def wincredAdd(): if 'logged_in' in session: if request.method == 'GET': return render_template('config-wincred-add.html') else: success = True errors = [] user_password = request.form['user_password'] user = dbsession.query(User).filter_by(id=session['user_id']).first() # Password incorrect if user is None or hashPassword(user_password) != user.password: success = False errors.append('Your password is incorrect') # Database altered if success: mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first() if not mk_cksum: success = False errors.append('Database is broken, please create a new one !') # MASTER_KEY altered if success: keyFromPassword = crypto.keyFromText(user_password, base64.b64decode(user.b64_kdf_salt)) MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword) if checksum(MASTER_KEY) != mk_cksum.value: errors.append('MASTER_KEY may have been altered') del MASTER_KEY success = False if success: account_password = request.form['password'] encrypted_account_password = crypto.encrypt(account_password, MASTER_KEY) del MASTER_KEY # Encrypt Windows Credential's password wc = WindowsCredential( domain = request.form['domain'], login = request.form['login'], encrypted_password = encrypted_account_password) dbsession.add(wc) dbsession.commit() if success: return redirect(app.jinja_env.globals['url_for']('config')) else: return render_template('config-wincred-add.html', errors = '\n'.join(errors), domain = request.form['domain'], login = request.form['login'], password = request.form['password']) else: return redirect(app.jinja_env.globals['url_for']('login'))
def wincredAdd(): if 'logged_in' in session: if request.method == 'GET': return render_template('config-wincred-add.html') else: success = True errors = [] user_password = request.form['user_password'] user = dbsession.query(User).filter_by(id=session['user_id']).first() # Password incorrect if user is None or hashPassword(user_password) != user.password: success = False errors.append('Your password is incorrect') # Database altered if success: mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first() if not mk_cksum: success = False errors.append('Database is broken, please create a new one !') # MASTER_KEY altered if success: keyFromPassword = crypto.keyFromText(user_password) MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword) if checksum(MASTER_KEY) != mk_cksum.value: errors.append('MASTER_KEY may have been altered') del MASTER_KEY success = False if success: account_password = request.form['password'] encrypted_account_password = crypto.encrypt(account_password, MASTER_KEY) del MASTER_KEY # Encrypt Windows Credential's password wc = WindowsCredential( domain = request.form['domain'], login = request.form['login'], encrypted_password = encrypted_account_password) dbsession.add(wc) dbsession.commit() if success: return redirect(url_for('config')) else: return render_template('config-wincred-add.html', errors = '\n'.join(errors), domain = request.form['domain'], login = request.form['login'], password = request.form['password']) else: return redirect(url_for('login'))
def update_grades_for_chat(chat_id, new_grades): payload = { 'new_grades': crypto.encrypt(json.dumps(new_grades)) } requests.put( '{}/chat/update_grades/{}'.format(API_URL, chat_id), data=json.dumps(payload), headers=HEADERS )
def update_schedule_for_chat(chat_id, new_schedule): payload = { 'new_schedule': crypto.encrypt(json.dumps(new_schedule)) } requests.put( '{}/chat/update_schedule/{}'.format(API_URL, chat_id), data=json.dumps(payload), headers=HEADERS )
def update_main_password(chat_id, new_password): payload = { 'main_password': crypto.encrypt(new_password), } requests.post( '{}/chat/update_main_password/{}'.format(API_URL, chat_id), data=json.dumps(payload), headers=HEADERS )
def update_username(chat_id, new_username): payload = { 'username': crypto.encrypt(new_username), } requests.post( '{}/chat/update_username/{}'.format(API_URL, chat_id), data=json.dumps(payload), headers=HEADERS )
def userAdd(): if 'logged_in' in session: if request.method == 'GET': return render_template('user-add.html') else: success = True errors = [] user_password = request.form['user_password'] user = dbsession.query(User).filter_by(id=session['user_id']).first() # Checks current user password if user is None or hashPassword(user_password) != user.password: success = False errors.append('Your password is incorrect') # Someone has messed with the database if success: mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first() if not mk_cksum: success = False errors.append('Database is broken, please create a new one !') if success: keyFromPassword = crypto.keyFromText(user_password, base64.b64decode(user.b64_kdf_salt)) MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword) # Someone changed the master key... if checksum(MASTER_KEY) != mk_cksum.value: errors.append('MASTER_KEY may have been altered') del MASTER_KEY success = False # Now check the new user password... if success: password1, password2 = request.form['password'], request.form['password2'] if password1 != password2: success = False errors.append('New user passwords do not match') # ... including complexity if success: if not verifyPassword(password1): success = False errors.append('Password is not complex enough (l > 12 and at least three character classes between lowercase, uppercase, numeric and special char)') # Encrypt the MASTER_KEY for the user if success: new_kdf_salt = crypto.randomBytes(crypto.SALT_LENGTH) keyFromPassword = crypto.keyFromText(password1, new_kdf_salt) emk = crypto.encrypt(MASTER_KEY, keyFromPassword) del MASTER_KEY # safer ? u = User( username = request.form['username'], password = hashPassword(password1), email = request.form['email'], active = True, encrypted_master_key = emk, b64_kdf_salt = base64.b64encode(new_kdf_salt)) if len(request.form['username']) <= 0 or len(request.form['email']) <= 0: success = False errors.append('No empty fields allowed.') if success: dbsession.add(u) dbsession.commit() return redirect(app.jinja_env.globals['url_for']('users')) else: return render_template('user-add.html', username=request.form['username'], email=request.form['email'], errors='\n'.join(errors)) else: return redirect(app.jinja_env.globals['url_for']('login'))
def userAdd(): if 'logged_in' in session: if request.method == 'GET': return render_template('user-add.html') else: success = True errors = [] user_password = request.form['user_password'] user = dbsession.query(User).filter_by(id=session['user_id']).first() # Checks current user password if user is None or hashPassword(user_password) != user.password: success = False errors.append('Your password is incorrect') # Someone has messed with the database if success: mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first() if not mk_cksum: success = False errors.append('Database is broken, please create a new one !') if success: keyFromPassword = crypto.keyFromText(user_password) MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword) # Someone changed the master key... if checksum(MASTER_KEY) != mk_cksum.value: errors.append('MASTER_KEY may have been altered') del MASTER_KEY success = False # Now check the new user password... if success: password1, password2 = request.form['password'], request.form['password2'] if password1 != password2: success = False errors.append('New user passwords do not match') # ... including complexity if success: if not verifyPassword(password1): success = False errors.append('Password is not complex enough (l > 12 and at least three character classes between lowercase, uppercase, numeric and special char)') # Encrypt the MASTER_KEY for the user if success: keyFromPassword = crypto.keyFromText(password1) emk = crypto.encrypt(MASTER_KEY, keyFromPassword) del MASTER_KEY # safer ? u = User( username = request.form['username'], password = hashPassword(password1), email = request.form['email'], active = True, encrypted_master_key = emk) dbsession.add(u) dbsession.commit() if success: return redirect(url_for('users')) else: return render_template('user-add.html', username=request.form['username'], email=request.form['email'], errors='\n'.join(errors)) else: return redirect(url_for('login'))