예제 #1
0
class Server(object):
    def __init__(self, logfile=SERVER_LOG, debug=True):
        self.__db = Database(debug=debug, logfile=DB_LOG)
        self.__authenticated_users = {}
        self.__timers = {}
        self.__blacklist = {}
        self.__logger = LoggerBuilder().build_logger("Server",
                                                     logfile=logfile,
                                                     debug=debug)
        self.__logger.info("The server been initialized.")

    def register(self, uname, h, token):
        if not self.__check_credentials(uname, h):
            return m.Message(m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                             "Welcome to blacklist.")
        self.__logger.info("We are registering " + uname + ".")
        creds = self.__db.get_user_credentials()
        if uname in creds:
            self.__logger.info("Registration for " + uname +
                               " failed. Username already in use.")
            return m.Message(m.T_FAIL, {m.K_REASON: m.R_UNAME_TAKEN},
                             "Username already in use.")
        f = open(REG_TOKENS, "r")
        tokens = f.read()
        write_back = ""
        success = False
        result = m.Message(m.T_FAIL, {m.K_REASON: m.R_INVALID_TOKEN},
                           "Invalid token.")
        for t in tokens.split('\n'):
            if t == token and len(t) == 32:
                self.__db.store_user_credentials(uname, h)
                result = m.Message(
                    m.T_ACK, {}, "User " + uname + " registered successfully.")
                success = True
                self.__logger.info("Registration for " + uname +
                                   " successful.")
            elif len(t) == 32:
                write_back += t + '\n'
            else:
                pass
        f.close()
        if success == False:
            self.__logger.info("Registration for " + uname +
                               " failed. Invalid token.")
        else:
            f = open(REG_TOKENS, "w")
            f.write(write_back)
        return result

    def demo(self):
        self.__logger.info("We are requesting a demo session.")
        user = self.__db.generate_demo_user()
        if user == {}:
            self.__logger.info("We denied session. Demo user limit reached.")
            return m.Message(m.T_ERR, {m.K_REASON: m.R_LIMIT_REACHED},
                             "Demo user limit reached. Try again later.")

        else:
            uname = user[m.K_USER]
            self.__logger.info("We granted session " + uname + ".")
            session_token = self.__generate_session_token()
            user[m.K_SID] = session_token
            self.__authenticated_users[uname] = session_token
            self.__logger.debug("We have added " + uname + " into auth_users.")
            self.__set_reset_timer(uname)
            return m.Message(m.T_RESPONSE, user, "Demo session granted.")

    def authenticate(self, uname, h):
        self.__logger.info("We are authenticating user '" + uname + "': '" +
                           h + "'...")
        creds = self.__db.get_user_credentials()
        if creds == {}:
            self.__logger.debug("Authentication failed. User " + uname +
                                " not registered.")
            return m.Message(m.T_FAIL, {m.K_REASON: m.R_EMPTY},
                             "User not registered.")
        self.__logger.debug("The credentials are: " + str(creds))
        if uname in creds.keys():
            match = self.__match_safely(creds[uname], h)
            # Success if user is found and hash is correct.
            if match:
                session_token = self.__generate_session_token()
                self.__authenticated_users[uname] = session_token
                self.__logger.debug("We have added " + uname +
                                    " into auth_users.")
                self.__set_reset_timer(uname)
                self.__logger.debug("Authenticated users: " +
                                    self.__authenticated_users.__str__())
                self.__logger.info(uname + "'s authentication successful.")
                return m.Message(m.T_RESPONSE, {m.K_SID: session_token},
                                 "Authentication successful.")
            else:
                if uname in self.__authenticated_users.keys():
                    del self.__authenticated_users[uname]
                self.__logger.debug("Authentication failed. Invalid hash.")
                return m.Message(m.T_FAIL, {m.K_REASON: m.R_NOT_AUTH},
                                 "authentication failed.")
        else:
            self.__logger.debug("failed. User " + uname + " not registered.")
            return m.Message(m.T_FAIL, {m.K_REASON: m.R_NOT_AUTH},
                             "user not registered.")

    def logout(self, uname):
        if uname in self.__authenticated_users.keys():
            del self.__authenticated_users[uname]
            self.__logger.debug("We have removed " + uname +
                                " from auth_users.")
        if uname in self.__timers.keys():
            self.__timers[uname].die()
            del self.__timers[uname]
            self.__logger.debug("We have removed " + uname + " from timers.")
        self.__logger.info("User " + uname + " logged out.")
        if uname.startswith('demo_'):
            self.__db.delete_user(uname)
            self.__logger.debug("We have deleted demouser " + uname + ".")
        return m.Message(m.T_ACK, {}, "Bye.")

    def read_passwords(self, uname, sid):
        if self.__check_auth(uname, sid):
            pwd_dict = self.__db.read_passwords(uname)
            return m.Message(m.T_RESPONSE, pwd_dict, "Read successful.")
        else:
            return m.Message(m.T_FAIL, {m.K_REASON: m.R_NOT_AUTH},
                             "Authentication required.")

    def store_password(self, uname, sid, id, pwd):
        if self.__check_auth(uname, sid):
            result = self.__db.add_password(uname, identifier=id, pwd=pwd)
            if result == True:
                return m.Message(m.T_ACK, {}, "Storage successful.")
            else:
                raise Exception("Store password faced unexpected db response.")
        else:
            return m.Message(m.T_FAIL, {m.K_REASON: m.R_NOT_AUTH},
                             "Authentication required.")

