def sign_up_post(v): if v: abort(403) agent = request.headers.get("User-Agent", None) if not agent: abort(403) form_timestamp = request.form.get("now", 0) form_formkey = request.form.get("formkey", "none") submitted_token = session["signup_token"] correct_formkey_hashstr = form_timestamp + submitted_token + agent correct_formkey = hmac.new(key=bytes(environ.get("MASTER_KEY"), "utf-16"), msg=bytes(correct_formkey_hashstr, "utf-16")).hexdigest() now = int(time.time()) username = request.form.get("username") #define function that takes an error message and generates a new signup form def new_signup(error): args = {"error": error} if request.form.get("referred_by"): user = db.query(User).filter_by( id=request.form.get("referred_by")).first() if user: args["ref"] = user.username return redirect(f"/signup?{urlencode(args)}") #check for tokens ## if now-int(form_timestamp)>120: ## print(f"signup fail - {username } - form expired") return new_signup("There was a problem. Please try again.") if now - int(form_timestamp) < 5: print(f"signup fail - {username } - too fast") return new_signup("There was a problem. Please try again.") if not hmac.compare_digest(correct_formkey, form_formkey): print(f"signup fail - {username } - mismatched formkeys") return new_signup("There was a problem. Please try again.") #check for matched passwords if not request.form.get("password") == request.form.get( "password_confirm"): return new_signup("Passwords did not match. Please try again.") #check username/pass conditions if not re.match(valid_username_regex, request.form.get("username")): print(f"signup fail - {username } - mismatched passwords") return new_signup("Invalid username") if not re.match(valid_password_regex, request.form.get("password")): print(f"signup fail - {username } - invalid password") return new_signup("Password must be 8 characters or longer") #if not re.match(valid_email_regex, request.form.get("email")): # return new_signup("That's not a valid email.") #Check for existing acocunts email = request.form.get("email") if not email: email = None if (db.query(User).filter(User.username.ilike( request.form.get("username"))).first() or (email and db.query(User).filter(User.email.ilike(email)).first())): print(f"signup fail - {username } - email already exists") return new_signup( "An account with that username or email already exists.") #success #kill tokens session.pop("signup_token") #get referral ref_id = int(request.form.get("referred_by", 0)) ref_id = None if not ref_id else ref_id #make new user try: new_user = User(username=username, password=request.form.get("password"), email=email, created_utc=int(time.time()), creation_ip=request.remote_addr, referred_by=ref_id) except Exception as e: print(e) return new_signup("Please enter a valid email") db.add(new_user) db.commit() #give a beta badge beta_badge = Badge(user_id=new_user.id, badge_id=1) db.add(beta_badge) db.commit() check_for_alts(new_user.id) if email: send_verification_email(new_user) session["user_id"] = new_user.id session["session_id"] = token_hex(16) redir = request.form.get("redirect", None) if redir: return redirect(redir) else: return redirect(new_user.permalink)
def sign_up_post(v): if v: abort(403) agent=request.headers.get("User-Agent", None) if not agent: abort(403) form_timestamp = request.form.get("now", 0) form_formkey = request.form.get("formkey","none") submitted_token=session.get("signup_token", "") if not submitted_token: abort(400) correct_formkey_hashstr = form_timestamp+submitted_token+agent correct_formkey = hmac.new(key=bytes(environ.get("MASTER_KEY"), "utf-16"), msg=bytes(correct_formkey_hashstr, "utf-16") ).hexdigest() now=int(time.time()) username=request.form.get("username") #define function that takes an error message and generates a new signup form def new_signup(error): args={"error":error} if request.form.get("referred_by"): user=g.db.query(User).filter_by(id=request.form.get("referred_by")).first() if user: args["ref"]=user.username return redirect(f"/signup?