def register_form(): form = tools.RegisterForm(request.form) if form.validate(): first_name = form.first_name.data surname = form.surname.data email = form.email.data password = bcrypt_sha256.using(salt=config.salt).hash( str(form.password.data)) token = tools.token_generator() try: db.create_user(first_name, surname, email, password, token, "photo-opt-in" in request.form) link = config.url + "/register-confirmation?t=" + token subject, body = mail_client.create_registration_completion_email( first_name, surname, link) email_sent = mail_client.send_email(subject, body, email) except Exception as e: flash("User email already registered, sign in?") return redirect( url_for('register', COOKIES_NOTIFICATION=tools.show_cookies_policy(), LOGGED_IN=tools.is_logged_in())) flash( """We have sent a verification email to you, please confirm so you can access your account""" ) return render_template( "register.html", COOKIES_NOTIFICATION=tools.show_cookies_policy(), LOGGED_IN=tools.is_logged_in())
def create_user(username: str, password: str, phone: str): """Add a user to the database""" con = sqlite3.connect(DB_NAME) # check if username already exists (case-insensitive) # cannot use LIKE since usernames can have underscores # using '?' as a placeholder prevents injection attacks if con.execute( 'SELECT username FROM account ' 'WHERE LOWER(username) = LOWER(?)', (username, )).fetchone(): raise AccountError(f'User "{username}" already exists') # encrypt the phone number and hash the password phone = Fernet(create_fernet_key(username, password)).encrypt(phone.encode()) # number of rounds = 2**{rounds} = 8192 password = bcrypt_sha256.using(rounds=13).hash(password) # insert the user into the database. # input validation has already occurred. con.execute('INSERT INTO account VALUES (?, ?, ?)', (username, password, phone)) con.commit() con.close()
def nc_authr(self, msg, ip, port): '''Prompts the user to enter their password for the server to verify format of calling intent: NC_AUTHR:IP:PORT:NEWUSER:B64(AES(SALT)) ''' # Parse out the new user and salt newuser = msg.split(':')[3] salt = msg.split(':')[4] # Decode then decrypt salt salt = base64.b64decode(salt) salt = decyrpt(ip, salt) print('Password requested for current nick by {0}:{1}'.format( ip, port)) # Prompt the user for the password and hash with salt prompt = 'Current user password: '******'' while pw == '' or pw == None: pw = getpass.getpass(prompt) pw = bcrypt_sha256.using(salt=salt).hash(pw) # Encrypt and encode the new hash pw = encrypt(ip, pw) pw = base64.b64encode(pw) intent = 'NC_REQV:{0}:{1}:{2}:{3}'.format(localInfo.HOST, localInfo.PORT, newuser, pw) # Send off to the server. self.sendIntent(intent, ip, port)
def change_password(): if request.method == "GET": token = request.args.get("t") if token is None: return render_template('register.html') return render_template( 'change_password.html', TOKEN=token, COOKIES_NOTIFICATION=tools.show_cookies_policy(), LOGGED_IN=tools.is_logged_in()) elif request.method == "POST": try: form = tools.ChangePasswordForm(request.form) password = bcrypt_sha256.using(salt=config.salt).hash( str(form.password.data)) db.change_password(form.token.data, password) flash("You have successfully changed your password") return render_template( "register.html", COOKIES_NOTIFICATION=tools.show_cookies_policy(), LOGGED_IN=tools.is_logged_in()) except Exception as e: flash( "Your password was not changed, please contact us at %s and we will assist you promptly." % config.email_config["admin_email"]) return render_template( 'change_password.html', COOKIES_NOTIFICATION=tools.show_cookies_policy(), LOGGED_IN=tools.is_logged_in())
def hash_password(pwd, pep): #compute the 14 round bcrypt hash # of the sha256 hash of the password h = bcrypt_sha256.using(rounds=14).hash(pwd) # encrypt with AES (pepper) ph = pep.encrypt(h.encode('utf-8')) # encode as base64 string and return b64ph = base64.b64encode(ph) return b64ph
def add_pass(self): print("\n[!] Minimum Password Requirements: 8-20 Characters, One Uppercase, One Special Character, One Number") while True: password = getpass.getpass(prompt="Password: "******"^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[a-zA-Z]).{8,20}$", password) is None: print("[-] Password Does Not Meet Requirements") else: self.hashed = bcrypt_sha256.using(rounds=12).hash(password) print("\n[+] Account Created!") return self.hashed
def req_known(self, msg, ip, port): '''Deals with a request for a known user This method deals with handling a request for a known user by prompting for the password of a known user and hashing with the specified salt then encrypting this with AES to send back to the server. It also will send another message to the server if the remote connection has not yet authorized which will depend upon whether that user exists locally or not. format of calling intent: REQ_KNOWN:IP:PORT:USERNAME:SALT format of response: AUTH_VERIFY:IP:PORT:USER:HASH note: HASH is AES encrypted base64 ''' # Get the username and set the salt username = connections[ip].username salt = msg.split(':')[4] logging.debug('Bcrypting with salt: {0}'.format(salt)) print('Password requested by {0}:{1} for known user: {2}'.format( ip, port, username)) # Prompt for the password: prompt = 'Press ENTER then enter password: '******'' while pw == None or pw == '': pw = getpass.getpass(prompt) logging.debug('PLAINTEXT: {0}'.format(pw)) pw = bcrypt_sha256.using(salt=salt).hash(pw) if pw == '' or pw == None: print( 'Password is empty, perhaps you hit ENTER too many times') # Encrypt password with AES: pw = self.encrypt(ip, pw) # Convert to base64 and str pw = str(base64.b64encode(pw), 'utf8') logging.debug('Encrypted Hash: {0}'.format(pw)) intent = 'AUTH_VERIFY:{0}:{1}:{2}:{3}'.format(localInfo.HOST, localInfo.PORT, username, pw) # Send it off for the server to handle self.sendIntent(intent, ip, port) # Also call auth_req if the user has not authed yet. if not connections[ip].Authed: self.auth_req(msg, ip, port, 0)
def get_password(cls, password): return bcrypt_sha256.using( rounds=config.password_iterations).hash(password)
def verify_password(self, password): if not bcrypt_sha256.using(salt=self._get_salt()).verify( password, self.password): raise Exception('Invalid password !')
def set_password(self, plain_password): self.password = bcrypt_sha256.using( salt=self._get_salt()).hash(plain_password)
def check_password(self, raw_password): return bcrypt_sha256.using(rounds=13).verify(raw_password, hash=self.password)
def set_password(self, raw_password): self.password = bcrypt_sha256.using(rounds=13).hash(raw_password)