Exemplo n.º 1
0
 def registTokenValidation(self, **kwargs):
     """Server Side Regist Validation with authentication
     Receives a token signed by the user and validate it
     Security: Message from user ciphered with Server Public Key
     """
     # Decipher the Message with Server Private Key
     message = ast.literal_eval(kwargs['message'])
     tokenSigned = ast.literal_eval(kwargs['token'])
     # Decipher the Message with Server Private Key
     receivedData = dm.decryptMessageReceived(message['data'].decode('hex'))
     receivedToken = dm.decryptMessageReceived(
         tokenSigned['data'].decode('hex'))
     # Send Token to PAM
     """ ----------------- PAM -------------------- """
     user = receivedData['userID']
     auth = False
     path = DBmodule.getPubKeyPath()
     myPam = pam.pam_module(user)
     token = um.getRegistToken(user).encode('base64')
     signed = receivedToken['token']
     pwd = pw.make_hash(receivedData['password']).encode('base64')
     serverpw = DBmodule.db_getUserPW(user).encode('base64')
     myPam.setItems(path, token, signed, "Menos Gambiarra")
     try:
         myPam.auth.authenticate()
     except PAM.error, resp:
         print 'Go away! (%s)' % resp
Exemplo n.º 2
0
 def getShareUsers(self, **kwargs):
     """Server Side Get Share Users
         Get all the users that are available to share a file
         filtered by favourite user or normal user
         Security: Authenticate User Message"""
     if um.validUser(kwargs['username']):
         sessionKey = um.getSessionKey(kwargs['username'])
         usr_id = DBmodule.db_getUserID(kwargs['username'])
         data = json.loads(
             security.decryptS_AES(kwargs['data'].decode('hex'),
                                   sessionKey.decode('hex')))
         filename = data['filename']
         file_id = DBmodule.db_getFileId(usr_id, filename)
         access = DBmodule.db_getUsersWithFile(file_id)
         every = DBmodule.db_getAllUsers()
         fav = [
             x for x in DBmodule.db_getPreviousUsersShared(usr_id)
             if x not in access
         ]
         fav += ['@@@@@']
         fav += [
             x for x in every
             if x not in fav and x != kwargs['username'] and x not in access
         ]
         return security.encryptS_AES(
             json.dumps(fav), sessionKey.decode('hex')).encode('hex')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 3
0
 def logInUser(self, **kwargs):
     """Server Side logIn User
     User sends his username (Unique Identifier) and his password
     Security: Message from user ciphered with Server Public Key
     Session Management: Create a Public Key with DiffieHellman"""
     # Decipher the Message with Server Private Key
     receivedData = dm.decryptMessageReceived(kwargs['data'].decode('hex'))
     print receivedData['userID']
     # Verify if the user exists and has finished the regist process
     if DBmodule.db_registAuthenticate(receivedData['userID']) and \
         DBmodule.db_getLogIn(receivedData['userID'], receivedData['password']) == 1:
         # Create Session
         print receivedData['userID']
         print receivedData['password']
         serverSession = DiffieHellman.DiffieHellman()
         # Create challenge
         token = os.urandom(20)
         um.addSession(receivedData['userID'], serverSession, token)
         # Send to client the Token and the session public key
         tf = tempfile.NamedTemporaryFile(delete=True)
         pub_key = DBmodule.db_getUserPubKey(
             DBmodule.db_getUserID(receivedData['userID'])).decode('hex')
         security.encrypt_RSA(security.importkey_RSA(pub_key), token, tf)
         messageToSend = {
             'token': tf.read().encode('hex'),
             'session': serverSession.publicKey
         }
         return json.dumps(messageToSend)
     elif DBmodule.db_registNotAuthenticate(receivedData['userID']):
         return "REGIST_AGAIN"
     else:
         return "ERROR"
Exemplo n.º 4
0
    def authTokenValidation(self, **kwargs):
        """Server Side LogIn Validation
        Receives a token signed by the user and validate it
        Security: Message from user ciphered with Server Public Key
        Session Management: Create a Session Key with DiffieHellman
        """
        message = ast.literal_eval(kwargs['message'])
        tokenSigned = ast.literal_eval(kwargs['token'])
        # Decipher the Message with Server Private Key
        receivedData = dm.decryptMessageReceived(message['data'].decode('hex'))
        receivedToken = dm.decryptMessageReceived(
            tokenSigned['data'].decode('hex'))
        """ ----------------- PAM -------------------- """
        user = receivedData['userID']
        auth = False
        path = DBmodule.getPubKeyPath()
        myPam = pam.pam_module(user)
        token = um.getUserToken(user).encode('base64')
        signed = receivedToken['token']
