def post(self): if 'login-username' not in request.form or 'login-pass' not in request.form: return self.invalid_login() else: self.username = request.form['login-username'] self.password = request.form['login-pass'] user = config.checkLogin(self.username, self.password) # got the correct data, attempt to evaluate it if user == False: return self.invalid_login() else: self.json['logged_in'] = True self.json['error'] = '' response = app.make_response(json.dumps(self.json)) session_id = hashlib.md5(user['account'] + user['password'] + str(int(time.time()))).hexdigest() # generate a response and a session id config.db.users.update({'account': user['account']}, {'$set': {'session_id': session_id}}) # update the session id in the database response.set_cookie('session-id', session_id) response.set_cookie('tab-options', '{}') # set the cookies response.headers['Content-Type'] = 'application/json' return response
def handlePassword(self): if 'current-pass' not in request.form or 'new-pass' not in request.form or 'confirm-pass' not in request.form: self.json['error_message'].append(self.responses['PASS_REQUIRED']) else: current_pass = request.form['current-pass'] current_hash = hashlib.sha512(hashlib.sha512(current_pass).hexdigest() + str(int(self.user['salt']))).hexdigest() new_pass = request.form['new-pass'] confirm_pass = request.form['confirm-pass'] if current_hash != self.user['password']: self.json['error_message'].append(self.responses['INCOR_PASS']) if len(new_pass) < 7 or len(new_pass) > 25: self.json['error_message'].append(self.responses['INVAL_PASS']) if new_pass != confirm_pass: self.json['error_message'].append(self.responses['MISMATCH_PASS']) # validate our inputs if len(self.json['error_message']) > 0: self.json['error'] = True else: self.json['error'] = False self.json['success_message'] = self.responses['SUCCESS_PASS'] new_pass_hash = hashlib.sha512(hashlib.sha512(new_pass).hexdigest() + str(int(self.user['salt']))).hexdigest() newdata = {'$set': {'password': new_pass_hash}} config.db.users.update({'account': self.username}, newdata) response = app.make_response(json.dumps(self.json)) # update the record in our mongodb response.set_cookie('login-pass-hash', new_pass_hash) # over write the cookie so they don't get logged out return response
def handleEmail(self): if 'current-email' not in request.form or 'new-email' not in request.form or 'confirm-email' not in request.form: self.json['error_message'].append(self.responses['EMAIL_REQUIRED']) else: current_email = request.form['current-email'] new_email = request.form['new-email'] confirm_email = request.form['confirm-email'] signup_row = config.db.users.find_one({'email': new_email}) if current_email != self.user['email']: self.json['error_message'].append(self.responses['INCOR_EMAIL']) if not re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$', new_email, re.IGNORECASE): self.json['error_message'].append(self.responses['INVAL_EMAIL']) if signup_row != None: self.json['error_message'].append(self.responses['USED_EMAIL']) if new_email != confirm_email: self.json['error_message'].append(self.responses['MISMATCH_EMAIL']) # validate our inputs if len(self.json['error_message']) > 0: self.json['error'] = True else: self.json['error'] = False self.json['success_message'] = self.responses['SUCCESS_EMAIL'] newdata = {'$set': {'email': new_email}} config.db.users.update({'account': self.username}, newdata) # update the record in our mongodb return app.make_response(json.dumps(self.json))
def invalid_login(self): self.json['logged_in'] = False self.json['error'] = 'Incorrect login details' response = app.make_response(json.dumps(self.json)) response.set_cookie('session-id', '') response.headers['Content-Type'] = 'application/json' return response
def post(self, req_type): self.json['error'] = False self.json['error_message'] = [] self.json['success_message'] = '' # reset the json responses if self.checkAccess() == False: self.json['error'] = True self.json['error_message'].append(self.responses['NO_ACCESS']) return app.make_response(json.dumps(self.json)) # check for access else: if req_type == 'settings': return self.handleSettings() elif req_type == 'email': return self.handleEmail() elif req_type == 'password': return self.handlePassword() else: self.json['error'] = True return app.make_response(json.dumps(self.json))
def get(self): self.json['error'] = False self.json['error_message'] = [] self.json['success_message'] = '' # reset the json responses if self.checkAccess() == False: self.json['error'] = True self.json['error_message'].append(self.responses['NO_ACCESS']) return app.make_response(json.dumps(self.json)) # check for access else: return render_template('network.html')
def post(self, req_type): self.json['error'] = False self.json['error_message'] = [] self.json['success_message'] = '' # reset the json responses if req_type == 'false': return self.handleRequest() elif req_type == 'true': return self.handleNewPassword() else: self.json['error'] = True self.json['error_message'].append(self.responses['INVAL_URI']) return app.make_response(json.dumps(self.json))
