Exemplo n.º 1
1
def reset():
    status = Status()
    form = Form(request.forms)
    token = request.query.token
    s = URLSafeTimedSerializer(secret_key, max_age=3600, salt=salt)
    try:
        username = s.loads(token)
    except:
        return abort(500, 'bad signature')
    else:
        if request.method == 'POST' and form.validate():
            new_pbkdf2 = to_bytes(pbkdf2_sha256.encrypt(form.password.data))
            try:
                conn = db.engine.connect()
                conn.execute(users.update().values(
                    pbkdf2=new_pbkdf2).where(users.c.id == username))
                conn.close()
            except exc.SQLAlchemyError as message:
                status.danger = message
            else:
                status.success = 'Password Changed. Please log in.'
                return render_template('/status.html',
                                       status=status)
    return render_template('/action/reset.html',
                           status=status,
                           form=form,
                           username=username,
                           token=token)
Exemplo n.º 2
0
 def token(self):
     config = current_app.config
     secret_key = config.setdefault("SECRET_KEY")
     salt = config.setdefault("SECURITY_PASSWORD_SALT")
     serializer = URLSafeTimedSerializer(secret_key)
     token = serializer.dumps(self.username, salt=salt)
     return token
Exemplo n.º 3
0
    def registration(self):
        form = UserForm()
        if request.method == "GET":
            return render_template("registration.html", form=form)
        if form.validate_on_submit():
            g.current_user = {}
            name = form.name.data
            password = bcrypt.hashpw(form.password.data.encode("utf-8"), bcrypt.gensalt(12)).decode("utf-8")
            email = form.email.data
            user = User(name, password, email)
            g.db_session.add(user)
            g.db_session.commit()
            serializer = URLSafeTimedSerializer(cfg.SECRET_KEY)
            token = serializer.dumps(user.email, salt="myblogappconfirm")
            msg = Message("Hello, {}".format(name),
                          recipients=[user.email])
            href = url_for("blog.BlogView:confirm_user",
                           _external=True,
                           token=token)
            msg.html = render_template("email_confirm.html", name=name, href=href)

            msg.subject = "Hello, {}. Verify your email please!".format(name)
            g.mail_manager.send(msg)

            return redirect(blp_url("BlogView:index"))
        else:
            return render_template("registration.html", form=form)
Exemplo n.º 4
0
 def generate_security_token(self):
     """Generate a security token."""
     serializer = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])
     return serializer.dumps(self.email,
                             salt=current_app.config[
                                 'SECURITY_PASSWORD_SALT'
                             ])
Exemplo n.º 5
0
def email_change_hash(request, email_change_hash=None, group=None):
    s = URLSafeTimedSerializer(getattr(settings, 'EMAIL_CHANGE_SECRET', '87fuhaidfhahfokhh3u'))
    email_data = None
    signature_expired = False
    invalid_user = False
    try:
        email_data = s.loads(email_change_hash, max_age=3600 * 24)
    except SignatureExpired as e:
        signature_expired = True
    except Exception as e:
        pass

    if email_data:
        if request.user.is_authenticated:
            if request.user.id != email_data['user_id']:
                invalid_user = True
            else:
                user = request.user
                user.email = email_data['email']
                user.save()
        else:
            user = User.objects.get(id=email_data['user_id'])
            user.email = email_data['email']
            user.save()

    return render(
        request,
        'sphene/community/email_changed.html',
        {'signature_expired': signature_expired,
         'invalid_user': invalid_user,
         'email_data': email_data}
    )
Exemplo n.º 6
0
 def verify_email_token(token, expiration=3600):
     s = UrlSerializer(DevelopmentConfig.SECRET_KEY)
     try:
         email = s.loads(token, max_age=expiration)
     except:
         return False
     return email
Exemplo n.º 7
0
class Signer(object):

    def __init__(self, app=None):
        self.app = app
        if app is not None: # pragma: no cover
            self.init_app(app)


    def init_app(self, app):
        key = app.config['ITSDANGEROUSKEY']
        self.signer = URLSafeTimedSerializer(key)


    def loads(self, string, **kwargs):
        return self.signer.loads(string, **kwargs)


    def dumps(self, key, **kwargs):
        return self.signer.dumps(key, **kwargs)


    def generate_password_hash(self, password):
        return generate_password_hash(password)


    def check_password_hash(self, passwd_hash, password):
        return check_password_hash(passwd_hash, password)
Exemplo n.º 8
0
def reset():
    form = EmailForm()
    if request.method == 'POST' and form.validate_on_submit():
        user = Client.query.filter_by(email=form.email.data).first_or_404()
        app.logger.debug(
            "Password reset request from {0}".format(
                user.email))
        subject = "Password reset requested"
        # Here we use the URLSafeTimedSerializer we created in `util` at the
        # beginning of the chapter
        try:
            ts = URLSafeTimedSerializer(app.config["SECRET_KEY"])
            token = ts.dumps(user.email, salt='recover-key')
        except Exception as e:
            app.logger.error(e)
            abort(404)
        recover_url = url_for(
            'users.reset_with_token',
            token=token,
            _external=True)
        html = render_template(
            'emails/recover.html',
            recover_url=recover_url)
        run_celery.send_email.apply_async(
            (user.email, subject, html)
        )
        msg = u"""
            Please, check your email.
        """
        flash(msg, 'error')
        return redirect(url_for('users.login'))
    return render_template('users/reset.html', form=form)
Exemplo n.º 9
0
def confirm_token(token, expiration=3600):
    serializer = URLSafeTimedSerializer(cfg.SECRET_KEY)
    try:
        email = serializer.loads(token, salt=cfg.SECURITY_PASSWORD_SALT, max_age=expiration)
    except:
        return False
    return email
def generate_reset_url(user_id, email_address):
    ts = URLSafeTimedSerializer(main.config["SECRET_KEY"])
    token = ts.dumps({"user": user_id, "email": email_address},
                     salt=main.config["RESET_PASSWORD_SALT"])
    url = url_for('main.reset_password', token=token, _external=True)
    current_app.logger.debug("Generated reset URL: %s", url)
    return url
Exemplo n.º 11
0
def get_email_token(email, salt, secret):
    """
    Generate a timestamped token from the specified email
    """
    ts = URLSafeTimedSerializer(secret)
    token = ts.dumps(email, salt=salt)
    return token
Exemplo n.º 12
0
def generate_csrf(secret_key=None, token_key=None):
    """Generate a CSRF token. The token is cached for a request, so multiple
    calls to this function will generate the same token.