        if DBmodule.db_getLogIn(receivedData['userID'],
                                receivedData['password']) == 1:
            match = "Gambiarra"
        else:
            match = "Menos Gambiarra"

        myPam.setItems(path, token, signed, match)
        try:
            myPam.auth.authenticate()
        except PAM.error, resp:
            print 'Go away! (%s)' % resp
Exemplo n.º 5
0
 def getPublicKey(self, **kwargs):
     """Server Side get User Publick Key from DB"""
     username = kwargs['username']
     userID = DBmodule.db_getUserId(str(username))
     if userID is None:
         pub_key = DBmodule.db_getUserPubKey(0)
     else:
         pub_key = DBmodule.db_getUserPubKey(userID)
     return pub_key
Exemplo n.º 6
0
 def getPublicKeyFile(self, **kwargs):
     """Server Side get Get list of public keys of users who have
     access to the file"""
     username = kwargs['username']
     usr_id = DBmodule.db_getUserID(username)
     filename = kwargs['filename']
     file_id = DBmodule.db_getFileId(usr_id, filename)
     if file_id is None:
         return json.dumps([])
     return json.dumps(DBmodule.db_whoHasAccessPub(file_id))
Exemplo n.º 7
0
 def uploadExistingFile(self):
     """Server Side Upload Function for existing files
         Creates a new ciphertext and new access files to all
         users who have access to the file. DB File Information updated
         Security: Authenticate User Message by users session key
         Concurrency control"""
     lcHDRS = {}
     for key, val in cherrypy.request.headers.iteritems():
         lcHDRS[key.lower()] = val
     username = lcHDRS['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(lcHDRS['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             usr_id = DBmodule.db_getUserID(username)
             fn = data['filename']
             iv = data['iv']
             aes = lcHDRS['aes']
             sign = data['sign']
             files = DBmodule.db_listMyFiles(usr_id)
             filenames = [x.encode('latin-1') for x in files]
             if fn in filenames:
                 file_id = DBmodule.db_getFileId(usr_id, fn)
                 # Concurrent Access
                 while (DBmodule.db_fileStatus(file_id) is True):
                     time.sleep(2)
                 status = DBmodule.db_fileInUse(file_id)
                 if status:
                     destination = os.path.join('storage',
                                                str(file_id) + '.file')
                     # Save Ciphertext
                     with open(destination, 'wb') as f:
                         shutil.copyfileobj(cherrypy.request.body, f)
                     userList = DBmodule.db_whoHasAccess(file_id)
                     # Save FILE Encrypted by RSA for every user
                     for i in range(0, len(userList)):
                         with open(destination + '.key' + str(userList[i]),
                                   'wb') as f:
                             f.write(aes[i])
                     # Add File Information to DB
                     uni = iv.decode('hex').decode('latin-1')
                     DBmodule.db_fileInfoUpdate(file_id, usr_id, sign, uni)
                     statusF = DBmodule.db_fileNotInUse(file_id)
                     if statusF is True:
                         return 'Okay, File Updated'
                     else:
                         raise cherrypy.HTTPError(
                             408,
                             'Request Timeout! Please Try Again\nSafeBox Team'
                         )
                 else:
                     raise cherrypy.HTTPError(
                         408,
                         'Request Timeout! Please Try Again\nSafeBox Team')
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 8
0
 def unShare(self, **kwargs):
     """Server Side Unshare
         Remove user AccessFile to the File by its ID and update Database
         AccessManagement Table
         Security: Authenticate User Message
         Concurrency control"""
     username = kwargs['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(kwargs['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             filename = data['filename']
             user_id = DBmodule.db_getUserID(username)
             # Concurrent Access
             file_id = DBmodule.db_getFileId(user_id, filename)
             while (DBmodule.db_fileStatus(file_id) is True):
                 time.sleep(2)
             status = DBmodule.db_fileInUse(file_id)
             # Verify if the user is valid and have access to the file
             if status and um.validUser(
                     kwargs['username']) and DBmodule.db_filePermission(
                         user_id, file_id):
                 unsharename = data['unshare']
                 unshareid = DBmodule.db_getUserID(unsharename)
                 userlist = [unshareid
