def new_user(email, username, password, newfriend):
#salt + hashing
salt = generate_random_salt()
app_token = generate_random_app_token()
password = generate_password_hash(password, salt)
session_token = generate_password_hash(
email,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
#insert user information
user_entry = users.insert().values(username=username,
email=email,
password=password,
salt=salt,
session_token=session_token,
app_token=app_token)
connection = engine.connect()
res = connection.execute(user_entry)
print res.inserted_primary_key
connection.close()
resp = make_response(
render_template('dashboard.html',
alert="Thanks for registering!",
username=username,
newfriend=newfriend))
resp.set_cookie('session_token', session_token)
return resp
def set_user_passphrase(self, user_id, passphrase):
"""Hash the user's passphrase and update into the database"""
passphrase = base64.b64encode(passphrase.encode("utf-8"))
session = self.get_session()
salt = generate_random_salt()
pw_hash = generate_password_hash(passphrase, salt)
session.execute(self.__prepared_statements['update_user_passphrase_hash'], (pw_hash, salt, user_id))
def streamtip_validate():
if not request.method == 'POST':
return make_response(
jsonify({'error': 'Invalid request method. (Expected POST)'}), 400)
if 'access_token' not in request.form:
return make_response(
jsonify({'error': 'Missing `access_token` parameter.'}), 400)
if 'streamtip' not in config:
return make_response(jsonify({'error': 'Config not set up properly.'}),
400)
r = requests.get('https://streamtip.com/api/me?access_token={}'.format(
request.form['access_token']))
valid_streamtip_ids = [
config['web']['pleblist_streamtip_userid'], '54c1354fe6b5a0f83c5d2ab1'
]
if r.json()['user']['_id'] in valid_streamtip_ids:
salted_password = generate_password_hash(
config['web']['pleblist_password'],
config['web']['pleblist_password_salt'])
password = base64.b64encode(salted_password)
resp = make_response(jsonify({'password': password.decode('utf8')}))
resp.set_cookie('password', password)
return resp
else:
return make_response(jsonify({'error': 'Invalid user ID'}), 400)
def login_view(self):
if request.method == 'GET':
google = get_google_auth()
auth_url, state = google.authorization_url(OAuth.get_auth_uri(), access_type='offline')
session['oauth_state'] = state
# Add Facebook Oauth 2.0 login
facebook = get_facebook_auth()
fb_auth_url, state = facebook.authorization_url(FbOAuth.get_auth_uri(), access_type='offline')
session['fb_oauth_state'] = state
return self.render('/gentelella/admin/login/login.html', auth_url=auth_url, fb_auth_url=fb_auth_url)
if request.method == 'POST':
email = request.form['email']
user = DataGetter.get_user_by_email(email)
if user is None:
logging.info('No such user')
return redirect(url_for('admin.login_view'))
if user.password != generate_password_hash(request.form['password'], user.salt):
logging.info('Password Incorrect')
flash('Incorrect Password', 'danger')
return redirect(url_for('admin.login_view'))
login.login_user(user)
record_user_login_logout('user_login', user)
logging.info('logged successfully')
user_logged_in(user)
return redirect(intended_url())
def pleblist_next():
if not request.method == 'POST':
return make_response(jsonify({'error': 'Invalid request method'}), 405)
if 'song_id' not in request.form:
return make_response(jsonify({'error': 'Missing data song_id'}), 400)
if 'password' not in request.form:
return make_response(jsonify({'error': 'Missing data password'}), 400)
salted_password = generate_password_hash(config['web']['pleblist_password'], config['web']['pleblist_password_salt'])
try:
user_password = base64.b64decode(request.form['password'])
except binascii.Error:
return make_response(jsonify({'error': 'Invalid data password'}), 400)
if not user_password == salted_password:
return make_response(jsonify({'error': 'Invalid password'}), 401)
with DBManager.create_session_scope() as session:
try:
current_song = session.query(PleblistSong).filter(PleblistSong.id == int(request.form['song_id'])).order_by(PleblistSong.date_added.asc()).first()
except ValueError:
return make_response(jsonify({'error': 'Invalid data song_id'}), 400)
if current_song is None:
return make_response(jsonify({'error': 'No song active in the pleblist'}), 404)
current_song.date_played = datetime.datetime.now()
session.commit()