    During testing, it might be useful to access the signed token in
    ``g.csrf_token`` and the raw token in ``session['csrf_token']``.

    :param secret_key: Used to securely sign the token. Default is
        ``WTF_CSRF_SECRET_KEY`` or ``SECRET_KEY``.
    :param token_key: Key where token is stored in session for comparision.
        Default is ``WTF_CSRF_FIELD_NAME`` or ``'csrf_token'``.
    """

    secret_key = _get_config(
        secret_key, 'WTF_CSRF_SECRET_KEY', current_app.secret_key,
        message='A secret key is required to use CSRF.'
    )
    field_name = _get_config(
        token_key, 'WTF_CSRF_FIELD_NAME', 'csrf_token',
        message='A field name is required to use CSRF.'
    )

    if field_name not in g:
        if field_name not in session:
            session[field_name] = hashlib.sha1(os.urandom(64)).hexdigest()

        s = URLSafeTimedSerializer(secret_key, salt='wtf-csrf-token')
        setattr(g, field_name, s.dumps(session[field_name]))

    return g.get(field_name)
Exemplo n.º 13
0
 def checkUserToken(self,token):
     serializer = URLSafeTimedSerializer(app.config['SECRET_KEY'])
     username = serializer.loads(token)
     if(username == self.username):
         return True
     else:
         return False
Exemplo n.º 14
0
def timed_safe_url_load(serialized_data, max_age_in_seconds, salt='peri2organise'):
    """
    De-serializes the serialized data into the original data.

    Salt can be used when generating safe URL tokens for different purposed,
    e.g. salt='reset_password' or salt='auth_token'. The salt must be the same
    as the salt used when the data was serialized.
    """

    try:
        secret_key = app.config['SECRET_KEY']
    except KeyError:
        raise Exception('A Secret Key is required to generate tokens.')
    else:
        # Ensure key is a string.
        if secret_key is None or not isinstance(secret_key, str):
            raise Exception('A Secret Key is required to generate tokens.')

    # Create URL safe timed serializer.
    serializer = URLSafeTimedSerializer(secret_key, salt=salt)

    try:
        # Try and decode the data.
        decoded_data = serializer.loads(serialized_data, max_age=max_age_in_seconds)
    except BadSignature as e:
        encoded_payload = e.payload
        if encoded_payload is not None:
            try:
                decoded_data = serializer.load_payload(encoded_payload)
            except BadData:
                return False
        return False
    else:
        return decoded_data
Exemplo n.º 15
0
def confirm_reset_password_token(token):
    max_age_key = 'USERS_RESET_PASSWORD_TOKEN_MAX_AGE_IN_SECONDS'
    max_age = current_app.config[max_age_key]

    salt = current_app.config['USERS_RESET_PASSWORD_TOKEN_SALT']
    serializer = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])

    user, data = None, None
    expired, invalid = False, False

    try:
        data = serializer.loads(
            token,
            max_age=max_age,
            salt=salt)
    except SignatureExpired:
        d, data = serializer.loads_unsafe(token, salt=salt)
        expired = True
    except (BadSignature, TypeError, ValueError):
        invalid = True

    if data:
        user = User.get(id=data[0])

    if not invalid and user and user.password:
        password_hash = hashlib.md5(user.password).hexdigest()
        if not safe_str_cmp(password_hash, data[1]):
            invalid = True

    expired = expired and (user is not None)

    logger.debug("reset password token confirmed?",
                 expired=expired, invalid=invalid, user=user, data=data)

    return expired, invalid, user, data
 def _verify(self, signed_token, salt, timeout = None):
     serializer = URLSafeTimedSerializer(self.token, salt)
     try:
       name = serializer.loads(signed_token, max_age=timeout)
       return self.name == serializer.loads(signed_token, max_age=timeout)
     except SignatureExpired:
       return False
Exemplo n.º 17
0
 def get_serializer(self):
     secret_key = self.app.settings.get('SECRET_KEY')
     if not secret_key:
         return None
     s = URLSafeTimedSerializer(secret_key, salt=self.salt)
     s.digest_method = self.digest_method
     return s
Exemplo n.º 18
0
 def share(self, file):
     file = walker.get_path(file)
     s = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])
     share_code = s.dumps({'file': str(file.relative())})
     if request.args.get('modal', 'false') == 'true':
         return render_template('tree/share_modal.html', file=file, share_code=share_code)
     return render_template('tree/share.html', file=file, share_code=share_code)
Exemplo n.º 19
0
def notify():
    '''change notification settings
        params:     POST:   method - notification method
        returns:    GET:    change notify form
                    POST:   redirect
    '''
    form = ChangeNotifyForm()

    # If user has confirmed phone, add that notify choice
    if g.user.phone_confirmed:
        form.method.choices.extend([('Text', 'Text'), ('Both', 'Both')])

    if form.validate_on_submit():
        if request.form['method'] != g.user.notify_method:
            g.user.notify_method = request.form['method']
            g.user.notify_confirmed = False
            db.session.add(g.user)
            db.session.commit()
            flash('Updated unconfirmed settings')
            s=URLSafeTimedSerializer(current_app.config['SECRET_KEY'], salt=current_app.config['NOTIFY_CONFIRM_SALT'])
            token=s.dumps(g.user.id)
            msg = Message('Confirm settings', recipients=[g.user.email])
            msg.body='Confirm notification changes: {0}'.format(url_for('.confirm_notify', token=token, _external=True))
            mail.send(msg)
            logger.info('mail sent: {0}'.format(msg))
            flash('Confirmation email sent')
        else:
            flash('Nothing changed')
        return redirect_xhr_or_normal('.profile')