                             ] + DBmodule.db_getAllShareDependencies(
                                 unshareid, file_id)
                 # Remove access permission from the database
                 DBmodule.db_removeShare(user_id, file_id, unshareid)
                 # Remoce user access file from the server
                 for usr in userlist:
                     os.remove('storage/' + str(file_id) + '.file.key' +
                               str(usr))
                 statusF = DBmodule.db_fileNotInUse(file_id)
                 if statusF is True:
                     return 'Okay'
                 else:
                     raise cherrypy.HTTPError(
                         408,
                         'Request Timeout! Please Try Again\nSafeBox Team')
             else:
                 raise cherrypy.HTTPError(
                     401,
                     'Currently, you are not a valid user!\nSafeBox Team')
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 9
0
 def shareFile(self):
     """Server Side Share Final Commnunication
         Saves the access file of the new user and update
         Database Information of the AccessManagement Table
         Security: Authenticate User Message
         Concurrency control"""
     lcHDRS = {}
     for key, val in cherrypy.request.headers.iteritems():
         lcHDRS[key.lower()] = val
     username = lcHDRS['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(lcHDRS['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             filename = data['filename']
             usr_dst_name = data['usrdstname']
             file_key = data['filekey']
             usr_id = DBmodule.db_getUserID(username)
             file_id = DBmodule.db_getFileId(usr_id, filename)
             # Concurrent Access
             while (DBmodule.db_fileStatus(file_id) is True):
                 time.sleep(2)
             status = DBmodule.db_fileInUse(file_id)
             # Verify if the user is valid and has permission to access the file
             if status and um.validUser(
                     username) and DBmodule.db_filePermission(
                         usr_id, file_id):
                 usr_dst_id = DBmodule.db_getUserID(usr_dst_name)
                 destination = os.path.join('storage',
                                            str(file_id) + '.file')
                 # Save FILE Encrypted by RSA
                 with open(destination + '.key' + str(usr_dst_id),
                           'wb') as f:
                     f.write(file_key)
                     # Add information to the Database
                 DBmodule.db_fileNewAccess(file_id, usr_dst_id, usr_id,
                                           data['permission'])
                 statusF = DBmodule.db_fileNotInUse(file_id)
                 if statusF is True:
                     return 'Okay'
                 else:
                     raise cherrypy.HTTPError(
                         408,
                         'Request Timeout! Please Try Again\nSafeBox Team')
             else:
                 raise cherrypy.HTTPError(
                     401,
                     'Currently, you are not a valid user!\nSafeBox Team')
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 10
0
 def listMyFiles(self, **kwargs):
     """Server Side List Files
         List all the files that can be accessed by the user
         Security: Authenticate User Message"""
     if um.validUser(kwargs['username']):
         sessionKey = um.getSessionKey(kwargs['username'])
         usr_id = DBmodule.db_getUserID(kwargs['username'])
         message = DBmodule.db_listMyFilesInfo(usr_id)
         messageToSend = security.encryptS_AES(
             json.dumps(message), sessionKey.decode('hex')).encode('hex')
         return messageToSend
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 11
0
 def getSharedWith(self, **kwargs):
     """Server Side GetSharedWith (Users)
         Get all the users that have access to a file
         Security: Authenticate User Message"""
     if um.validUser(kwargs['username']):
         sessionKey = um.getSessionKey(kwargs['username'])
         usr_id = DBmodule.db_getUserID(kwargs['username'])
         data = json.loads(
             security.decryptS_AES(kwargs['data'].decode('hex'),
                                   sessionKey.decode('hex')))
         file_id = DBmodule.db_getFileId(usr_id, data['filename'])
         return security.encryptS_AES(
             json.dumps(DBmodule.db_getShareFileWith(usr_id, file_id)),
             sessionKey.decode('hex')).encode('hex')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 12
0
 def permission(self, **kwargs):
     """ Verify if the user has permissions to share the file """
     username = kwargs['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(kwargs['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             file_name = data['filename']
