def set_user_passphrase(self, user_id, passphrase):
"""Hash the user's passphrase and update into the database"""
passphrase = base64.b64encode(passphrase.encode("utf-8"))
session = self.get_session()
salt = generate_random_salt()
pw_hash = generate_password_hash(passphrase, salt)
session.execute(self.__prepared_statements['update_user_passphrase_hash'], (pw_hash, salt, user_id))
def new_user(email, username, password, newfriend):
#salt + hashing
salt = generate_random_salt()
app_token = generate_random_app_token()
password = generate_password_hash(password, salt)
session_token = generate_password_hash(
email,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
#insert user information
user_entry = users.insert().values(username=username,
email=email,
password=password,
salt=salt,
session_token=session_token,
app_token=app_token)
connection = engine.connect()
res = connection.execute(user_entry)
print res.inserted_primary_key
connection.close()
resp = make_response(
render_template('dashboard.html',
alert="Thanks for registering!",
username=username,
newfriend=newfriend))
resp.set_cookie('session_token', session_token)
return resp
def register():
email = request.form['email']
username = request.form['username']
password = request.form['password'].encode('utf8')
salt = generate_random_salt()
password_hash = generate_password_hash(password, salt)
# Check if email already exist in database
# if account does not exist create account in database
if User.objects(email=email).first() == None:
user = User(email=email)
user.accounts['internal'] = {"username":username, "password_hash":password_hash, \
"salt":salt}
user.save()
ret = json_util.dumps({"message":"account created", "status":"success"})
resp = Response(response=ret,
status=201,
mimetype="application/json")
return resp
else:
ret = json_util.dumps({"message":"Email already exist in database"})
resp = Response(response=ret,
status=200,
mimetype="application/json")
return resp
def register():
email = request.form['email']
username = request.form['username']
password = request.form['password'].encode('utf8')
salt = generate_random_salt()
password_hash = generate_password_hash(password, salt)
# Check if email already exist in database
# if account does not exist create account in database
if User.objects(email=email).first() == None:
user = User(email=email)
user.accounts['internal'] = {"username":username, "password_hash":password_hash, \
"salt":salt}
user.save()
ret = json_util.dumps({
"message": "account created",
"status": "success"
})
resp = Response(response=ret, status=201, mimetype="application/json")
return resp
else:
ret = json_util.dumps({"message": "Email already exist in database"})
resp = Response(response=ret, status=200, mimetype="application/json")
return resp
def update_user(form, reset_hash):
user = User.query.filter_by(reset_password=reset_hash).first()
salt = generate_random_salt()
password = form.password.data
user.password = generate_password_hash(password, salt)
new_hash = random.getrandbits(128)
user.reset_password = new_hash
user.salt = salt
save_to_db(user, "User updated")
def reset_password(form, reset_hash):
user = User.query.filter_by(reset_password=reset_hash).first()
salt = generate_random_salt()
password = form['new_password_again']
user.password = generate_password_hash(password, salt)
new_hash = random.getrandbits(128)
user.reset_password = new_hash
user.salt = salt
save_to_db(user, "password resetted")
def update_user(form, reset_hash):
user = User.query.filter_by(reset_password=reset_hash).first()
salt = generate_random_salt()
password = form.password.data
user.password = generate_password_hash(password, salt)
new_hash = random.getrandbits(128)
user.reset_password = new_hash
user.salt = salt
save_to_db(user, "User updated")
def set_user_passphrase(self, user_id, passphrase):
"""Hash the user's passphrase and update into the database"""
passphrase = base64.b64encode(passphrase.encode("utf-8"))
session = self.get_session()
salt = generate_random_salt()
pw_hash = generate_password_hash(passphrase, salt)
session.execute(
self.__prepared_statements['update_user_passphrase_hash'],
(pw_hash, salt, user_id))
def reset_password(form, reset_hash):
user = User.query.filter_by(reset_password=reset_hash).first()
salt = generate_random_salt()
password = form['new_password_again']
user.password = generate_password_hash(password, salt)
new_hash = random.getrandbits(128)
user.reset_password = new_hash
user.salt = salt
save_to_db(user, "password resetted")
def create_user_password(form, user):
salt = generate_random_salt()
password = form['new_password_again']
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.is_verified = True
save_to_db(user, "User password created")
return user
def create_user_password(form, user):
salt = generate_random_salt()
password = form['new_password_again']
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.is_verified = True
save_to_db(user, "User password created")
return user
def password(self, password):
"""
Setter for _password, saves hashed password, salt and reset_password string
:param password:
:return:
"""
salt = generate_random_salt()
self._password = generate_password_hash(password, salt)
hash_ = random.getrandbits(128)
self.reset_password = str(hash_)
self.salt = salt
def password(self, password):
"""
Setter for _password, saves hashed password, salt and reset_password string
:param password:
:return:
"""
salt = generate_random_salt()
self._password = generate_password_hash(password, salt)
hash_ = random.getrandbits(128)
self.reset_password = str(hash_)
self.salt = salt
def create_super_admin(password):
user = User()
user.login = '******'
user.nickname = 'super_admin'
salt = generate_random_salt()
password = password
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.role = 'super_admin'
save_to_db(user, "User created")
return user
def create_user(form):
user = User()
form.populate_obj(user)
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
salt = generate_random_salt()
password = form.password.data
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.role = 'speaker'
save_to_db(user, "User created")
return user
def create_user(userdata, is_verified=False):
user = User(email=userdata[0],
password=userdata[1],
is_verified=is_verified)
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
salt = generate_random_salt()
