def login(): if request.method == "POST": db = DbController() expire_date = datetime.datetime.now() expire_date = expire_date + datetime.timedelta(days=config.MAX_LIFE) username = request.form["username"] hashed_password = request.form["password"] hashed_password_1 = app.secret_key private_key = request.files["private_key"] private_key_data = private_key.stream.read() public_key_data = db.get_user_public_key(username) private_key = RSA.importKey(open('resources/private.pem', 'r').read()) public_key = RSA.importKey(open('resources/public.pem', 'r').read()) crypt = private_key.decrypt(hashed_password_1) decrypt = public_key.encrypt(crypt, None) if db.verify_user(username, hashed_password): cur_timestamp = datetime.datetime.now() cookie = hashlib.sha512(app.secret_key + username + hashed_password + str(cur_timestamp)).hexdigest() response = make_response(redirect("/home")) response.set_cookie("username", value=cookie, expires=expire_date) return response, json.dumps({'success' : True}) else : response = make_response(redirect("")) if not db.is_username_available(username): return response, json.dumps({'success' : False, 'error' : 'Unknown User'}) else: return response, json.dumps({'success' : False, 'error' : 'Incorrect Password'})
def login(): if request.method == "POST": db = DbController() expire_date = datetime.now() expire_date = expire_date + timedelta(days=0, seconds=config.MAX_LIFE) username = request.form["username"] hashed_password = request.form["password"] print username print hashed_password if db.verify_user(username, hashed_password): cur_timestamp = datetime.now() cur_timestamp = str(cur_timestamp) cookie = hashlib.sha512(app.secret_key + username + cur_timestamp).hexdigest() db.update_cookie(username, cookie, cur_timestamp) response = make_response(json.dumps({'success' : True, "cookie": cookie, 'time_stamp': cur_timestamp, 'expire_date': str(expire_date)}), status.HTTP_200_OK) cookie_data = {"username": username, "user_cookie": cookie, "time_stamp": cur_timestamp} response.set_cookie("cookie_data", value=json.dumps(cookie_data), expires=expire_date, max_age=config.MAX_LIFE) return response else : response = make_response(json.dumps({'success' : False, 'error' : 'Incorrect Password'}), status.HTTP_200_OK) return response
def login(): if request.method == "POST": db = DbController() expire_date = datetime.now() expire_date = expire_date + timedelta(days=0, seconds=config.MAX_LIFE) username = request.form["username"] encrypted_login_message = request.form["password"] encrypted_login_message = base64.b64decode(encrypted_login_message) if not db.is_username_available(username): response = make_response( json.dumps({ 'success': False, 'error': 'Unknown User' }), status.HTTP_200_OK) return response else: public_key = db.get_user_public_key(username) public_key = public_key.encode('ascii', 'ignore') public_key = RSA.importKey(public_key) encrypted_login_message = public_key.encrypt( encrypted_login_message, None) encrypted_login_message = encrypted_login_message[0] encrypted_login_message = json.loads(encrypted_login_message) encrypted_hashed_password_with_nonce = encrypted_login_message[ "encrypted_hashed_password"] nonce = encrypted_login_message["nonce"] if db.verify_nonce(nonce): response = make_response( json.dumps({ 'success': False, 'error': 'No Nonce Found. Try Again.' }), status.HTTP_200_OK) return response if db.verify_user(username, encrypted_hashed_password_with_nonce, nonce): cur_timestamp = datetime.now() cur_timestamp = str(cur_timestamp) cookie = hashlib.sha512(app.secret_key + username + cur_timestamp).hexdigest() db.update_cookie(username, cookie, cur_timestamp) response = make_response( json.dumps({ 'success': True, "cookie": cookie, 'time_stamp': cur_timestamp, 'expire_date': str(expire_date) }), status.HTTP_200_OK) random.seed(random.randint(1, sys.maxint)) nonce = random.randint(1, sys.maxint) while not db.verify_nonce(nonce): nonce = random.randint(1, sys.maxint) db.add_nonce(nonce) cookie_data = { "username": username, "user_cookie": cookie, "time_stamp": cur_timestamp } response.set_cookie("cookie_data", value=json.dumps(cookie_data), expires=expire_date, max_age=config.MAX_LIFE) response.set_cookie("nonce", value=str(nonce)) return response else: response = make_response( json.dumps({ 'success': False, 'error': 'Incorrect Password' }), status.HTTP_200_OK) return response