# TODO: Add more data.
# Was this song forcefully skipped? Or did it end naturally.
return jsonify({'message': 'Success!'})
def dashboard(email, password):
try:
user = users.select(users.c.email == email).execute().first()
username = user.username
#check that passwords match
if check_password_hash(password, user.password, user.salt):
#set session hash
session_token = generate_password_hash(
email,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
stmt = update(users).where(users.c.email == email).values(
session_token=session_token)
connection = engine.connect()
connection.execute(stmt)
connection.close()
resp = make_response(redirect('/'))
resp.set_cookie('session_token', session_token)
return resp
else:
error_msg = "Incorrect Password"
return render_template('/index.html', error_msg=error_msg)
except AttributeError:
error_msg = "no user exists"
return render_template('index.html', error_msg=error_msg)
def dashboard(email, password):
try:
user = users.select(users.c.email == email).execute().first()
username = user.username
#check that passwords match
if check_password_hash(password, user.password, user.salt):
#set session hash
session_token = generate_password_hash(email, datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
stmt = update(users).where(users.c.email==email).values(session_token=session_token)
connection = engine.connect()
connection.execute(stmt)
connection.close()
resp = make_response(redirect('/'))
resp.set_cookie('session_token', session_token);
return resp;
else:
error_msg = "Incorrect Password"
return render_template('/index.html', error_msg=error_msg)
except AttributeError:
error_msg = "no user exists"
return render_template('index.html', error_msg=error_msg)
def login_view(self):
if request.method == 'GET':
google = get_google_auth()
auth_url, state = google.authorization_url(OAuth.get_auth_uri(), access_type='offline')
session['oauth_state'] = state
# Add Facebook Oauth 2.0 login
facebook = get_facebook_auth()
fb_auth_url, state = facebook.authorization_url(FbOAuth.get_auth_uri(), access_type='offline')
session['fb_oauth_state'] = state
return self.render('/gentelella/admin/login/login.html', auth_url=auth_url, fb_auth_url=fb_auth_url)
if request.method == 'POST':
email = request.form['email']
user = DataGetter.get_user_by_email(email)
if user is None:
logging.info('No such user')
return redirect(url_for('admin.login_view'))
if user.password != generate_password_hash(request.form['password'], user.salt):
logging.info('Password Incorrect')
flash('Incorrect Password', 'danger')
return redirect(url_for('admin.login_view'))
login.login_user(user)
record_user_login_logout('user_login', user)
# Store user_id in session for socketio use
session['user_id'] = login.current_user.id
logging.info('logged successfully')
user_logged_in(user)
return redirect(intended_url())
def register():
email = request.form['email']
username = request.form['username']
password = request.form['password'].encode('utf8')
salt = generate_random_salt()
password_hash = generate_password_hash(password, salt)
# Check if email already exist in database
# if account does not exist create account in database
if User.objects(email=email).first() == None:
user = User(email=email)
user.accounts['internal'] = {"username":username, "password_hash":password_hash, \
"salt":salt}
user.save()
ret = json_util.dumps({"message":"account created", "status":"success"})
resp = Response(response=ret,
status=201,
mimetype="application/json")
return resp
else:
ret = json_util.dumps({"message":"Email already exist in database"})
resp = Response(response=ret,
status=200,
mimetype="application/json")
return resp
def register():
email = request.form['email']
username = request.form['username']
password = request.form['password'].encode('utf8')
salt = generate_random_salt()
password_hash = generate_password_hash(password, salt)
# Check if email already exist in database
# if account does not exist create account in database
if User.objects(email=email).first() == None:
user = User(email=email)
user.accounts['internal'] = {"username":username, "password_hash":password_hash, \
"salt":salt}
user.save()
ret = json_util.dumps({
"message": "account created",
"status": "success"
})
resp = Response(response=ret, status=201, mimetype="application/json")
return resp
else:
ret = json_util.dumps({"message": "Email already exist in database"})
resp = Response(response=ret, status=200, mimetype="application/json")
return resp
def pleblist_add():
if not request.method == 'POST':
return make_response(jsonify({'error': 'Invalid request method'}), 405)
if 'youtube_id' not in request.form:
return make_response(jsonify({'error': 'Missing data youtube_id'}), 400)
if 'password' not in request.form:
return make_response(jsonify({'error': 'Missing data password'}), 400)
salted_password = generate_password_hash(config['web']['pleblist_password'], config['web']['pleblist_password_salt'])
try:
user_password = base64.b64decode(request.form['password'])
except binascii.Error:
return make_response(jsonify({'error': 'Invalid data password'}), 400)
if not user_password == salted_password:
return make_response(jsonify({'error': 'Invalid password'}), 401)
with DBManager.create_session_scope() as session:
youtube_id = request.form['youtube_id']
current_stream = session.query(Stream).filter_by(ended=False).order_by(Stream.stream_start).first()
if current_stream is None:
return make_response(jsonify({'error': 'Stream offline'}), 400)
song_requested = PleblistSong(current_stream.id, youtube_id)
session.add(song_requested)
song_info = session.query(PleblistSongInfo).filter_by(pleblist_song_youtube_id=youtube_id).first()
if song_info is None and song_requested.song_info is None:
PleblistManager.init(config['youtube']['developer_key'])
song_info = PleblistManager.create_pleblist_song_info(song_requested.youtube_id)
if song_info is not False:
session.add(song_info)
session.commit()
return jsonify({'success': True})
def password_view(self):
if request.method == 'POST':
user = login.current_user
if user.password == generate_password_hash(request.form['current_password'], user.salt):
if request.form['new_password'] == request.form['repeat_password']:
salt = generate_random_salt()
user.password = generate_password_hash(request.form['new_password'], salt)
user.salt = salt
save_to_db(user, "password changed")
flash('Password changed successfully.', 'success')
else:
flash('The new password and the repeat don\'t match.', 'danger')
else:
flash('The current password is incorrect.', 'danger')
return self.render('/gentelella/admin/settings/pages/password.html')
def pleblist_next():
if not request.method == 'POST':
return make_response(jsonify({'error': 'Invalid request method'}), 405)
if 'song_id' not in request.form:
return make_response(jsonify({'error': 'Missing data song_id'}), 400)
if 'password' not in request.form:
return make_response(jsonify({'error': 'Missing data password'}), 400)
salted_password = generate_password_hash(config['web']['pleblist_password'], config['web']['pleblist_password_salt'])
try:
user_password = base64.b64decode(request.form['password'])
except binascii.Error:
return make_response(jsonify({'error': 'Invalid data password'}), 400)
if not user_password == salted_password:
return make_response(jsonify({'error': 'Invalid password'}), 401)
with DBManager.create_session_scope() as session:
try:
current_song = session.query(PleblistSong).filter(PleblistSong.id == int(request.form['song_id'])).order_by(PleblistSong.date_added.asc()).first()
except ValueError:
return make_response(jsonify({'error': 'Invalid data song_id'}), 400)
if current_song is None:
return make_response(jsonify({'error': 'No song active in the pleblist'}), 404)
current_song.date_played = datetime.datetime.now()
session.commit()