{urlencode(args)}") #check for tokens ## if now-int(form_timestamp)>120: ## print(f"signup fail - {username } - form expired") return new_signup("There was a problem. Please try again.") if now-int(form_timestamp)<5: print(f"signup fail - {username } - too fast") return new_signup("There was a problem. Please try again.") if not hmac.compare_digest(correct_formkey, form_formkey): print(f"signup fail - {username } - mismatched formkeys") return new_signup("There was a problem. Please try again.") #check for matched passwords if not request.form.get("password") == request.form.get("password_confirm"): return new_signup("Passwords did not match. Please try again.") #check username/pass conditions if not re.match(valid_username_regex, request.form.get("username")): print(f"signup fail - {username } - mismatched passwords") return new_signup("Invalid username") if not re.match(valid_password_regex, request.form.get("password")): print(f"signup fail - {username } - invalid password") return new_signup("Password must be 8 characters or longer") #if not re.match(valid_email_regex, request.form.get("email")): # return new_signup("That's not a valid email.") #Check for existing acocunts email=request.form.get("email") if not email: email=None existing_account=g.db.query(User).filter(User.username.ilike(request.form.get("username"))).first() if existing_account and existing_account.reserved: return redirect(existing_account.permalink) if existing_account or (email and g.db.query(User).filter(User.email.ilike(email)).first()): print(f"signup fail - {username } - email already exists") return new_signup("An account with that username or email already exists.") #check bans if any([x.is_banned for x in [g.db.query(User).filter_by(id=y).first() for y in session.get("history",[])] if x]): abort(403) #success #kill tokens session.pop("signup_token") #get referral ref_id = int(request.form.get("referred_by") or 0) #upgrade user badge ref_user=g.db.query(User).filter_by(id=ref_id).first() if not ref_user: ref_id=None #make new user try: new_user=User(username=username, password=request.form.get("password"), email=email, created_utc=int(time.time()), creation_ip=request.remote_addr, referred_by=ref_id, tos_agreed_utc=int(time.time()) ) except Exception as e: print(e) return new_signup("Please enter a valid email") g.db.add(new_user) g.db.commit() #give a beta badge beta_badge=Badge(user_id=new_user.id, badge_id=6) g.db.add(beta_badge) #check alts check_for_alts(new_user.id) #send welcome/verify email if email: send_verification_email(new_user) #send welcome message text=f"""![](https://media.giphy.com/media/ehmupaq36wyALTJce6/200w.gif) \n\nWelcome to Ruqqus, {new_user.username}. We're glad to have you here. \n\nWhile you get settled in, here a couple things we recommend for newcomers: - View the [quickstart guide](https://ruqqus.com/post/86i) - Customize your profile by [adding a custom avatar and banner](/settings/profile) - Personalize your front page by [joining some guilds](/browse) \n\nYou're welcome to say anything protected by the First Amendment here - even if you don't live in the United States. And since we're committed to [open-source](https://github.com/ruqqus/ruqqus) transparency, your front page (and your posted content) won't be artificially manipulated. \n\nReally, it's what social media should have been doing all along. \n\nNow, go enjoy your digital freedom. \n\n-The Ruqqus Team""" send_notification(new_user, text) session["user_id"]=new_user.id session["session_id"]=token_hex(16) redir=request.form.get("redirect", None) print(f"Signup event: @{new_user.username}") if redir: return redirect(redir) else: return redirect(new_user.permalink)
def sign_up_post(v): if v: abort(403) agent=request.headers.get("User-Agent", None) if not agent: abort(403) form_timestamp = request.form.get("now", 0) form_formkey = request.form.get("formkey","none") submitted_token=session["signup_token"] correct_formkey_hashstr = form_timestamp+submitted_token+agent correct_formkey = hmac.new(key=bytes(environ.get("MASTER_KEY"), "utf-16"), msg=bytes(correct_formkey_hashstr, "utf-16") ).hexdigest() now=int(time.time()) #define function that takes an error message and generates a new signup form def new_signup(error): #Reset tokens and return to signup form token = token_hex(16) session["signup_token"]=token