    def remove_password(self, uname, sid, id):
        if self.__check_auth(uname, sid):
            result = self.__db.delete_password(uname, identifier=id)
            if result == True:
                return m.Message(m.T_ACK, {}, "Removal successful.")
            else:
                raise Exception(
                    "Remove password faced unexpected db response.")
        else:
            return m.Message(m.T_FAIL, {m.K_REASON: m.R_NOT_AUTH},
                             "Authentication required.")

    def respond(self, request, ip):
        if ip in self.__blacklist.keys():
            time_passed = time.time() - self.__blacklist[ip]
            if time_passed > BLACKLIST_DURATION:
                del self.__blacklist[ip]
            else:
                self.__blacklist[ip] = time.time()
                msg = m.Message(
                    m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                    "You are in blacklist. If you think this is a mistake\nand you have done nothing wrong, contact\nthe administrator."
                )
                self.__logger.info("We have reset the blaclist timer for " +
                                   ip + ".")
                return msg.toJson()
        msg = self.__construct_response(request)
        if msg.type == m.T_ERR:
            args = msg.args
            if m.K_REASON in args.keys() and args[m.K_REASON] == m.R_BLACKLIST:
                self.__blacklist[ip] = time.time()
                self.__logger.info("We have blacklisted " + ip +
                                   " for 5 minutes.")
        return msg.toJson()

    def __construct_response(self, request):
        try:
            msg = m.construct_message(request)
        except Exception as e:
            self.__logger.info("Exception in construct_message: " +
                               e.__str__())
        if msg:
            response = self.__exact_response(msg)
            return response
        else:
            return m.Message(m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                             "Welcome to blacklist.")

    def __exact_response(self, msg):
        '''
        Sorts the requests to right handlers according to type.
        If the client has been tampered with, it is blacklisted.
        '''
        if msg.type == m.T_LOGIN:
            keys = msg.args.keys()
            if len(keys) == 2 and m.K_USER in keys and m.K_HASH in keys:
                return self.authenticate(uname=msg.args[m.K_USER],
                                         h=msg.args[m.K_HASH])
            elif len(keys) == 2 and m.K_USER in keys and m.K_SID in keys:
                self.__timer_reset(uname=msg.args[m.K_USER])
                self.__logger.debug("User " + msg.args[m.K_USER] +
                                    " still alive.")
                return m.Message(m.T_ACK, {}, "We have refreshed your login.")
            else:
                return m.Message(m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                                 "Welcome to blacklist.")
        elif msg.type == m.T_GET:
            keys = msg.args.keys()
            if len(keys) == 2 and m.K_USER in keys and m.K_SID in keys:
                return self.read_passwords(msg.args[m.K_USER],
                                           msg.args[m.K_SID])
            else:
                return m.Message(m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                                 "Welcome to blacklist.")
        elif msg.type == m.T_PUT:
            keys = msg.args.keys()
            if len(
                    keys
            ) == 4 and m.K_USER in keys and m.K_SID in keys and m.K_ID in keys and m.K_PWD in keys:
                return self.store_password(msg.args[m.K_USER],
                                           msg.args[m.K_SID],
                                           id=msg.args[m.K_ID],
                                           pwd=msg.args[m.K_PWD])
            else:
                return m.Message(m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                                 "Welcome to blacklist.")
        elif msg.type == m.T_REMOVE:
            keys = msg.args.keys()
            args = msg.args
            if len(
                    keys
            ) == 3 and m.K_USER in keys and m.K_SID in keys and m.K_ID in keys:
                return self.remove_password(args[m.K_USER],
                                            args[m.K_SID],
                                            id=args[m.K_ID])
            else:
                return m.Message(m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                                 "Welcome to blacklist.")
        elif msg.type == m.T_LOGOUT:
            keys = msg.args.keys()
            args = msg.args
            if len(keys) == 1 and m.K_USER in keys:
                return self.logout(args[m.K_USER])
            else:
                return m.Message(m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                                 "Welcome to blacklist.")
        elif msg.type == m.T_REGISTER:
            keys = msg.args.keys()
            args = msg.args
            if len(
                    keys
            ) == 3 and m.K_USER in keys and m.K_HASH in keys and m.K_TOKEN in keys:
                return self.register(args[m.K_USER], args[m.K_HASH],
                                     args[m.K_TOKEN])
            else:
                return m.Message(m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                                 "Welcome to blacklist.")
        elif msg.type == m.T_DEMO:
            keys = msg.args.keys()
            if len(keys) == 0:
                return self.demo()
            else:
                return m.Message(m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                                 "Welcome to blacklist.")

        else:
            return m.Message(m.T_ERR, {m.K_REASON: m.R_BLACKLIST},
                             "Welcome to blacklist.")

