def wincredAdd():
if 'logged_in' in session:
if request.method == 'GET':
return render_template('config-wincred-add.html')
else:
success = True
errors = []
user_password = request.form['user_password']
user = dbsession.query(User).filter_by(id=session['user_id']).first()
# Password incorrect
if user is None or hashPassword(user_password) != user.password:
success = False
errors.append('Your password is incorrect')
# Database altered
if success:
mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first()
if not mk_cksum:
success = False
errors.append('Database is broken, please create a new one !')
# MASTER_KEY altered
if success:
keyFromPassword = crypto.keyFromText(user_password, base64.b64decode(user.b64_kdf_salt))
MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword)
if checksum(MASTER_KEY) != mk_cksum.value:
errors.append('MASTER_KEY may have been altered')
del MASTER_KEY
success = False
if success:
account_password = request.form['password']
encrypted_account_password = crypto.encrypt(account_password, MASTER_KEY)
del MASTER_KEY
# Encrypt Windows Credential's password
wc = WindowsCredential(
domain = request.form['domain'],
login = request.form['login'],
encrypted_password = encrypted_account_password)
dbsession.add(wc)
dbsession.commit()
if success:
return redirect(app.jinja_env.globals['url_for']('config'))
else:
return render_template('config-wincred-add.html',
errors = '\n'.join(errors),
domain = request.form['domain'],
login = request.form['login'],
password = request.form['password'])
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def wincredAdd():
if 'logged_in' in session:
if request.method == 'GET':
return render_template('config-wincred-add.html')
else:
success = True
errors = []
user_password = request.form['user_password']
user = dbsession.query(User).filter_by(id=session['user_id']).first()
# Password incorrect
if user is None or hashPassword(user_password) != user.password:
success = False
errors.append('Your password is incorrect')
# Database altered
if success:
mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first()
if not mk_cksum:
success = False
errors.append('Database is broken, please create a new one !')
# MASTER_KEY altered
if success:
keyFromPassword = crypto.keyFromText(user_password)
MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword)
if checksum(MASTER_KEY) != mk_cksum.value:
errors.append('MASTER_KEY may have been altered')
del MASTER_KEY
success = False
if success:
account_password = request.form['password']
encrypted_account_password = crypto.encrypt(account_password, MASTER_KEY)
del MASTER_KEY
# Encrypt Windows Credential's password
wc = WindowsCredential(
domain = request.form['domain'],
login = request.form['login'],
encrypted_password = encrypted_account_password)
dbsession.add(wc)
dbsession.commit()
if success:
return redirect(url_for('config'))
else:
return render_template('config-wincred-add.html',
errors = '\n'.join(errors),
domain = request.form['domain'],
login = request.form['login'],
password = request.form['password'])
else:
return redirect(url_for('login'))
def update_grades_for_chat(chat_id, new_grades):
payload = {
'new_grades': crypto.encrypt(json.dumps(new_grades))
}
requests.put(
'{}/chat/update_grades/{}'.format(API_URL, chat_id),
data=json.dumps(payload),
headers=HEADERS
)
def update_schedule_for_chat(chat_id, new_schedule):
payload = {
'new_schedule': crypto.encrypt(json.dumps(new_schedule))
}
requests.put(
'{}/chat/update_schedule/{}'.format(API_URL, chat_id),
data=json.dumps(payload),
headers=HEADERS
)
def update_main_password(chat_id, new_password):
payload = {
'main_password': crypto.encrypt(new_password),
}
requests.post(
'{}/chat/update_main_password/{}'.format(API_URL, chat_id),
data=json.dumps(payload),
headers=HEADERS
)
def update_username(chat_id, new_username):
payload = {
'username': crypto.encrypt(new_username),
}
requests.post(
'{}/chat/update_username/{}'.format(API_URL, chat_id),
data=json.dumps(payload),
headers=HEADERS
)
def userAdd():
if 'logged_in' in session:
if request.method == 'GET':
return render_template('user-add.html')
else:
success = True
errors = []
user_password = request.form['user_password']
user = dbsession.query(User).filter_by(id=session['user_id']).first()
# Checks current user password
if user is None or hashPassword(user_password) != user.password:
success = False
errors.append('Your password is incorrect')
# Someone has messed with the database
if success:
mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first()
if not mk_cksum:
success = False
errors.append('Database is broken, please create a new one !')
if success:
keyFromPassword = crypto.keyFromText(user_password, base64.b64decode(user.b64_kdf_salt))
MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword)
# Someone changed the master key...
if checksum(MASTER_KEY) != mk_cksum.value:
errors.append('MASTER_KEY may have been altered')
del MASTER_KEY
success = False
# Now check the new user password...
if success:
password1, password2 = request.form['password'], request.form['password2']
if password1 != password2:
success = False
errors.append('New user passwords do not match')
# ... including complexity
if success:
if not verifyPassword(password1):
success = False
errors.append('Password is not complex enough (l > 12 and at least three character classes between lowercase, uppercase, numeric and special char)')
# Encrypt the MASTER_KEY for the user
if success:
new_kdf_salt = crypto.randomBytes(crypto.SALT_LENGTH)
keyFromPassword = crypto.keyFromText(password1, new_kdf_salt)
emk = crypto.encrypt(MASTER_KEY, keyFromPassword)
del MASTER_KEY # safer ?
u = User(
username = request.form['username'],
password = hashPassword(password1),
email = request.form['email'],
active = True,
encrypted_master_key = emk,
b64_kdf_salt = base64.b64encode(new_kdf_salt))
if len(request.form['username']) <= 0 or len(request.form['email']) <= 0:
success = False
errors.append('No empty fields allowed.')
if success:
dbsession.add(u)
dbsession.commit()
return redirect(app.jinja_env.globals['url_for']('users'))
else:
return render_template('user-add.html', username=request.form['username'], email=request.form['email'], errors='\n'.join(errors))
else:
return redirect(app.jinja_env.globals['url_for']('login'))
def userAdd():
if 'logged_in' in session:
if request.method == 'GET':
return render_template('user-add.html')
else:
success = True
errors = []
user_password = request.form['user_password']
user = dbsession.query(User).filter_by(id=session['user_id']).first()
# Checks current user password
if user is None or hashPassword(user_password) != user.password:
success = False
errors.append('Your password is incorrect')
# Someone has messed with the database
if success:
mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first()
if not mk_cksum:
success = False
errors.append('Database is broken, please create a new one !')
if success:
keyFromPassword = crypto.keyFromText(user_password)
MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword)
# Someone changed the master key...
if checksum(MASTER_KEY) != mk_cksum.value:
errors.append('MASTER_KEY may have been altered')
del MASTER_KEY
success = False
# Now check the new user password...
if success:
password1, password2 = request.form['password'], request.form['password2']
if password1 != password2:
success = False
errors.append('New user passwords do not match')
# ... including complexity
if success:
if not verifyPassword(password1):
success = False
errors.append('Password is not complex enough (l > 12 and at least three character classes between lowercase, uppercase, numeric and special char)')
# Encrypt the MASTER_KEY for the user
if success:
keyFromPassword = crypto.keyFromText(password1)
emk = crypto.encrypt(MASTER_KEY, keyFromPassword)
del MASTER_KEY # safer ?
u = User(
username = request.form['username'],
password = hashPassword(password1),
email = request.form['email'],
active = True,
encrypted_master_key = emk)
dbsession.add(u)
dbsession.commit()
if success:
return redirect(url_for('users'))
else:
return render_template('user-add.html', username=request.form['username'], email=request.form['email'], errors='\n'.join(errors))
else:
return redirect(url_for('login'))