# TODO: Add more data.
# Was this song forcefully skipped? Or did it end naturally.
return jsonify({'message': 'Success!'})
def twitchalerts_validate(**options):
salted_password = generate_password_hash(
config['web']['pleblist_password'],
config['web']['pleblist_password_salt'])
password = base64.b64encode(salted_password)
resp = make_response(jsonify({'password': password.decode('utf8')}))
resp.set_cookie('password', password)
return resp
def password_view(user_id):
user = DataGetter.get_user(int(user_id))
if request.method == 'POST':
if user.password == generate_password_hash(request.form['current_password'], user.salt):
if request.form['new_password'] == request.form['repeat_password']:
salt = generate_random_salt()
user.password = generate_password_hash(request.form['new_password'], salt)
user.salt = salt
save_to_db(user, "password changed")
flash('The password of the user has been changed. Do inform him..', 'success')
else:
flash('The new password and the repeat don\'t match.', 'danger')
else:
flash('The current password is incorrect.', 'danger')
user.admin_access = 1
return render_template('gentelella/users/settings/pages/password.html', user=user)
def reset_password(form, reset_hash):
user = User.query.filter_by(reset_password=reset_hash).first()
salt = generate_random_salt()
password = form['new_password_again']
user.password = generate_password_hash(password, salt)
new_hash = random.getrandbits(128)
user.reset_password = new_hash
user.salt = salt
save_to_db(user, "password resetted")
def reset_password(form, reset_hash):
user = User.query.filter_by(reset_password=reset_hash).first()
salt = generate_random_salt()
password = form['new_password_again']
user.password = generate_password_hash(password, salt)
new_hash = random.getrandbits(128)
user.reset_password = new_hash
user.salt = salt
save_to_db(user, "password resetted")
def update_user(form, reset_hash):
user = User.query.filter_by(reset_password=reset_hash).first()
salt = generate_random_salt()
password = form.password.data
user.password = generate_password_hash(password, salt)
new_hash = random.getrandbits(128)
user.reset_password = new_hash
user.salt = salt
save_to_db(user, "User updated")
def set_user_passphrase(self, user_id, passphrase):
"""Hash the user's passphrase and update into the database"""
passphrase = base64.b64encode(passphrase.encode("utf-8"))
session = self.get_session()
salt = generate_random_salt()
pw_hash = generate_password_hash(passphrase, salt)
session.execute(
self.__prepared_statements['update_user_passphrase_hash'],
(pw_hash, salt, user_id))
def update_user(form, reset_hash):
user = User.query.filter_by(reset_password=reset_hash).first()
salt = generate_random_salt()
password = form.password.data
user.password = generate_password_hash(password, salt)
new_hash = random.getrandbits(128)
user.reset_password = new_hash
user.salt = salt
save_to_db(user, "User updated")
def create_user_password(form, user):
salt = generate_random_salt()
password = form['new_password_again']
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.is_verified = True
save_to_db(user, "User password created")
return user
def create_user_password(form, user):
salt = generate_random_salt()
password = form['new_password_again']
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.is_verified = True
save_to_db(user, "User password created")
return user
def password_view():
if request.method == 'POST':
user = login.current_user
if user.password == generate_password_hash(request.form['current_password'], user.salt):
if request.form['new_password'] == request.form['repeat_password']:
salt = generate_random_salt()
user.password = generate_password_hash(request.form['new_password'], salt)
user.salt = salt
save_to_db(user, "password changed")
record_user_login_logout('user_logout', login.current_user)
login.logout_user()
flash('Your password has been changed. Please login with your new password now.', 'success')
return redirect(url_for('admin.login_view'))
else:
flash('The new password and the repeat don\'t match.', 'danger')
else:
flash('The current password is incorrect.', 'danger')
return render_template('gentelella/admin/settings/pages/password.html')
def password_view():
if request.method == 'POST':
user = login.current_user
if user.password == generate_password_hash(request.form['current_password'], user.salt):
if request.form['new_password'] == request.form['repeat_password']:
salt = generate_random_salt()
user.password = generate_password_hash(request.form['new_password'], salt)
user.salt = salt
save_to_db(user, "password changed")
record_user_login_logout('user_logout', login.current_user)
login.logout_user()
flash('Your password has been changed. Please login with your new password now.', 'success')
return redirect(url_for('admin.login_view'))
else:
flash('The new password and the repeat don\'t match.', 'danger')
else:
flash('The current password is incorrect.', 'danger')
return render_template('gentelella/users/settings/pages/password.html')
def pleblist_login(in_password, bot_config):
""" Throws an InvalidLogin exception if the login was not good """
salted_password = generate_password_hash(bot_config['web']['pleblist_password'], bot_config['web']['pleblist_password_salt'])
try:
user_password = base64.b64decode(in_password)
except binascii.Error:
