def initialize(self):
self.xid = decode(encode(os.urandom(16), "hex"))
if not self.config.use_bots:
self.close()
else:
self.uuid = str(uuid4())
self.opcodes = {"interrogation_response": self.interrogation_response}
def get(self, *args, **kwargs):
""" Validates Email and renders login page """
if len(options.mail_host) > 0:
error = None
info = None
try:
user_uuid = decode(
urlsafe_b64decode(self.get_argument("u", "")))
token = sha256(urlsafe_b64decode(self.get_argument(
"t", ""))).hexdigest()
except:
user_uuid = urlsafe_b64decode(
encode(self.get_argument("u", "")))
token = sha256(
urlsafe_b64decode(encode(self.get_argument(
"t", "")))).hexdigest()
user = User.by_uuid(user_uuid)
if user:
if user.is_email_valid() is True:
pass
elif user.validate_email(token) is True:
info = [
"Successfully validated email for %s" % user.handle
]
user.locked = False
self.dbsession.add(user)
self.dbsession.commit()
self.event_manager.user_joined_team(user)
else:
error = ["Faield to validate email for %s" % user.handle]
elif len(user_uuid) > 0 and not user:
error = ["Invalid user for email validation"]
self.render("public/login.html", info=info, errors=error)
else:
self.redirect("public/404")
def get(self, *args, **kwargs):
""" Get the status of Git """
sp = subprocess.Popen(["git", "fetch"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
out, err = sp.communicate()
if err:
git = "RTB Updates: Git unable to connect to repository"
else:
sp = subprocess.Popen(
["git", "status", "-uno"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
out, err = sp.communicate()
out = decode(out)
if "Your branch is behind" in out and "modified:" in out:
git = "RTB Updates: Modified files (merge conflicts)"
elif "Your branch is" in out:
branch = out.split("\n")
for line in branch:
if "Your branch is" in line:
git = "RTB Updates: " + line
break
else:
git = out
if git is not None:
self.set_header("Content-Type", "text/plain;charset=utf-8")
self.set_header("Content-Length", len(git))
self.write(git)
self.finish()
def create_reset_message(self, user, token):
account = encode(user.uuid)
try:
account = decode(urlsafe_b64encode(account))
token = decode(urlsafe_b64encode(token))
except:
account = urlsafe_b64encode(account)
token = urlsafe_b64encode(token)
if options.ssl:
origin = options.origin.replace("ws://", "https://").replace(
"wss://", "https://"
)
else:
origin = options.origin.replace("ws://", "http://")
reset_url = "%s/reset/token?u=%s&p=%s" % (origin, account, token)
remote_ip = (
self.request.headers.get("X-Real-IP")
or self.request.headers.get("X-Forwarded-For")
or self.request.remote_ip
)
header = []
header.append("Subject: %s Password Reset" % options.game_name)
header.append("From: %s <%s>" % (options.game_name, options.mail_sender))
header.append("To: %s <%s>" % (user.name, user.email))
header.append("MIME-Version: 1.0")
header.append('Content-Type: text/html; charset="UTF-8"')
header.append("Content-Transfer-Encoding: BASE64")
header.append("")
f = open("templates/public/reset_email.html", "r")
template = (
f.read()
.replace("\n", "")
.replace("[Product Name]", options.game_name)
.replace("{{name}}", user.name)
.replace("{{action_url}}", reset_url)
.replace("{{remote_ip}}", remote_ip)
.replace("https://example.com", origin)
)
f.close()
try:
email_msg = "\n".join(header) + b64encode(template)
except:
email_msg = "\n".join(header) + decode(b64encode(encode(template)))
return email_msg
def edit_level_access(self):
""" Update game level access """
try:
level = GameLevel.by_uuid(self.get_argument("uuid", ""))
if level is None:
raise ValidationError("Game level does not exist")
else:
teams = []
lv_teams = level.teams
for team in lv_teams:
teams.append(team.uuid)
access = self.request.arguments.get("accessList", [])
available = self.request.arguments.get("availableList", [])
if not isinstance(access, list):
access = [access]
if not isinstance(available, list):
available = [available]
for team_uuid in access:
if decode(team_uuid) not in teams:
team = Team.by_uuid(team_uuid)
if team:
team.game_levels.append(level)
self.dbsession.add(team)
self.dbsession.commit()
for team_uuid in available:
if decode(team_uuid) in teams:
team = Team.by_uuid(team_uuid)
if team:
team.game_levels.remove(level)
self.dbsession.add(team)
self.dbsession.commit()
self.redirect("/admin/view/game_levels")
except ValueError:
raise ValidationError("That was not a number ...")
except ValidationError as error:
self.render("admin/view/game_levels.html", errors=[str(error)])
def get(self, *args, **kwargs):
""" Renders the Token Reset page """
if len(options.mail_host) > 0:
try:
user_uuid = decode(urlsafe_b64decode(self.get_argument("u", "")))
token = sha256(
urlsafe_b64decode(self.get_argument("p", ""))
).hexdigest()
except:
user_uuid = urlsafe_b64decode(encode(self.get_argument("u", "")))
token = sha256(
urlsafe_b64decode(encode(self.get_argument("p", "")))
).hexdigest()
self.render(
"public/reset.html", errors=None, info=None, token=token, uuid=user_uuid
)
else:
self.redirect("public/404")
def data(self):
with open(options.flag_attachment_dir + "/" + self.uuid, "rb") as fp:
return decode(fp.read(), "base64")
def data(self):
with open(options.source_code_market_dir + "/" + self.uuid,
"rb") as fp:
return decode(fp.read(), "base64")
def deserialize(datastring):
dump = json.loads(decode(datastring, "base64"))
dump["expires"] = datetime.strptime(dump["expires"],
"%Y-%m-%d %H:%M:%S.%f")
return dump
def data(self):
with open(options.share_dir + "/" + self.uuid, "rb") as fp:
return decode(fp.read(), "base64")