    return render_xhr_or_normal('change_notify.html', form=form)
Exemplo n.º 20
0
 def get_auth_token(self):
     """
     Encode a secure token for cookie
     """
     login_serializer = URLSafeTimedSerializer(configuration.get('auth', 'secret_key'))
     data = [str(self.id), self.password]
     return login_serializer.dumps(data)
Exemplo n.º 21
0
Arquivo: views.py Projeto: ccnmtl/rolf
def verify_key(request):
    # TODO: convert to a decorator
    key = request.META.get('HTTP_ROLF_API_KEY', '')
    s1 = URLSafeSerializer(settings.API_SECRET,
                           salt="rolf-ipaddress-key")
    try:
        d = s1.loads(key)
        # check their IP
        remote_addr = request.META.get(
            'HTTP_X_FORWARDED_FOR',
            request.META.get('REMOTE_ADDR'))

        if d['remote_addr'] != remote_addr:
            return None
        return get_object_or_404(User, username=d['username'])
    except BadSignature:
        # try timed key
        s2 = URLSafeTimedSerializer(settings.API_SECRET,
                                    salt="rolf-timed-key")
        try:
            d = s2.loads(key, max_age=60 * 60 * 24 * 7)
            return get_object_or_404(User, username=d['username'])
        except BadSignature:
            # invalid
            return None
        except SignatureExpired:
            return None
    return None
Exemplo n.º 22
0
 def load_user_from_unique_code(token):
     s = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])
     try:
         data = s.loads(token)
     except:
         return
     return User.query.get(data.get('unique_code'))
Exemplo n.º 23
0
class Isso(object):

    salt = b"Eech7co8Ohloopo9Ol6baimi"

    def __init__(self, conf):

        self.conf = conf
        self.db = db.SQLite3(conf.get('general', 'dbpath'), conf)
        self.signer = URLSafeTimedSerializer(conf.get('general', 'session-key'))

        super(Isso, self).__init__(conf)

        subscribers = []
        subscribers.append(Stdout(None))

        if conf.get("general", "notify") == "smtp":
            subscribers.append(SMTP(self))

        self.signal = ext.Signal(*subscribers)

        self.urls = Map()

        views.Info(self)
        comments.API(self)

    def sign(self, obj):
        return self.signer.dumps(obj)

    def unsign(self, obj, max_age=None):
        return self.signer.loads(obj, max_age=max_age or self.conf.getint('general', 'max-age'))

    def dispatch(self, request):
        local.request = request

        local.host = wsgi.host(request.environ)
        local.origin = origin(self.conf.getiter("general", "host"))(request.environ)

        adapter = self.urls.bind_to_environ(request.environ)

        try:
            handler, values = adapter.match()
        except HTTPException as e:
            return e
        else:
            try:
                response = handler(request.environ, request, **values)
            except HTTPException as e:
                return e
            except Exception:
                logger.exception("%s %s", request.method, request.environ["PATH_INFO"])
                return InternalServerError()
            else:
                return response

    def wsgi_app(self, environ, start_response):
        response = self.dispatch(JSONRequest(environ))
        return response(environ, start_response)

    def __call__(self, environ, start_response):
        return self.wsgi_app(environ, start_response)
Exemplo n.º 24
0
 def handle_logging_user_out(self):
     serializer = URLSafeTimedSerializer(self.token.consumer.private_key)
     parse_result = urlparse.urlparse(self.token.redirect_to)
     query_dict = QueryDict(parse_result.query, mutable=True)
     query_dict['access_token'] = serializer.dumps(self.token.access_token)
     url = urlparse.urlunparse((parse_result.scheme, parse_result.netloc, parse_result.path, '', query_dict.urlencode(), ''))
     return HttpResponseRedirect(url)
Exemplo n.º 25
0
def confirm_token(token, expiration=3600):
    serializer = URLSafeTimedSerializer( ALERTCONFIG.EMAIL_KEY )
    try:
        email = serializer.loads( token, salt=ALERTCONFIG.EMAIL_SALT, max_age=expiration )
    except:
        return False
    return email
Exemplo n.º 26
0
Arquivo: main.py Projeto: kdwarn/wyr
def activate():
    ''' Activate user account - finish the sign up process now that the email
    is verified - get user's password, do checks on it, and insert user into database
    '''

    #send user to form to set password if hash is good
    if request.method == 'GET':

        #first, pull user's email and username out of hash
        hash = request.args.get('code')
        serializer = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])
        try:
            decoded = serializer.loads(hash, salt='sign_up', max_age=3600)
        except SignatureExpired:
            flash('Activation period expired. Please sign up again.')
            return redirect(url_for('main.index'))
        except:
            flash("Error activating your account. Please sign up again below.")
            return redirect(url_for('main.index'))

        return render_template('activate.html', username=decoded[0], email=decoded[1])

    # get user's desired password, check, add account
    if request.method == 'POST':

        username = request.form['username']
        email = request.form['email']
        password = request.form['password']
        confirm_password = request.form['confirm_password']

        #checks - password
        if password != confirm_password:
            flash("Your passwords did not match. Please try again.")
            return render_template('activate.html', username=username, email=email)
        if len(password) < 5:
            flash("Your password is too short. Please try again.")
            return render_template('activate.html', username=username, email=email)
        #checks - if user already completed sign up, redirect
        if User.query.filter_by(username=username).count() > 0:
            flash("You've already activated your account.")
            return redirect(url_for('main.index'))

        # use passlib to encrypt password
        myctx = CryptContext(schemes=['pbkdf2_sha256'])
        hashed_password = myctx.encrypt(password)

        # create a salt
        alphabet = string.ascii_letters + string.digits
        salt = ''.join(secrets.choice(alphabet) for i in range(32))