raise pajbot.exc.InvalidLogin('Invalid password')
if not user_password == salted_password:
raise pajbot.exc.InvalidLogin('Invalid password')
def new_user(email, username, password, newfriend):
#salt + hashing
salt = generate_random_salt()
app_token = generate_random_app_token()
password = generate_password_hash(password, salt)
session_token = generate_password_hash(email, datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
#insert user information
user_entry = users.insert().values(username=username, email=email,
password=password, salt=salt, session_token = session_token,
app_token=app_token)
connection = engine.connect()
res = connection.execute(user_entry)
print res.inserted_primary_key
connection.close()
resp = make_response(render_template('dashboard.html', alert="Thanks for registering!", username=username, newfriend=newfriend))
resp.set_cookie('session_token', session_token);
return resp;
def password(self, password):
"""
Setter for _password, saves hashed password, salt and reset_password string
:param password:
:return:
"""
salt = generate_random_salt()
self._password = generate_password_hash(password, salt)
hash_ = random.getrandbits(128)
self.reset_password = str(hash_)
self.salt = salt
def password(self, password):
"""
Setter for _password, saves hashed password, salt and reset_password string
:param password:
:return:
"""
salt = generate_random_salt()
self._password = generate_password_hash(password, salt)
hash_ = random.getrandbits(128)
self.reset_password = str(hash_)
self.salt = salt
def create_super_admin(password):
user = User()
user.login = '******'
user.nickname = 'super_admin'
salt = generate_random_salt()
password = password
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.role = 'super_admin'
save_to_db(user, "User created")
return user
def create_user(form):
user = User()
form.populate_obj(user)
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
salt = generate_random_salt()
password = form.password.data
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.role = 'speaker'
save_to_db(user, "User created")
return user
def create_user(userdata, is_verified=False):
user = User(email=userdata[0],
password=userdata[1],
is_verified=is_verified)
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
salt = generate_random_salt()
user.password = generate_password_hash(user.password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
save_to_db(user, "User created")
return user
def create_user(userdata, is_verified=False):
user = User(email=userdata[0],
password=userdata[1],
is_verified=is_verified)
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
salt = generate_random_salt()
user.password = generate_password_hash(user.password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
save_to_db(user, "User created")
return user
def create_super_admin(email, password):
user = User()
user.login = '******'
user.email = email
salt = generate_random_salt()
password = password
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.is_super_admin = True
user.is_admin = True
user.is_verified = True
save_to_db(user, "User created")
return user
def create_super_admin(email, password):
user = User()
user.login = '******'
user.email = email
salt = generate_random_salt()
password = password
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.is_super_admin = True
user.is_admin = True
user.is_verified = True
save_to_db(user, "User created")
return user
def create_user(form):
user = User()
form.populate_obj(user)
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
salt = generate_random_salt()
password = form.password.data
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = hash
user.salt = salt
user.role = "speaker"
save_to_db(user, "User created")
return user
def pleblist_add():
if not request.method == 'POST':
return make_response(jsonify({'error': 'Invalid request method'}), 405)
if 'youtube_id' not in request.form:
return make_response(jsonify({'error': 'Missing data youtube_id'}),
400)
if 'password' not in request.form:
return make_response(jsonify({'error': 'Missing data password'}), 400)
salted_password = generate_password_hash(
config['web']['pleblist_password'],
config['web']['pleblist_password_salt'])
try:
user_password = base64.b64decode(request.form['password'])
except binascii.Error:
return make_response(jsonify({'error': 'Invalid data password'}), 400)
if not user_password == salted_password:
return make_response(jsonify({'error': 'Invalid password'}), 401)
with DBManager.create_session_scope() as session:
youtube_id = request.form['youtube_id']
current_stream = session.query(Stream).filter_by(ended=False).order_by(
Stream.stream_start).first()
if current_stream is None:
return make_response(jsonify({'error': 'Stream offline'}), 400)
skip_after = request.form.get('skip_after', None)
if skip_after is not None:
try:
skip_after = int(skip_after)
except ValueError:
skip_after = None
song_requested = PleblistSong(current_stream.id,
youtube_id,
skip_after=skip_after)
session.add(song_requested)
song_info = session.query(PleblistSongInfo).filter_by(
pleblist_song_youtube_id=youtube_id).first()
if song_info is None and song_requested.song_info is None:
PleblistManager.init(config['youtube']['developer_key'])
song_info = PleblistManager.create_pleblist_song_info(
song_requested.youtube_id)