def handleNewPassword(self): if 'account-id' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form: self.json['error_message'].append(self.responses['PASS_REQUIRED']) else: try: _id = bson.ObjectId(oid=str(request.form['account-id'])) except Exception, e: self.json['error'] = True self.json['error_message'].append(self.responses['INVAL_ACC']) return app.make_response(json.dumps(self.json)) # bail immediately if the object id is invalid password = request.form['password'] confirm = request.form['confirm-password'] # setup some variables account_row = config.db.users.find_one({'_id': _id}) if account_row == None: self.json['error_message'].append(self.responses['INVAL_ACC']) # check account id if len(password) < 7 or len(password) > 25: self.json['error_message'].append(self.responses['INVAL_PASS']) if password != confirm: self.json['error_message'].append( self.responses['MISMATCH_PASS']) # validate size and email address validity if len(self.json['error_message']) > 0: self.json['error'] = True else: password_hash = hashlib.sha512( hashlib.sha512(password).hexdigest() + str(int(account_row['salt']))).hexdigest() account_row['extra']['reset_password_ts'] = 0 account_row['extra']['reset_password_link'] = '' newdata = { '$set': { 'password': password_hash, 'extra': account_row['extra'] } } update = config.db.users.update({'_id': _id}, newdata) # update the password self.json['error'] = False self.json['success_message'] = self.responses['SUCCESS_PASS']
def get(self): if self.checkAccess() == False: response = app.make_response(json.dumps(self.json)) response.headers['Content-Type'] = 'application/json' return response # invalid user, return an empty array node_object = self.collection.find_one({'_id': self.user['node']}) if node_object == None: node_object = self.collection.find(limit = 1, skip = random.randrange(0, self.collection.count())) node_object = node_object[0] # cant find a node object, get a new one self.json['logged_in'] = True self.json['username'] = self.username self.json['session_id'] = self.user['session_id'] self.json['settings'] = self.user['settings'] self.json['endpoint'] = node_object['endpoint'] # give the return object some information response = app.make_response(json.dumps(self.json)) response.headers['Content-Type'] = 'application/json' return response
def get(self): self.json['error'] = False self.json['error_message'] = [] self.json['success_message'] = '' # reset the json responses if self.checkAccess() == False: self.json['error'] = True self.json['error_message'].append(self.responses['NO_ACCESS']) return app.make_response(json.dumps(self.json)) # check for access else: timestamp_format = ' checked' if self.user['settings']['timestamp_format'] == 1 else '' return render_template('settings.html', yourName = self.user['real'], ircNickname = self.user['nick'], highlightWords = self.user['highlight_words'], autoComplete = self.user['settings']['autocompletion'], timestampFormat = timestamp_format)
def handleNewPassword(self): if 'account-id' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form: self.json['error_message'].append(self.responses['PASS_REQUIRED']) else: try: _id = bson.ObjectId(oid = str(request.form['account-id'])) except Exception, e: self.json['error'] = True self.json['error_message'].append(self.responses['INVAL_ACC']) return app.make_response(json.dumps(self.json)) # bail immediately if the object id is invalid password = request.form['password'] confirm = request.form['confirm-password'] # setup some variables account_row = config.db.users.find_one({'_id': _id}) if account_row == None: self.json['error_message'].append(self.responses['INVAL_ACC']) # check account id if len(password) < 7 or len(password) > 25: self.json['error_message'].append(self.responses['INVAL_PASS']) if password != confirm: self.json['error_message'].append(self.responses['MISMATCH_PASS']) # validate size and email address validity if len(self.json['error_message']) > 0: self.json['error'] = True else: password_hash = hashlib.sha512(hashlib.sha512(password).hexdigest() + str(int(account_row['salt']))).hexdigest() account_row['extra']['reset_password_ts'] = 0 account_row['extra']['reset_password_link'] = '' newdata = { '$set': { 'password': password_hash, 'extra': account_row['extra'] } } update = config.db.users.update({'_id': _id}, newdata) # update the password self.json['error'] = False self.json['success_message'] = self.responses['SUCCESS_PASS']