        #add user
        user = User(username, hashed_password, salt, email)
        db.session.add(user)
        db.session.commit()

        login_user(user)

        flash('Thank you. Your account has been activated.')
        return redirect(url_for('main.settings'))
Exemplo n.º 27
0
 def createToken(emailAddress,database,token_type) :
     """Creates a token to be used and saves it with the salt in the database"""
     salt = uuid.uuid1().int
     ts = URLSafeTimedSerializer(sesEmail.SIGNING_KEY)
     token = ts.dumps(emailAddress, salt=str(salt)+token_type)
     #saves the token and salt pair
     database.saveToken(str(salt),str(token))
     return urllib.quote_plus(str(token))
Exemplo n.º 28
0
def validate_token(config, token, expire_time=3600):
    """from token and expire_time to confirm user's email"""
    serializer = URLSafeTimedSerializer(config['SECRET_KEY'])
    try:
        confirmed_email = serializer.loads(token, max_age=expire_time, salt=config['EMAIL']['salt'])
    except Exception:
        return False
    return confirmed_email
Exemplo n.º 29
0
def get_email_from_token(token, salt, secret, max_age=86400):
    """
    Read an email from a timestamped token.
    Raises an exception if the token is more than 24 hours old or invalid
    """
    ts = URLSafeTimedSerializer(secret)
    email = ts.loads(token, salt=salt, max_age=max_age)
    return email
Exemplo n.º 30
0
def confirm_email_token(token, expiration=86400):
    serializer = URLSafeTimedSerializer(app.config['SECRET_KEY'])
    try:
        email = serializer.loads(token, salt=app.config['SECURITY_SALT'], max_age=expiration)
    except: # should be watching for specifically BadTimeSignature and SignatureExpired
        # add a separate template for failed or expired confirmations
        return False
    return email
Exemplo n.º 31
0
def _get_serializer(app, name):
    secret_key = app.config.get('SECRET_KEY')
    salt = app.config.get('SECURITY_%s_SALT' % name.upper())
    return URLSafeTimedSerializer(secret_key=secret_key, salt=salt)
Exemplo n.º 32
0
class Isso(object):
    def __init__(self, conf):

        self.conf = conf
        db_type = conf.get('general', 'db-type')
        if db_type == 'sqlite':
            self.db = db.SQLite3(conf.get('general', 'dbpath'), conf)
        elif db_type == 'psql':
            self.db = db_psql.PSQL(conf.get('general', 'dbpath'), conf)
        self.signer = URLSafeTimedSerializer(
            self.db.preferences.get("session-key"))
        self.markup = html.Markup(conf.section('markup'))
        self.hasher = hash.new(conf.section("hash"))

        super(Isso, self).__init__(conf)

        subscribers = []
        smtp_backend = False
        for backend in conf.getlist("general", "notify"):
            if backend == "stdout":
                subscribers.append(Stdout(None))
            elif backend in ("smtp", "SMTP"):
                smtp_backend = True
            else:
                logger.warn("unknown notification backend '%s'", backend)
        if smtp_backend or conf.getboolean("general", "reply-notifications"):
            subscribers.append(SMTP(self))

        self.signal = ext.Signal(*subscribers)

        self.urls = Map()

        views.Info(self)
        views.Metrics(self)
        comments.API(self, self.hasher)

    def render(self, text):
        return self.markup.render(text)

    def sign(self, obj):
        return self.signer.dumps(obj)

    def unsign(self, obj, max_age=None):
        return self.signer.loads(obj,
                                 max_age=max_age
                                 or self.conf.getint('general', 'max-age'))

    def dispatch(self, request):
        local.request = request

        local.host = wsgi.host(request.environ)
        local.origin = origin(self.conf.getiter("general",
                                                "host"))(request.environ)

        adapter = self.urls.bind_to_environ(request.environ)

        try:
            handler, values = adapter.match()
        except HTTPException as e:
            return e
        else:
            try:
                response = handler(request.environ, request, **values)
            except HTTPException as e:
                return e
            except Exception:
                logger.exception("%s %s", request.method,
                                 request.environ["PATH_INFO"])
                return InternalServerError()
            else:
                return response

    def wsgi_app(self, environ, start_response):
        response = self.dispatch(JSONRequest(environ))
        return response(environ, start_response)

    def __call__(self, environ, start_response):
        return self.wsgi_app(environ, start_response)
Exemplo n.º 33
0
def generate_token(email, salt=None):
    serializer = URLSafeTimedSerializer(current_app.config.get('SECRET_KEY'))
    return serializer.dumps(email, salt=salt)
Exemplo n.º 34
0
def generate_confirmation_token(email):
    serializer = URLSafeTimedSerializer('IAMSOFLUBINSECUREuuKEY')
    return serializer.dumps(email, salt='THl72DfWa36wdEPJOEGbe71GSCDWADuuSALT')
Exemplo n.º 35
0
from __init__ import login
from models import User
from flask_login import login_user, logout_user, login_required, current_user
import hashlib
import random
import math
import os
import urllib.request
from flask import flash, url_for
from werkzeug.utils import secure_filename
from authy.api import AuthyApiClient
import utils
import smtplib
from flask_mail import Mail, Message
from itsdangerous import URLSafeTimedSerializer, SignatureExpired
s = URLSafeTimedSerializer('thisissecret!')


app.config['CSRF_ENABLED'] = True
app.config['USER_ENABLE_EMAIL'] = True
app.config.from_pyfile('config.cfg')
mail = Mail(app)
mail.init_app(app)
app.config.from_object('config')
app.secret_key = 'super-secret'
api = AuthyApiClient(app.config['AUTHY_API_KEY'])


@app.route('/about')
def about():
    return render_template('about.html',  list_book_category=utils.get_book_category())
Exemplo n.º 36
0
def generate_confirmation_token(email):
    serializer = URLSafeTimedSerializer(app.config['SECRET_KEY'])
    return serializer.dumps(email, salt=app.config['SECURITY_PASSWORD_SALT'])
Exemplo n.º 37
0
def generate_token(email):
    """ generate verification token """

    serializer = URLSafeTimedSerializer(app.config["SECRET_KEY"])
    return serializer.dumps(email, salt=app.config["PASSWORD_SALT"])
Exemplo n.º 38
0
from werkzeug.security import generate_password_hash, check_password_hash
from flask import Blueprint, request, jsonify, make_response, json, url_for
from flask_mail import Mail, Message
from itsdangerous import URLSafeTimedSerializer, SignatureExpired, BadSignature

from app import app, db, models

from flasgger import swag_from
from .helpers import token_required, check_password, check_mail, special_character, password_match
from .serializers import UserSchema, LoginSchema
from .models import User

mod = Blueprint('auth', __name__)
mail = Mail(app)

serializer = URLSafeTimedSerializer(app.secret_key)