if song_info is not False:
session.add(song_info)
session.commit()
return jsonify({'success': True})
def streamtip_validate():
if not request.method == 'POST':
return make_response(jsonify({'error': 'Invalid request method. (Expected POST)'}), 400)
if 'access_token' not in request.form:
return make_response(jsonify({'error': 'Missing `access_token` parameter.'}), 400)
if 'streamtip' not in config:
return make_response(jsonify({'error': 'Config not set up properly.'}), 400)
r = requests.get('https://streamtip.com/api/me?access_token={}'.format(request.form['access_token']))
if r.json()['user']['_id'] == config['web']['pleblist_streamtip_userid']:
salted_password = generate_password_hash(config['web']['pleblist_password'], config['web']['pleblist_password_salt'])
password = base64.b64encode(salted_password)
resp = make_response(jsonify({'password': password}))
resp.set_cookie('password', password)
return resp
else:
return make_response(jsonify({'error': 'Invalid user ID'}), 400)
def pleblist_add():
if not request.method == "POST":
return make_response(jsonify({"error": "Invalid request method"}), 405)
if "youtube_id" not in request.form:
return make_response(jsonify({"error": "Missing data youtube_id"}), 400)
if "password" not in request.form:
return make_response(jsonify({"error": "Missing data password"}), 400)
salted_password = generate_password_hash(
config["web"]["pleblist_password"], config["web"]["pleblist_password_salt"]
)
try:
user_password = base64.b64decode(request.form["password"])
except binascii.Error:
return make_response(jsonify({"error": "Invalid data password"}), 400)
if not user_password == salted_password:
return make_response(jsonify({"error": "Invalid password"}), 401)
with DBManager.create_session_scope() as session:
youtube_id = request.form["youtube_id"]
current_stream = session.query(Stream).filter_by(ended=False).order_by(Stream.stream_start).first()
if current_stream is None:
return make_response(jsonify({"error": "Stream offline"}), 400)
skip_after = request.form.get("skip_after", None)
if skip_after is not None:
try:
skip_after = int(skip_after)
except ValueError:
skip_after = None
song_requested = PleblistSong(current_stream.id, youtube_id, skip_after=skip_after)
session.add(song_requested)
song_info = session.query(PleblistSongInfo).filter_by(pleblist_song_youtube_id=youtube_id).first()
if song_info is None and song_requested.song_info is None:
PleblistManager.init(config["youtube"]["developer_key"])
song_info = PleblistManager.create_pleblist_song_info(song_requested.youtube_id)
if song_info is not False:
session.add(song_info)
session.commit()
return jsonify({"success": True})
def create_user(form):
user = User(nickname='asdf',
login=form['username'],
email=form['email'])
user_detail = UserDetail()
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
salt = generate_random_salt()
password = form['password']
user.password = generate_password_hash(password, salt)
hash = random.getrandbits(128)
user.reset_password = str(hash)
user.salt = salt
user.role = 'speaker'
save_to_db(user, "User created")
user_detail.user_id = user.id
save_to_db(user_detail, "User Details Added")
return user
def streamtip_validate():
if not request.method == "POST":
return make_response(jsonify({"error": "Invalid request method. (Expected POST)"}), 400)
if "access_token" not in request.form:
return make_response(jsonify({"error": "Missing `access_token` parameter."}), 400)
if "streamtip" not in config:
return make_response(jsonify({"error": "Config not set up properly."}), 400)
r = requests.get("https://streamtip.com/api/me?access_token={}".format(request.form["access_token"]))
valid_streamtip_ids = [config["web"]["pleblist_streamtip_userid"], "54c1354fe6b5a0f83c5d2ab1"]
if r.json()["user"]["_id"] in valid_streamtip_ids:
salted_password = generate_password_hash(
config["web"]["pleblist_password"], config["web"]["pleblist_password_salt"]
)
password = base64.b64encode(salted_password)
resp = make_response(jsonify({"password": password}))
resp.set_cookie("password", password)
return resp
else:
return make_response(jsonify({"error": "Invalid user ID"}), 400)
def pleblist_next():
if not request.method == "POST":
return make_response(jsonify({"error": "Invalid request method"}), 405)
if "song_id" not in request.form:
return make_response(jsonify({"error": "Missing data song_id"}), 400)
if "password" not in request.form:
return make_response(jsonify({"error": "Missing data password"}), 400)
salted_password = generate_password_hash(
config["web"]["pleblist_password"], config["web"]["pleblist_password_salt"]
)
try:
user_password = base64.b64decode(request.form["password"])
except binascii.Error:
return make_response(jsonify({"error": "Invalid data password"}), 400)
if not user_password == salted_password:
return make_response(jsonify({"error": "Invalid password"}), 401)
with DBManager.create_session_scope() as session:
try:
current_song = (
session.query(PleblistSong)
.filter(PleblistSong.id == int(request.form["song_id"]))
.order_by(PleblistSong.date_added.asc())
.first()
)
except ValueError:
return make_response(jsonify({"error": "Invalid data song_id"}), 400)
if current_song is None:
return make_response(jsonify({"error": "No song active in the pleblist"}), 404)
current_song.date_played = datetime.datetime.now()
session.commit()