    def __check_auth(self, uname, sid):
        auth_users = self.__authenticated_users
        if uname in auth_users and self.__match_safely(sid, auth_users[uname]):
            return True
        else:
            self.__logger.debug("Check auth failed. User " + uname +
                                " not authenticated.")
            return False

    def __match_safely(self, str1, str2):
        try:
            match = True
            if len(str1) != len(str2):
                return False
            for i in range(len(str1)):
                if str1[i] != str2[i]:
                    match = False
            return match
        except Exception as e:
            self.__logger.debug("Exception caught in __match_safely:", e)
            return False

    def __generate_session_token(self):
        secret = rng.get_random_bytes(50)
        return secret.encode('base64').replace('\n', '')

    def __expire_user(self, uname):
        if uname in self.__authenticated_users.keys():
            del self.__authenticated_users[uname]
            del self.__timers[uname]
            self.__logger.debug("We have removed " + uname +
                                " from timers and auth_users.")

    def __timer_reset(self, uname):
        self.__timers[uname].reset()

    def __set_reset_timer(self, uname, time=300):
        # Set a timer in seconds how long user's authentication stays valid.
        self.__logger.debug("We have added " + uname + " into timers.")
        self.__timers[uname] = ExpirationTimer(uname, self.__expire_user, time)
        self.__timers[uname].start()

    def __check_credentials(self, uname, h):
        if self.__is_valid_id(uname) and self.__is_valid_hash(h):
            return True
        else:
            return False

    def __is_valid_id(self, id):
        normal = False
        for letter in id:
            if not (64 < ord(str(letter)) < 91 or 96 < ord(str(letter)) < 123
                    or 47 < ord(str(letter)) < 58):
                return False
        if 3 < len(id) < 16:
            return True
        else:
            return False

    def __is_valid_hash(self, h):
        if len(h) == 128:
            try:
                h.decode('hex')
                return True
            except:
                return False
        else:
            return False
예제 #2
0
파일: server.py 프로젝트: suonto/pwm
class Server(object):
   
    def __init__(self, logfile=SERVER_LOG, debug=True):
        self.__db = Database(debug=debug, logfile=DB_LOG)
        self.__authenticated_users = {}
        self.__timers = {}
        self.__blacklist = {}
        self.__logger = LoggerBuilder().build_logger("Server", logfile=logfile, debug=debug)
        self.__logger.info("The server been initialized.")

    def register(self, uname, h, token):
        if not self.__check_credentials(uname, h):
            return m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "Welcome to blacklist.")
        self.__logger.info("We are registering "+uname+".")
        creds = self.__db.get_user_credentials()
        if uname in creds:
            self.__logger.info("Registration for "+uname+" failed. Username already in use.")
            return m.Message(m.T_FAIL, {m.K_REASON:m.R_UNAME_TAKEN}, "Username already in use.")  
        f = open(REG_TOKENS, "r")
        tokens = f.read()
        write_back = ""
        success = False
        result = m.Message(m.T_FAIL, {m.K_REASON:m.R_INVALID_TOKEN}, "Invalid token.") 
        for t in tokens.split('\n'):
            if t == token and len(t) == 32: 
                self.__db.store_user_credentials(uname, h)
                result = m.Message(m.T_ACK, {}, "User "+uname+" registered successfully.") 
                success = True
                self.__logger.info("Registration for "+uname+" successful.")
            elif len(t) == 32:
                write_back += t+'\n'
            else:
                pass  
        f.close()
        if success == False:
            self.__logger.info("Registration for "+uname+" failed. Invalid token.")
        else:
            f = open(REG_TOKENS, "w")
            f.write(write_back) 
        return result
   
    def demo(self):
        self.__logger.info("We are requesting a demo session.")
        user = self.__db.generate_demo_user()
        if user == {}:
            self.__logger.info("We denied session. Demo user limit reached.")
            return m.Message(m.T_ERR, {m.K_REASON:m.R_LIMIT_REACHED}, "Demo user limit reached. Try again later.")

        else:
            uname = user[m.K_USER]
            self.__logger.info("We granted session "+uname+".")
            session_token = self.__generate_session_token()
            user[m.K_SID] = session_token
            self.__authenticated_users[uname] = session_token
            self.__logger.debug("We have added "+uname+ " into auth_users.")
            self.__set_reset_timer(uname)
            return m.Message(m.T_RESPONSE, user, "Demo session granted.")

    def authenticate(self, uname, h):
        self.__logger.info("We are authenticating user '"+uname+"': '"+h+"'...")
        creds = self.__db.get_user_credentials()
        if creds == {}:
            self.__logger.debug("Authentication failed. User "+uname+" not registered.")         
            return m.Message(m.T_FAIL, {m.K_REASON : m.R_EMPTY}, "User not registered.")
        self.__logger.debug("The credentials are: "+str(creds))            
        if uname in creds.keys():
            match = self.__match_safely(creds[uname], h)
            # Success if user is found and hash is correct.
            if match:
                session_token = self.__generate_session_token()
                self.__authenticated_users[uname] = session_token
                self.__logger.debug("We have added "+uname+ " into auth_users.")
                self.__set_reset_timer(uname)
                self.__logger.debug("Authenticated users: "+self.__authenticated_users.__str__())
                self.__logger.info(uname+"'s authentication successful.")
                return m.Message(m.T_RESPONSE, {m.K_SID : session_token}, "Authentication successful.")
            else:
                if uname in self.__authenticated_users.keys():
                    del self.__authenticated_users[uname]
                self.__logger.debug("Authentication failed. Invalid hash.")
                return m.Message(m.T_FAIL, {m.K_REASON : m.R_NOT_AUTH}, "authentication failed.")
        else:
            self.__logger.debug("failed. User "+uname+" not registered.")         
            return m.Message(m.T_FAIL, {m.K_REASON : m.R_NOT_AUTH}, "user not registered.")

