Exemplo n.º 1
0
def confirm_email(token):
    """Checks if the email verification is successful.

    If succesful email_confirmed is set to 1 and user is now able to login.

    Returns:
        JSON responde based on succes/failure.
    """
    try:
        # Create the secret key based on our little secret :)
        secret = URLSafeTimedSerializer(current_app.config['EMAIL_SECRET'])

        # Confirm key is in pool and has not expired yet.
        email = secret.loads(token, max_age=3600,
                             salt=current_app.config['EMAIL_REGISTER_SALT'])

        # If user exists update the status 'email_confirmed' to 1.
        # The user will now be able to login.
        if users.exists(email=email):
            users.update({'email_confirmed': 1}, email=email)

            # Redirect the user to the login page, trigger
            # 'registration complete' process.
            return redirect(
                get_central_ip() +
                '?message=registration_complete')
        else:
            return bad_json_response('No user with the email ' + email
                                     + ' exists.')
    except SignatureExpired:
        message = 'The token has expired, please try registering again.'
        return redirect(get_central_ip() + '?message=' + message)

    except BadTimeSignature:
        message = 'The token did not match. Are you trying to hack FedNet? Q_Q'
        return redirect(get_central_ip() + '?message=' + message)
Exemplo n.º 2
0
def confirm_forgotpass():
    """Handles password resetting via email.

    Returns:
        JSON reponse based on succes/failure.
    """
    try:
        token = request.form['token']
        password = request.form['password']

        # Create the secret key based on our little secret :)
        secret = URLSafeTimedSerializer(current_app.config['EMAIL_SECRET'])

        # Confirm key is in pool and has not expired yet.
        # Extract email from secret.
        email = secret.loads(token, max_age=3600,
                             salt=current_app.config['EMAIL_FORGOTPASS_SALT'])

        # Error if no user with given email is found.
        if not users.exists(email=email):
            return bad_json_response('No user with the email ' + email
                                     + ' exists.')

        # Encrypt password for storage in database.
        password = sha256_crypt.encrypt(request.form['password'])
        users.update({'password': password}, email=email)

        return good_json_response('Change password succesfull')
    except SignatureExpired:
        message = 'The token has expired, please try requesting a new password.'
        return redirect(get_central_ip() + '?message=' + message)
    except BadTimeSignature:
        message = (
            'The token did not match. Are you trying to hack some user? Q_Q'
        )
        return redirect(get_central_ip() + '?message=' + message)
Exemplo n.º 3
0
    def wrapper(*args, **kwargs):
        try:
            # Decode token (base64).
            header = None
            if get_server_type() == ServerType.CENTRAL:
                header = request.cookies['access_token_cookie']
            else:
                header = request.headers['authorization']

            # Get the identity and save as username.
            parts = header.split('.')
            decoded = base64.b64decode(parts[1] + '=============') \
                .decode('utf-8')
            username = json.loads(decoded)['identity']

            # Get the correct pub key.
            if get_server_type() == ServerType.CENTRAL:
                # Get the pubkey using own API call.
                from app.api.central.server import get_pub_key
                pub = get_pub_key(username)
            else:
                # Get the pubkey by call to the central server.
                pub = requests.get(get_central_ip() + '/api/server/pub_key',
                                   params={
                                       'username': username
                                   }).json()['data']

            current_app.config['JWT_PUBLIC_KEY'] = pub
        except BaseException:
            # Show login on exception.
            return render_template('login.html')

        # Let the JWT extended library check the token.
        try:
            verify_jwt_in_request()
        except:
            return render_template('logout.html')
        return fn(*args, **kwargs)
Exemplo n.º 4
0
def registered():
    """Look up if the given username is a registered username in FedNet.

    Returns:
        JSON reponse that succeeds if the username is registered and
        fails if the user is not registered.
    """
    username = request.args.get('username')

    if username is None:
        return bad_json_response("Bad request: Missing parameter 'username'.")

    if not users.exists(username=username):
        return bad_json_response('Username not found (in data server)')

    # This request checks if the given username is registered.
    r = requests.get(
        get_central_ip() + '/api/user/registered',
        params={
            'username': username
        }
    ).json()

    return good_json_response(r)
Exemplo n.º 5
0
def forgotpass():
    """Handles forgotten password, sends email to recover.

    Returns:
        JSON response based on succes/failure.
    """
    username = request.form['username']

    if not username:
        return bad_json_response("Bad request: Missing parameter 'username'.")

    # Retrieve email for given username.
    # Also retrieve firstname and lastname for personal message.
    firstname, lastname, send_to = users.export_one('firstname', 'lastname',
                                                    'email', username=username)

    # If no user is found give an error.
    if not firstname or not lastname or not username:
        return bad_json_response('Error retrieving the user.')

    # stuur mail met new ww link
    # Construct message object with receipient and sender
    msg = EmailMessage()
    msg['Subject'] = 'FedNet - Change your password.'
    msg['From'] = current_app.config['EMAIL_ADDRESS']
    msg['To'] = send_to

    # Create the secret key based on our little secret :)
    secret = URLSafeTimedSerializer(current_app.config['EMAIL_SECRET'])

    # Create token based on a user their email and salt to prevent same token.
    token = secret.dumps(send_to,
                         salt=current_app.config['EMAIL_FORGOTPASS_SALT'])

    # Create link with token and username so central knows how to handle it.
    parameters = '?username='******'&token=' + token
    link = get_central_ip() + '/forgotPassword' + parameters

    # Load the HTML template for the email, and embed the information needed.
    with open('app/templates/email_template/forgot-password.html') as f:
        html = f.read()
    html = html.replace('LINK_HERE', link)
    html = html.replace('USERNAME_HERE', username)
    html = html.replace('NAME_HERE', firstname + ' ' + lastname)
    msg.add_alternative(html, subtype='html')

    # Add image to the contents of the email.
    with open('app/static/images/LogoBackOpaque.png', 'rb') as img:
        # Know the Content-Type of the image.
        maintype, subtype = mimetypes.guess_type(img.name)[0].split('/')

        # Attach it to the email. The cid='0' is linked to the cid in the html,
        # which loads it.
        msg.get_payload()[0].add_related(img.read(), maintype=maintype,
                                         subtype=subtype, cid='0')

    # Connect to the mailserver from google and send the e-mail.
    with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp:
        smtp.login(current_app.config['EMAIL_ADDRESS'],
                   current_app.config['EMAIL_PASSWORD'])
        smtp.send_message(msg)

    return good_json_response('success')