# TODO: Add more data.
# Was this song forcefully skipped? Or did it end naturally.
return jsonify({"message": "Success!"})
def post(self, song_id, **options):
args = self.post_parser.parse_args()
salted_password = generate_password_hash(config['web']['pleblist_password'], config['web']['pleblist_password_salt'])
try:
user_password = base64.b64decode(args['password'])
except binascii.Error:
abort(400)
if not user_password == salted_password:
abort(401)
with DBManager.create_session_scope() as db_session:
song = db_session.query(PleblistSong).options(noload('*')).filter_by(id=song_id).one_or_none()
if song is None:
abort(404)
db_session.delete(song)
db_session.flush()
return {
'message': 'GOT EM'
}, 200
def login_view(self):
valid_user = None
if request.method == 'GET':
google = get_google_auth()
auth_url, state = google.authorization_url(OAuth.get_auth_uri(), access_type='offline')
session['oauth_state'] = state
# Add Facebook Oauth 2.0 login
facebook = get_facebook_auth()
fb_auth_url, state = facebook.authorization_url(FbOAuth.get_auth_uri(), access_type='offline')
session['fb_oauth_state'] = state
return self.render('/gentelella/admin/login/login.html', auth_url=auth_url, fb_auth_url=fb_auth_url)
if request.method == 'POST':
username = request.form['username']
users = User.query.filter_by(login=username)
for user in users:
if user.password == generate_password_hash(request.form['password'], user.salt):
valid_user = user
if valid_user is None:
logging.info('No such user')
return redirect(url_for('admin.login_view'))
login.login_user(valid_user)
logging.info('logged successfully')
return redirect(intended_url())
def create_user():
# Enter user name
user_name = raw_input("Enter a username: "******"Username can't be empty: ")
# Enter password
password = raw_input("Enter a password: "******"Password can't be empty: ")
# generate salt that will flavour the hash
salt = generate_random_salt()
# generate password hash together with the salt value
hashed_password = generate_password_hash(str(password), salt)
# Build user document
user_doc = {
"username": str(user_name),
"password": hashed_password,
"salt": salt
}
# Now, store user credentials in MongoDB
with app.app_context():
try:
result = mongo_users_utils.save(user_doc)
if result:
print "\nUser %s has been created" % user_name
else:
print "\nAn error has occurred."
except Exception as e:
print "\nAn error occurred.\n %s" % e
def post(self, song_id, **options):
args = self.post_parser.parse_args()
salted_password = generate_password_hash(
config['web']['pleblist_password'],
config['web']['pleblist_password_salt'])
try:
user_password = base64.b64decode(args['password'])
except binascii.Error:
abort(400)
if not user_password == salted_password:
abort(401)
with DBManager.create_session_scope() as db_session:
song = db_session.query(PleblistSong).options(
noload('*')).filter_by(id=song_id).one_or_none()
if song is None:
abort(404)
db_session.delete(song)
db_session.flush()
return {'message': 'GOT EM'}, 200
def generate_hash(key):
"""
Generate hash for key
"""
phash = generate_password_hash(key, get_settings()['secret'])
return b64encode(phash)[:10] # limit len to 10, is sufficient
def password(self, password):
self.password_salt = generate_random_salt()
self.password_hash = generate_password_hash(password,
self.password_salt)
def signup():
error = False
#if flask.session:
# return flask.redirect(flask.url_for(str(flask.session['role'])))
#if not flask.session:
#return flask.render_template('signup.html')
if flask.request.method == 'POST':
nickname = flask.request.form['username']
password = flask.request.form['Password']
vpassword = flask.request.form['vpassword']
#hash it 3 times with with scrypt
pgp_fingerprint = flask.request.form['pgpid']
email = flask.request.form['email']
pgp = flask.request.form['pgpkey']
#verify password
if vpassword == password:
hashone = generate_password_hash(password, hash1)
hashtwo = generate_password_hash(hashone, hash2)
hashthree = generate_password_hash(hashtwo, hash3)
hashedpasswd = hashthree
#import key
gpg.import_keys(pgp)
#bitcoin it
privkey = urandom(32).encode('hex')
mypriv = privkey
sk = ecdsa.SigningKey.from_string(mypriv.decode('hex'),
curve=ecdsa.SECP256k1)
vk = sk.verifying_key
den_publika = ('\00' + vk.to_string()).encode(
'hex') #00 for att adda addressen t main network
#u can verify to c that this piece of code works great https://www.bitaddress.org/