now=int(time.time()) agent=request.headers.get("User-Agent", None) new_formkey_hashstr=str(now)+submitted_token+agent new_formkey = hmac.new(key=bytes(environ.get("MASTER_KEY"), "utf-16"), msg=bytes(new_formkey_hashstr, "utf-16") ).hexdigest() return render_template("sign_up.html", formkey=new_formkey, now=now, error=error, i=random_image()) #check for tokens if now-int(form_timestamp)>120: print("form expired") return new_signup("There was a problem. Please refresh the page and try again.") elif now-int(form_timestamp)<5: print("slow down!") return new_signup("There was a problem. Please refresh the page and try again.") if not hmac.compare_digest(correct_formkey, form_formkey): print(f"{request.form.get('username')} - mismatched formkeys") return new_signup("There was a problem. Please refresh the page and try again.") #check for matched passwords if not request.form.get("password") == request.form.get("password_confirm"): return new_signup("Passwords did not match. Please try again.") #check username/pass conditions if not re.match(valid_username_regex, request.form.get("username")): return new_signup("Invalid username") if not re.match(valid_password_regex, request.form.get("password")): return new_signup("Password must be 8 characters or longer") #Check for existing acocunts if (db.query(User).filter(User.username.ilike(request.form.get("username"))).first() or db.query(User).filter(User.email.ilike(request.form.get("email"))).first()): return new_signup("An account with that username or email already exists.") #success #kill tokens session.pop("signup_token") #get referral ref_id = int(request.form.get("referred_by", 0)) ref_id=None if not ref_id else ref_id #make new user try: new_user=User(username=request.form.get("username"), password=request.form.get("password"), email=request.form.get("email"), created_utc=int(time.time()), creation_ip=request.remote_addr, referred_by=ref_id ) except Exception as e: print(e) return new_signup("Please enter a valid email") db.add(new_user) db.commit() prebeta_badge=Badge(user_id=new_user.id, badge_id=1) db.add(prebeta_badge) db.commit() send_verification_email(new_user) session["user_id"]=new_user.id session["session_id"]=token_hex(16) redir=request.form.get("redirect", None) if redir: return redirect(redir) else: return redirect(new_user.permalink)
def sign_up_post(v): if v: abort(403) agent = request.headers.get("User-Agent", None) if not agent: abort(403) # check tor # if request.headers.get("CF-IPCountry")=="T1": # return render_template("sign_up_tor.html", # i=random_image() # ) form_timestamp = request.form.get("now", 0) form_formkey = request.form.get("formkey", "none") submitted_token = session.get("signup_token", "") if not submitted_token: abort(400) correct_formkey_hashstr = form_timestamp + submitted_token + agent correct_formkey = hmac.new(key=bytes(environ.get("MASTER_KEY"), "utf-16"), msg=bytes(correct_formkey_hashstr, "utf-16") ).hexdigest() now = int(time.time()) username = request.form.get("username") # define function that takes an error message and generates a new signup # form def new_signup(error): args = {"error": error} if request.form.get("referred_by"): user = g.db.query(User).filter_by( id=request.form.get("referred_by")).first() if user: args["ref"] = user.username return redirect(f"/signup?{urlencode(args)}") if app.config["DISABLE_SIGNUPS"]: return new_signup("New account registration is currently closed. Please come back later.") if now - int(form_timestamp) < 5: #print(f"signup fail - {username } - too fast") return new_signup("There was a problem. Please try again.") if not hmac.compare_digest(correct_formkey, form_formkey): #print(f"signup fail - {username } - mismatched formkeys") return new_signup("There was a problem. Please try again.") # check for matched passwords if not request.form.get( "password") == request.form.get("password_confirm"): return new_signup("Passwords did not match. Please try again.") # check username/pass conditions if not re.match(valid_username_regex, request.form.get("username")): #print(f"signup fail - {username } - mismatched passwords") return new_signup("Invalid username") if not re.match(valid_password_regex, request.form.get("password")): #print(f"signup