user.password = generate_password_hash(user.password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
save_to_db(user, "User created")
return user
def create_user(form):
user = User()
form.populate_obj(user)
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
salt = generate_random_salt()
password = form.password.data
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = hash
user.salt = salt
user.role = "speaker"
save_to_db(user, "User created")
return user
def create_super_admin(email, password):
user = User()
user.login = '******'
user.email = email
salt = generate_random_salt()
password = password
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.is_super_admin = True
user.is_admin = True
user.is_verified = True
save_to_db(user, "User created")
return user
def create_user(userdata, is_verified=False):
user = User(email=userdata[0],
password=userdata[1],
is_verified=is_verified)
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
salt = generate_random_salt()
user.password = generate_password_hash(user.password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
save_to_db(user, "User created")
return user
def create_super_admin(email, password):
user = User()
user.login = '******'
user.email = email
salt = generate_random_salt()
password = password
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.is_super_admin = True
user.is_admin = True
user.is_verified = True
save_to_db(user, "User created")
return user
def password_view(self):
if request.method == 'POST':
user = login.current_user
if user.password == generate_password_hash(request.form['current_password'], user.salt):
if request.form['new_password'] == request.form['repeat_password']:
salt = generate_random_salt()
user.password = generate_password_hash(request.form['new_password'], salt)
user.salt = salt
save_to_db(user, "password changed")
flash('Password changed successfully.', 'success')
else:
flash('The new password and the repeat don\'t match.', 'danger')
else:
flash('The current password is incorrect.', 'danger')
return self.render('/gentelella/admin/settings/pages/password.html')
def password_view(user_id):
user = DataGetter.get_user(int(user_id))
if request.method == 'POST':
if user.password == generate_password_hash(request.form['current_password'], user.salt):
if request.form['new_password'] == request.form['repeat_password']:
salt = generate_random_salt()
user.password = generate_password_hash(request.form['new_password'], salt)
user.salt = salt
save_to_db(user, "password changed")
flash('The password of the user has been changed. Do inform him..', 'success')
else:
flash('The new password and the repeat don\'t match.', 'danger')
else:
flash('The current password is incorrect.', 'danger')
user.admin_access = 1
return render_template('gentelella/users/settings/pages/password.html', user=user)
def password_view():
if request.method == 'POST':
user = login.current_user
if user.password == generate_password_hash(request.form['current_password'], user.salt):
if request.form['new_password'] == request.form['repeat_password']:
salt = generate_random_salt()
user.password = generate_password_hash(request.form['new_password'], salt)
user.salt = salt
save_to_db(user, "password changed")
record_user_login_logout('user_logout', login.current_user)
login.logout_user()
flash('Your password has been changed. Please login with your new password now.', 'success')
return redirect(url_for('admin.login_view'))
else:
flash('The new password and the repeat don\'t match.', 'danger')
else:
flash('The current password is incorrect.', 'danger')
return render_template('gentelella/users/settings/pages/password.html')
def password_view():
if request.method == 'POST':
user = login.current_user
if user.password == generate_password_hash(request.form['current_password'], user.salt):
if request.form['new_password'] == request.form['repeat_password']:
salt = generate_random_salt()
user.password = generate_password_hash(request.form['new_password'], salt)
user.salt = salt
save_to_db(user, "password changed")
record_user_login_logout('user_logout', login.current_user)
login.logout_user()
flash('Your password has been changed. Please login with your new password now.', 'success')
return redirect(url_for('admin.login_view'))
else:
flash('The new password and the repeat don\'t match.', 'danger')
else:
flash('The current password is incorrect.', 'danger')
return render_template('gentelella/admin/settings/pages/password.html')
def new_user(email, username, password, newfriend):
#salt + hashing
salt = generate_random_salt()
app_token = generate_random_app_token()
password = generate_password_hash(password, salt)
session_token = generate_password_hash(email, datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
#insert user information
user_entry = users.insert().values(username=username, email=email,
password=password, salt=salt, session_token = session_token,
app_token=app_token)
connection = engine.connect()
res = connection.execute(user_entry)
print res.inserted_primary_key
connection.close()
resp = make_response(render_template('dashboard.html', alert="Thanks for registering!", username=username, newfriend=newfriend))
resp.set_cookie('session_token', session_token);
return resp;
def create_user(form):
user = User(nickname='asdf',
login=form['username'],
email=form['email'])
user_detail = UserDetail()
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
salt = generate_random_salt()
password = form['password']
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.role = 'speaker'
save_to_db(user, "User created")
user_detail.user_id = user.id
save_to_db(user_detail, "User Details Added")
return user
def create_user():
# Enter user name
user_name = raw_input("Enter a username: "******"Username can't be empty: ")
# Enter password
password = raw_input("Enter a password: "******"Password can't be empty: ")
# generate salt that will flavour the hash
salt = generate_random_salt()
# generate password hash together with the salt value
hashed_password = generate_password_hash(str(password), salt)
# Build user document
user_doc = {
"username": str(user_name),
"password": hashed_password,
"salt": salt
}
# Now, store user credentials in MongoDB
with app.app_context():
try:
result = mongo_users_utils.save(user_doc)
if result:
print "\nUser %s has been created" % user_name
else:
print "\nAn error has occurred."
