Пример #1
0
def __get_token(request):
    if not 'email' in request:
        raise HTTPError("Missing email")

    try:
        token = get_token(request['email'])
        if token == None:
            raise HTTPError("No such recipient")
        send_token(request['email'], token)
        return ""
    except ValueError as err:
        raise HTTPError(err.args[0])
Пример #2
0
def __do_post():
    """do_post() handles POST-requests"""
    postdata = sys.stdin.read()
    try:
        postdata = json.loads(postdata)
    except json.JSONDecodeError:
        raise HTTPError("Input data not JSON-decoable")

    if 'action' in postdata and postdata['action'] == 'login':
        return __performlogin(postdata)
    if 'action' in postdata and postdata['action'] == 'authtoken':
        return __verify_token(postdata)

    raise HTTPError("Unhandled Request")
Пример #3
0
def __do_post():
    postdata = sys.stdin.read()
    try:
        postdata = json.loads(postdata)
    except json.JSONDecodeError:
        raise HTTPError("Malformed Request. Data not JSON-decodable")

    if 'action' in postdata and postdata['action'] == "request_token":
        return __get_token(postdata)

    if 'action' in postdata and postdata['action'] == 'reset_password':
        return __reset_password(postdata)

    raise HTTPError("Not Implemented", 500)
Пример #4
0
def claim_share_qr(authtoken):
    groupinfo = auth.verify_token(request, extra_data=True)
    if groupinfo is None:
        raise HTTPError("Bad Authtoken")
    newtoken = auth.create_authtoken(groupinfo["name"],
                                     generate_time=groupinfo["authtime"])
    return newtoken
Пример #5
0
def __do_post():
    postdata = sys.stdin.read()
    try:
        postdata = json.loads(postdata)
    except json.JSONDecodeError:
        raise HTTPError("Malformed POST data. Not JSON-decodable")

    if 'action' in postdata and postdata['action'] == "create":
        if not 'groupname' in postdata or\
                not 'password' in postdata or\
                not 'contact' in postdata:
            raise HTTPError("Missing required create parameters")

        return json.dumps(
            __create_group(postdata['groupname'], postdata['password'],
                           postdata['contact']))

    raise HTTPError("Unhandled POST action")
Пример #6
0
def login(groupname, password):
    """Tries to log in, returns a token if successful"""
    if not groupname or not password:
        raise HTTPError("Missing username or password")

    database = sqlite3.connect('database.sqlite3')
    result = database.execute(
        'SELECT salt, password FROM groups WHERE name = ?',
        (groupname, )).fetchone()

    if result is None:
        raise HTTPError("Group not found", 403)

    password_hash = hash_password(password, result[0])
    if password_hash == result[1]:
        token = create_authtoken(groupname)
        return token
    raise HTTPError("Incorrect groupname/password", 403)
Пример #7
0
def __reset_password(request):
    try:
        reset_password(request['email'], request['token'], request['password'])
        group = groups.find_group_by_email(request['email'])
        token = auth.login(group, request['password'])
        return json.dumps(token)

    except ValueError as err:
        raise HTTPError(err.args[0])
Пример #8
0
def send_magic_link(authtoken, recipient):
    """Sends a new authtoken to the supplied recipient"""
    if not (isinstance(authtoken, str) and isinstance(recipient, str)):
        raise TypeError("All authtoken and recipient must be strings")

    if resources.verify_email(recipient) is False:
        raise HTTPError("Bad Email Address")

    groupname = auth.verify_token(authtoken)
    if groupname is None:
        raise HTTPError("Bad authtoken", 401)

    newtoken = auth.create_authtoken(groupname)

    with open("templates/email_magic_link.txt", mode="r") as file_pointer:
        message = file_pointer.read()
    message = message % (groupname, newtoken)
    subject = "Skvaderhack Login for %s" % (groupname, )
    sender = "*****@*****.**"
    sendemail.send_email(recipient, subject, message, sender)
Пример #9
0
def __create_group(groupname, password, contact):
    try:
        create_group(groupname, password, contact)
        return auth.login(groupname, password)
    except ValueError as error:
        raise HTTPError(json.dumps(error.args))
Пример #10
0
def __submitkey(postdata):
    if not 'authtoken' in postdata or not 'key' in postdata:
        raise HTTPError("Missing Required Attributes")

    return submitkey(postdata['authtoken'], postdata['key'])
Пример #11
0
def __verify_token(request):
    group = verify_token(request['token'])
    if group is None:
        raise HTTPError("Invalid Authtoken", 401)
    RETURN_HEADERS.append('Stauts: 200')
    return json.dumps(group)
Пример #12
0
def __do_get():
    raise HTTPError("This script is not GET-able", 405)
Пример #13
0
def __do_get():
    raise HTTPError("This script is NOT GET-able", 403)