def revoque(self, key_id): key = Session.query(Key).filter(and_(Key.email == self.user, Key.id == key_id)) if key.count() == 1: c.key = key.one() return render('/manager/revoque.html') else: redirect_to(action='index') pass pass
def do(self): if 'otps' not in request.params or 'aes' not in request.params or 'mail' not in request.params : redirect_to(action="index", msg='All fields are requiered') if request.params['otps'] == '' or request.params['aes'] == '' or request.params['mail'] == '' : redirect_to(action='index', msg='All fields are requested') aes = request.params['aes'].strip() otps = request.params['otps'].strip().split('\n') mail = request.params['mail'].strip() # check: is this email already in our system ? if so, is the user registered? if so, are the email addresses the same ? c = Session.query(Key).filter(Key.email == mail) if c.count() != 0: if 'user' not in request.params: redirect_to(action='index', msg='This email address is already registered, please use the <a href="/manager">manager</a> to add this key.') pass if request.params['user'] != mail: redirect_to(action='index', msg = 'This is NOT your email address') pass # check how many OTPs there are if len(otps) < 3: redirect_to(action='index', msg='We need at least 3 OTPs') # check AES length if not yubi_decrypt.RE_AES_KEY.match(aes): redirect_to(action='index', msg='BAD AES Key') # check how many OTP there are for otp in otps: if otp: try: data = yubi_decrypt.YubikeyToken(otp.strip(), aes) except yubi_decrypt.InvalidToken: redirect_to(action="index", msg="Bad OTP - at least one is wrong!") secret_id = data.secret_id public_id = data.public_id # get API key if one already exists api = Session.query(Key).filter(Key.email == mail) if api.count() > 0: c.replay = True api_key = api[0].api.key else: c.replay = False api_key = generate_api() # crypt AES key crypted = xtea.crypt(self.xtea_key, aes).encode('hex') # last check : is this AES unique ? if Session.query(id_AES).filter(id_AES.aes == crypted).count() != 0: redirect_to(action="index", msg="Bad AES - Please generate a new one.") # create new key object key = Key() key.private_id = secret_id key.public_id = public_id key.email = mail # create new key - AES part new_aes = id_AES() new_aes.aes = crypted Session.add(new_aes) Session.commit() id_aes = Session.query(id_AES).filter(id_AES.aes == crypted).one().id # add ID to key key.id_aes = id_aes # create new key - API part if c.replay: key.api_key = api[0].api.id else: api = API() api.key = api_key Session.add(api) Session.commit() api_id = Session.query(API).filter(API.key == api_key).one().id key.api_key = api_id Session.add(key) Session.commit() c.api_key = api_key return render('/addkey/success.html')
def index(self, msg=None): c.err = msg c.user = False if 'user' in session: c.user = session['user'] return render('/addkey/index.html')
def index(self): return render('/privacy/index.html')
def index(self): return render('/doc/index.html')
def login(self): return render('/manager/login.html')
def index(self): c.keys = Session.query(Key).filter(Key.email == self.user).all() return render('/manager/index.html')