@mod.route('/auth/register', methods=['POST'])
@swag_from('docs/auth_register.yml')
def register():
    """ 
    User Registration
    """
    data = request.get_json()

    schema = UserSchema()
    try:
        user, errors = schema.loads(request.data)
    except JSONDecodeError:
        # response for no data/invalid data
Exemplo n.º 39
0
from app.forms import RegistrationForm, LoginForm, MoneyForm, NgoForm, Food_donation
from app.models import User, Money, Ngo
from flask_login import login_user, current_user, logout_user, login_required
from itsdangerous import URLSafeTimedSerializer, SignatureExpired, BadTimeSignature
from oauthlib.oauth2 import WebApplicationClient
from app.paytm import checksum
import requests

GOOGLE_CLIENT_ID = "SECRET"

GOOGLE_CLIENT_SECRET = 'SECRET'
GOOGLE_DISCOVERY_URL = "https://accounts.google.com/.well-known/openid-configuration"

os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'

sq = URLSafeTimedSerializer(app.config['SECRET_KEY'])

# @login_manager.unauthorized_handler
# def unauthorized():
#     return "You must be logged in to access this content.", 403


@app.route('/')
@app.route('/home')
def home():
    return render_template('index.html')


@app.route('/about')
@login_required
def about():
Exemplo n.º 40
0
def get_serializer(name: str) -> TimedSerializer:
    config: Dict[str, Any] = current_app.config
    secret_key: bytes = config.get("SECRET_KEY")
    salt = config.get(f"SECURITY_{name.upper()}_SALT")
    return URLSafeTimedSerializer(secret_key=secret_key, salt=salt)
Exemplo n.º 41
0
from flask_mail import Mail, Message
from itsdangerous import URLSafeTimedSerializer

#import pdb; pdb.set_trace()
app = Flask(__name__)
bcrypt = Bcrypt(app)
app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'

app.config.update(MAIL_SERVER='smtp.gmail.com',
                  MAIL_PORT=465,
                  MAIL_USE_SSL=True,
                  MAIL_USERNAME='******',
                  MAIL_PASSWORD='******')

mail = Mail(app)
ts = URLSafeTimedSerializer(app.config["SECRET_KEY"])
import datetime as dt
resetlink_context = []
#password reset expiry link for a user needs to expire after some time
PASSWORD_RESET_EXPIRY_WINDOW = dt.timedelta(
    days=30)  #setting this to 30 days as most apps do these days

#pagination
POSTS_PER_PAGE = 5

import models, logs
from constnts import *
import bokehbar, bokehradial


@app.route('/', methods=['GET'])
Exemplo n.º 42
0
from flask import Flask, request, url_for
from flask_mail import Mail, Message
from flask_restful import Resource
from itsdangerous import URLSafeTimedSerializer, SignatureExpired
from config import SECRET_KEY
from Model import db, Etudiants, Enseignants

mail = Mail()
s = URLSafeTimedSerializer(SECRET_KEY)

def send_email(email):
    token = s.dumps(email, salt='email-confirm')

    msg = Message('Confirm Email', sender='*****@*****.**', recipients=[email])

    link = url_for('confirmation.confirmemailresource', token=token, _external=True)

    msg.body = 'Your link is {}'.format(link)

    mail.send(msg)


class ConfirmEmailResource(Resource):
    def get(self):
        token=request.args['token']
        try:
            email_sent = s.loads(token, salt='email-confirm', max_age=3600)
        except SignatureExpired:
            return {'error' : 'Link has expired!'}
        etudiant = Etudiants.query.filter_by(email=email_sent).first()
        enseignant = Enseignants.query.filter_by(email=email_sent).first()
Exemplo n.º 43
0
import re

# Khaya Configurations

# app
app = Flask(__name__)
CORS(app)  # cross-origin reference security implementation
app.config['SECRET-KEY'] = urandom(36)
app.config.from_pyfile('config.cfg')

# mongodb
khaya = MongoClient('localhost', 27017)
db = khaya['khaya']

# keen analytics

# paynow

# bcrypt hashes
salt = b'$2b$05$iIjhPDKsIoHJC7sDr4IVLO'

# validators

# token configuration

s = URLSafeTimedSerializer('KHAYA_ZIMBABWE...')

# global variables
newpassword = None
dbEmail = ''
Exemplo n.º 44
0
def create_ws_token(public_key=None):
    from itsdangerous import URLSafeTimedSerializer

    s = URLSafeTimedSerializer(UI_API_KEY)
    return s.dumps({'public_key': public_key})
Exemplo n.º 45
0
# -*- coding: utf-8 -*-
import logging
from flask import render_template

from redash import settings
from redash.tasks import send_mail
from redash.utils import base_url
from redash.models import User
# noinspection PyUnresolvedReferences
from itsdangerous import URLSafeTimedSerializer, SignatureExpired, BadSignature

logger = logging.getLogger(__name__)
serializer = URLSafeTimedSerializer(settings.COOKIE_SECRET)


def invite_token(user):
    return serializer.dumps(str(user.id))


def invite_link_for_user(user):
    token = invite_token(user)
    invite_url = "{}/invite/{}".format(base_url(user.org), token)

    return invite_url


def reset_link_for_user(user):
    token = invite_token(user)
    invite_url = "{}/reset/{}".format(base_url(user.org), token)

    return invite_url
Exemplo n.º 46
0
def generate_confirmation_token(email):
    serializer = URLSafeTimedSerializer(SECRET_KEY)
    return serializer.dumps(email)
Exemplo n.º 47
0
from flask import Flask, request, url_for
#from flask_mail import Mail, Message
from itsdangerous import URLSafeTimedSerializer
import mysql.connector
import smtplib
import json
import os.path

app = Flask(__name__)

with open(os.path.dirname(__file__) + '/../secretkey.json') as f:
    secretkey = json.load(f)
s = URLSafeTimedSerializer(secretkey['key'])


