def create_user(self):
""" Add user to the database """
if User.by_handle(self.get_argument("handle", "")) is not None:
raise ValidationError("This handle is already registered")
if self.get_argument("pass1", "") != self.get_argument("pass2", ""):
raise ValidationError("Passwords do not match")
user = User()
user.handle = self.get_argument("handle", "")
user.password = self.get_argument("pass1", "")
user.bank_password = self.get_argument("bpass", "")
user.name = self.get_argument("playername", "")
user.email = self.get_argument("email", "")
team = self.get_team()
self.dbsession.add(user)
self.dbsession.add(team)
self.dbsession.commit()
# Avatar
avatar_select = self.get_argument("user_avatar_select", "")
if avatar_select and len(avatar_select) > 0:
user._avatar = avatar_select
elif hasattr(self.request, "files") and "avatar" in self.request.files:
user.avatar = self.request.files["avatar"][0]["body"]
team.members.append(user)
if not options.teams:
if avatar_select and len(avatar_select) > 0:
team._avatar = avatar_select
elif hasattr(self.request,
"files") and "avatar" in self.request.files:
team.avatar = self.request.files["avatar"][0]["body"]
self.dbsession.add(user)
self.dbsession.add(team)
self.dbsession.commit()
self.event_manager.user_joined_team(user)
return user
def post(self, *args, **kwargs):
''' Checks submitted username and password '''
user = User.by_handle(self.get_argument('account', ''))
password_attempt = self.get_argument('password', '')
if user is not None:
if user.validate_password(password_attempt):
if not user.locked:
if self.game_started(user):
self.successful_login(user)
if self.config.story_mode and user.logins == 1 and not user.has_permission(
ADMIN_PERMISSION):
self.redirect('/user/missions/firstlogin')
else:
self.redirect('/user')
else:
self.render('public/login.html',
errors=None,
info=["The game has not started yet"])
else:
self.render('public/login.html',
info=None,
errors=["Your account has been locked"])
else:
self.failed_login()
else:
if password_attempt is not None:
PBKDF2.crypt(password_attempt, "BurnTheHashTime")
self.failed_login()
def post(self, *args, **kwargs):
""" Checks submitted username and password """
user = User.by_handle(self.get_argument("account", ""))
password_attempt = self.get_argument("password", "")
if user is not None:
if user.validate_password(password_attempt):
if not user.locked:
self.successful_login(user)
if (self.config.story_mode and user.logins == 1
and not user.is_admin()):
self.redirect("/user/missions/firstlogin")
else:
self.redirect("/user")
else:
self.render(
"public/login.html",
info=None,
errors=["Your account has been locked"],
)
else:
self.failed_login()
else:
if password_attempt is not None:
PBKDF2.crypt(password_attempt, "BurnTheHashTime")
self.failed_login()
def form_validation(self):
if (bool(
re.match(r"^[a-zA-Z0-9_\-\.]{3,16}$",
self.get_argument("handle", ""))) is False):
raise ValidationError("Invalid handle format")
email = self.get_argument("email", None)
if options.require_email and (not email or not len(email) > 0):
raise ValidationError("Email address is required")
if (email and bool(
re.match(
r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$",
self.get_argument("email", ""),
)) is False):
raise ValidationError("Invalid email format")
if (self.get_argument("playername", None) and bool(
re.match(r"^[a-zA-Z0-9 ]{3,64}$",
self.get_argument("playername", ""))) is False):
raise ValidationError("Invalid playername format")
if (User.by_handle(self.get_argument("handle", ""),
case_sensitive=False) is not None):
raise ValidationError("This handle is already registered")
if (options.require_email and User.by_email(
self.get_argument("email", None)) is not None):
raise ValidationError("This email address is already registered")
if self.get_argument("pass1", "") != self.get_argument("pass2", ""):
raise ValidationError("Passwords do not match")
def create_user(self):
''' Add user to the database '''
