def create_with_password(moderator: ModeratorModel, password: str):
"""
Create a moderator account. The password is given unhashed.
:param moderator: filled in moderator model
:param password: password to create moderator with
:raises ArgumentError if the username or password doesn't fit the requirements.
See {USERNAME,PASSWORD}_{MIN,MAX}_LENGTH and {USERNAME,PASSWORD}_ALLOWED_CHARS
:raises ArgumentError if the username is already in use. Username checking is done
case-insensitively
"""
if not validation.check_username_validity(moderator.username):
raise ArgumentError(MESSAGE_INVALID_USERNAME)
if not validation.check_password_validity(password):
raise ArgumentError(MESSAGE_INVALID_PASSWORD)
if find_by_username_case_insensitive(moderator.username) is not None:
raise ArgumentError(MESSAGE_USERNAME_IN_USE)
with session() as s:
orm_moderator = moderator.to_orm_model()
orm_moderator.password = _hash_password(password)
s.add(orm_moderator)
s.flush()
moderator = ModeratorModel.from_orm_model(orm_moderator)
s.commit()
return moderator
def _mod_auth_auth():
if not check_csrf_referer(request):
raise BadRequestError('Bad referer header')
verify_method()
username = request.form['username']
password = request.form['password']
if not validation.check_username_validity(
username) or not validation.check_password_validity(password):
raise BadRequestError('Invalid username or password')
else:
moderator = moderator_service.find_moderator_username(username)
if not moderator:
mod_log('log in with invalid username')
raise BadRequestError('Invalid username or password')
else:
try:
moderator_service.check_password(moderator, password)
set_mod_authed(moderator)
flash('Logged in')
mod_log('logged in')
except ArgumentError:
mod_log('log in with invalid password for username {}'.format(
moderator.username))
raise BadRequestError('Invalid username or password')
def _gather_manage_params() -> ManagePostDetails:
form = request.form
board_name = form.get('board', None)
if not validation.check_board_name_validity(board_name):
abort(400)
thread_refno = form.get('thread', type=int)
valid_id_range(thread_refno)
post_id = form.get('post_id', type=int)
if not post_id:
post_id = None
if post_id is not None:
valid_id_range(post_id)
password = form.get('password', None)
if not password:
password = None
if password and not validation.check_password_validity(password):
abort(400)
ip4 = get_request_ip4()
mod_id = None
if get_authed():
mod_id = request_moderator().id
mode_string = form.get('mode')
return ManagePostDetails(board_name, thread_refno, post_id, ip4, mod_id, mode_string, password)
def _mod_auth_auth():
if not check_csrf_referer(request):
raise BadRequestError('Bad referer header')
verify_method()
username = request.form['username']
password = request.form['password']
if not validation.check_username_validity(username) or not validation.check_password_validity(password):
raise BadRequestError('Invalid username or password')
else:
moderator = moderator_service.find_moderator_username(username)
if not moderator:
mod_log('log in with invalid username')
raise BadRequestError('Invalid username or password')
else:
try:
moderator_service.check_password(moderator, password)
set_mod_authed(moderator)
flash('Logged in')
mod_log('logged in')
except ArgumentError:
mod_log('log in with invalid password for username {}'.format(moderator.username))
raise BadRequestError('Invalid username or password')
def create_with_password(moderator: ModeratorModel, password: str):
"""
Create a moderator account. The password is given unhashed.
:param moderator: filled in moderator model
:param password: password to create moderator with
:raises ArgumentError if the username or password doesn't fit the requirements.
See {USERNAME,PASSWORD}_{MIN,MAX}_LENGTH and {USERNAME,PASSWORD}_ALLOWED_CHARS
:raises ArgumentError if the username is already in use. Username checking is done
case-insensitively
"""
if not validation.check_username_validity(moderator.username):
raise ArgumentError(MESSAGE_INVALID_USERNAME)
if not validation.check_password_validity(password):
raise ArgumentError(MESSAGE_INVALID_PASSWORD)
if find_by_username_case_insensitive(moderator.username) is not None:
raise ArgumentError(MESSAGE_USERNAME_IN_USE)
with session() as s:
orm_moderator = moderator.to_orm_model()
orm_moderator.password = _hash_password(password)
s.add(orm_moderator)
s.flush()
moderator = ModeratorModel.from_orm_model(orm_moderator)
s.commit()
return moderator
def check_password_match(moderator: ModeratorModel, password: str):
if not validation.check_password_validity(password):
raise ArgumentError(MESSAGE_INVALID_PASSWORD)
with session() as s:
moderator_orm_model = s.query(ModeratorOrmModel).filter_by(id=moderator.id).one()
moderator_hashed_password = moderator_orm_model.password
s.commit()
if not bcrypt.checkpw(password.encode(), moderator_hashed_password):
raise ArgumentError(MESSAGE_PASSWORD_INCORRECT)
def check_password_match(moderator: ModeratorModel, password: str):
if not validation.check_password_validity(password):
raise ArgumentError(MESSAGE_INVALID_PASSWORD)
with session() as s:
moderator_orm_model = s.query(ModeratorOrmModel).filter_by(
id=moderator.id).one()
moderator_hashed_password = moderator_orm_model.password
s.commit()
if not bcrypt.checkpw(password.encode(), moderator_hashed_password):
raise ArgumentError(MESSAGE_PASSWORD_INCORRECT)
def mod_moderator_password(moderator):
new_password = request.form['new_password']
if not validation.check_password_validity(new_password):
flash('Invalid password')
return redirect(url_for('.mod_moderator', moderator_id=moderator.id))
try:
moderator_service.set_password(moderator, new_password)
flash('Changed password')
mod_log('changed password for {}'.format(moderator.username))
except ArgumentError as e:
flash(e.message)
return redirect(url_for('.mod_moderator', moderator=moderator))
def update_password(moderator: ModeratorModel, password: str):
"""
Update a moderator password. The password is given unhashed.
:param moderator: moderator to change password on.
:param password: new password
:raises ArgumentError if the password doesn't fit the requirements.
See PASSWORD_{MIN,MAX}_LENGTH and PASSWORD_ALLOWED_CHARS
"""
if not validation.check_password_validity(password):
raise ArgumentError(MESSAGE_INVALID_PASSWORD)
with session() as s:
moderator_orm_model = s.query(ModeratorOrmModel).filter_by(id=moderator.id).one()
moderator_orm_model.password = _hash_password(password)
s.commit()
def update_password(moderator: ModeratorModel, password: str):
"""
Update a moderator password. The password is given unhashed.
:param moderator: moderator to change password on.
:param password: new password
:raises ArgumentError if the password doesn't fit the requirements.
See PASSWORD_{MIN,MAX}_LENGTH and PASSWORD_ALLOWED_CHARS
"""
if not validation.check_password_validity(password):
raise ArgumentError(MESSAGE_INVALID_PASSWORD)
with session() as s:
moderator_orm_model = s.query(ModeratorOrmModel).filter_by(
id=moderator.id).one()
moderator_orm_model.password = _hash_password(password)
s.commit()
def __call__(self, form, field):
if not validation.check_password_validity(field.data):
raise ValidationError('Password not valid')