except Exception as e:
print "\nAn error occurred.\n %s" % e
def password(self, password):
self.password_salt = generate_random_salt()
self.password_hash = generate_password_hash(password, self.password_salt)
parser.add_argument('--host', default='0.0.0.0')
parser.add_argument('--port', type=int, default=2325)
parser.add_argument('--debug', dest='debug', action='store_true')
parser.add_argument('--no-debug', dest='debug', action='store_false')
parser.set_defaults(debug=False)
args = parser.parse_args()
config = load_config(args.config)
if 'web' not in config:
log.error('Missing [web] section in config.ini')
sys.exit(1)
if 'pleblist_password_salt' not in config['web']:
salt = generate_random_salt()
config.set('web', 'pleblist_password_salt', salt.decode('utf-8'))
if 'secret_key' not in config['web']:
salt = generate_random_salt()
config.set('web', 'secret_key', salt.decode('utf-8'))
if 'logo' not in config['web']:
twitchapi = TwitchAPI()
try:
data = twitchapi.get(['users', config['main']['streamer']], base='https://api.twitch.tv/kraken/')
log.info(data)
if data:
logo_raw = 'static/images/logo_{}.png'.format(config['main']['streamer'])
logo_tn = 'static/images/logo_{}_tn.png'.format(config['main']['streamer'])
with urllib.request.urlopen(data['logo']) as response, open(logo_raw, 'wb') as out_file:
def __init__(self, username, raw_pw, first_name='', last_name=''):
self.salt = scrypt.generate_random_salt() #: You can also provide the byte length to return: salt = generate_password_salt(32)
self.username = username
self.set_password(raw_pw)
self.first_name = first_name
self.last_name = last_name
def __init__(self, password):
self.timestamp = datetime.utcnow()
# add some salt then cook up the hash
self.salt = generate_random_salt()
self.password_hash = generate_password_hash(password, self.salt)
def password(self, password):
self.password_salt = generate_random_salt()
self.password_hash = generate_password_hash(password,
self.password_salt)
def __init__(self, username, password):
self.name = username
self.salt = generate_random_salt()
self.password_hash = generate_password_hash(password, self.salt)
def set_password(self, password_string):
self.password_salt = generate_random_salt()
self.password_hash = generate_password_hash(password_string, self.password_salt, 1 << 15)
db.session.commit()
parser.add_argument('--host', default='0.0.0.0')
parser.add_argument('--port', type=int, default=2325)
parser.add_argument('--debug', dest='debug', action='store_true')
parser.add_argument('--no-debug', dest='debug', action='store_false')
parser.set_defaults(debug=False)
args = parser.parse_args()
config = load_config(args.config)
if 'web' not in config:
log.error('Missing [web] section in config.ini')
sys.exit(1)
if 'pleblist_password_salt' not in config['web']:
salt = generate_random_salt()
config.set('web', 'pleblist_password_salt', salt.decode('utf-8'))
if 'secret_key' not in config['web']:
salt = generate_random_salt()
config.set('web', 'secret_key', salt.decode('utf-8'))
if 'logo' not in config['web']:
twitchapi = TwitchAPI()
try:
data = twitchapi.get(['users', config['main']['streamer']], base='https://api.twitch.tv/kraken/')
log.info(data)
if data:
logo_raw = 'static/images/logo_{}.png'.format(config['main']['streamer'])
logo_tn = 'static/images/logo_{}_tn.png'.format(config['main']['streamer'])
with urllib.request.urlopen(data['logo']) as response, open(logo_raw, 'wb') as out_file:
def init(args):
import configparser
import datetime
import logging
import subprocess
import sys
from flask import request
from flask import session
from flask.ext.scrypt import generate_random_salt
import pajbot.web.common
import pajbot.web.routes
from pajbot.bot import Bot
from pajbot.managers.db import DBManager
from pajbot.managers.redis import RedisManager
from pajbot.managers.time import TimeManager
from pajbot.models.module import ModuleManager
