Пример #1
0
def wincredAdd():
    if 'logged_in' in session:
        if request.method == 'GET':
            return render_template('config-wincred-add.html')
        else:
            success = True
            errors = []

            user_password = request.form['user_password']
            user = dbsession.query(User).filter_by(id=session['user_id']).first()

            # Password incorrect
            if user is None or hashPassword(user_password) != user.password:
                success = False
                errors.append('Your password is incorrect')

            # Database altered
            if success:
                mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first()
                if not mk_cksum:
                    success = False
                    errors.append('Database is broken, please create a new one !')

            # MASTER_KEY altered
            if success:
                keyFromPassword = crypto.keyFromText(user_password, base64.b64decode(user.b64_kdf_salt))
                MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword)


                if checksum(MASTER_KEY) != mk_cksum.value:
                    errors.append('MASTER_KEY may have been altered')
                    del MASTER_KEY
                    success = False


            if success:

                account_password = request.form['password']
                encrypted_account_password = crypto.encrypt(account_password, MASTER_KEY)
                del MASTER_KEY

                # Encrypt Windows Credential's password
                wc = WindowsCredential(
                        domain = request.form['domain'],
                        login = request.form['login'],
                        encrypted_password = encrypted_account_password)

                dbsession.add(wc)
                dbsession.commit()

            if success:
                return redirect(app.jinja_env.globals['url_for']('config'))
            else:
                return render_template('config-wincred-add.html',
                                            errors = '\n'.join(errors),
                                            domain = request.form['domain'],
                                            login = request.form['login'],
                                            password = request.form['password'])
    else:
        return redirect(app.jinja_env.globals['url_for']('login'))
Пример #2
0
def wincredAdd():
    if 'logged_in' in session:
        if request.method == 'GET':
            return render_template('config-wincred-add.html')
        else:
            success = True
            errors = []

            user_password = request.form['user_password']
            user = dbsession.query(User).filter_by(id=session['user_id']).first()

            # Password incorrect
            if user is None or hashPassword(user_password) != user.password:
                success = False
                errors.append('Your password is incorrect')

            # Database altered
            if success:
                mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first()
                if not mk_cksum:
                    success = False
                    errors.append('Database is broken, please create a new one !')

            # MASTER_KEY altered
            if success:
                keyFromPassword = crypto.keyFromText(user_password)
                MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword)


                if checksum(MASTER_KEY) != mk_cksum.value:
                    errors.append('MASTER_KEY may have been altered')
                    del MASTER_KEY
                    success = False


            if success:

                account_password = request.form['password']
                encrypted_account_password = crypto.encrypt(account_password, MASTER_KEY)
                del MASTER_KEY

                # Encrypt Windows Credential's password
                wc = WindowsCredential(
                        domain = request.form['domain'],
                        login = request.form['login'],
                        encrypted_password = encrypted_account_password)

                dbsession.add(wc)
                dbsession.commit()

            if success:
                return redirect(url_for('config'))
            else:
                return render_template('config-wincred-add.html',
                                            errors = '\n'.join(errors),
                                            domain = request.form['domain'],
                                            login = request.form['login'],
                                            password = request.form['password'])
    else:
        return redirect(url_for('login'))
Пример #3
0
def update_grades_for_chat(chat_id, new_grades):
  payload = {
    'new_grades': crypto.encrypt(json.dumps(new_grades))
  }
  requests.put(
    '{}/chat/update_grades/{}'.format(API_URL, chat_id),
    data=json.dumps(payload),
    headers=HEADERS
  )
Пример #4
0
def update_schedule_for_chat(chat_id, new_schedule):
  payload = {
    'new_schedule': crypto.encrypt(json.dumps(new_schedule))
  }
  requests.put(
    '{}/chat/update_schedule/{}'.format(API_URL, chat_id),
    data=json.dumps(payload),
    headers=HEADERS
  )
Пример #5
0
def update_main_password(chat_id, new_password):
  payload = {
    'main_password': crypto.encrypt(new_password),
  }
  requests.post(
    '{}/chat/update_main_password/{}'.format(API_URL, chat_id),
    data=json.dumps(payload),
    headers=HEADERS
  )
Пример #6
0
def update_username(chat_id, new_username):
  payload = {
    'username': crypto.encrypt(new_username),
  }
  requests.post(
    '{}/chat/update_username/{}'.format(API_URL, chat_id),
    data=json.dumps(payload),
    headers=HEADERS
  )
Пример #7
0
def userAdd():
    if 'logged_in' in session:
        if request.method == 'GET':
            return render_template('user-add.html')
        else:
            success = True
            errors = []

            user_password = request.form['user_password']
            user = dbsession.query(User).filter_by(id=session['user_id']).first()