             usr_id = DBmodule.db_getUserID(username)
             file_id = DBmodule.db_getFileId(usr_id, file_name)
             if DBmodule.db_permission(file_id, usr_id) == "Y":
                 return "1"
             return "0"
         except:
             return "0"
Exemplo n.º 13
0
 def estSession(self, username):
     user_id = DBmodule.db_getUserID(username)
     try:
         del self.serverSessions[user_id]
         del self.serverTokens[user_id]
     except KeyError:
         pass
     return "Okay"
Exemplo n.º 14
0
 def popUser(self, username):
     user_id = DBmodule.db_getUserID(username)
     try:
         del self.connectedUsers[user_id]
     except KeyError:
         pass
     self.count -= 1
     return "Okay"
Exemplo n.º 15
0
 def share(self, **kwargs):
     """Server Side Share Initial Commnunication
         Gets user access file by his user id from the File System and the
         user destination public key, from the DB, by his ID and sends the
         information to client
         Security: Authenticate User Message
         Concurrency control"""
     username = kwargs['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(kwargs['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             file_name = data['filename']
             usr_dst_name = data['usrdstname']
             usr_id = DBmodule.db_getUserID(username)
             file_id = DBmodule.db_getFileId(usr_id, file_name)
             # Concurrent Access
             while (DBmodule.db_fileStatus(file_id) is True):
                 time.sleep(2)
             status = DBmodule.db_fileInUse(file_id)
             # Verify if the user is valid and have access to the file
             if status and um.validUser(
                     username) and DBmodule.db_filePermission(
                         usr_id, file_id):
                 destination = os.path.join('storage',
                                            str(file_id) + '.file')
                 # Get User Access File
                 with open(destination + '.key' + str(usr_id)) as f:
                     aes = f.read()
                 usr_dst_id = DBmodule.db_getUserID(usr_dst_name)
                 pub_key = DBmodule.db_getUserPubKey(usr_dst_id)
                 message = {'aes': aes, 'pubkey': pub_key}
                 messageToSend = security.encryptS_AES(
                     json.dumps(message),
                     sessionKey.decode('hex')).encode('hex')
                 cherrypy.response.headers['data'] = messageToSend
                 statusF = DBmodule.db_fileNotInUse(file_id)
                 if statusF is True:
                     return "Okay"
                 else:
                     raise cherrypy.HTTPError(
                         408,
                         'Request Timeout! Please Try Again\nSafeBox Team')
             else:
                 raise cherrypy.HTTPError(
                     401,
                     'Currently, you are not a valid user!\nSafeBox Team')
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 16
0
 def upload(self):
     """Server Side Upload Function for new files
         Creates a new ciphertext and new access files to the user who
         wants to save the file. DB File Information updated
         Security: Authenticate User Message
         Concurrency control"""
     lcHDRS = {}
     for key, val in cherrypy.request.headers.iteritems():
         lcHDRS[key.lower()] = val
     username = lcHDRS['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(lcHDRS['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             usr_id = DBmodule.db_getUserID(username)
             fn = data['filename']
             iv = data['iv']
             aes = lcHDRS['aes']
             sign = data['sign']
             files = DBmodule.db_listMyFiles(usr_id)
             filenames = [x.encode('latin-1') for x in files]
             # File does not exist. Add New File
             if fn not in filenames:
                 new_id = DBmodule.getNewFileId()
                 destination = os.path.join('storage',
                                            str(new_id) + '.file')
                 # Save Ciphertext
                 with open(destination, 'wb') as f:
                     shutil.copyfileobj(cherrypy.request.body, f)
                 # Save FILE Encrypted by RSA
                 with open(destination + '.key' + str(usr_id), 'wb') as f:
                     f.write(aes)
                 # Add File Information to DB
                 uni = iv.decode('hex').decode('latin-1')
                 DBmodule.db_insertFile(fn, '/', uni, 1, usr_id, sign)
                 return 'Okay, New File Add'
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 17
0
 def registUser(self, **kwargs):
     """Server Side Regist User
     User sends his username (Unique Identifier) and his Smart Card 
     Public Key information (MOD and EXP).
