def new_user(): #print('at new user') if request.method == 'GET': state = ''.join(random.choice(string.ascii_uppercase + string.digits) \ for x in range(32)) login_session['state'] = state return render_template('newUser.html', STATE=state) #print(request.form) if request.method == 'POST': #Test for valid state token (unique session anti-forgery) #print('testing for valid state token') if request.form.get('state') != login_session.get('state'): response = make_response(json.dumps('Invalid state parameter'), 401) response.headers['Content-Type'] = 'application/json' return response name = request.form.get('name') username = request.form.get('username') password = request.form.get('password') conf_password = request.form.get('conf_password') security_question = request.form.get('security_question') security_question_answer = request.form.get('security_question_answer') conf_security_question_answer = request.form.get('conf_security_question_answer') pin = str(request.form.get('pin')) if pin != PIN: #print("incorrect PIN") # render intermediate screen msg = ["User registration is not possible.", "You are not authorized (incorrect PIN)."] return render_template('message.html', msg=msg, dest="/", my_time=8000) if (not username) or (not password): #print("missing arguments") # render intermediate screen msg = ["User registration is not possible.", "Missing arguments. It is necessary username and password."] return render_template('message.html', msg=msg, dest="/new_user", my_time=8000) #Check to see if password matches if password != conf_password: #print("password does not match") # render intermediate screen msg = ["User registration is not possible.", "Password confirmation does not match."] return render_template('message.html', msg=msg, dest="/new_user", my_time=8000) #Check to see if security question answer matches if (security_question_answer) and (security_question_answer != conf_security_question_answer): #print("security question answer does not match") # render intermediate screen msg = ["User registration is not possible.", "Security question answer confirmation does not match."] return render_template('message.html', msg=msg, dest="/new_user", my_time=8000) #Check if user with that username already exist id = -1 users = session.query(User).all() for user in users: decrypted_username = f.decrypt(user.username).decode() #print("username:"******"existing username") # render intermediate screen msg = ["User with username " + f.decrypt(user.username).decode() + " already exists.", "Registration is not possible."] return render_template('message.html', msg=msg, dest="/", my_time=8000) #Create new user #print("Requisites verified. Registering new user...") user = User(name=f.encrypt(name.encode()), username=f.encrypt(username.encode()), security_question=f.encrypt(security_question.encode())) user.hash_password(password) user.hash_passw_phrase_answer(security_question_answer) #print('username', f.decrypt(user.username).decode(), ' created') session.add(user) session.commit() # render intermediate screen msg = ["User " + f.decrypt(user.username).decode() + " successfully registered!", "Please, wait. Returning to the login page..."] return render_template('message.html', msg=msg, dest="/", my_time=8000)