def del_user(config, u, p, remove_data):
try:
s = api.get_scoped_session(config.conf)
with s.begin():
user = api.user_get_by_username(s, u)
if not user:
sys.exit("Error: user does not exist!")
if not utils.checkpw(p, user.password):
sys.exit("Error: incorrect password!")
if remove_data:
printv(config, "Removing user's categories data ...")
api.category_delete_all(s, user, True)
printv(config, "Removing user's items data ...")
api.item_delete_all(s, user)
printv(config, "Removing user ...")
api.user_delete(s, user)
user = api.user_get_by_username(s, u)
if user:
print("Error: unable to delete user: '******'" % u)
else:
print("Successfully deleted user: '******'" % u)
except Exception as e:
sys.exit("Error: %s" % str(e))
def update_user(config, u, p, new_username, new_password):
if not (new_username or new_password):
sys.exit("Error: at least one of: [--new_username, --new_password]"
" options must be specified!")
try:
s = api.get_scoped_session(config.conf)
with s.begin():
user = api.user_get_by_username(s, u)
if not user:
sys.exit("Error: user does not exist!")
if not utils.checkpw(p, user.password):
sys.exit("Error: incorrect password!")
if new_username:
new_user = api.user_get_by_username(s, new_username)
if new_user:
sys.exit("Username: '******' already exists!" % new_username)
printv(config, "Updating user information")
if new_username:
user.username = new_username
if new_password:
user.password = utils.hashpw(new_password)
api.user_update(s, user)
print("Successfully updated user %s" % user.username)
except Exception as e:
sys.exit("Error: %s" % str(e))
def test_update_phrase(self):
config = opp_config.OppConfig(self.conf_filepath)
# Add user
utils.execute("opp-db --config_file %s add-user -uu -pp "
"--phrase=123456" % self.conf_filepath)
old = aescipher.AESCipher("123456")
new = aescipher.AESCipher("654321")
# Add category and item using old passphrase
session = api.get_scoped_session(config)
category = models.Category(name=old.encrypt("cat1"))
item = models.Item(name=old.encrypt("item1"),
url=old.encrypt("url1"),
account=old.encrypt("account1"),
username=old.encrypt("username1"),
password=old.encrypt("password1"),
blob=old.encrypt("blob1"))
with session.begin():
user = api.user_get_by_username(session, 'u')
category.user = user
item.user = user
api.category_create(session, [category])
api.item_create(session, [item])
# Update passphrase
utils.execute("opp-db --config_file %s update-phrase -uu -pp "
"--old_phrase=123456 --new_phrase=654321" %
self.conf_filepath)
# Check data using new passphrase
session = api.get_scoped_session(config)
with session.begin():
user = api.user_get_by_username(session, 'u')
category = api.category_getall(session, user)[0]
self.assertEqual(new.decrypt(category.name), "cat1")
item = api.item_getall(session, user)[0]
self.assertEqual(new.decrypt(item.name), "item1")
self.assertEqual(new.decrypt(item.url), "url1")
self.assertEqual(new.decrypt(item.account), "account1")
self.assertEqual(new.decrypt(item.username), "username1")
self.assertEqual(new.decrypt(item.password), "password1")
self.assertEqual(new.decrypt(item.blob), "blob1")
# Cleanup
utils.execute("opp-db --config_file %s del-user -uu -pp"
" --remove_data" % self.conf_filepath)
self._assert_user_does_not_exist('u')
def _do_put(self, phrase):
request_body = self.request.get_json()
# Check required username field
try:
username = request_body['username']
except KeyError:
return self.error("Missing username!")
if not username:
return self.error("Empty username!")
# Extract required password field
try:
password = request_body['password']
except KeyError:
return self.error("Missing password!")
if not password:
return self.error("Empty password!")
try:
user = api.user_get_by_username(username, session=self.session)
if user:
return self.error("User already exists!")
hashed = utils.hashpw(password)
user = models.User(username=username, password=hashed)
api.user_create(user, session=self.session)
return {'result': "success"}
except Exception:
return self.error("Unable to add new user the database!")
def _do_delete(self):
request_body = self.request.get_json()
# Extract required username field
try:
username = request_body['username']
except KeyError:
return self.error("Missing username!")
if not username:
return self.error("Empty username!")
# Extract required password field
try:
password = request_body['password']
except KeyError:
return self.error("Missing password!")
if not password:
return self.error("Empty password!")
try:
user = api.user_get_by_username(username, session=self.session)
if not user:
return self.error("User doesn't exist!")
if not utils.checkpw(password, user.password):
return self.error("Invalid password!")
api.user_delete_by_username(username, session=self.session)
return {'result': "success"}
except Exception:
return self.error("Unable to delete user from the database!")
def _do_put(self, phrase):
"""
Create a new user.