     Security: Message from user ciphered with Server Public Key"""
     # Decipher the Message with Server Private Key
     receivedData = dm.decryptMessageReceived(kwargs['data'].decode('hex'))
     # Verify if the user exists or has not finished the regist process
     if not DBmodule.db_existingUserBI(receivedData['userID']) or \
         DBmodule.db_registNotAuthenticate(receivedData['userID']):
         # Save User Public Key in a File
         destination = os.path.join('publicKey',
                                    str(receivedData['userID']) + '.pub')
         with open(destination, 'wb') as f:
             f.write("%s:%s" % (str(kwargs['exp']), str(kwargs['mod'])))
         # Update DB
         if not DBmodule.db_existingUserBI(receivedData['userID']):
             DBmodule.db_addNewUser(receivedData['username'],
                                    receivedData['userID'],
                                    pw.make_hash(receivedData['password']),
                                    kwargs['pub_key'])
         else:
             DBmodule.db_UserInfoUpdate(
                 receivedData['username'], receivedData['userID'],
                 pw.make_hash(receivedData['password']), kwargs['pub_key'])
         # Ask PAM what it needs to validate the user identity
         """ ----------------- PAM -------------------- """
         token = os.urandom(20)
         um.addRegist(receivedData['userID'], token)
         """ ----------------- PAM -------------------- """
         # Send to client the Token encrypted by User Public Key
         tf = tempfile.NamedTemporaryFile(delete=True)
         security.encrypt_RSA(
             security.importkey_RSA(kwargs['pub_key'].decode('hex')), token,
             tf)
         return tf.read().encode('hex')
     else:
         return "ERROR"
Exemplo n.º 18
0
        pwd = pw.make_hash(receivedData['password']).encode('base64')
        serverpw = DBmodule.db_getUserPW(user).encode('base64')
        myPam.setItems(path, token, signed, "Menos Gambiarra")
        try:
            myPam.auth.authenticate()
        except PAM.error, resp:
            print 'Go away! (%s)' % resp
        except:
            print 'Internal error'
        else:
            print 'Good to go!'
            auth = True
        # If Correct establish a session
        if auth:
            # Update Database User Table with register confirmation
            DBmodule.db_AuthUserRegist(user)
            # Inform Client that the session is established
            return "OK"
        else:
            # Inform CLient that the session is not established
            return "ERROR"

    @cherrypy.expose
    def logOut(self, **kwargs):
        """Server Side Logout User
            --------------------------
            Security: Destroy Session Key"""
        receivedData = dm.decryptMessageReceived(kwargs['data'].decode('hex'))
        if um.validUser(receivedData['username']):
            um.popUser(receivedData['username'])
            return '1'
Exemplo n.º 19
0
 def existSession(self, username):
     user_id = DBmodule.db_getUserID(username)
     if user_id in self.serverSessions.keys():
         return True
     return False
Exemplo n.º 20
0
 def getSessionKey(self, username):
     user_id = DBmodule.db_getUserID(username)
     if user_id in self.connectedUsers.keys():
         return self.connectedUsers[user_id]
     else:
         return -1
Exemplo n.º 21
0
 def validUser(self, username):
     user_id = DBmodule.db_getUserID(username)
     if user_id in self.connectedUsers.keys():
         #if self.connectedUsers[user_id] == token.decode('hex'):
         return True
     return False
Exemplo n.º 22
0
 def getUserToken(self, username):
     user_id = DBmodule.db_getUserID(username)
     token = self.serverTokens[user_id]
     return token
Exemplo n.º 23
0
 def getSession(self, username):
     user_id = DBmodule.db_getUserID(username)
     pub = self.serverSessions[user_id]
     self.estSession(username)
     return pub
Exemplo n.º 24
0
 def addSession(self, username, pub_key, token):
     user_id = DBmodule.db_getUserID(username)
     self.serverSessions[user_id] = pub_key
     self.serverTokens[user_id] = token
Exemplo n.º 25
0
 def addUser(self, username, session):
     user_id = DBmodule.db_getUserID(username)
     self.connectedUsers[user_id] = session
     self.count += 1
Exemplo n.º 26
0
    def download(self, **kwargs):
        """Server Side Download a file
            Gets the ciphertext of the file by file ID, user access file by his
            user id from the File System and the IV from the DB
            Security: Authenticate User Message
            Concurrency control"""

        # Multipart aux function
        def read(i_file, chunk_size=16 * 1024):
            while True:
                ret = i_file.read(chunk_size)
                if not ret:
                    break
                yield ret

        username = kwargs['username']
        sessionKey = um.getSessionKey(username)
        if sessionKey != -1:
            try:
                data = json.loads(
                    security.decryptS_AES(kwargs['data'].decode('hex'),
                                          sessionKey.decode('hex')))