@app.route('/', methods=['GET', 'POST'])
def index():
    from email.mime.multipart import MIMEMultipart
    from email.mime.text import MIMEText

    with open(os.path.dirname(__file__) + '/../googlecredentials.json') as f:
        google = json.load(f)

    smtpObj = smtplib.SMTP('smtp.gmail.com', 587)
    smtpObj.ehlo()
    smtpObj.starttls()
    smtpObj.login(google['username'], google['password'])

    if request.method == 'GET':
        return '<form action="/" method="POST"><input name="email"><input type="submit"></form>'
    email = request.form['email']
Exemplo n.º 48
0
def create_app(**kwargs_config):
    """
    Create the flask app
    :param kwargs_config: overwrite any base level config
    :return: flask.Flask instance
    """

    app = factory.create_app(
        app_name=__name__.replace('.app', ''),
        **kwargs_config
    )

    api = Api(app)
    api.unauthorized = lambda noop: noop #Overwrite WWW-Authenticate challenge on 401

    csrf = CsrfProtect(app)

    mail = Mail(app)

    cors = CORS(app,
                origins=app.config.get('CORS_DOMAINS'),
                allow_headers=app.config.get('CORS_HEADERS'),
                methods=app.config.get('CORS_METHODS'),
                supports_credentials=True,
                )

    app.json_encoder = JSONEncoder
    api.add_resource(Bootstrap, '/bootstrap')
    api.add_resource(StatusView, '/status')
    api.add_resource(OAuthProtectedView, '/protected')
    api.add_resource(CSRFView, '/csrf')
    api.add_resource(UserAuthView, '/user')
    api.add_resource(DeleteAccountView, '/user/delete')
    api.add_resource(UserRegistrationView, '/register')
    api.add_resource(LogoutView, '/logout')
    api.add_resource(PersonalTokenView, '/token')
    api.add_resource(UserInfoView, '/info/<string:account_data>')
    api.add_resource(ChangePasswordView, '/change-password')
    api.add_resource(ChangeEmailView, '/change-email')
    api.add_resource(VerifyEmailView, '/verify/<string:token>')
    api.add_resource(ForgotPasswordView, '/reset-password/<string:token>')
    app.ts = URLSafeTimedSerializer(app.config["SECRET_KEY"])

    @app.login_manager.unauthorized_handler
    def unauthorized():
        """
        flask_login callback when @login_required is not met.
        This overrides the default behavior or re-directing to a login view
        """
        abort(401)

    # Register custom error handlers
    if not app.config.get('DEBUG'):
        app.errorhandler(AdsWSError)(on_adsws_error)
        app.errorhandler(AdsWSFormError)(on_adsws_form_error)

        @csrf.error_handler
        def csrf_error(reason):
            app.logger.warning("CSRF Blocked: {reason}".format(reason=reason))
            return jsonify(dict(error="Invalid CSRF token")), 400
    return app
Exemplo n.º 49
0
from flask import render_template, request, make_response,session,url_for,send_file
import datetime
from app.Controller import Controller
from app import app
import pdfkit
from base64 import b64encode
import base64
from flask_mail import Mail,Message
import ldap
from io import BytesIO
import json
import easygui
from itsdangerous import URLSafeTimedSerializer,SignatureExpired
s = URLSafeTimedSerializer('this is seceret')
mail = Mail(app)
re=1
from werkzeug.security import generate_password_hash, \
     check_password_hash
control=Controller()
#index page function
@app.route('/')
@app.route('/index')
def index():

    return render_template('index.html')
#login
@app.route('/login',methods = ['POST', 'GET'])
def loginuser():
    if request.method == 'POST':
        category=request.form['cat']
        username=request.form['username']
Exemplo n.º 50
0
from datetime import datetime
from flask import render_template, session, redirect, url_for, request
from . import main
import psycopg2
#from app.main.forms import NameForm
from app import db
from app.emails import send_email
from app.models import User
from itsdangerous import URLSafeTimedSerializer, SignatureExpired

token_serializer = URLSafeTimedSerializer("the secret key is here")


@main.route('/', methods=['GET', 'POST'])
def index():
    req_data = request.form
    if req_data.get("user_name") != None:
        if User.query.filter_by(
                user_name=req_data.get("user_name")).first() == None:
            new_user = User(user_name=req_data.get("user_name"),
                            user_image=request.files.get("image").read(),
                            user_email_adrs=req_data.get("email"),
                            user_password=req_data.get("user_password"))
            db.session.add(new_user)
            db.session.commit()
            email = new_user.user_email_adrs
            email_token = token_serializer.dumps(email,
                                                 salt='email-confirmation')
            salutation = "hi-NewUser{}".format(req_data.get("user_name"))
            text_message = 'click on the link for account confirm <a href="http://127.0.0.1:5000' + url_for(
                '.email_token_varify',
Exemplo n.º 51
0
login_manager = LoginManager()
'''
Note: With session_protection 'strong', this can fail in cases where this is
used as a stand in authenticator/authorizer called as a sub request from a proxy
This is because, the 'ip address' and 'user agent' are different.
For more details see - https://flask-login.readthedocs.io/en/latest/#session-protection
TODO: Update nginx configs to ensure client's ip and user agent are used in the sub request.
'''
login_manager.session_protection = 'basic'