:param phrase: not used
:returns: success result
"""
payload_dicts = [{
'name': "username",
'is_list': False,
'required': True
}, {
'name': "password",
'is_list': False,
'required': True
}, {
'name': "phrase",
'is_list': False
}]
payload_objects = self._check_payload(payload_dicts)
u = self._validate(payload_objects[0], 'username')
p = self._validate(payload_objects[1], 'password')
phrase = self._validate(payload_objects[2], 'phrase')
if len(phrase) < 6:
raise bh.OppError("Passphrase must be at least 6 characters long!")
try:
cipher = aescipher.AESCipher(phrase)
ok = cipher.encrypt("OK")
user = api.user_get_by_username(self.session, u)
if user:
raise bh.OppError("User already exists!")
hashed = utils.hashpw(p)
user = models.User(username=u, password=hashed, phrase_check=ok)
api.user_create(self.session, user)
user = api.user_get_by_username(self.session, u)
if user:
return {'result': 'success'}
else:
raise bh.OppError("Unable to add user: '******'" % u)
except bh.OppError as e:
raise bh.OppError(e.error, e.desc, e.status, e.headers)
except Exception:
raise bh.OppError("Unable to add user: '******'" % u)
def login():
if request.method == 'POST':
user = api.user_get_by_username(request.form['username'])
if user and utils.checkpw(request.form['password'], user.password):
session['username'] = request.form['username']
return redirect(url_for('index'))
else:
return redirect(url_for('login'))
elif 'username' in session:
return redirect(url_for('index'))
return '''
def add_user(config, u, p, phrase):
if len(phrase) < 6:
sys.exit("Error: passphrase must be at least 6 characters long!")
try:
cipher = aescipher.AESCipher(phrase)
ok = cipher.encrypt("OK")
s = api.get_scoped_session(config.conf)
with s.begin():
user = api.user_get_by_username(s, u)
if user:
sys.exit("Error: user already exists!")
hashed = utils.hashpw(p)
user = models.User(username=u, password=hashed, phrase_check=ok)
api.user_create(s, user)
user = api.user_get_by_username(s, u)
if user:
print("Successfully added new user: '******'" % u)
else:
print("Error: unable to add user: '******'" % u)
except Exception as e:
sys.exit("Error: %s" % str(e))
def _do_delete(self):
"""
Delete a user.
:returns: success result
"""
payload_dicts = [{
'name': "username",
'is_list': False,
'required': True
}, {
'name': "password",
'is_list': False,
'required': True
}]
payload_objects = self._check_payload(payload_dicts)
u = self._validate(payload_objects[0], 'username')
p = self._validate(payload_objects[1], 'password')
try:
user = api.user_get_by_username(self.session, u)
if not user:
raise bh.OppError("User does not exist!")
if not utils.checkpw(p, user.password):
raise bh.OppError("Incorrect password supplied!")
api.category_delete_all(self.session, user, True)
api.item_delete_all(self.session, user)
api.user_delete(self.session, user)
user = api.user_get_by_username(self.session, u)
if user:
bh.OppError("Unable to delete user: '******'" % u)
else:
return {'result': 'success'}
except bh.OppError as e:
raise bh.OppError(e.error, e.desc, e.status, e.headers)
except Exception:
raise bh.OppError("Unable to delate user: '******'" % u)
def test_categories_access_by_user(self):
# Verify category list empty initially, add a category and some items
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(categories, [])
category = models.Category(name="name", user=self.u)
api.category_create(self.s, [category])
items = [
models.Item(blob="item1", category_id=1, user=self.u),
models.Item(blob="item2", category_id=1, user=self.u)
]
api.item_create(self.s, items)
# Retrieve and verify inserted category
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(len(categories), 1)
self.assertEqual(categories[0].name, "name")
self.assertEqual(len(categories[0].items), 2)
# Add another user and retrieve it
utils.execute("opp-db --config_file %s add-user -uu2 -pp "
"--phrase=123456" % self.conf_filepath)
new_u = api.user_get_by_username(self.s, "u2")
self.assertEqual(new_u.username, "u2")
# Attempt to retrieve categories with new user
with self.s.begin():
new_categories = api.category_getall(self.s, new_u)
self.assertEqual(len(new_categories), 0)
# Clean up
with self.s.begin():
api.category_delete(self.s, categories, True)
# Verify clean up successful
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(len(categories), 0)
def test_items_access_by_user(self):
# Verify item list empty initially and add some items
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(items, [])
items = [
models.Item(blob="item1", user=self.u),
models.Item(blob="item2", user=self.u)
]
api.item_create(self.s, items)
# Retrieve and verify inserted items
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 2)
self.assertEqual(items[0].blob, "item1")
self.assertEqual(items[1].blob, "item2")
# Add another user and retrieve it
utils.execute("opp-db --config_file %s add-user -uu2 -pp "
"--phrase=123456" % self.conf_filepath)
new_u = api.user_get_by_username(self.s, "u2")
self.assertEqual(new_u.username, "u2")
# Attempt to retrieve items with new user
with self.s.begin():
new_items = api.item_getall(self.s, new_u)
self.assertEqual(len(new_items), 0)
# Clean up
with self.s.begin():
items = api.item_getall(self.s, self.u)
api.item_delete(self.s, items)
# Verify clean up successful
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 0)
def _do_post(self, phrase):
request_body = self.request.get_json()
# Extract required username field
try:
username = request_body['username']
except KeyError:
return self.error("Missing username!")
if not username:
return self.error("Empty username!")