if User.by_handle(self.get_argument('handle', '')) is not None:
raise ValidationError("This handle is already registered")
if self.get_argument('pass1', '') != self.get_argument('pass2', ''):
raise ValidationError("Passwords do not match")
user = User()
user.handle = self.get_argument('handle', '')
user.password = self.get_argument('pass1', '')
user.bank_password = self.get_argument('bpass', '')
user.name = self.get_argument('playername', '')
user.email = self.get_argument('email','')
team = self.get_team()
self.dbsession.add(user)
self.dbsession.add(team)
self.dbsession.commit()
# Avatar
avatar_select = self.get_argument('user_avatar_select', '')
if avatar_select and len(avatar_select) > 0:
user._avatar = avatar_select
elif hasattr(self.request, 'files') and 'avatar' in self.request.files:
user.avatar = self.request.files['avatar'][0]['body']
team.members.append(user)
if not options.teams:
if avatar_select and len(avatar_select) > 0:
team._avatar = avatar_select
elif hasattr(self.request, 'files') and 'avatar' in self.request.files:
team.avatar = self.request.files['avatar'][0]['body']
self.dbsession.add(user)
self.dbsession.add(team)
self.dbsession.commit()
self.event_manager.user_joined_team(user)
return user
def create_user(self):
''' Add user to the database '''
if User.by_handle(self.get_argument('handle', '')) is not None:
raise ValidationError("This hacker name is already registered")
if self.get_argument('pass1', '') != self.get_argument('pass2', ''):
raise ValidationError("Passwords do not match")
user = User()
user.handle = self.get_argument('handle', '')
user.password = self.get_argument('pass1', '')
user.bank_password = self.get_argument('bpass', '')
user._name = self.get_argument('playername', '')
team = self.get_team()
self.dbsession.add(user)
self.dbsession.add(team)
self.dbsession.commit()
# Avatar
avatar_select = self.get_argument('user_avatar_select', '')
if avatar_select and len(avatar_select) > 0:
user._avatar = avatar_select
elif hasattr(self.request, 'files') and 'avatar' in self.request.files:
user.avatar = self.request.files['avatar'][0]['body']
team.members.append(user)
if not options.teams:
if avatar_select and len(avatar_select) > 0:
team._avatar = avatar_select
elif hasattr(self.request, 'files') and 'avatar' in self.request.files:
team.avatar = self.request.files['avatar'][0]['body']
self.dbsession.add(user)
self.dbsession.add(team)
self.dbsession.commit()
self.event_manager.user_joined_team(user)
return user
def wrapper(self, *args, **kwargs):
if self.session is not None:
user = User.by_handle(self.session["handle"])
if user is not None and user.has_permission(permission):
return method(self, *args, **kwargs)
logging.warn("Attempted unauthorized access from %s to %s" %
(self.request.remote_ip, self.request.uri))
self.redirect(self.application.settings["forbidden_url"])
def wrapper(self, *args, **kwargs):
if self.session is not None:
user = User.by_handle(self.session['handle'])
if user is not None and user.has_permission(permission):
return method(self, *args, **kwargs)
logging.warn("Attempted unauthorized access from %s to %s" % (
self.request.remote_ip, self.request.uri,
))
self.redirect(self.application.settings['forbidden_url'])
def create_user():
user = User.by_handle("HacKer")
if user is None:
user = User()
user.handle = "HacKer"
user.password = "******"
user.bank_password = "******"
dbsession.add(user)
dbsession.commit()
return user
def get_current_user(self):
""" Get current user object from database """
if self.session is not None:
try:
return User.by_handle(self.session["handle"])
except KeyError:
logging.exception("Malformed session: %r" % self.session)
except:
logging.exception("Failed call to get_current_user()")
return None
def get_current_user(self):
""" Get current user object from database """
if self.session is not None:
try:
return User.by_handle(self.session["handle"])
except KeyError:
logging.exception("Malformed session: %r" % self.session)
except:
