Exemplo n.º 1
0
def confirm(theform, userdir, thisscript):
    """Confirm a login.
    Either from an invite or from a user who has registered."""
    from dataenc import pass_dec, pass_enc
    from login import encodestring
    fail = False
    try:
        theval, daynumber, timestamp = pass_dec(theform['id'].value)
    except:
        # FIXME: bare except....
        newloginfail()
    tempstore = ConfigObj(userdir + 'temp.ini')
    if not tempstore.has_key(theval):
        newloginfail()
    uservals = tempstore[theval]
    del tempstore[theval]
    username = uservals['username']
    if username in tempstore['pending']:
        tempstore['pending'].remove(username)
    tempstore.write()
    #
    newconfig = ConfigObj(userdir + 'default.ini')
    newpath = userdir + username + '.ini'
    if os.path.isfile(newpath):
        newloginfail()
    newconfig.filename = newpath
    # FIXME: should this be '' ?
    action = None
    for entry in uservals:
        if entry == 'action':
            action = uservals[entry]
        elif entry == 'password':
            password = uservals[entry]
            newconfig[entry] = pass_enc(password, timestamp=True, daynumber=True)
        else:
            newconfig[entry] = uservals[entry]
    newconfig.write()
    #
    # next we need to create the cookie header to return it 
    from Cookie import SimpleCookie
    thecookie = SimpleCookie()
    thecookie['userid'] = encodestring(newconfig['username'], password)
    config = ConfigObj(userdir + 'config.ini')
    maxage = newconfig['max-age'] 
    cookiepath = config['cookiepath']
    if maxage and int(maxage):            # possible cause of error here if the maxage value in a users file isn't an integer !!
        thecookie['userid']['max-age'] = int(maxage) 
    if cookiepath:
        thecookie['userid']['path'] = cookiepath 
    if config['adminmail']:
        msg = 'A new user has created a login - "%s".\n\n' % thisscript
        for entry in newconfig:
            if entry != 'password':
                msg += entry + '   :   ' + newconfig[entry] + '\n'
        # FIXME: should be mailme
        sendmailme(config['adminmail'], msg, config['email_subject'],
                config['adminmail'], html=False)
    return action, newconfig, thecookie.output()
Exemplo n.º 2
0
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie):
    """Process the results from edit account form submissions."""
    from dataenc import pass_enc, pass_dec
    loginaction = theform['login'].value
    if not loginaction == 'doeditaccountnojs':  # only type of newlogin supported so far
        sys.exit()
    allentries = theform.keys()
    vallist = allentries + [
        entry for entry in edacckeys if entry not in allentries
    ]
    formdict = getform(vallist, theform, nolist=True)
    #
    oldpass = formdict['pass0']
    storedpass = pass_dec(userconfig['password'])[0]
    pass1 = formdict['pass1']
    pass2 = formdict['pass2']
    #
    email = validateemail(formdict)
    oldemail = userconfig['email']
    if not email:
        msg = 'The email address you supplied appears to be invalid.'
        display_edit(formdict, userdir, thisscript, msg, action, newcookie,
                     userconfig)
    if email != oldemail and (not oldpass or oldpass != storedpass):
        msg = 'You must correctly enter your password to change your email address.'
        display_edit(formdict, userdir, thisscript, msg, action, newcookie,
                     userconfig)
    userconfig['email'] = email
    if not formdict['realname']:
        msg = 'You need to enter a name for us to use.'
        display_edit(formdict, userdir, thisscript, msg, action, newcookie,
                     userconfig)
    userconfig['realname'] = formdict['realname']
    if pass1 or pass2:
        if pass1 != pass2:
            msg = "The two passwords don't match."
            display_edit(formdict, userdir, thisscript, msg, action, newcookie,
                         userconfig)
        if len(pass1) < 5:
            msg = "The password must be longer than 5 characters."
            display_edit(formdict, userdir, thisscript, msg, action, newcookie,
                         userconfig)
        if not oldpass or oldpass != storedpass:
            msg = 'You must correctly enter your current password to change it.'
            display_edit(formdict, userdir, thisscript, msg, action, newcookie,
                         userconfig)
        userconfig['password'] = pass_enc(pass1,
                                          daynumber=True,
                                          timestamp=True)
        newcookie = makecookie(userconfig, pass1,
                               ConfigObj(userdir + 'config.ini')['cookiepath'])
    for entry in formdict:
        if entry not in edacckeys:
            userconfig[entry] = formdict[entry]
    userconfig.write()
    return action, userconfig, newcookie  # XXXXX display values changed page
Exemplo n.º 3
0
def decodestring(cookiestring, userdir):
    """Given a username/password encoded into a string - decode it and check it's validity.
