def get_context_data(self, **kwargs):
# Only unlock the next page once they have entered the correct password.
key = PasswordsModule.scope("verification_password")
if self.request.session.get(key, "") == ALICE_PASSWORD:
context = super().get_context_data(**kwargs)
else:
page_index = self.kwargs["page_index"]
context = super().get_context_data(disabled_pages=[page_index + 1],
**kwargs)
key = PasswordsModule.scope("verification_password")
input_password = self.request.session.get(key, "")
input_hash = hashlib.md5(input_password.encode()).hexdigest()
key = PasswordsModule.scope("verification_email")
input_email = self.request.session.get(key, "")
context["actual_password"] = ALICE_PASSWORD
context["actual_email"] = ALICE_USERNAME
context["input_email"] = input_email
context["input_password"] = input_password
context["password_db"] = PASSWORD_DB
logged_in = False
if input_email in PASSWORD_DB_USERS:
idx = PASSWORD_DB_USERS.index(input_email)
logged_in = PASSWORD_DB[idx][2] == input_hash
context["logged_in"] = logged_in
return context
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
key = PasswordsModule.scope("salt_details_password")
input_password = self.request.session.get(key, "")
key = PasswordsModule.scope("salt_details_user")
input_user = self.request.session.get(key, "")
input_hash = ""
logged_in = False
if input_user in PASSWORD_DB_USERS:
idx = PASSWORD_DB_USERS.index(input_user)
salt = PASSWORD_DB[idx][3]
input_hash = hashlib.md5((salt + input_password).encode()).hexdigest()
logged_in = PASSWORD_DB[idx][4] == input_hash
context["input_user"] = input_user
context["input_password"] = input_password
context["input_hash"] = input_hash
context["password_db"] = PASSWORD_DB
context["password_db_users"] = PASSWORD_DB_USERS
context["logged_in"] = logged_in
return context
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
key = PasswordsModule.scope("details_password")
input_password = self.request.session.get(key, "")
key = PasswordsModule.scope("details_user")
input_user = self.request.session.get(key, "")
input_hash = hashlib.md5(input_password.encode()).hexdigest()
context["actual_user"] = ALICE_USERNAME
context["actual_password"] = ALICE_PASSWORD
context["actual_hash"] = ALICE_HASH
context["input_user"] = input_user
context["input_password"] = input_password
context["input_hash"] = input_hash
context["password_db"] = PASSWORD_DB
logged_in = False
if input_user in PASSWORD_DB_USERS:
idx = PASSWORD_DB_USERS.index(input_user)
logged_in = PASSWORD_DB[idx][2] == input_hash
context["logged_in"] = logged_in
return context
def form_valid(self, form):
self.request.session[PasswordsModule.scope("cracking_user")] = form.cleaned_data["choices"]
self.request.session[PasswordsModule.scope("cracking_attempts")] = (
self.request.session.get(PasswordsModule.scope("cracking_attempts"), 0) + 1
)
if "crack_guess_alpha" in self.request.POST:
self.request.session[PasswordsModule.scope("cracking_method")] = "crack_guess_alpha"
else:
self.request.session[PasswordsModule.scope("cracking_method")] = "crack_guess_common"
return super().form_valid(form)
def form_valid(self, form):
salt_rows_key = PasswordsModule.scope("salted_rows")
password = form.cleaned_data.get("password", "")
salt = form.cleaned_data.get("salt", "")
row = (
salt,
password,
hashlib.md5((salt + password).encode()).hexdigest(),
hashlib.md5(password.encode()).hexdigest(),
)
if salt_rows_key not in self.request.session:
self.request.session[salt_rows_key] = [row]
else:
# Avoid adding duplicate rows to the session. This can happen when a user types in a
# bunch of duplicates, *and* when the page is refreshed due to form resubmission.
unique_rows = {tuple(r) for r in self.request.session.get(salt_rows_key, [])}
unique_rows.add(row)
unique_rows = list(unique_rows)
unique_rows.sort(key=operator.itemgetter(1))
# TODO: Figure out if the same password is entered multiple times to highlight it in the table?
self.request.session[salt_rows_key] = unique_rows
return super().form_valid(form)
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context["password_db"] = INSECURE_DB
context["cracking_attempts"] = self.request.session.get(
PasswordsModule.scope("cracking_attempts"), 0
)
cracked = False
method = self.request.session.get(PasswordsModule.scope("cracking_method"), "")
context["cracking_method"] = method
user = self.request.session.get(PasswordsModule.scope("cracking_user"), "")
context["cracking_user"] = user
salt = ""
actual_hash = ""
idx = None
if user == DEE_USERNAME:
idx = 0
elif user == DUM_USERNAME:
idx = 1
if idx is not None:
salt = INSECURE_DB[idx][3]
actual_hash = INSECURE_DB[idx][4]
context["salt"] = salt
context["actual_hash"] = actual_hash
attempts = []
if method == "crack_guess_alpha":
for word in DICT_WORDS[:15]:
_hash = hashlib.md5((salt + word).encode()).hexdigest()
if _hash == actual_hash:
cracked = True
attempts.append((word, _hash))
else:
for word in COMMON_PASSWORDS[:15]:
_hash = hashlib.md5((salt + word).encode()).hexdigest()
if _hash == actual_hash:
cracked = True
attempts.append((word, _hash))
context["attempted_words"] = attempts
context["cracked"] = cracked
return context
def get_context_data(self, disabled_pages=[], **kwargs):
page_index = self.kwargs["page_index"]
page_count = self.kwargs["page_count"]
key = PasswordsModule.scope("progress")
if key not in self.request.session:
self.request.session[key] = page_index
self.request.session[key] = max(self.request.session[key], page_index)
disabled_pages = disabled_pages + list(
range(self.request.session[key] + 2, page_count))
return super().get_context_data(disabled_pages=disabled_pages,
**kwargs)
def get_context_data(self, **kwargs):
salt_rows_key = PasswordsModule.scope("salted_rows")
if len(self.request.session.get(salt_rows_key, [])) < 3:
page_index = self.kwargs["page_index"]
context = super().get_context_data(disabled_pages=[page_index + 1], **kwargs)
else:
context = super().get_context_data(**kwargs)
context["num_hashed"] = len(self.request.session.get(salt_rows_key, []))
context["salt_rows"] = self.request.session.get(salt_rows_key, [])
return context
def get_success_url(self):
return reverse(
PasswordsModule.scope("verification-details")) + "#login"
def form_valid(self, form):
self.request.session[PasswordsModule.scope(
"verification_email")] = form.cleaned_data["email"]
self.request.session[PasswordsModule.scope(
"verification_password")] = form.cleaned_data["password"]
return super().form_valid(form)
def get_success_url(self):
return reverse(PasswordsModule.scope("strength")) + "#entropy-calculator"
def get_success_url(self):
return reverse(PasswordsModule.scope("salt-motivation-2"))
def get_success_url(self):
return reverse(PasswordsModule.scope("salt-motivation-1")) + "#rainbow-table"
def get_success_url(self):
return reverse(PasswordsModule.scope("salt-details"))
def form_valid(self, form):
self.request.session[PasswordsModule.scope(
"details_user")] = form.cleaned_data["email"]
self.request.session[PasswordsModule.scope(
"details_password")] = form.cleaned_data["password"]
return super().form_valid(form)
def get_success_url(self):
return reverse(PasswordsModule.scope("salt")) + "#hash-generator"
def get_success_url(self):
return reverse(PasswordsModule.scope("cracking")) + "#guess-password"