def handleSignup(self): if 'your-name' not in request.form or 'irc-nickname' not in request.form or 'email-address' not in request.form or 'username' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form: self.json['error_message'].append(self.responses['REQUIRED']) else: self.name = request.form['your-name'] self.nick = request.form['irc-nickname'] self.email = request.form['email-address'] self.username = request.form['username'] self.password = request.form['password'] self.confirm_pass = request.form['confirm-password'] # assign the variables signup_row_a = config.db.users.find_one({'account': self.username}) signup_row_e = config.db.users.find_one({'email': self.email}) # see if we can find the user information if len(self.username) < 4 or len(self.username) > 25 or not re.match(r'[a-z0-9-_]*$', self.username, re.IGNORECASE): self.json['error_message'].append(self.responses['INVAL_USER']) if signup_row_a != None: self.json['error_message'].append(self.responses['USED_USER']) if len(self.name) > 35: self.json['error_message'].append(self.responses['INVAL_NAME']) if not re.match(r'[a-z_\-\[\]\\^{}|`][a-z0-9_\-\[\]\\^{}|`]*$', self.nick, re.IGNORECASE) or len(self.nick) > 30: self.json['error_message'].append(self.responses['INVAL_NICK']) if not re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$', self.email, re.IGNORECASE): self.json['error_message'].append(self.responses['INVAL_EMAIL']) if signup_row_e != None: self.json['error_message'].append(self.responses['USED_EMAIL']) if len(self.password) < 6 or len(self.password) > 25: self.json['error_message'].append(self.responses['INVAL_PASS']) if self.confirm_pass != self.password: self.json['error_message'].append(self.responses['INVAL_CPASS']) # validate size and email address validity if len(self.json['error_message']) > 0: self.json['error'] = True else: self.insertUser() return app.make_response(json.dumps(self.json))
def handleSettings(self): if 'your-name' not in request.form or 'irc-nickname' not in request.form or 'autocompletion' not in request.form: self.json['error_message'].append(self.responses['SET_REQUIRED']) else: name = request.form['your-name'] nick = request.form['irc-nickname'] autocompletion = request.form['autocompletion'] timestamp_format = 0 if 'timestamp-format' not in request.form else 1 highlight_words = '' if 'highlight-words' not in request.form else request.form['highlight-words'] if len(name) > 35: self.json['error_message'].append(self.responses['INVAL_NAME']) if not re.match(r'[a-z_\-\[\]\\^{}|`][a-z0-9_\-\[\]\\^{}|`]*$', nick, re.IGNORECASE) or len(nick) > 30: self.json['error_message'].append(self.responses['INVAL_NICK']) if not re.match(r'^([,|:|\-]|\s+[,|:|\-])$', autocompletion, re.IGNORECASE): self.json['error_message'].append(self.responses['INVAL_AUTOC']) # validate our inputs if len(self.json['error_message']) > 0: self.json['error'] = True else: self.json['error'] = False self.json['success_message'] = self.responses['SUCCESS_SET'] newdata = { '$set': { 'real': name, 'nick': nick, 'highlight_words': highlight_words, 'settings.timestamp_format': timestamp_format, 'settings.autocompletion': autocompletion } } config.db.users.update({'account': self.username}, newdata) # update the record in our mongodb return app.make_response(json.dumps(self.json))
def get(self): response = app.make_response(redirect('/')) response.set_cookie('session-id', '') response.set_cookie('tab-options', '') return response
else: self.json['error_message'].append(self.responses['ALREADY_SENT']) # is the email already been sent? if len(self.json['error_message']) > 0: self.json['error'] = True elif email_sent == False: self.json['error'] = True self.json['error_message'].append(self.responses['FAILED']) else: self.json['error'] = False self.json['success_message'] = self.responses['SUCCESS'] # check for errors return app.make_response(json.dumps(self.json)) def handleNewPassword(self): if 'account-id' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form: self.json['error_message'].append(self.responses['PASS_REQUIRED']) else: try: _id = bson.ObjectId(oid = str(request.form['account-id'])) except Exception, e: self.json['error'] = True self.json['error_message'].append(self.responses['INVAL_ACC']) return app.make_response(json.dumps(self.json)) # bail immediately if the object id is invalid password = request.form['password'] confirm = request.form['confirm-password']
def get(self): response = app.make_response(self.combine_js(True)) response.headers['Content-Type'] = 'application/javascript' return response
def get(self): response = app.make_response(self.combine_js(True)) response.headers["Content-Type"] = "application/javascript" return response
else: self.json['error_message'].append(self.responses['ALREADY_SENT']) # is the email already been sent? if len(self.json['error_message']) > 0: self.json['error'] = True elif email_sent == False: self.json['error'] = True self.json['error_message'].append(self.responses['FAILED']) else: self.json['error'] = False self.json['success_message'] = self.responses['SUCCESS'] # check for errors return app.make_response(json.dumps(self.json)) def handleNewPassword(self): if 'account-id' not in request.form or 'password' not in request.form or 'confirm-password' not in request.form: self.json['error_message'].append(self.responses['PASS_REQUIRED']) else: try: _id = bson.ObjectId(oid=str(request.form['account-id'])) except Exception, e: self.json['error'] = True self.json['error_message'].append(self.responses['INVAL_ACC']) return app.make_response(json.dumps(self.json)) # bail immediately if the object id is invalid password = request.form['password'] confirm = request.form['confirm-password']