fail - {username } - invalid password") return new_signup("Password must be between 8 and 100 characters.") # if not re.match(valid_email_regex, request.form.get("email")): # return new_signup("That's not a valid email.") # Check for existing acocunts email = request.form.get("email") email = email.lstrip().rstrip() if not email: email = None #counteract gmail username+2 and extra period tricks - convert submitted email to actual inbox if email and email.endswith("@gmail.com"): gmail_username=email.split('@')[0] gmail_username=gmail_username.split('+')[0] gmail_username=gmail_username.replace('.','') email=f"{gmail_username}@gmail.com" existing_account = get_user(request.form.get("username"), graceful=True) if existing_account and existing_account.reserved: return redirect(existing_account.permalink) if existing_account or (email and g.db.query( User).filter(User.email.ilike(email)).first()): # #print(f"signup fail - {username } - email already exists") return new_signup( "An account with that username or email already exists.") # ip ratelimit previous = g.db.query(User).filter_by( creation_ip=request.remote_addr).filter( User.created_utc > int( time.time()) - 60 * 60).first() if previous: abort(429) # check bot if app.config.get("HCAPTCHA_SITEKEY"): token = request.form.get("h-captcha-response") if not token: return new_signup("Unable to verify captcha [1].") data = {"secret": app.config["HCAPTCHA_SECRET"], "response": token, "sitekey": app.config["HCAPTCHA_SITEKEY"]} url = "https://hcaptcha.com/siteverify" x = requests.post(url, data=data) if not x.json()["success"]: #print(x.json()) return new_signup("Unable to verify captcha [2].") # kill tokens session.pop("signup_token") # get referral ref_id = int(request.form.get("referred_by", 0)) # upgrade user badge if ref_id: ref_user = g.db.query(User).options( lazyload('*')).filter_by(id=ref_id).first() if ref_user: ref_user.refresh_selfset_badges() g.db.add(ref_user) # make new user try: new_user = User(username=username, password=request.form.get("password"), email=email, created_utc=int(time.time()), creation_ip=request.remote_addr, referred_by=ref_id or None, tos_agreed_utc=int(time.time()), creation_region=request.headers.get("cf-ipcountry"), ban_evade = int(any([x.is_banned for x in g.db.query(User).filter(User.id.in_(tuple(session.get("history", [])))).all() if x])) ) except Exception as e: #print(e) return new_signup("Please enter a valid email") g.db.add(new_user) g.db.commit() # give a beta badge beta_badge = Badge(user_id=new_user.id, badge_id=6) g.db.add(beta_badge) # check alts check_for_alts(new_user.id) # send welcome/verify email if email: send_verification_email(new_user) # send welcome message text = f"""![](https://media.giphy.com/media/ehmupaq36wyALTJce6/200w.gif) \n\nWelcome to Ruqqus, {new_user.username}. We're glad to have you here. \n\nWhile you get settled in, here a couple things we recommend for newcomers: - View the [quickstart guide](https://ruqqus.com/post/86i) - Personalize your front page by [joining some guilds](/browse) \n\nYou're welcome to say anything protected by the First Amendment here - even if you don't live in the United States. And since we're committed to [open-source](https://github.com/ruqqus/ruqqus) transparency, your front page (and your posted content) won't be artificially manipulated. \n\nReally, it's what social media should have been doing all along. \n\nNow, go enjoy your digital freedom. \n\n-The Ruqqus Team""" send_notification(new_user, text) session["user_id"] = new_user.id session["session_id"] = token_hex(16) redir = request.form.get("redirect", None) # #print(f"Signup event: @{new_user.username}") return redirect("/")
