def login(): if logged_in(): return redirect(url_for('user', fingerprint=session['fp'])) if request.method == 'GET': if 'fingerprint' not in session: return None if request.method == 'POST': try: fp = request.form.get('fingerprint').replace(' ', '').lower() if not is_fingerprint(fp): flash(err_messages['not_fp'], 'error') return redirect(url_for('login')) user = User.query.filter(User.fingerprint == fp).one() session['fp'] = fp ciphertext = Challenge.generate(user, fp) return dict(ciphertext=ciphertext) except NoResultFound: flash(err_messages['no_account'], 'error') except Exception as e: flash(err_messages['generic'], 'error') app.logger.error(e) return redirect(url_for('login'))
def test_generate_challenge(self): """Test generating a challenge.""" chal = str(Challenge.generate(self.user, self.user.fingerprint)) self.assertIn('-----BEGIN PGP MESSAGE-----', chal) self.assertIn('-----END PGP MESSAGE-----', chal) chals = Challenge.query.all() self.assertEqual(self.user.chal_id, chals[1].id)
def publish_canary(sigid_base64): canary = get_canary(sigid_base64) if canary is None: return page_not_found('canary') fp = canary.user.fingerprint if request.method == 'GET': ciphertext = Challenge.generate(canary, fp) return dict(canary=canary, ciphertext=ciphertext) if request.method == 'POST': """If the request originated from a logged in user's manage canary page, republish the canary.""" if logged_in() and session['fp'] == fp: return republish_canary(canary) else: if Challenge.check(canary, request.form['decrypted'].strip()): return republish_canary(canary) else: flash(err_messages['decrypt_fail'], 'error') return None
def new_canary(): if request.method == 'GET': return None if request.method == 'POST': try: signed = request.form['signedMessage'] frequency_num = int(request.form['frequencyNum']) frequency_type = request.form['frequency'] except KeyError: flash(err_messages['incomplete_form'], 'error') return None allowed_freqs = 'day', 'week', 'month' in_range = 1 <= frequency_num <= 100 if frequency_type not in allowed_freqs or not in_range: flash(err_messages['invalid_freq'], 'error') return None # Get the frequency in days frequency = days(frequency_num, frequency_type) verified, err = gpg.verify(signed) # Start over if the message wasn't verified. if err and not verified: flash(err, 'error') return None fp = verified.fingerprint sigid_base64 = base64.urlsafe_b64encode(verified.signature_id) try: canary = Canary(sigid_base64, frequency, frequency_type) db_session.add(canary) db_session.commit() except IntegrityError: # Throw an error if a canary with that sigid already exists db_session.rollback() db_session.flush() flash(err_messages['dupe_canary'], 'error') return redirect(url_for('new_canary')) except Exception as e: db_session.rollback() db_session.flush() app.logger.error(e) """An unexpected database error should not reveal any error details to the user.""" flash(err_messages['generic'], 'error') return None ciphertext = Challenge.generate(canary, fp) # TODO: This is sloppy. session['canary'] = dict(fp=verified.fingerprint.lower(), text=signed, uid=verified.username, keyid=verified.key_id, sigid_base64=sigid_base64, frequency=frequency, freq_type=frequency_type, ciphertext=str(ciphertext)) flash(messages['verified'], 'message') return dict(canary=session['canary'])