REMEMBER_COOKIE_DURATION_SECONDS = int(
    os.getenv('REMEMBER_COOKIE_DURATION_SECONDS', 120))
SESSION_TOKEN_SECRET_KEY = os.environ[
    'SESSION_TOKEN_SECRET_KEY']  # secret key used for the session user cookie
login_serializer = URLSafeTimedSerializer(
    SESSION_TOKEN_SECRET_KEY
)  #Login_serializer used to encryt and decrypt the cookie token for the remember me option of flask-login


class SessionUser(UserMixin):
    actas = ''

    def __init__(self, username, userpasshash):
        ''' Note that the userpasshash can be some kind of a token too.'''
        self.user_id = username
        self.userpasshash = userpasshash

    def get_auth_token(self):
        ''' Encode a secure token for cookie. This is used to remember the user. '''
        return login_serializer.dumps(self.user_id, self.userpasshash)
Exemplo n.º 52
0
def generate_confirmation_token(nickname):
    serializer = URLSafeTimedSerializer(application.config["SECRET_KEY"])
    return serializer.dumps(nickname, salt=application.config["SECURITY_PASSWORD_SALT"])
Exemplo n.º 53
0
 def generate_token(self):
     data = {"email": self.email, "id": self.id}
     signer = URLSafeTimedSerializer(app.secret_key)
     return signer.dumps(data)
Exemplo n.º 54
0
#-*- coding:utf-8 -*-
from flask import Blueprint, current_app, render_template, request, jsonify, redirect, flash, url_for, g
from flask_login import login_user, logout_user, login_required, current_user
from flask_mail import Message

from itsdangerous import URLSafeTimedSerializer

from .datastorage.user_db import Users

from flask_wtf import FlaskForm
from wtforms import StringField, BooleanField, PasswordField
from wtforms.validators import DataRequired, Email, EqualTo

infos = {"desc": "user api", "version": "0.2dev"}

serialiser = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])

ACTIVATION_EMAIL_SUBJECT = "NOos-Citoyens // Valider votre inscription à NOos-Citoyens "

ACTIVATION_EMAIL = """

        Bienvenue sur NOos-Citoyens.
            
        Vous êtes désormais incrit sur la plateforme NOos-Citoyens.
        Pour commencer, veuillez activer votre compte en cliquant sur le lien ci-dessous ou collez le lien suivant 
        dans la barre d'adresse de votre navigateur:
        %s
        
        Nous vous contacterons par la suite pour vous tenir informé des avancées de la plate-forme.
        Dans quelques jours vous recevrez un courriel pour vous prévenir de l'ouverture des votes.
        
Exemplo n.º 55
0
 def _token_serializer():
     config = current_app.config
     secret_key = config.setdefault('SECRET_KEY')
     salt = config.setdefault('SECRET_KEY_SALT')
     serializer = URLSafeTimedSerializer(secret_key)
     return serializer, salt
Exemplo n.º 56
0
    def handle(self, *args, **options):
        """
        python manage.py load_company_user deployment/deployment-v1-2018-03/mo_users.json
        :return:
        """
        filename = options['filename']

        try:
            with open(filename) as json_data:
                data = json.load(json_data)
        except Exception as e:
            print(
                '\n**************\nUnable to load json file. {0}. \n\n\nException message: '
                .format(filename), e.message)
        else:

            companies_data = data.get('companies')
            if companies_data:
                for company_data in companies_data:

                    if not 'uuid' in company_data:
                        continue
                    try:
                        # expected value: email, company_name, member_organization, uuid, company_prefix
                        email = company_data.get('email')
                        company_name = company_data.get('company_name')
                        try:
                            member_organisation = MemberOrganisation.objects.get(
                                slug=company_data.get('role'))
                        except MemberOrganisation.DoesNotExist:
                            member_organisation = None

                        # get company
                        company_organisation, company_organisation_created = CompanyOrganisation.objects.get_or_create(
                            uuid=company_data.get('uuid'),
                            defaults={
                                'member_organisation': member_organisation,
                                'name': company_data.get('name')
                            })
                        #print("Company  Created:- " if company_organisation_created else "Company Updated:- ",
                        #      u' '.join(
                        #          [company_organisation.uuid]).encode('utf-8').strip())

                        # update company name if any
                        if company_name:
                            company_organisation.company = company_name
                            company_organisation.save()

                        auth_user, auth_user_created = users_service.get_or_create(
                            email=email,
                            defaults={
                                'username': email,
                                'member_organisation': member_organisation,
                                'company_organisation': company_organisation
                            })

                        auth_user.save()
                        # print('Create New User:- ' if auth_user_created else 'Updated User:- ', auth_user.email)
                        company_organisation = users_service.get_company_organisation(
                            auth_user)

                    except Exception as e:
                        print(company_data)
                        print(str(e))
                        continue

                    log_message = 'logging in: ' + str(
                        auth_user.email) + '::' + str(
                            company_organisation.company)
                    log_extra = {
                        'user': auth_user.email,
                        'company': company_organisation.company
                    }
                    logging.getLogger().info(log_message, extra=log_extra)
                    logging.getLogger('audit').info(log_message,
                                                    extra=log_extra)

                    # if user's organisation has prefix override, use it
                    # if not use prefixes provided by the form
                    if company_organisation.prefix_override:
                        form_prefix = company_organisation.prefix_override
                        form_prefixes = form_prefix.split(',')
                    else:
                        form_prefixes = company_data.get('prefixes')

                    prefixes = prefix_service.find(user=auth_user).all()
                    prefixes_list = [p.prefix for p in prefixes]

                    # set gln to be first prefix
                    if len(prefixes_list) > 0:
                        first_prefix = prefixes_list[0]
                        derived_gln = normalize("EAN13", first_prefix)
                        company_organisation.gln = derived_gln
                        company_organisation.save()

                    for prfx in form_prefixes:
                        # if not re.match(settings.GS1_PREFIX_START_REGEX, prfx[:3]) or len(prfx) < 6:
                        #     if prfx.find('20') == 0:  # we will not complain about variable weight
                        #         continue
                        #     else:
                        #         return jsonify(success=False, message='Invalid prefix %s' % prfx)
                        if prfx not in prefixes_list:
                            try:
                                prefix = prefix_service.create(user=auth_user,
                                                               prefix=prfx)
                            except IntegrityError:
                                print(
                                    '\n\n*** ERROR:  Prefix {0} has been allocated for another user\n\n'
                                    .format(prfx))
                                continue
                            try:
                                prefix.make_starting_from()
                            except:
                                prefix.starting_from = None
                            prefix_service.save(prefix)
                        else:
                            i = prefixes_list.index(prfx)
                            if prefixes[i].is_suspended:
                                prefixes[i].is_suspended = False
                                prefix_service.save(prefixes[i])

                    for prfx in prefixes_list:
                        if prfx not in form_prefixes:
                            prefix = prefix_service.find(user=auth_user,
                                                         prefix=prfx).first()
                            prefix.is_suspended = True
                            prefix_service.save(prefix)