            # Checks current user password
            if user is None or hashPassword(user_password) != user.password:
                success = False
                errors.append('Your password is incorrect')

            # Someone has messed with the database
            if success:
                mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first()
                if not mk_cksum:
                    success = False
                    errors.append('Database is broken, please create a new one !')

            if success:
                keyFromPassword = crypto.keyFromText(user_password, base64.b64decode(user.b64_kdf_salt))
                MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword)

                # Someone changed the master key...
                if checksum(MASTER_KEY) != mk_cksum.value:
                    errors.append('MASTER_KEY may have been altered')
                    del MASTER_KEY
                    success = False

            # Now check the new user password...
            if success:
                password1, password2 = request.form['password'], request.form['password2']
                if password1 != password2:
                    success = False
                    errors.append('New user passwords do not match')

            # ... including complexity
            if success:
                if not verifyPassword(password1):
                    success = False
                    errors.append('Password is not complex enough (l > 12 and at least three character classes between lowercase, uppercase, numeric and special char)')

            # Encrypt the MASTER_KEY for the user
            if success:
                new_kdf_salt = crypto.randomBytes(crypto.SALT_LENGTH)
                keyFromPassword = crypto.keyFromText(password1, new_kdf_salt)
                emk = crypto.encrypt(MASTER_KEY, keyFromPassword)
                del MASTER_KEY # safer ?

                u = User(
                        username = request.form['username'],
                        password = hashPassword(password1),
                        email = request.form['email'],
                        active = True,
                        encrypted_master_key = emk,
                        b64_kdf_salt = base64.b64encode(new_kdf_salt))

            if len(request.form['username']) <= 0 or len(request.form['email']) <= 0:
                success = False
                errors.append('No empty fields allowed.')

            if success:
                dbsession.add(u)
                dbsession.commit()
                return redirect(app.jinja_env.globals['url_for']('users'))
            else:
                return render_template('user-add.html', username=request.form['username'], email=request.form['email'], errors='\n'.join(errors))
    else:
        return redirect(app.jinja_env.globals['url_for']('login'))
Пример #8
0
def userAdd():
    if 'logged_in' in session:
        if request.method == 'GET':
            return render_template('user-add.html')
        else:
            success = True
            errors = []

            user_password = request.form['user_password']
            user = dbsession.query(User).filter_by(id=session['user_id']).first()

            # Checks current user password
            if user is None or hashPassword(user_password) != user.password:
                success = False
                errors.append('Your password is incorrect')

            # Someone has messed with the database
            if success:
                mk_cksum = dbsession.query(GlobalConfig).filter_by(key = 'master_key_checksum').first()
                if not mk_cksum:
                    success = False
                    errors.append('Database is broken, please create a new one !')

            if success:
                keyFromPassword = crypto.keyFromText(user_password)
                MASTER_KEY = crypto.decrypt(user.encrypted_master_key, keyFromPassword)

                # Someone changed the master key...
                if checksum(MASTER_KEY) != mk_cksum.value:
                    errors.append('MASTER_KEY may have been altered')
                    del MASTER_KEY
                    success = False

            # Now check the new user password...
            if success:
                password1, password2 = request.form['password'], request.form['password2']
                if password1 != password2:
                    success = False
                    errors.append('New user passwords do not match')

            # ... including complexity
            if success:
                if not verifyPassword(password1):
                    success = False
                    errors.append('Password is not complex enough (l > 12 and at least three character classes between lowercase, uppercase, numeric and special char)')

            # Encrypt the MASTER_KEY for the user
            if success:
                keyFromPassword = crypto.keyFromText(password1)
                emk = crypto.encrypt(MASTER_KEY, keyFromPassword)
                del MASTER_KEY # safer ?

                u = User(
                        username = request.form['username'],
                        password = hashPassword(password1),
                        email = request.form['email'],
                        active = True,
                        encrypted_master_key = emk)

                dbsession.add(u)
                dbsession.commit()

            if success:
                return redirect(url_for('users'))
            else:
                return render_template('user-add.html', username=request.form['username'], email=request.form['email'], errors='\n'.join(errors))
    else:
        return redirect(url_for('login'))