logging.exception("Failed call to get_current_user()")
return None
def create_user():
user = User.by_handle("HacKer")
if user is None:
user = User()
user.handle = "HacKer"
user.password = "******"
user.bank_password = "******"
dbsession.add(user)
dbsession.commit()
return user
def post(self, *args, **kwargs):
""" Checks submitted username and password """
user = User.by_handle(self.get_argument("account", ""))
password_attempt = self.get_argument("password", "")
if user is not None:
if user.validate_password(password_attempt):
self.valid_login(user)
else:
self.failed_login()
else:
if password_attempt is not None:
PBKDF2.crypt(password_attempt, "BurnTheHashTime")
self.failed_login()
def create_user(self, team):
''' Add user to the database '''
if User.by_handle(self.get_argument('handle', '')) is not None:
raise ValidationError("This hacker name is already registered")
if self.get_argument('pass1', '') != self.get_argument('pass2', ''):
raise ValidationError("Passwords do not match")
user = User()
user.handle = self.get_argument('handle', '')
user.password = self.get_argument('pass1', '')
user.bank_password = self.get_argument('bpass', '')
team.members.append(user)
self.dbsession.add(user)
self.dbsession.add(team)
self.dbsession.commit()
self.event_manager.user_joined_team(user)
return user
def create_user(self, team):
''' Add user to the database '''
if User.by_handle(self.get_argument('handle', '')) is not None:
raise ValidationError("This hacker name is already registered")
if self.get_argument('pass1', '') != self.get_argument('pass2', ''):
raise ValidationError("Passwords do not match")
user = User()
user.handle = self.get_argument('handle', '')
user.password = self.get_argument('pass1', '')
user.bank_password = self.get_argument('bpass', '')
team.members.append(user)
self.dbsession.add(user)
self.dbsession.add(team)
self.dbsession.commit()
self.event_manager.user_joined_team(user)
return user
def edit_user(self):
''' Update user objects in the database '''
try:
user = User.by_uuid(self.get_argument('uuid', ''))
if user is None:
raise ValidationError("User does not exist")
handle = self.get_argument('handle', '')
if user.handle != handle:
if User.by_handle(handle) is None:
logging.info("Updated user handle %s -> %s" % (
user.handle, handle
))
user.handle = handle
else:
raise ValidationError("Handle is already in use")
hash_algorithm = self.get_argument('hash_algorithm', '')
if hash_algorithm != user.algorithm:
if hash_algorithm in user.algorithms:
if 0 < len(self.get_argument('bank_password', '')):
logging.info("Updated %s's hashing algorithm %s -> %s" % (
user.handle, user.algorithm, hash_algorithm,
))
user.algorithm = hash_algorithm
else:
raise ValidationError(
"You must provide a new bank password when updating the hashing algorithm")
else:
raise ValidationError("Not a valid hash algorithm")
user.password = self.get_argument('password', '')
if len(self.get_argument('bank_password', '')):
user.bank_password = self.get_argument('bank_password', '')
team = Team.by_uuid(self.get_argument('team_uuid', ''))
if team is not None:
if user not in team.members:
logging.info("Updated %s's team %s -> %s" % (
user.handle, user.team_id, team.name
))
user.team_id = team.id
else:
raise ValidationError("Team does not exist in database")
self.dbsession.add(user)
self.dbsession.commit()
self.redirect('/admin/users')
except ValidationError as error:
self.render("admin/view/users.html",
errors=[str(error), ]
)
def transfer(self):
user = self.get_current_user()
source = Team.by_name(self.get_argument('source', ''))
destination = Team.by_name(self.get_argument('destination', ''))
try:
amount = int(self.get_argument('amount', 0))
except ValueError:
amount = 0
victim_user = User.by_handle(self.get_argument('user', None))
password = self.get_argument('password', '')
user = self.get_current_user()
# Validate what we got from the user
if source is None:
self.write({"error": "Source account does not exist"})