# Extract required old password field
try:
old_password = request_body['current_password']
except KeyError:
return self.error("Missing current password!")
if not old_password:
return self.error("Empty current password!")
# Extract required new password field
try:
new_password = request_body['new_password']
except KeyError:
return self.error("Missing new password!")
if not new_password:
return self.error("Empty new password!")
try:
user = api.user_get_by_username(username, session=self.session)
if not user:
return self.error("User doesn't exist!")
if not utils.checkpw(old_password, user.password):
return self.error("Invalid password!")
user.password = utils.hashpw(new_password)
api.user_update(user, session=self.session)
return {'result': "success"}
except Exception:
return self.error("Unable to update user in the database!")
def test_users_basic(self):
# Insert and retrieve an user
user = models.User(username="******", password="******")
api.user_create(user, session=self.session)
user = api.user_get_by_username(user.username, session=self.session)
self.assertIsNotNone(user)
self.assertEqual(user.username, "user")
self.assertEqual(user.password, "pass")
# Update and check the user
user.username = "******"
user.password = "******"
api.user_update(user, session=self.session)
new_user = api.user_get_by_id(user.id, session=self.session)
self.assertIsNotNone(new_user)
self.assertEqual(new_user.username, user.username)
self.assertEqual(new_user.password, user.password)
self.assertEqual(new_user.id, user.id)
# Clean up and verify
api.user_delete_by_username(user.username, session=self.session)
user = api.user_get_by_id(user.id, session=self.session)
self.assertIsNone(user)
def update_phrase(config, u, p, old_phrase, new_phrase):
if len(new_phrase) < 6:
sys.exit("Error: passphrase must be at least 6 characters long!")
try:
old_cipher = aescipher.AESCipher(old_phrase)
new_cipher = aescipher.AESCipher(new_phrase)
s = api.get_scoped_session(config.conf)
with s.begin():
user = api.user_get_by_username(s, u)
if not user:
sys.exit("Error: user does not exist!")
if not utils.checkpw(p, user.password):
sys.exit("Error: incorrect password!")
try:
if old_cipher.decrypt(user.phrase_check) != "OK":
sys.exit("Error: incorrect old passphrase supplied!")
except UnicodeDecodeError:
sys.exit("Error: incorrect old passphrase supplied!")
printv(config, "Updating user information")
user.phrase_check = new_cipher.encrypt("OK")
api.user_update(s, user)
printv(config, "Updating user's categories")
categories = api.category_getall(s, user)
for category in categories:
category.recrypt(old_cipher, new_cipher)
api.category_update(s, categories)
printv(config, "Updating user's items")
items = api.item_getall(s, user)
for item in items:
item.recrypt(old_cipher, new_cipher)
api.item_update(s, items)
print("All of user's data has been successfuly "
"re-encrypted with the new passphrase.")
except Exception as e:
sys.exit("Error: %s" % str(e))
def _do_post(self, phrase):
"""
Update a user.
:param phrase: not used
:returns: success result
"""
payload_dicts = [{
'name': "username",
'is_list': False,
'required': True
}, {
'name': "password",
'is_list': False,
'required': True
}, {
'name': "new_username",
'is_list': False,
'required': False
}, {
'name': "new_password",
'is_list': False,
'required': False
}]
payload_objects = self._check_payload(payload_dicts)
u = self._validate(payload_objects[0], 'username')
p = self._validate(payload_objects[1], 'password')
new_u = payload_objects[2].strip()
new_p = payload_objects[3].strip()
if not (new_u or new_p):
raise bh.OppError("at least one of: "
"[--new_username, --new_password] is required!")
try:
user = api.user_get_by_username(self.session, u)
if not user:
raise bh.OppError("User does not exist!")
if not utils.checkpw(p, user.password):
raise bh.OppError("Incorrect password supplied!")
if new_u:
new_user = api.user_get_by_username(self.session, new_u)
if new_user:
raise bh.OppError("Username: '******' already exists!" % new_u)
if new_u:
user.username = new_u
if new_p:
user.password = utils.hashpw(new_p)
api.user_update(self.session, user)
user = api.user_get_by_username(self.session, user.username)
if user:
return {'result': 'success'}
else:
raise bh.OppError("Unable to add user: '******'" % u)
except bh.OppError as e:
raise bh.OppError(e.error, e.desc, e.status, e.headers)
except Exception:
raise bh.OppError("Unable to update user: '******'" % u)
def authenticate(username, password):
user = api.user_get_by_username(username)
if user and utils.checkpw(password, user.password):
return user
return None
def setUp(self):
conf = opp_config.OppConfig(self.conf_filepath)
self.s = api.get_scoped_session(conf)
self.u = api.user_get_by_username(self.s, "u")
