def browse_profile(username): page_name = 'search' user = utils.get_user_from_cookie(request) if username and utils.check_username(username): user_profile = utils.check_username(username) page_content = render_template("user_profile.html", message=None, user_profile=user_profile, user=user) return render_page(page_content, page_name) return redirect("/")
def message_compose(): user = utils.get_user_from_cookie(request) page_name = "messages" if request.method.lower() == 'post': message_to = request.form.get('message_to') or '' message_title = request.form.get('message_title') or '' message_contents = request.form.get('message_contents') or '' if not (message_to and message_title and message_contents): message = "Missing field" page_content = render_template('compose.html', user=user, message=message) return render_page(page_content, page_name, user=user) to_user = utils.check_username(message_to) if not to_user: message = "Invalid user" page_content = render_template('compose.html', user=user, message=message) return render_page(page_content, page_name, user=user) utils.create_message(to_user['user_id'], user['user_id'], message_title, message_contents) return redirect('/messages/view') page_content = render_template('compose.html', user=user) return render_page(page_content, page_name, user=user)
def show_registration(): user = utils.get_user_from_cookie(request) page_name = 'register' if request.method.lower() == 'get': page_content = render_template("register.html") return render_page(page_content, "register", user=user) if request.method.lower() == 'post': username = request.form.get("username") or "" password = request.form.get("password") or "" if not username or not password: page_content = render_template("register.html", message='Missing field') return render_page(page_content, page_name) if utils.check_username(username): page_content = render_template("register.html", message='That username is taken!') return render_page(page_content, page_name) seed = utils.generate_seed(username, request.remote_addr) totp_key = utils.get_totp_key(seed) utils.register_user(username, password, request.remote_addr) qr_url = 'http://api.qrserver.com/v1/create-qr-code/?data=otpauth://totp/%s?secret=%s&size=220x220&margin=0' % ( username, totp_key) page_content = render_template( "register.html", message= "Success! <a href='/login'>login here</a><br />TOTP Key: %s<br /><img src='%s' />" % (totp_key, qr_url)) return render_page(page_content, page_name)
def index(): # Use session cookie to store username for entire game duration if "username" in session: # User already picked a name, redirect them to the game return redirect("/riddles") with open("data/scores.json") as scores_file: # Load scores file to check username against and to render hiscores userscores = json.load(scores_file) if request.method == "GET": return render_template("index.html", hiscores=userscores) if request.method == "POST": # Homepage shows user form which sends POST request back to itself here username = request.form["username"] if not check_username(userscores, username): # Username was invalid return render_template( "index.html", username=username, error=True, hiscores=userscores) else: ''' Username was valid, add it to the json and then write file so nobody else can use it ''' userscores[username] = 0 with open("data/scores.json", "w") as write_file: json.dump(userscores, write_file) # Also store username in session cookie session["username"] = username return redirect("/riddles") # If neither GET or POST requests brought us here, I'll use this as fallback return render_template("index.html", hiscores=userscores)
def show_registration(): user = utils.get_user_from_cookie(request) page_name = 'register' if request.method.lower() == 'get': page_content = render_template("register.html") return render_page(page_content, "register", user=user) if request.method.lower() == 'post': username = request.form.get("username") or "" password = request.form.get("password") or "" if not username or not password : page_content = render_template("register.html", message='Missing field') return render_page(page_content, page_name) if utils.check_username(username): page_content = render_template("register.html", message='That username is taken!') return render_page(page_content, page_name) seed = utils.generate_seed(username, request.remote_addr) totp_key = utils.get_totp_key(seed) utils.register_user(username, password, request.remote_addr) qr_url = 'http://api.qrserver.com/v1/create-qr-code/?data=otpauth://totp/%s?secret=%s&size=220x220&margin=0'%(username, totp_key) page_content = render_template( "register.html", message="Success! <a href='/login'>login here</a><br />TOTP Key: %s<br /><img src='%s' />" % (totp_key, qr_url) ) return render_page(page_content, page_name)
def message_compose(): user = utils.get_user_from_cookie(request) page_name = 'messages' if request.method.lower() == "post": message_to = request.form.get("message_to") or "" message_title = request.form.get("message_title") or "" message_contents = request.form.get("message_contents") or "" if not (message_to and message_title and message_contents): message = 'Missing field' page_content = render_template("compose.html", user=user, message=message) return render_page(page_content, page_name, user=user) to_user = utils.check_username(message_to) if not to_user: message = 'Invalid user' page_content = render_template("compose.html", user=user, message=message) return render_page(page_content, page_name, user=user) utils.create_message(to_user["user_id"], user["user_id"], message_title, message_contents) return redirect("/messages/view") page_content = render_template("compose.html", user=user) return render_page(page_content, page_name, user=user)