elif destination is None:
self.write({"error": "Destination account does not exist"})
elif victim_user is None or not victim_user in source.members:
self.write({"error": "User is not authorized for this account"})
elif victim_user in user.team.members:
self.write({"error": "You cannot steal from your own team"})
elif not 0 < amount <= source.money:
self.write({
"error":
"Invalid transfer amount; must be greater than 0 and less than $%d"
% source.money
})
elif destination == source:
self.write(
{"error": "Source and destination are the same account"})
elif victim_user.validate_bank_password(password):
logging.info("Transfer request from %s to %s for $%d by %s" %
(source.name, destination.name, amount, user.handle))
xfer = self.theft(victim_user, destination, amount, password)
self.write({
"success":
"Confirmed transfer to '%s' for $%d (after 15%s commission)" %
(
destination.name,
xfer,
'%',
)
})
else:
self.write({"error": "Incorrect password for account, try again"})
self.finish()
def post(self, *args, **kwargs):
''' Checks submitted username and password '''
user = User.by_handle(self.get_argument('account', ''))
password_attempt = self.get_argument('password', '')
if user is not None and user.validate_password(password_attempt):
if not user.locked:
if self.game_started(user):
self.successful_login(user)
if user.logins == 1 and not user.has_permission(ADMIN_PERMISSION):
self.redirect('/user/missions/firstlogin')
else:
self.redirect('/user')
else:
self.render('public/login.html', errors=["The game has not started yet"])
else:
self.render('public/login.html', errors=["Your account has been locked"])
else:
self.failed_login()
def transfer(self):
user = self.get_current_user()
source = Team.by_name(self.get_argument('source', ''))
destination = Team.by_name(self.get_argument('destination', ''))
try:
amount = int(self.get_argument('amount', 0))
except ValueError:
amount = 0
victim_user = User.by_handle(self.get_argument('user', None))
password = self.get_argument('password', '')
user = self.get_current_user()
# Validate what we got from the user
if source is None:
self.write({"error": "Source account does not exist"})
elif destination is None:
self.write({"error": "Destination account does not exist"})
elif victim_user is None or victim_user not in source.members:
self.write({"error": "User is not authorized for this account"})
elif victim_user in user.team.members:
self.write({"error": "You cannot steal from your own team"})
elif not 0 < amount <= source.money:
self.write({
"error":
"Invalid transfer amount; must be greater than 0 and less than $%d" % source.money
})
elif destination == source:
self.write({
"error": "Source and destination are the same account"
})
elif victim_user.validate_bank_password(password):
logging.info("Transfer request from %s to %s for $%d by %s" % (
source.name, destination.name, amount, user.handle
))
xfer = self.theft(victim_user, destination, amount, password)
self.write({
"success":
"Confirmed transfer to '%s' for $%d (15%s commission)" % (
destination.name, xfer, '%'
)
})
else:
self.write({"error": "Incorrect password for account, try again"})
self.finish()
def form_validation(self):
if (bool(
re.match(r"^[a-zA-Z0-9_\-\.]{3,16}$",
self.get_argument("handle", ""))) is False):
raise ValidationError("Invalid handle format")
if (self.get_argument("email", None) and bool(
re.match(
r"^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,3}$",
self.get_argument("email", ""),
)) is False):
raise ValidationError("Invalid email format")
if (self.get_argument("playername", None) and bool(
re.match(r"^[a-zA-Z0-9 ]{3,64}$",
self.get_argument("playername", ""))) is False):
raise ValidationError("Invalid email format")
if (User.by_handle(self.get_argument("handle", ""),
case_sensitive=False) is not None):
raise ValidationError("This handle is already registered")
if self.get_argument("pass1", "") != self.get_argument("pass2", ""):
raise ValidationError("Passwords do not match")