    def logout(self, uname):
        if uname in self.__authenticated_users.keys():
            del self.__authenticated_users[uname]
            self.__logger.debug("We have removed "+uname+" from auth_users.")
        if uname in self.__timers.keys():
            self.__timers[uname].die()
            del self.__timers[uname]
            self.__logger.debug("We have removed "+uname+" from timers.")
        self.__logger.info("User "+uname+" logged out.")
        if uname.startswith('demo_'):
            self.__db.delete_user(uname)
            self.__logger.debug("We have deleted demouser "+uname+".")
        return m.Message(m.T_ACK, {}, "Bye.")
           
    def read_passwords(self, uname, sid):
        if self.__check_auth(uname, sid):
            pwd_dict = self.__db.read_passwords(uname)
            return m.Message(m.T_RESPONSE, pwd_dict, "Read successful.")
        else:       
            return m.Message(m.T_FAIL, {m.K_REASON : m.R_NOT_AUTH}, "Authentication required.") 
        
    def store_password(self, uname, sid, id, pwd):
        if self.__check_auth(uname, sid):
            result = self.__db.add_password(uname, identifier=id, pwd=pwd)
            if result == True:
                return m.Message(m.T_ACK, {}, "Storage successful.")
            else:
                raise Exception("Store password faced unexpected db response.")
        else:
            return m.Message(m.T_FAIL, {m.K_REASON : m.R_NOT_AUTH}, "Authentication required.") 

    def remove_password(self, uname, sid, id):
        if self.__check_auth(uname, sid):
            result = self.__db.delete_password(uname, identifier=id)
            if result == True:
                return m.Message(m.T_ACK, {}, "Removal successful.")
            else:
                raise Exception("Remove password faced unexpected db response.")
        else:
            return m.Message(m.T_FAIL, {m.K_REASON : m.R_NOT_AUTH}, "Authentication required.") 

    def respond(self, request, ip):
        if ip in self.__blacklist.keys():
            time_passed = time.time() - self.__blacklist[ip]
            if time_passed > BLACKLIST_DURATION:
                del self.__blacklist[ip]
            else:
                self.__blacklist[ip] = time.time()
                msg = m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "You are in blacklist. If you think this is a mistake\nand you have done nothing wrong, contact\nthe administrator.")
                self.__logger.info("We have reset the blaclist timer for "+ip+".")
                return msg.toJson()
        msg = self.__construct_response(request)
        if msg.type == m.T_ERR:
            args = msg.args
            if m.K_REASON in args.keys() and args[m.K_REASON] == m.R_BLACKLIST:
                self.__blacklist[ip] = time.time()
                self.__logger.info("We have blacklisted "+ip+" for 5 minutes.")
        return msg.toJson()

    def __construct_response(self, request):
        try:
            msg = m.construct_message(request)
        except Exception as e:
            self.__logger.info("Exception in construct_message: "+e.__str__())
        if msg:
            response = self.__exact_response(msg)
            return response
        else:
            return m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "Welcome to blacklist.")

    def __exact_response(self, msg):
        '''
        Sorts the requests to right handlers according to type.
        If the client has been tampered with, it is blacklisted.
        '''
        if msg.type == m.T_LOGIN:
            keys = msg.args.keys()
            if len(keys) == 2 and m.K_USER in keys and m.K_HASH in keys:
                return self.authenticate(uname=msg.args[m.K_USER], h=msg.args[m.K_HASH])
            elif len(keys) == 2 and m.K_USER in keys and m.K_SID in keys:
                self.__timer_reset(uname=msg.args[m.K_USER])
                self.__logger.debug("User "+msg.args[m.K_USER]+" still alive.")         
                return m.Message(m.T_ACK, {}, "We have refreshed your login.")
            else:
                return m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "Welcome to blacklist.")
        elif msg.type == m.T_GET:
            keys = msg.args.keys()
            if len(keys) == 2 and m.K_USER in keys and m.K_SID in keys:
                return self.read_passwords(msg.args[m.K_USER], msg.args[m.K_SID])
            else:
                return m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "Welcome to blacklist.")
        elif msg.type == m.T_PUT:
            keys = msg.args.keys()
            if len(keys) == 4 and m.K_USER in keys and m.K_SID in keys and m.K_ID in keys and m.K_PWD in keys:
                return self.store_password(msg.args[m.K_USER], msg.args[m.K_SID], id=msg.args[m.K_ID], pwd=msg.args[m.K_PWD])
            else:
                return m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "Welcome to blacklist.")
        elif msg.type == m.T_REMOVE:
            keys = msg.args.keys()
            args = msg.args
            if len(keys) == 3 and m.K_USER in keys and m.K_SID in keys and m.K_ID in keys:
                return self.remove_password(args[m.K_USER], args[m.K_SID], id=args[m.K_ID])
            else:
                return m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "Welcome to blacklist.")
        elif msg.type == m.T_LOGOUT:
            keys = msg.args.keys()
            args = msg.args
            if len(keys) == 1 and m.K_USER in keys:
                return self.logout(args[m.K_USER])
            else:
                return m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "Welcome to blacklist.")
        elif msg.type == m.T_REGISTER:
            keys = msg.args.keys()
            args = msg.args
            if len(keys) == 3 and m.K_USER in keys and m.K_HASH in keys and m.K_TOKEN in keys:
                return self.register(args[m.K_USER], args[m.K_HASH], args[m.K_TOKEN])
            else:
                return m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "Welcome to blacklist.")
        elif msg.type == m.T_DEMO:
            keys = msg.args.keys()
            if len(keys) == 0:
                return self.demo()
            else:
                return m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "Welcome to blacklist.")
        