    It checks the username against the one stored in the user file..
    """
# try decoding the string, if it's badly formed then it may raise an excpetion - in which case we just return False
    try:
        instring, daynumber, timestamp = pass_dec(cookiestring)
    except:
        return False
# check it's not a really old (or copied) cookie
    if not unexpired(daynumber, timestamp, AGETEST):
        return False
# we've extracted the timestamped string from the cookie string.
# Let's pull out the username and password hash
    try:
        username, passhash, ranstring = instring.split('||')
    except ValueError:
        return False
    if not len(ranstring) == 10:
        return False
# Now we need to check it's a valid username and check the password
    if username in RESERVEDNAMES or not os.path.isfile(userdir+username+'.ini'):
        return False
    user = ConfigObj(userdir+username+'.ini')
    stampedpass = user['password']
    maxage = user['max-age']
    cookiepath = ConfigObj(userdir+'config.ini')['cookiepath']
# the password is time stamped - so we need to decode it 
    try:
        password, daynumber, timestamp = pass_dec(stampedpass)
    except:
        return False
    thishash = hashlib.sha1(password+ranstring).hexdigest()
    if thishash != passhash:
        return False
    return user, password, cookiepath
Exemplo n.º 4
0
def decodestring(cookiestring, userdir):
    """Given a username/password encoded into a string - decode it and check it's validity.
    It checks the username against the one stored in the user file..
    """
    # try decoding the string, if it's badly formed then it may raise an excpetion - in which case we just return False
    try:
        instring, daynumber, timestamp = pass_dec(cookiestring)
    except:
        return False
    # check it's not a really old (or copied) cookie
    if not unexpired(daynumber, timestamp, AGETEST):
        return False
    # we've extracted the timestamped string from the cookie string.
    # Let's pull out the username and password hash
    try:
        username, passhash, ranstring = instring.split("||")
    except ValueError:
        return False
    if not len(ranstring) == 10:
        return False
    # Now we need to check it's a valid username and check the password
    if username in RESERVEDNAMES or not os.path.isfile(userdir + username + ".ini"):
        return False
    user = ConfigObj(userdir + username + ".ini")
    stampedpass = user["password"]
    maxage = user["max-age"]
    cookiepath = ConfigObj(userdir + "config.ini")["cookiepath"]
    # the password is time stamped - so we need to decode it
    try:
        password, daynumber, timestamp = pass_dec(stampedpass)
    except:
        return False
    thishash = hashlib.sha1(password + ranstring).hexdigest()
    if thishash != passhash:
        return False
    return user, password, cookiepath
Exemplo n.º 5
0
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie):
    """Process the results from edit account form submissions."""
    from dataenc import pass_enc, pass_dec
    loginaction = theform['login'].value
    if not loginaction == 'doeditaccountnojs':                      # only type of newlogin supported so far
        sys.exit()
    allentries = theform.keys()
    vallist = allentries + [entry for entry in edacckeys if entry not in allentries]
    formdict = getform(vallist, theform, nolist=True)
    #
    oldpass = formdict['pass0']
    storedpass = pass_dec(userconfig['password'])[0] 
    pass1 = formdict['pass1']
    pass2 = formdict['pass2']
    #
    email = validateemail(formdict)
    oldemail = userconfig['email']
    if not email:
        msg = 'The email address you supplied appears to be invalid.'
        display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
    if email != oldemail and (not oldpass or oldpass != storedpass):
        msg = 'You must correctly enter your password to change your email address.'
        display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
    userconfig['email'] = email
    if not formdict['realname']:
        msg = 'You need to enter a name for us to use.'
        display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
    userconfig['realname'] = formdict['realname']
    if pass1 or pass2:
        if pass1 != pass2: 
            msg = "The two passwords don't match."
            display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
        if len(pass1) < 5:
            msg = "The password must be longer than 5 characters."
            display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
        if not oldpass or oldpass != storedpass:
            msg = 'You must correctly enter your current password to change it.'
            display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig)
        userconfig['password'] = pass_enc(pass1, daynumber=True, timestamp=True)
        newcookie = makecookie(userconfig, pass1, ConfigObj(userdir+'config.ini')['cookiepath'])
    for entry in formdict:
        if entry not in edacckeys:
            userconfig[entry] = formdict[entry]
    userconfig.write()
    return action, userconfig, newcookie                # XXXXX display values changed page
Exemplo n.º 6
0
def checkpass(username, password, userdir, thisscript, action):
    """Check the password from a new login."""