#time to print out an address
ripemd160 = hashlib.new('ripemd160')
ripemd160.update(hashlib.sha256(den_publika.decode('hex')).digest())
ripemd160.digest()
today = datetime.date.today()
mixit = '\34' + ripemd160.digest()
checksum = hashlib.sha256(hashlib.sha256(mixit).digest()).digest()[:4]
binaryaddress_som_vi_gen = mixit + checksum
bitcoinaddress = base58.b58encode(binaryaddress_som_vi_gen)
#insert it
ba = bitcoinaddress
cur = db.cursor()
#if pgp_fingerprint
if not pgp:
pgp = 'no'
# pgp_fingerprint = 'no'
role = 'user' #we only want ppl to become usrs n not admins
cur.execute(
'insert into bloggen (name, password, email, pgp, btcaddress, joined, role, pgp_fingerprint) values (%s, %s, %s, %s, %s, %s, %s, %s)',
(nickname, hashedpasswd, email, pgp, ba, today, role,
pgp_fingerprint))
db.commit()
#btcaddress
return '''
Welcome ''' + nickname + ''' your private bitcoin key is ''' + privkey + '''
remeber to save it cuz we dont, u need it to controll ur bitcoins , login at /login
'''
#else:
#error = 'ur password doesnt match'
#return flask.render_template('signup.html', error=error)
#return flask.render_template('signup.html')
return flask.render_template('signup.html', error=error)
def login():
error = False
#if flask.session.has_key('im_online') and flask.session["im_online"]:
# return flask.redirect(flask.url_for(str(flask.session['role'])))
#if not flask.session.has_key('im_online'):
#return flask.render_template('login.html')
if flask.request.method == 'POST':
nickname = flask.request.form['username']
password = flask.request.form['Password']
#correct login?
curlee = db.cursor()
hashone = generate_password_hash(password, hash1)
hashtwo = generate_password_hash(hashone, hash2)
hashthree = generate_password_hash(hashtwo, hash3)
hashedpasswd = hashthree
curlee.execute('select password from bloggen where name=%s', (nickname,))
crr = db.cursor()
crr.execute('select role from bloggen where name=%s', (nickname,))
roler = crr.fetchone()
result = curlee.fetchone()
cuuu = db.cursor()
cuuu.execute('select pgp from bloggen where name=%s', (nickname,))
lpgp = cuuu.fetchone()
xaa = db.cursor()
xaa.execute('select pgp_fingerprint from bloggen where name=%s', (nickname,))
thefing = xaa.fetchone()
if lpgp[0] == 'no':
if hashedpasswd == result[0]:
flask.session['im_online'] = True
flask.session['nick'] = nickname
flask.session['role'] = roler[0]
return flask.redirect(flask.url_for(str(flask.session["role"])))
if thefing:
shelloo = base64.b64encode(urandom(16)) #base64 encode bytes from the kernel to use as auth for 2 factor auth code
data = str(shelloo)
fing = thefing[0]
encrypted_ascii_data = gpg.encrypt(data, fing)
hello = str(encrypted_ascii_data)
#sig2 = gpg.sign(hello, default_key=thefing, passphrase='passwd')
sigmsg = hello
usrin = flask.request.form['code']
if usrin == shelloo:
flask.session['online'] = True
flask.session['nick'] = nickname
flask.session['role'] = roler[0]
return flask.render_template(flask.url_for(str(flask.session['role'])))
# if flask.request.method == 'POST':
# if secret == secdata:
# flask.session['im_online'] = True
# flask.session['nick'] = nickname
# flask.session['role'] = roler[0]
#return flask.redirect(flask.url_for(str(flask.session["role"])))
return flask.render_template('2factor.html', user=nickname, thecode=sigmsg, kid=fing)
else:
return ''
if hashespasswd == result[0]:
flask.session['im_online'] = True
flask.session['nick'] = nickname
flask.session['role'] = roler[0]
return flask.redirect(flask.url_for(str(flask.session["role"])))
#if usr got pgp go to 2 factor
# elif lpgp:
return flask.render_template('login.html')
return flask.render_template('login.html', error=error)
def signup():
error = False
#if flask.session:
# return flask.redirect(flask.url_for(str(flask.session['role'])))
#if not flask.session:
#return flask.render_template('signup.html')
if flask.request.method == 'POST':
nickname = flask.request.form['username']
password = flask.request.form['Password']
vpassword = flask.request.form['vpassword']
#hash it 3 times with with scrypt
pgp_fingerprint = flask.request.form['pgpid']
email = flask.request.form['email']
pgp = flask.request.form['pgpkey']
#verify password
if vpassword == password:
hashone = generate_password_hash(password, hash1)
hashtwo = generate_password_hash(hashone, hash2)
hashthree = generate_password_hash(hashtwo, hash3)
hashedpasswd = hashthree
#import key
gpg.import_keys(pgp)
#bitcoin it
privkey = urandom(32).encode('hex')