        else:
            return m.Message(m.T_ERR, {m.K_REASON:m.R_BLACKLIST}, "Welcome to blacklist.")

    def __check_auth(self, uname, sid):
        auth_users = self.__authenticated_users
        if uname in auth_users and self.__match_safely(sid, auth_users[uname]):
            return True
        else:
            self.__logger.debug("Check auth failed. User "+uname+" not authenticated.")         
            return False

    def __match_safely(self, str1, str2):
        try:
            match = True
            if len(str1) != len(str2):
                return False 
            for i in range(len(str1)):
                if str1[i] != str2[i] :
                    match = False
            return match
        except Exception as e:
            self.__logger.debug("Exception caught in __match_safely:", e)                    
            return False 

    def __generate_session_token(self):
        secret = rng.get_random_bytes(50)
        return secret.encode('base64').replace('\n', '')

    def __expire_user(self, uname):
        if uname in self.__authenticated_users.keys():
            del self.__authenticated_users[uname] 
            del self.__timers[uname]
            self.__logger.debug("We have removed "+uname+" from timers and auth_users.")

    def __timer_reset(self, uname):
        self.__timers[uname].reset()

    def __set_reset_timer(self, uname, time=300):
        # Set a timer in seconds how long user's authentication stays valid.
        self.__logger.debug("We have added "+uname+" into timers.")
        self.__timers[uname] = ExpirationTimer(uname, self.__expire_user, time)
        self.__timers[uname].start()

    def __check_credentials(self, uname, h):
        if self.__is_valid_id(uname) and self.__is_valid_hash(h):
            return True
        else:
            return False
        

    def __is_valid_id(self, id):
        normal = False
        for letter in id:
            if not (64 < ord(str(letter)) < 91 or 96 < ord(str(letter)) < 123 or 47 < ord(str(letter)) < 58):
                return False
        if 3 < len(id) < 16:
            return True
        else:
            return False 

    def __is_valid_hash(self, h):
        if len(h) == 128:
            try:
                h.decode('hex')
                return True
            except:
                return False
        else:
            return False 
예제 #3
0
class Database(object):
    def __init__(self, logfile=None, debug=False):
        self.__conns = {}  # username:connection
        self.__logger = LoggerBuilder().build_logger("Database",
                                                     logfile=logfile,
                                                     debug=debug)
        self.__logger.info("The database has been initialized.")
        self.__demos = {}
        atexit.register(self.__confirm_demo_user_deletion)

    def __confirm_demo_user_deletion(self):
        for uname in self.__demos.keys():
            self.delete_user(uname)

    def __get_db_conn(self, uname):
        '''
        Returns an open connection object to the parameter user's database.
        If the connection is not open, it will be opened and returned.
        '''
        self.__logger.debug("We are opening connection to db " + uname + ".")
        if not uname in self.__conns.keys():
            conn = sqlite3.connect(uname)
            self.__conns[uname] = conn
            return conn
        else:
            return self.__conns[uname]

    def __close_db_conn(self, uname):
        '''
        Closes the connection (if open) to parameter users database.
        '''
        try:
            self.__logger.debug("We are closing connection to db " + uname +
                                ".")
            self.__conns[uname].close()
            del self.__conns[uname]
        except Exception as e:
            self.__logger.error(
                "We caught an exception in close_conn:\nType: " +
                str(type(e)) + "\nArgs: " + e.__str__())

    def __pad_data(self, data):
        while len(data) % 16 != 0:
            data = data + " "
        return data

    def store_user_credentials(self, uname, password_hash_hex):
        '''
        Stores a user's credential info for authentication purposes. 
        '''
        conn = self.__get_db_conn(CREDENTIALS)
        cursor = conn.cursor()
        added = False
        updated = False
        #Create the table for credentials if it doesn't already exist.
        cursor.execute("create table if not exists " + CREDENTIALS +
                       " (username text, password text)")
        #Insert into credentials table if user was not already there.
        if not cursor.execute(
                "select * from " + CREDENTIALS + " where username=?",
            (uname, )).fetchone():
            cursor.execute("insert into " + CREDENTIALS + " values (?,?)", (
                uname,
                password_hash_hex,
            ))
            conn.commit()
            added = True
            self.__logger.info("We have successfully registered " + uname +
                               ".")
        else:
            cursor.execute(
                "update " + CREDENTIALS + " set password=? where username=?", (
                    password_hash_hex,
                    uname,
                ))
            conn.commit()
            updated = True
            self.__logger.info("We have updated " + uname +
                               "'s password in credentials library.")
        self.__close_db_conn(CREDENTIALS)
        if added:
            return ADDED
        elif updated:
            return UPDATED
        else:
            raise Exception(
                'Store user credentials neither updated or added anything.')

