else: err(ERR_INVALID_USER_PASSWORD) return json.dumps(output)
def change_password(): oldPassword = request.form["oldpass"] newPassword = request.form["newpass"] time_stamp = request.form["time"] email = request.form["email"] blob = oldPassword + newPassword + email if check_hash(blob, email, request.form["hash"], time_stamp): return json.dumps({ 'success': False, 'message': 'You are trying to hack a user. You should be ashamed of yourself!' }) if len(newPassword) < 8: return json.dumps({ 'success': False, 'message': 'The password is too short' }) token = database_helper.get_token(email) if token is None: return json.dumps({ 'success': False, 'message': 'User is not logged in' }) else: if bcrypt.check_password_hash(database_helper.get_password(email), oldPassword): database_helper.change_password( email, bcrypt.generate_password_hash(newPassword)) return json.dumps({ 'success': True, 'message': 'Password was changed successfully' }) else: return json.dumps({'success': False, 'message': 'Wrong password'})