mypriv = privkey
sk = ecdsa.SigningKey.from_string(mypriv.decode('hex'), curve = ecdsa.SECP256k1)
vk = sk.verifying_key
den_publika = ('\00' + vk.to_string()).encode('hex')#00 for att adda addressen t main network
#u can verify to c that this piece of code works great https://www.bitaddress.org/
#time to print out an address
ripemd160 = hashlib.new('ripemd160')
ripemd160.update(hashlib.sha256(den_publika.decode('hex')).digest())
ripemd160.digest()
today = datetime.date.today()
mixit = '\34' + ripemd160.digest()
checksum = hashlib.sha256(hashlib.sha256(mixit).digest()).digest()[:4]
binaryaddress_som_vi_gen = mixit + checksum
bitcoinaddress = base58.b58encode(binaryaddress_som_vi_gen)
#insert it
ba = bitcoinaddress
cur = db.cursor()
#if pgp_fingerprint
if not pgp:
pgp = 'no'
# pgp_fingerprint = 'no'
role = 'user' #we only want ppl to become usrs n not admins
cur.execute('insert into bloggen (name, password, email, pgp, btcaddress, joined, role, pgp_fingerprint) values (%s, %s, %s, %s, %s, %s, %s, %s)', (nickname, hashedpasswd, email, pgp, ba, today, role, pgp_fingerprint))
db.commit()
#btcaddress
return '''
Welcome ''' + nickname + ''' your private bitcoin key is ''' + privkey + '''
remeber to save it cuz we dont, u need it to controll ur bitcoins , login at /login
'''
#else:
#error = 'ur password doesnt match'
#return flask.render_template('signup.html', error=error)
#return flask.render_template('signup.html')
return flask.render_template('signup.html', error=error)
def create_pleblist_login(bot_config):
""" Throws an InvalidLogin exception if the login was not good """
salted_password = generate_password_hash(bot_config['web']['pleblist_password'], bot_config['web']['pleblist_password_salt'])
return base64.b64encode(salted_password).decode('utf8')
def login():
error = False
#if flask.session.has_key('im_online') and flask.session["im_online"]:
# return flask.redirect(flask.url_for(str(flask.session['role'])))
#if not flask.session.has_key('im_online'):
#return flask.render_template('login.html')
if flask.request.method == 'POST':
nickname = flask.request.form['username']
password = flask.request.form['Password']
#correct login?
curlee = db.cursor()
hashone = generate_password_hash(password, hash1)
hashtwo = generate_password_hash(hashone, hash2)
hashthree = generate_password_hash(hashtwo, hash3)
hashedpasswd = hashthree
curlee.execute('select password from bloggen where name=%s',
(nickname, ))
crr = db.cursor()
crr.execute('select role from bloggen where name=%s', (nickname, ))
roler = crr.fetchone()
result = curlee.fetchone()
cuuu = db.cursor()
cuuu.execute('select pgp from bloggen where name=%s', (nickname, ))
lpgp = cuuu.fetchone()
xaa = db.cursor()
xaa.execute('select pgp_fingerprint from bloggen where name=%s',
(nickname, ))
thefing = xaa.fetchone()
if lpgp[0] == 'no':
if hashedpasswd == result[0]:
flask.session['im_online'] = True
flask.session['nick'] = nickname
flask.session['role'] = roler[0]
return flask.redirect(flask.url_for(str(
flask.session["role"])))
if thefing:
shelloo = base64.b64encode(
urandom(16)
) #base64 encode bytes from the kernel to use as auth for 2 factor auth code
data = str(shelloo)
fing = thefing[0]
encrypted_ascii_data = gpg.encrypt(data, fing)
hello = str(encrypted_ascii_data)
#sig2 = gpg.sign(hello, default_key=thefing, passphrase='passwd')
sigmsg = hello
usrin = flask.request.form['code']
if usrin == shelloo:
flask.session['online'] = True
flask.session['nick'] = nickname
flask.session['role'] = roler[0]
return flask.render_template(
flask.url_for(str(flask.session['role'])))
# if flask.request.method == 'POST':
# if secret == secdata:
# flask.session['im_online'] = True
# flask.session['nick'] = nickname
# flask.session['role'] = roler[0]
#return flask.redirect(flask.url_for(str(flask.session["role"])))
return flask.render_template('2factor.html',
user=nickname,
thecode=sigmsg,
kid=fing)
else:
return ''
if hashespasswd == result[0]:
flask.session['im_online'] = True
flask.session['nick'] = nickname
flask.session['role'] = roler[0]
return flask.redirect(flask.url_for(str(flask.session["role"])))
#if usr got pgp go to 2 factor
# elif lpgp:
return flask.render_template('login.html')
return flask.render_template('login.html', error=error)
def is_correct_password(self, password):
salt = self.salt
password = generate_password_hash(password, salt)
if password == self._password:
return True
return False
