Пример #1
0
def before_request() -> None:
    global config
    g.cache = Cache(app,
                    config={
                        'CACHE_TYPE': 'filesystem',
                        'CACHE_DIR': config['cache_dir'],
                    })
    if request.endpoint in ['jsx', 'static']:
        # This is just serving cached compiled frontends, skip loading from DB
        return

    g.config = config
    g.data = Data(config)
    g.sessionID = None
    g.userID = None
    try:
        aes = AESCipher(config['secret_key'])
        sessionID = aes.decrypt(request.cookies.get('SessionID'))
    except Exception:
        sessionID = None
    g.sessionID = sessionID
    if sessionID is not None:
        g.userID = g.data.local.user.from_session(sessionID)
    else:
        g.userID = None
Пример #2
0
def login() -> Response:
    username = request.form['username']
    password = request.form['password']

    userid = g.data.local.user.from_username(username)
    if userid is None:
        error('Unrecognized username or password!')
        return Response(
            render_template(
                'account/login.html', **{
                    'title': 'Log In',
                    'show_navigation': False,
                    'username': username
                }))

    if g.data.local.user.validate_password(userid, password):
        aes = AESCipher(g.config['secret_key'])
        sessionID = g.data.local.user.create_session(userid,
                                                     expiration=90 * 86400)
        response = make_response(redirect(url_for('home_pages.viewhome')))
        response.set_cookie('SessionID',
                            aes.encrypt(sessionID),
                            expires=datetime.datetime.now() +
                            datetime.timedelta(days=90))
        return response
    else:
        error('Unrecognized username or password!')
        return Response(
            render_template(
                'account/login.html', **{
                    'title': 'Log In',
                    'show_navigation': False,
                    'username': username
                }))
Пример #3
0
 def test_pad(self) -> None:
     aes = AESCipher('a wonderful key')
     self.assertEqual(aes._pad(''), '0.--------------')
     self.assertEqual(aes._unpad(aes._pad('')), '')
     self.assertEqual(aes._pad('1337'), '4.1337----------')
     self.assertEqual(aes._unpad(aes._pad('1337')), '1337')
     self.assertEqual(aes._pad('aaaaaaaaaaaaaaaa'),
                      '16.aaaaaaaaaaaaaaaa-------------')
     self.assertEqual(aes._unpad(aes._pad('aaaaaaaaaaaaaaaa')),
                      'aaaaaaaaaaaaaaaa')
     self.assertEqual(aes._pad('aaaaaaaaaaaaa'), '13.aaaaaaaaaaaaa')
     self.assertEqual(aes._unpad(aes._pad('aaaaaaaaaaaaa')),
                      'aaaaaaaaaaaaa')
Пример #4
0
 def test_crypto(self) -> None:
     aes = AESCipher('a wonderful key')
     ciphertext = aes.encrypt('testing')
     plaintext = aes.decrypt(ciphertext)
     self.assertEqual(plaintext, 'testing')
     self.assertNotEqual(ciphertext, plaintext)
Пример #5
0
def register() -> Response:
    card_number = request.form['card_number']
    pin = request.form['pin']
    username = request.form['username']
    email = request.form['email']
    password1 = request.form['password1']
    password2 = request.form['password2']

    # First, try to convert the card to a valid E004 ID
    try:
        cardid = CardCipher.decode(card_number)
    except CardCipherException:
        error('Invalid card number!')
        return register_display(card_number, username, email)

    # Now, see if this card ID exists already
    userid = g.data.local.user.from_cardid(cardid)
    if userid is None:
        error('This card has not been used on the network yet!')
        return register_display(card_number, username, email)

    # Now, make sure this user doesn't already have an account
    user = g.data.local.user.get_user(userid)
    if user.username is not None or user.email is not None:
        error('This card is already in use!')
        return register_display(card_number, username, email)

    # Now, see if the pin is correct
    if not g.data.local.user.validate_pin(userid, pin):
        error('The entered PIN does not match the PIN on the card!')
        return register_display(card_number, username, email)

    # Now, see if the username is valid
    if not valid_username(username):
        error('Invalid username!')
        return register_display(card_number, username, email)

    # Now, check whether the username is already in use
    if g.data.local.user.from_username(username) is not None:
        error('The chosen username is already in use!')
        return register_display(card_number, username, email)

    # Now, see if the email address is valid
    if not valid_email(email):
        error('Invalid email address!')
        return register_display(card_number, username, email)

    # Now, make sure that the passwords match
    if password1 != password2:
        error('Passwords do not match each other!')
        return register_display(card_number, username, email)

    # Now, make sure passwords are long enough
    if len(password1) < 6:
        error('Password is not long enough!')
        return register_display(card_number, username, email)

    # Now, create the account.
    user.username = username
    user.email = email
    g.data.local.user.put_user(user)
    g.data.local.user.update_password(userid, password1)

    # Now, log them into that created account!
    aes = AESCipher(g.config['secret_key'])
    sessionID = g.data.local.user.create_session(userid)
    success('Successfully registered account!')
    response = make_response(redirect(url_for('home_pages.viewhome')))
    response.set_cookie('SessionID', aes.encrypt(sessionID))
    return response