from pajbot.models.sock import SocketClientManager
from pajbot.streamhelper import StreamHelper
from pajbot.tbutil import load_config
from pajbot.web.models import errors
from pajbot.web.utils import download_logo
log = logging.getLogger(__name__)
log.info('XD')
config = configparser.ConfigParser()
config = load_config(args.config)
config.read('webconfig.ini')
if 'web' not in config:
log.error('Missing [web] section in config.ini')
sys.exit(1)
if 'pleblist_password_salt' not in config['web']:
salt = generate_random_salt()
config.set('web', 'pleblist_password_salt', salt.decode('utf-8'))
if 'secret_key' not in config['web']:
salt = generate_random_salt()
config.set('web', 'secret_key', salt.decode('utf-8'))
if 'logo' not in config['web']:
res = download_logo(config['main']['streamer'])
if res:
config.set('web', 'logo', 'set')
StreamHelper.init_web(config['main']['streamer'])
redis_options = {}
if 'redis' in config:
redis_options = config._sections['redis']
RedisManager.init(**redis_options)
with open(args.config, 'w') as configfile:
config.write(configfile)
app.bot_modules = config['web'].get('modules', '').split()
app.bot_commands_list = []
app.bot_config = config
app.secret_key = config['web']['secret_key']
if 'sock' in config and 'sock_file' in config['sock']:
SocketClientManager.init(config['sock']['sock_file'])
DBManager.init(config['main']['db'])
TimeManager.init_timezone(config['main'].get('timezone', 'UTC'))
app.module_manager = ModuleManager(None).load()
pajbot.web.routes.admin.init(app)
pajbot.web.routes.api.init(app)
pajbot.web.routes.base.init(app)
pajbot.web.common.filters.init(app)
pajbot.web.common.assets.init(app)
pajbot.web.common.tasks.init(app)
pajbot.web.common.menu.init(app)
app.register_blueprint(pajbot.web.routes.clr.page)
errors.init(app)
pajbot.web.routes.clr.config = config
version = Bot.version
last_commit = ''
commit_number = 0
try:
current_branch = subprocess.check_output(['git', 'rev-parse', '--abbrev-ref', 'HEAD']).decode('utf8').strip()
latest_commit = subprocess.check_output(['git', 'rev-parse', 'HEAD']).decode('utf8').strip()[:8]
commit_number = subprocess.check_output(['git', 'rev-list', 'HEAD', '--count']).decode('utf8').strip()
last_commit = subprocess.check_output(['git', 'log', '-1', '--format=%cd']).decode('utf8').strip()
version = '{0} DEV ({1}, {2}, commit {3})'.format(version, current_branch, latest_commit, commit_number)
except:
pass
default_variables = {
'version': version,
'last_commit': last_commit,
'commit_number': commit_number,
'bot': {
'name': config['main']['nickname'],
},
'site': {
'domain': config['web']['domain'],
'deck_tab_images': config.getboolean('web', 'deck_tab_images'),
'websocket': {
'host': config['websocket'].get('host', config['web']['domain']),
'port': config['websocket']['port'],
'ssl': config.getboolean('websocket', 'ssl')
}
},
'streamer': {
'name': config['web']['streamer_name'],
'full_name': config['main']['streamer']
},
'modules': app.bot_modules,
'request': request,
'session': session,
'google_analytics': config['web'].get('google_analytics', None),
}
if 'streamtip' in config:
default_variables['streamtip_data'] = {
'client_id': config['streamtip']['client_id'],
'redirect_uri': config['streamtip']['redirect_uri'],
}
else:
default_variables['streamtip_data'] = {
'client_id': 'MISSING',
'redirect_uri': 'MISSING',
}
if 'twitchalerts' in config:
default_variables['twitchalerts_data'] = {
'client_id': config['twitchalerts']['client_id'],
'redirect_uri': config['twitchalerts']['redirect_uri'],
}
else:
default_variables['twitchalerts_data'] = {
'client_id': 'MISSING',
'redirect_uri': 'MISSING',
}
@app.context_processor
def current_time():
current_time = {}
current_time['current_time'] = datetime.datetime.now()
return current_time
@app.context_processor
def inject_default_variables():
return default_variables