                usr_id = DBmodule.db_getUserID(username)
                filename = data['filename']
                file_id = DBmodule.db_getFileId(usr_id, filename)
                # Concurrent Access
                while (DBmodule.db_fileStatus(file_id) is True):
                    time.sleep(2)
                status = DBmodule.db_fileInUse(file_id)
                # Verify if the user is valid and have permission to access the file
                if (status and um.validUser(username)
                        and DBmodule.db_filePermission(usr_id, file_id)):
                    destination = os.path.join('storage',
                                               str(file_id) + '.file')
                    # Get User Access File
                    with open(destination + '.key' + str(usr_id)) as f:
                        aes = f.read()
                    iv = DBmodule.db_getFileIV(file_id).encode(
                        'latin-1').encode('hex')
                    sign = DBmodule.db_getFileHash(file_id)
                    message = {'iv': iv, 'sign': sign}
                    messageToSend = security.encryptS_AES(
                        json.dumps(message),
                        sessionKey.decode('hex')).encode('hex')
                    cherrypy.response.headers['data'] = messageToSend
                    cherrypy.response.headers['aes'] = aes
                    statusF = DBmodule.db_fileNotInUse(file_id)
                    if statusF is True:
                        return read(open(destination, 'rb'))
                    else:
                        raise cherrypy.HTTPError(
                            408,
                            'Request Timeout! Please Try Again\nSafeBox Team')
                else:
                    raise cherrypy.HTTPError(
                        401,
                        'Currently, you are not a valid user!\nSafeBox Team')
            except:
                raise cherrypy.HTTPError(
                    401, 'Currently, you are not a valid user!\nSafeBox Team')
        else:
            raise cherrypy.HTTPError(
                401, 'Currently, you are not a valid user!\nSafeBox Team')
Exemplo n.º 27
0
 def removeFile(self):
     """Server Side Remove
         Remove ciphertext of the file and all user AccessFiles to it
         by its ID and update Database AccessManagement Table
         Security: Authenticate User Message
         Concurrency control"""
     lcHDRS = {}
     for key, val in cherrypy.request.headers.iteritems():
         lcHDRS[key.lower()] = val
     username = lcHDRS['username']
     sessionKey = um.getSessionKey(username)
     if sessionKey != -1:
         try:
             data = json.loads(
                 security.decryptS_AES(lcHDRS['data'].decode('hex'),
                                       sessionKey.decode('hex')))
             filename = data['filename']
             user_id = DBmodule.db_getUserID(username)
             file_id = DBmodule.db_getFileId(user_id, filename)
             # Concurrent Access
             while (DBmodule.db_fileStatus(file_id) is True):
                 time.sleep(2)
             status = DBmodule.db_fileInUse(file_id)
             # Verify if the user is valid and has access to the file
             if status and um.validUser(
                     username) and DBmodule.db_filePermission(
                         user_id, file_id):
                 # If the user is the owner of the file, all the users loose the file
                 if DBmodule.db_isOwner(user_id, file_id) == 1:
                     DBmodule.db_removeFile(file_id)
                     pattern = '^' + str(file_id) + '.file'
                     mypath = 'storage'
                     for root, dirs, files in os.walk(mypath):
                         for fileFound in filter(
                                 lambda x: re.match(pattern, x), files):
                             os.remove(os.path.join(root, fileFound))
                 # If the user is not the owner, only removes it's access to the file
                 else:
                     userlist = [user_id
                                 ] + DBmodule.db_getAllShareDependencies(
                                     user_id, file_id)
                     for usr in userlist:
                         DBmodule.db_removeAccess(file_id, usr)
                         os.remove('storage/' + str(file_id) + '.file.key' +
                                   str(usr))
                     statusF = DBmodule.db_fileNotInUse(file_id)
                     if statusF is True:
                         return 'Okay'
                     else:
                         raise cherrypy.HTTPError(
                             408,
                             'Request Timeout! Please Try Again\nSafeBox Team'
                         )
             else:
                 raise cherrypy.HTTPError(
                     401,
                     'Currently, you are not a valid user!\nSafeBox Team')
         except:
             raise cherrypy.HTTPError(
                 401, 'Currently, you are not a valid user!\nSafeBox Team')
     else:
         raise cherrypy.HTTPError(
             401, 'Currently, you are not a valid user!\nSafeBox Team')