def post(self, *args, **kwargs):
''' Checks submitted username and password '''
user = User.by_handle(self.get_argument('account', ''))
password_attempt = self.get_argument('password', '')
if user is not None:
if user.validate_password(password_attempt):
if not user.locked:
self.successful_login(user)
if self.config.story_mode and user.logins == 1 and not user.is_admin():
self.redirect('/user/missions/firstlogin')
else:
self.redirect('/user')
else:
self.render('public/login.html',
info=None, errors=["Your account has been locked"])
else:
self.failed_login()
else:
if password_attempt is not None:
PBKDF2.crypt(password_attempt, "BurnTheHashTime")
self.failed_login()
def edit_user(self):
""" Update user objects in the database """
try:
user = User.by_uuid(self.get_argument("uuid", ""))
if user is None:
raise ValidationError("User does not exist")
handle = self.get_argument("handle", "")
if user.handle != handle:
if User.by_handle(handle) is None:
logging.info("Updated user handle %s -> %s" %
(user.handle, handle))
user.handle = handle
else:
raise ValidationError("Handle is already in use")
name = self.get_argument("name", "")
email = self.get_argument("email", "")
if user.name != name:
logging.info("Updated user Name %s -> %s" % (user.name, name))
user.name = name
if user.email != email:
logging.info("Updated user Email %s -> %s" %
(user.email, email))
user.email = email
if options.banking:
hash_algorithm = self.get_argument("hash_algorithm", "")
if hash_algorithm != user.algorithm:
if hash_algorithm in user.algorithms:
if 0 < len(self.get_argument("bank_password", "")):
logging.info(
"Updated %s's hashing algorithm %s -> %s" %
(user.handle, user.algorithm, hash_algorithm))
user.algorithm = hash_algorithm
else:
raise ValidationError(
"You must provide a new bank password when updating the hashing algorithm"
)
else:
raise ValidationError("Not a valid hash algorithm")
if len(self.get_argument("bank_password", "")):
user.bank_password = self.get_argument("bank_password", "")
password = self.get_argument("password", "")
if password and len(password) > 0:
user.password = password
if hasattr(self.request,
"files") and "avatarfile" in self.request.files:
user.avatar = self.request.files["avatarfile"][0]["body"]
else:
avatar = self.get_argument("avatar", user.avatar)
# allow for default without setting
user._avatar = avatar
team = Team.by_uuid(self.get_argument("team_uuid", ""))
if team is not None:
if user not in team.members:
logging.info("Updated %s's team %s -> %s" %
(user.handle, user.team_id, team.name))
user.team_id = team.id
elif options.teams:
raise ValidationError("Team does not exist in database")
self.dbsession.add(user)
admin = self.get_argument("admin", "false")
if admin == "true" and not user.is_admin():
permission = Permission()
permission.name = ADMIN_PERMISSION
permission.user_id = user.id
self.dbsession.add(permission)
elif admin == "false" and user.is_admin():
permissions = Permission.by_user_id(user.id)
for permission in permissions:
if permission.name == ADMIN_PERMISSION:
self.dbsession.delete(permission)
self.dbsession.commit()
self.redirect("/admin/users")
except ValidationError as error:
self.render("admin/view/users.html", errors=[str(error)])
def edit_user(self):
''' Update user objects in the database '''
try:
user = User.by_uuid(self.get_argument('uuid', ''))
if user is None:
raise ValidationError("User does not exist")
handle = self.get_argument('handle', '')
if user.handle != handle:
if User.by_handle(handle) is None:
logging.info("Updated user handle %s -> %s" % (
user.handle, handle
))
user.handle = handle
else:
raise ValidationError("Handle is already in use")
name = self.get_argument('name', '')
email = self.get_argument('email', '')
if user.name != name:
logging.info("Updated user Name %s -> %s" % (
user.name, name
))
user.name = name
if user.email != email:
logging.info("Updated user Email %s -> %s" % (
user.email, email
))
user.email = email
if options.banking:
hash_algorithm = self.get_argument('hash_algorithm', '')
if hash_algorithm != user.algorithm:
if hash_algorithm in user.algorithms:
if 0 < len(self.get_argument('bank_password', '')):
logging.info("Updated %s's hashing algorithm %s -> %s" % (
user.handle, user.algorithm, hash_algorithm,
))
user.algorithm = hash_algorithm
else:
raise ValidationError(
"You must provide a new bank password when updating the hashing algorithm")
else:
raise ValidationError("Not a valid hash algorithm")
if len(self.get_argument('bank_password', '')):
user.bank_password = self.get_argument('bank_password', '')
password = self.get_argument('password', '')
if password and len(password) > 0:
user.password = password
if hasattr(self.request, 'files') and 'avatarfile' in self.request.files:
user.avatar = self.request.files['avatarfile'][0]['body']
else:
avatar = self.get_argument('avatar', user.avatar)
#allow for default without setting
user._avatar = avatar
team = Team.by_uuid(self.get_argument('team_uuid', ''))
if team is not None:
if user not in team.members:
logging.info("Updated %s's team %s -> %s" % (
user.handle, user.team_id, team.name
))
user.team_id = team.id
elif options.teams:
raise ValidationError("Team does not exist in database")
self.dbsession.add(user)
admin = self.get_argument('admin', 'false')
if admin == 'true' and not user.is_admin():
permission = Permission()
permission.name = ADMIN_PERMISSION
permission.user_id = user.id
self.dbsession.add(permission)
elif admin == 'false' and user.is_admin():
permissions = Permission.by_user_id(user.id)
for permission in permissions:
if permission.name == ADMIN_PERMISSION:
self.dbsession.delete(permission)
self.dbsession.commit()
self.redirect('/admin/users')
except ValidationError as error:
self.render("admin/view/users.html",
errors=[str(error), ]
)
def edit_user(self):
''' Update user objects in the database '''
try:
user = User.by_uuid(self.get_argument('uuid', ''))
if user is None:
raise ValidationError("User does not exist")
handle = self.get_argument('handle', '')
if user.handle != handle:
if User.by_handle(handle) is None:
logging.info("Updated user handle %s -> %s" %
(user.handle, handle))
user.handle = handle
else:
raise ValidationError("Handle is already in use")
name = self.get_argument('name', '')
email = self.get_argument('email', '')
if user.name != name:
logging.info("Updated user Name %s -> %s" % (user.name, name))
user.name = name
if user.email != email:
logging.info("Updated user Email %s -> %s" %
(user.email, email))
user.email = email
if options.banking:
hash_algorithm = self.get_argument('hash_algorithm', '')
if hash_algorithm != user.algorithm:
if hash_algorithm in user.algorithms:
if 0 < len(self.get_argument('bank_password', '')):
logging.info(
"Updated %s's hashing algorithm %s -> %s" % (
user.handle,
user.algorithm,
hash_algorithm,
))
user.algorithm = hash_algorithm
else:
raise ValidationError(
"You must provide a new bank password when updating the hashing algorithm"
)
else:
raise ValidationError("Not a valid hash algorithm")
if len(self.get_argument('bank_password', '')):
user.bank_password = self.get_argument('bank_password', '')
password = self.get_argument('password', '')
if password and len(password) > 0:
user.password = password
if hasattr(self.request,
'files') and 'avatarfile' in self.request.files:
user.avatar = self.request.files['avatarfile'][0]['body']
else:
avatar = self.get_argument('avatar', user.avatar)
#allow for default without setting
user._avatar = avatar
team = Team.by_uuid(self.get_argument('team_uuid', ''))
if team is not None:
if user not in team.members:
logging.info("Updated %s's team %s -> %s" %
(user.handle, user.team_id, team.name))
user.team_id = team.id
elif options.teams:
raise ValidationError("Team does not exist in database")
self.dbsession.add(user)
self.dbsession.commit()
self.redirect('/admin/users')
except ValidationError as error:
self.render("admin/view/users.html", errors=[
str(error),
])