    def get_user_credentials(self):
        conn = self.__get_db_conn(CREDENTIALS)
        # We are avoiding any complications in opening and closing the connection.
        result = self.__get_user_credentials(conn)
        self.__close_db_conn(CREDENTIALS)
        return result

    def __get_user_credentials(self, conn):
        '''
        Reads user credentials and returns them in a dictionary.
        '''
        cursor = conn.cursor()
        exists = cursor.execute(
            "select name from sqlite_master where type='table' and name='" +
            CREDENTIALS + "'").fetchall()
        if len(exists) == 0:
            self.__logger.info(
                "We don't have any registered users. Returning {}.")
            return {}
        credentials = cursor.execute("select * from " + CREDENTIALS).fetchall()
        dict_format = {}
        for tuple in credentials:
            dict_format[str(tuple[0])] = str(tuple[1])
        credentials = dict_format
        self.__logger.info("We are reading credentials.")
        self.__logger.debug("Credentials: " + str(credentials))
        return credentials

    def add_password(self, uname, identifier, pwd):
        '''
        Stores a password in the users database.
        Opens a connection to the db if neccessary.
        '''
        iv = rng.get_random_bytes(16)
        ec = AES.new(DB_KEY, AES.MODE_CBC, iv)
        #Encrypting the password for storage
        pwd = ec.encrypt(self.__pad_data(pwd)).encode('hex')
        conn = self.__get_db_conn(uname)
        cursor = conn.cursor()
        added = False
        #Create the table for the user if it doesn't already exist.
        cursor.execute(
            "create table if not exists sites (id text, iv text, password text)"
        )
        #Insert into db if identifier is not already there.
        if not cursor.execute("select * from sites where id=?",
                              (identifier.encode('hex'), )).fetchone():
            #IV and ID encoded in hex for storage.
            self.__logger.debug("We are adding a new password " + identifier +
                                " for user " + uname + ".")
            cursor.execute("insert into sites values (?,?,?)", (
                identifier.encode('hex'),
                iv.encode('hex'),
                pwd,
            ))
        # Else update pwd value.
        else:
            cursor.execute("update sites set iv=? ,password=? where id=?", (
                iv.encode('hex'),
                pwd,
                identifier.encode('hex'),
            ))
            self.__logger.debug("We have updated " + uname + "'s password " +
                                identifier + ".")
        conn.commit()
        added = True
        self.__close_db_conn(uname)
        return added

    def read_passwords(self, uname):
        '''
        Reads all the passwords of the parameter user and returns them in a list.
        '''
        conn = self.__get_db_conn(uname)
        # We are avoiding any complications in opening and closing the connection.
        result = self.__read_passwords(conn, uname)
        self.__close_db_conn(uname)
        return result

    def __read_passwords(self, conn, uname):
        self.__logger.info("We are reading passwords for " + uname + ".")
        cursor = conn.cursor()
        exists = cursor.execute(
            "select name from sqlite_master where type='table' and name='sites'"
        ).fetchall()
        if len(exists) == 0:
            self.__logger.info("We have no passwords for " + uname +
                               " Returning {}.")
            return {}
        passwords = cursor.execute("select * from sites").fetchall()
        self.__logger.info("Read for " + uname + " successful.")
        self.__logger.debug("Passwords:")
        result = {}
        for line in passwords:
            iv_hex = str(line[1])
            id_hex = line[0]
            dc = AES.new(DB_KEY, AES.MODE_CBC, iv_hex.decode('hex'))
            password = dc.decrypt(line[2].decode('hex')).rstrip(' ')
            self.__logger.debug([id_hex.decode('hex'), iv_hex, password])
            result[id_hex.decode('hex')] = password
        return result

    def delete_password(self, uname, identifier):
        self.__logger.info("We are trying to delete " + uname +
                           "'s password " + identifier + ".")
        conn = self.__get_db_conn(uname)
        cursor = conn.cursor()
        removed = False
        exists = cursor.execute(
            "select name from sqlite_master where type='table' and name='sites'"
        ).fetchall()
        if len(exists) == 0:
            self.__logger.info("We have no passwords for " + uname +
                               ". Returning False.")
            return False
        if cursor.execute("select * from sites where id=?",
                          (identifier.encode('hex'), )).fetchone():
            cursor.execute("delete from sites where id=?",
                           (identifier.encode('hex'), ))
            conn.commit()
            removed = True
            self.__logger.info("We are deleting user " + uname +
                               "'s password " + identifier)
            #If table is empty after removal, it is dropped.
            if not cursor.execute("select * from sites").fetchone():
                cursor.execute("drop table sites")
                conn.commit()
                self.__logger.debug("We are deleting user " + uname +
                                    "'s empty table sites.")
        self.__close_db_conn(uname)
        return removed

