def clear():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.csrfDefense.validate(request, csrftoken)
user = getUser()
if user and user.username:
database.clearHistory(user.username)
redirect("./")
def login():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.csrfDefense.validate(request, csrftoken)
username = request.forms.get("username")
password = request.forms.get("password")
if not database.validateUser(username, password):
raise HTTPError(403, "Login unsuccessful")
response.set_cookie("authuser", username, authSecret, httponly=True)
redirect("./")
def search():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.xssDefense.init(response)
query = defenses.xssDefense.filter(request.query.q)
user = getUser()
if user and user.id:
if query != "":
database.addHistory(user.id, query)
history = database.getHistory(user.id)
else:
history = None
return dict(v=FormsDict(defenses=defenses.selectors(),
user=getUser(),
query=query,
history=history,
csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def search():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.xssDefense.init(response)
query = defenses.xssDefense.filter(request.query.q)
user = getUser()
if user and user.id:
if user.username != 'attacker': # Hack to prevent students from polluting each others' history
if query != "":
database.addHistory(user.id, query)
history = database.getHistory(user.id)
else:
history = None
return dict(v=FormsDict(defenses=defenses.selectors(),
user=getUser(),
query=query,
history=history,
csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def create():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.csrfDefense.validate(request, csrftoken)
username = request.forms.get("username")
password = request.forms.get("password")
if not username or not password:
raise HTTPError(400, "Required field is empty")
if not re.match("[A-Za-z0-9]+$", username):
raise HTTPError(400, "Invalid username")
if database.fetchUser(username):
raise HTTPError(400, "User already exists")
if len(password) < 4:
raise HTTPError(400, "Password too short")
database.createUser(username, password)
if not database.validateUser(username, password):
raise HTTPError(403, "Account creation unsuccessful")
response.set_cookie("authuser", username, authSecret, httponly=True)
redirect("./")
def login(create=False):
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.csrfDefense.validate(request, csrftoken)
username = request.forms.get("username")
password = request.forms.get("password")
if not username or not password:
raise HTTPError(400, "Required field is empty")
if not re.match("[A-Za-z0-9]+$", username):
raise HTTPError(400, "Invalid username")
if create:
if database.fetchUser(username):
raise HTTPError(400, "User already exists")
if len(password) < 4:
raise HTTPError(400, "Password too short")
database.createUser(username, password)
if not database.validateUser(username, password):
raise HTTPError(403, "Login unsuccessful")
response.set_cookie("authuser", username, authSecret, httponly=True)
redirect("./")
def search():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.xssDefense.init(response)
query = defenses.xssDefense.filter(request.query.q)
user = getUser()
if user and user.id:
if user.username != "attacker": # Hack to prevent students from polluting each others' history
if query != "":
database.addHistory(user.id, query)
history = database.getHistory(user.id)
else:
history = None
return dict(
v=FormsDict(
defenses=defenses.selectors(),
user=getUser(),
query=query,
history=history,
csrfcode=defenses.csrfDefense.formHTML(csrftoken),
)
)
def setdefenses():
defenses.setup(request, response)
if request.forms.get("location"):
redirect(request.forms.get("location"))
else:
redirect("./")
def logout():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.csrfDefense.validate(request, csrftoken)
response.delete_cookie("authuser")
redirect("./")
def index():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
return dict(v=FormsDict(defenses=defenses.selectors(),
user=getUser(),
csrfcode=defenses.csrfDefense.formHTML(csrftoken)))
def setdefenses():
defenses.setup(request, response)
if request.forms.get("location"):
redirect(request.forms.get("location"))
else:
redirect("./")
def logout():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
defenses.csrfDefense.validate(request, csrftoken)
response.delete_cookie("authuser")
redirect("./")
def index():
defenses.setup(request, response)
csrftoken = defenses.csrfDefense.init(request, response)
return dict(
v=FormsDict(defenses=defenses.selectors(), user=getUser(), csrfcode=defenses.csrfDefense.formHTML(csrftoken))
)