def sign_up_post(v): if v: abort(403) agent = request.headers.get("User-Agent", None) if not agent: abort(403) # check tor # if request.headers.get("CF-IPCountry")=="T1": # return render_template("sign_up_tor.html", # i=random_image() # ) form_timestamp = request.form.get("now", '0') form_formkey = request.form.get("formkey", "none") submitted_token = session.get("signup_token", "") if not submitted_token: abort(400) correct_formkey_hashstr = form_timestamp + submitted_token + agent correct_formkey = hmac.new(key=bytes(environ.get("MASTER_KEY"), "utf-16"), msg=bytes(correct_formkey_hashstr, "utf-16")).hexdigest() now = int(time.time()) username = request.form.get("username") # define function that takes an error message and generates a new signup # form def new_signup(error): args = {"error": error} if request.form.get("referred_by"): user = g.db.query(User).filter_by( id=request.form.get("referred_by")).first() if user: args["ref"] = user.username return redirect(f"/signup?{urlencode(args)}") if app.config["DISABLE_SIGNUPS"]: return new_signup( "New account registration is currently closed. Please come back later." ) if now - int(form_timestamp) < 5: #print(f"signup fail - {username } - too fast") return new_signup("There was a problem. Please try again.") if not hmac.compare_digest(correct_formkey, form_formkey): #print(f"signup fail - {username } - mismatched formkeys") return new_signup("There was a problem. Please try again.") # check for matched passwords if not request.form.get("password") == request.form.get( "password_confirm"): return new_signup("Passwords did not match. Please try again.") # check username/pass conditions if not re.match(valid_username_regex, request.form.get("username")): #print(f"signup fail - {username } - mismatched passwords") return new_signup("Invalid username") if not re.match(valid_password_regex, request.form.get("password")): #print(f"signup fail - {username } - invalid password") return new_signup("Password must be between 8 and 100 characters.") # if not re.match(valid_email_regex, request.form.get("email")): # return new_signup("That's not a valid email.") # Check for existing acocunts email = request.form.get("email") email = email.lstrip().rstrip() if not email: email = None #counteract gmail username+2 and extra period tricks - convert submitted email to actual inbox if email and email.endswith("@gmail.com"): gmail_username = email.split('@')[0] gmail_username = gmail_username.split('+')[0] gmail_username = gmail_username.replace('.', '') email = f"{gmail_username}@gmail.com" existing_account = get_user(request.form.get("username"), graceful=True) if existing_account and existing_account.reserved: return redirect(existing_account.permalink) if existing_account or (email and g.db.query(User).filter( User.email.ilike(email)).first()): # #print(f"signup fail - {username } - email already exists") return new_signup( "An account with that username or email already exists.") # check bot if app.config.get("HCAPTCHA_SITEKEY"): token = request.form.get("h-captcha-response") if not token: return new_signup("Unable to verify captcha [1].") data = { "secret": app.config["HCAPTCHA_SECRET"], "response": token, "sitekey": app.config["HCAPTCHA_SITEKEY"] } url = "https://hcaptcha.com/siteverify" x = requests.post(url, data=data) if not x.json()["success"]: #print(x.json()) return new_signup("Unable to verify captcha [2].") # kill tokens session.pop("signup_token") # get referral ref_id = int(request.form.get("referred_by", 0)) # upgrade user badge if ref_id: ref_user = g.db.query(User).options( lazyload('*')).filter_by(id=ref_id).first() if ref_user: ref_user.refresh_selfset_badges() g.db.add(ref_user) # make new user try: new_user = User( username=username, original_username=username, password=request.form.get("password"), email=email, created_utc=int(time.time()), creation_ip=request.remote_addr, referred_by=ref_id or None, tos_agreed_utc=int(time.time()), creation_region=request.headers.get("cf-ipcountry"), ban_evade=int( any([ x.is_banned for x in g.db.query(User).filter( User.id.in_(tuple(session.get("history", [])))).all() if x ]))) except Exception as e: #print(e) return new_signup("Please enter a valid email") g.db.add(new_user) g.db.commit() # give a beta badge beta_badge = Badge(user_id=new_user.id, badge_id=6) g.db.add(beta_badge) # check alts check_for_alts(new_user.id) # send welcome/verify email if email: send_verification_email(new_user) # send welcome message send_notification(new_user, "dude bussy lmao") session["user_id"] = new_user.id session["session_id"] = token_hex(16) redir = request.form.get("redirect", None) # #print(f"Signup event: @{new_user.username}") return redirect("/")