    def delete_user(self, uname):
        self.__logger.info("We are deleting user " + uname + ".")
        conn = self.__get_db_conn(uname)
        cursor = conn.cursor()
        cursor.execute("drop table if exists sites")
        self.__logger.debug("We are dropping table sites if it exists.")
        conn.commit()
        try:
            os.remove(uname)
        except:
            pass
        self.__close_db_conn(uname)
        conn = self.__get_db_conn(CREDENTIALS)
        cursor = conn.cursor()
        removed = False
        exists = cursor.execute(
            "select name from sqlite_master where type='table' and name='" +
            CREDENTIALS + "'").fetchall()
        if len(exists) == 0:
            self.__logger.info(
                "We don't have any registered users. Returning False.")
            return False
        if cursor.execute("select * from " + CREDENTIALS + " where username=?",
                          (uname, )).fetchone():
            cursor.execute("delete from " + CREDENTIALS + " where username=?",
                           (uname, ))
            conn.commit()
            removed = True
            self.__logger.info("We have deleted user " + uname + ".")
            #If table is empty after removal, it is dropped.
            if not cursor.execute("select * from " + CREDENTIALS).fetchone():
                cursor.execute("drop table " + CREDENTIALS)
                conn.commit()
                self.__logger.debug("We are deleting empty table " +
                                    CREDENTIALS + ".")
        else:
            self.__logger.debug("We didn't delete " + uname +
                                ", he's gone already.")
        self.__close_db_conn(CREDENTIALS)
        return removed

    def generate_demo_user(self):
        if len(self.__demos.keys()) > 10:
            return None
        demo = {}
        dname = "demo_" + str(len(self.__demos.keys()))
        dpass = rng.get_random_bytes(20).encode('hex')
        demo[m.K_USER] = dname
        demo[m.K_DEMO_PASS] = dpass
        self.__demos[dname] = dpass
        return demo
예제 #4
0
파일: database.py 프로젝트: suonto/pwm
class Database(object):

    def __init__(self, logfile=None, debug=False):
        self.__conns = {} # username:connection
        self.__logger = LoggerBuilder().build_logger("Database", logfile=logfile, debug=debug)
        self.__logger.info("The database has been initialized.")
        self.__demos = {}
        atexit.register(self.__confirm_demo_user_deletion)
    
    def __confirm_demo_user_deletion(self):
        for uname in self.__demos.keys():
            self.delete_user(uname)
        
    def __get_db_conn(self, uname):
        '''
        Returns an open connection object to the parameter user's database.
        If the connection is not open, it will be opened and returned.
        '''
        self.__logger.debug("We are opening connection to db "+uname+".")
        if not uname in self.__conns.keys():
            conn = sqlite3.connect(uname)
            self.__conns[uname] = conn
            return conn
        else:
            return self.__conns[uname]
    
    def __close_db_conn(self, uname):
        '''
        Closes the connection (if open) to parameter users database.
        '''
        try:
            self.__logger.debug("We are closing connection to db "+uname+".")
            self.__conns[uname].close()
            del self.__conns[uname]
        except Exception as e:
            self.__logger.error("We caught an exception in close_conn:\nType: "+str(type(e))+"\nArgs: "+e.__str__())

    def __pad_data(self, data):
        while len(data)%16 != 0:
            data = data+" "
        return data

    def store_user_credentials(self, uname, password_hash_hex):
        '''
        Stores a user's credential info for authentication purposes. 
        '''
        conn = self.__get_db_conn(CREDENTIALS)
        cursor = conn.cursor() 
        added = False
        updated = False
        #Create the table for credentials if it doesn't already exist.
        cursor.execute("create table if not exists "+CREDENTIALS+" (username text, password text)")
        #Insert into credentials table if user was not already there.
        if not cursor.execute("select * from "+CREDENTIALS+" where username=?", (uname,)).fetchone():
            cursor.execute("insert into "+CREDENTIALS+" values (?,?)", (uname, password_hash_hex,))
            conn.commit()
            added = True   
            self.__logger.info("We have successfully registered "+uname+".")
        else:
            cursor.execute("update "+CREDENTIALS+" set password=? where username=?", (password_hash_hex, uname,))
            conn.commit()
            updated = True 
            self.__logger.info("We have updated "+uname+"'s password in credentials library.")
        self.__close_db_conn(CREDENTIALS)
        if added:
            return ADDED
        elif updated:
            return UPDATED
        else:
            raise Exception('Store user credentials neither updated or added anything.')

    def get_user_credentials(self):
        conn = self.__get_db_conn(CREDENTIALS)
        # We are avoiding any complications in opening and closing the connection.
        result = self.__get_user_credentials(conn)
        self.__close_db_conn(CREDENTIALS)
        return result

    def __get_user_credentials(self, conn):
        '''
        Reads user credentials and returns them in a dictionary.
        '''
        cursor = conn.cursor()
        exists = cursor.execute("select name from sqlite_master where type='table' and name='"+CREDENTIALS+"'").fetchall()
        if len(exists) == 0:
            self.__logger.info("We don't have any registered users. Returning {}.")
            return {}    
        credentials = cursor.execute("select * from "+CREDENTIALS).fetchall()    
        dict_format = {}
        for tuple in credentials:
            dict_format[str(tuple[0])] = str(tuple[1])
        credentials = dict_format
        self.__logger.info("We are reading credentials.")
        self.__logger.debug("Credentials: "+str(credentials))
        return credentials