                    # Check active prefix and set accordingly
                    user_active_prefix = auth_user.profile.product_active_prefix
                    if not user_active_prefix:
                        prefix = prefix_service.find(
                            user=auth_user,
                            is_suspended=False).order_by('prefix').first()

                        if prefix:
                            prefix_service.make_active(user=auth_user,
                                                       prefix=prefix.prefix)
                            prefix_service.save(prefix)
                        else:
                            print('\n\nERROR: No working prefix found\n\n')
                            continue

                    serializer = URLSafeTimedSerializer(settings.SECRET_KEY)
                    token = serializer.dumps(
                        [auth_user.email, company_organisation.uuid])
                    logging.getLogger().debug('Created token: %s' % token)
Exemplo n.º 57
0
# -*- coding: utf-8 -*-
from __future__ import unicode_literals

from unicodedata import category
from itsdangerous import URLSafeTimedSerializer, URLSafeSerializer

from app import app

auth_token_serializer = URLSafeTimedSerializer(app.secret_key)
auth_token_serializer_perm = URLSafeSerializer(app.secret_key)

REJECT_CHARACTERS = ('\u2028', '\u2029')


def has_control_characters(s):
    """ Return True if the given string contains any unprintable/control
    characters
    """
    cat = category
    return any(
        cat(letter).startswith('C')  # Control character
        or letter in REJECT_CHARACTERS for letter in s)


def allow_password(password):
    """ Current password strength rules are::

        1) unicode allowed
        2) only "printable" characters (e.g. excluding control characters)
        3) at least 8 characters
        4) fewer than 1024 characters (arbitrarily large)
Exemplo n.º 58
0
class YouckanAuthPlugin(object):

    implements(IIdentifier, IChallenger, IAuthenticator, IChallengeDecider)

    def __init__(self, secret=None, login_url=None, session_cookie_name='sessionid',
            auth_cookie_name='youckan.auth', next_url_name='next', https=False):

        if not secret or not login_url:
            raise ValueError('secret and login_url parameters are required')

        self.session_cookie_name = session_cookie_name
        self.auth_cookie_name = auth_cookie_name
        self.secret = secret
        self.login_url = login_url
        self.next_url_name = next_url_name
        self.use_https = https is True or https == 'true'
        self.marker_cookie_name = '{0}.logged'.format(auth_cookie_name)
        self.signer = URLSafeTimedSerializer(secret, signer_kwargs={'sep': ':'})

        log.debug('YouckanAuth https: %s', self.use_https)
        log.debug('YouckanAuth session cookie: %s', self.session_cookie_name)
        log.debug('YouckanAuth auth cookie: %s', self.auth_cookie_name)
        log.debug('YouckanAuth marker cookie: %s', self.marker_cookie_name)

    def __call__(self, environ, status, headers):
        '''Challenge if marker present and not in https'''
        request = Request(environ)
        if self.needs_redirect(request):
            return True
        return default_challenge_decider(environ, status, headers)

    def challenge(self, environ, status, app_headers=(), forget_headers=()):
        '''Redirect to YouCKAN login page'''
        request = Request(environ)

        if self.needs_redirect(request):
            response = Response()
            response.status = 302
            response.location = request.url.replace('http://', 'https://')
            return response

        next_url = quote(request.url)
        if self.use_https and next_url.startswith('http://'):
            next_url = next_url.replace('http://, https://')
        auth_url = '{0}?{1}={2}'.format(self.login_url, self.next_url_name, next_url)

        response = Response()
        response.status = 302
        response.location = auth_url

        return response

    def identify(self, environ):
        '''Identity user from its Django session and YouCKAN auth cookies'''
        request = Request(environ)

        if not self.session_cookie_name in request.cookies or not self.auth_cookie_name in request.cookies:
            return None

        session_id = request.cookies[self.session_cookie_name]
        cookie = request.cookies[self.auth_cookie_name]

        try:
            username = self.signer.loads(cookie, salt=session_id)
            log.debug('Signature ID mismatch: %s', username)
        except BadSignature:
            return None

        return {'username': username}

    def authenticate(self, environ, identity):
        '''Fetch the user given its username in identity'''
        if 'username' in identity:
            user = User.by_name(identity['username'])
            if user is None:
                return None
            else:
                identity.update({'repoze.who.userid': user.name})
                return user.name
        return None

    def remember(self, environ, identity):
        '''Remember is YouCKAN SSO responsibility'''
        pass

    def forget(self, request, environ):
        '''Forget is YouCKAN SSO responsibility'''
        pass

    def needs_redirect(self, request):
        return self.use_https and self.marker_cookie_name in request.cookies and not request.scheme == 'https'
Exemplo n.º 59
0
def generate_confirmation_token(user):
    serializer = URLSafeTimedSerializer('my_precious')
    return serializer.dumps(user, salt='my_precious_two')
Exemplo n.º 60
0
from flask import Flask, url_for, request, render_template
from itsdangerous import URLSafeTimedSerializer, SignatureExpired
import smtplib
#import uuid

from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText

app = Flask(__name__)
app.config.from_pyfile('config.cfg')

s = URLSafeTimedSerializer('')


@app.route('/', methods=['GET', 'POST'])
def index():
    if request.method == 'GET':
        me = "*****@*****.**"
        you = "*****@*****.**"
        msg = MIMEMultipart()
        msg['Subject'] = "Alert from credit card"
        msg['From'] = me
        msg['To'] = you
        access = "Vijayawada"
        #access = input("Enter Location:")
        #token = uuid.uuid4().hex
        token = s.dumps('heelo', salt='email-confirm')
        #token1 = s.dumps('heelo',salt='email-reject')
        #print(token)
        link = url_for('confirm_email', token=token, _external=True)
        link1 = url_for('reject_email', token=token, _external=True)