# XXXX log failed login attempts
    if username in RESERVEDNAMES:
        return False
    if not os.path.isfile(userdir+username+'.ini'):
        return False
    user = ConfigObj(userdir+username+'.ini')
    stampedpass = user['password']
    cookiepath = ConfigObj(userdir+'config.ini')['cookiepath']
# we need to un-time stamp the password
    realpass, daynumber, timestamp = pass_dec(stampedpass)
    if realpass != password:
        return False

    #open('xxxtest.txt', 'w').write(str(user))
# if we've got this far then the login was successful and we need to return a cookie
    thecookie = makecookie(user, password, cookiepath)
    return action, user, thecookie
Exemplo n.º 7
0
def checkpass(username, password, userdir, thisscript, action):
    """Check the password from a new login."""
    # XXXX log failed login attempts
    if username in RESERVEDNAMES:
        return False
    if not os.path.isfile(userdir + username + ".ini"):
        return False
    user = ConfigObj(userdir + username + ".ini")
    stampedpass = user["password"]
    cookiepath = ConfigObj(userdir + "config.ini")["cookiepath"]
    # we need to un-time stamp the password
    realpass, daynumber, timestamp = pass_dec(stampedpass)
    if realpass != password:
        return False

    # open('xxxtest.txt', 'w').write(str(user))
    # if we've got this far then the login was successful and we need to return a cookie
    thecookie = makecookie(user, password, cookiepath)
    return action, user, thecookie
Exemplo n.º 8
0
def confirm(theform, userdir, thisscript):
    """Confirm a login.
    Either from an invite or from a user who has registered."""
    from dataenc import pass_dec, pass_enc
    from login import encodestring
    fail = False
    try:
        theval, daynumber, timestamp = pass_dec(theform['id'].value)
    except:
        # FIXME: bare except....
        newloginfail()
    tempstore = ConfigObj(userdir + 'temp.ini')
    if not tempstore.has_key(theval):
        newloginfail()
    uservals = tempstore[theval]
    del tempstore[theval]
    username = uservals['username']
    if username in tempstore['pending']:
        tempstore['pending'].remove(username)
    tempstore.write()
    #
    newconfig = ConfigObj(userdir + 'default.ini')
    newpath = userdir + username + '.ini'
    if os.path.isfile(newpath):
        newloginfail()
    newconfig.filename = newpath
    # FIXME: should this be '' ?
    action = None
    for entry in uservals:
        if entry == 'action':
            action = uservals[entry]
        elif entry == 'password':
            password = uservals[entry]
            newconfig[entry] = pass_enc(password,
                                        timestamp=True,
                                        daynumber=True)
        else:
            newconfig[entry] = uservals[entry]
    newconfig.write()
    #
    # next we need to create the cookie header to return it
    from Cookie import SimpleCookie
    thecookie = SimpleCookie()
    thecookie['userid'] = encodestring(newconfig['username'], password)
    config = ConfigObj(userdir + 'config.ini')
    maxage = newconfig['max-age']
    cookiepath = config['cookiepath']
    if maxage and int(
            maxage
    ):  # possible cause of error here if the maxage value in a users file isn't an integer !!
        thecookie['userid']['max-age'] = int(maxage)
    if cookiepath:
        thecookie['userid']['path'] = cookiepath
    if config['adminmail']:
        msg = 'A new user has created a login - "%s".\n\n' % thisscript
        for entry in newconfig:
            if entry != 'password':
                msg += entry + '   :   ' + newconfig[entry] + '\n'
        # FIXME: should be mailme
        sendmailme(config['adminmail'],
                   msg,
                   config['email_subject'],
                   config['adminmail'],
                   html=False)
    return action, newconfig, thecookie.output()