    def add_password(self, uname, identifier, pwd):
        '''
        Stores a password in the users database.
        Opens a connection to the db if neccessary.
        '''
        iv = rng.get_random_bytes(16)
        ec = AES.new(DB_KEY, AES.MODE_CBC, iv)
        #Encrypting the password for storage
        pwd = ec.encrypt(self.__pad_data(pwd)).encode('hex')
        conn = self.__get_db_conn(uname)
        cursor = conn.cursor()
        added = False
        #Create the table for the user if it doesn't already exist.
        cursor.execute("create table if not exists sites (id text, iv text, password text)")
        #Insert into db if identifier is not already there.
        if not cursor.execute("select * from sites where id=?", (identifier.encode('hex'),)).fetchone():
            #IV and ID encoded in hex for storage.
            self.__logger.debug("We are adding a new password "+identifier+" for user "+uname+".")
            cursor.execute("insert into sites values (?,?,?)",(identifier.encode('hex'), iv.encode('hex'), pwd,))
        # Else update pwd value.
        else:
            cursor.execute("update sites set iv=? ,password=? where id=?", (iv.encode('hex'), pwd, identifier.encode('hex'),))
            self.__logger.debug("We have updated "+uname+"'s password "+identifier+".")
        conn.commit()
        added = True   
        self.__close_db_conn(uname)
        return added

    def read_passwords(self, uname):
        '''
        Reads all the passwords of the parameter user and returns them in a list.
        '''
        conn = self.__get_db_conn(uname)
        # We are avoiding any complications in opening and closing the connection.
        result = self.__read_passwords(conn, uname)
        self.__close_db_conn(uname)
        return result

    def __read_passwords(self, conn, uname):        
        self.__logger.info("We are reading passwords for "+uname+".")
        cursor = conn.cursor()
        exists = cursor.execute("select name from sqlite_master where type='table' and name='sites'").fetchall()
        if len(exists) == 0:
            self.__logger.info("We have no passwords for "+uname+" Returning {}.")
            return {} 
        passwords = cursor.execute("select * from sites").fetchall()
        self.__logger.info("Read for "+uname+" successful.")
        self.__logger.debug("Passwords:")
        result = {}
        for line in passwords:
            iv_hex = str(line[1])
            id_hex = line[0]
            dc = AES.new(DB_KEY, AES.MODE_CBC, iv_hex.decode('hex'))
            password = dc.decrypt(line[2].decode('hex')).rstrip(' ')
            self.__logger.debug([id_hex.decode('hex'), iv_hex, password])
            result[id_hex.decode('hex')] = password 
        return result
            
    def delete_password(self, uname, identifier):
        self.__logger.info("We are trying to delete "+uname+"'s password "+identifier+".")
        conn = self.__get_db_conn(uname)
        cursor= conn.cursor()
        removed = False
        exists = cursor.execute("select name from sqlite_master where type='table' and name='sites'").fetchall()
        if len(exists) == 0:
            self.__logger.info("We have no passwords for "+uname+". Returning False.")
            return False
        if cursor.execute("select * from sites where id=?", (identifier.encode('hex'),)).fetchone():
            cursor.execute("delete from sites where id=?", (identifier.encode('hex'),))
            conn.commit()
            removed = True
            self.__logger.info("We are deleting user "+uname+"'s password "+identifier)
            #If table is empty after removal, it is dropped.
            if not cursor.execute("select * from sites").fetchone():
                cursor.execute("drop table sites")
                conn.commit()
                self.__logger.debug("We are deleting user "+uname+"'s empty table sites.")
        self.__close_db_conn(uname)
        return removed

    def delete_user(self, uname):
        self.__logger.info("We are deleting user "+uname+".")
        conn = self.__get_db_conn(uname)
        cursor= conn.cursor()
        cursor.execute("drop table if exists sites")
        self.__logger.debug("We are dropping table sites if it exists.")
        conn.commit()
        try:
            os.remove(uname)
        except:
            pass
        self.__close_db_conn(uname)
        conn = self.__get_db_conn(CREDENTIALS)
        cursor= conn.cursor()
        removed = False
        exists = cursor.execute("select name from sqlite_master where type='table' and name='"+CREDENTIALS+"'").fetchall()
        if len(exists) == 0:
            self.__logger.info("We don't have any registered users. Returning False.")
            return False  
        if cursor.execute("select * from "+CREDENTIALS+" where username=?", (uname,)).fetchone():
            cursor.execute("delete from "+CREDENTIALS+" where username=?", (uname,))
            conn.commit()
            removed = True
            self.__logger.info("We have deleted user "+uname+".")
            #If table is empty after removal, it is dropped.
            if not cursor.execute("select * from "+CREDENTIALS).fetchone():
                cursor.execute("drop table "+CREDENTIALS)
                conn.commit()
                self.__logger.debug("We are deleting empty table "+CREDENTIALS+".")
        else:
            self.__logger.debug("We didn't delete "+uname+", he's gone already.")
        self.__close_db_conn(CREDENTIALS)
        return removed

    def generate_demo_user(self):
        if len(self.__demos.keys()) > 10:
            return None
        demo = {}
        dname = "demo_"+str(len(self.__demos.keys())) 
        dpass = rng.get_random_bytes(20).encode('hex')
        demo[m.K_USER] = dname 
        demo[m.K_DEMO_PASS] = dpass
        self.__demos[dname] = dpass
        return demo