def register(): if request.method == 'GET': return render_template('register.html') else: username = request.form.get('username') password = request.form.get('password') repeat_password = request.form.get('repeat_password') email = request.form.get('email') ip = request.remote_addr if username == '' or username.isspace(): return 'error1' elif email == '' or email.isspace(): return 'error2' elif password == '': return 'error3' elif repeat_password == '': return 'error4' elif password != repeat_password: return 'error5' elif not check_username(username): return 'error6' elif not check_mail(email): return 'error7' elif db_users.Users().register(username=username, password=password, email=email, last_ip=ip): session['username'] = username return 'success' else: return 'error8'
def show_registration(): user = utils.get_user_from_cookie(request) page_name = "register" if request.method.lower() == "get": page_content = render_template('register.html') return render_page(page_content, 'register', user=user) if request.method.lower() == "post": username = request.form.get('username') or '' password = request.form.get('password') or '' if not username or not password : page_content = render_template('register.html', message="Missing field") return render_page(page_content, page_name) if utils.check_username(username): page_content = render_template('register.html', message="That username is taken!") return render_page(page_content, page_name) seed = utils.generate_seed(username, request.remote_addr) totp_key = utils.get_totp_key(seed) utils.register_user(username, password, request.remote_addr) qr_url = "http://api.qrserver.com/v1/create-qr-code/?data=otpauth://totp/%s?secret=%s&size=220x220&margin=0"%(username, totp_key) page_content = render_template( 'register.html', message='Success! <a href="/login">login here</a><br />TOTP Key: %s<br /><img src="%s" />' % (totp_key, qr_url) ) return render_page(page_content, page_name)
def __call__(self, form, field): length = field.data and len(field.data) or 0 if length == 0: pass elif check_username(field.data): pass else: raise ValidationError(self.message)
def login(): if 'username' in session: return redirect(url_for('index')) username = request.form.get('username', None) if request.method == 'GET' or username is None: return render_template('login.html') if not check_username(username): return render_template('login.html', error='Logging in with specified username is highly prohibited!') session['username'] = username return redirect(url_for('index'))
def post(self): user_username = self.request.get("username") user_password = self.request.get("password") user_verify = self.request.get("verify") user_email = self.request.get("email") uname = user_username email = user_email uname_err = utils.check_username(user_username) pw_err="" vpw_err="" email_err="" Success= True if uname_err != "": Success= False if utils.check_password(user_password)==False: pw_err="That's not a valid password." Success= False if utils.verify_password(user_password, user_verify)==False: vpw_err="Your passwords didn't match." Success= False if len(email) != 0: if utils.check_email(user_email)==False: email_err="That's not a valid email." Success= False if Success: x = utils.make_pw_hash(uname, user_password) saltedPass = x.split("|")[0] salt = x.split("|")[1] if len(email) != 0: newUser = User(key_name = uname, username = uname, email=email, password = saltedPass, salt = salt) else: newUser = User(key_name = uname, username = uname, password = saltedPass, salt = salt) newUser.put() setUser = "******" + uname self.response.headers.add_header('Set-Cookie', setUser.encode()) self.redirect("/") else: self.render_signup(uname, email,uname_err, pw_err, vpw_err,email_err)
def show_login(): page_name = 'login' if request.method.lower() == 'get': page_content = render_template("login.html") return render_page(page_content, "login") username = request.form.get("username") or "" password = request.form.get("password") or "" verification_code = request.form.get("verification_code") or "" if not (username and password and verification_code): page_content = render_template("login.html", message='Missing field') return render_page(page_content, page_name) if not utils.auth_user(username, password): page_content = render_template("login.html", message='Invalid credentials') return render_page(page_content, page_name) user = utils.check_username(username) seed = utils.generate_seed(username, user["user_ip"]) totp_key = utils.get_totp_key(seed) totp = pyotp.TOTP(totp_key) if verification_code != totp.now(): page_content = render_template("login.html", message='Invalid verification code') return render_page(page_content, page_name) # user/pass/totp all valid by now session_cookie = utils.make_cookie(app.config["COOKIE_SECRET"], username, request.remote_addr) response = app.make_response(redirect("/")) response.set_cookie('session', session_cookie) return response page_content = render_template("login.html") return render_page(page_content, page_name)
def show_login(): page_name = "login" if request.method.lower() == "get": page_content = render_template('login.html') return render_page(page_content, 'login') username = request.form.get('username') or '' password = request.form.get('password') or '' verification_code = request.form.get('verification_code') or '' if not (username and password and verification_code): page_content = render_template('login.html', message="Missing field") return render_page(page_content, page_name) if not utils.auth_user(username, password): page_content = render_template('login.html', message="Invalid credentials") return render_page(page_content, page_name) user = utils.check_username(username) seed = utils.generate_seed(username, user['user_ip']) totp_key = utils.get_totp_key(seed) totp = pyotp.TOTP(totp_key) if verification_code != totp.now(): page_content = render_template('login.html', message="Invalid verification code") return render_page(page_content, page_name) # user/pass/totp all valid by now session_cookie = utils.make_cookie(app.config['COOKIE_SECRET'], username, request.remote_addr) response = app.make_response(redirect('/')) response.set_cookie("session", session_cookie) return response page_content = render_template('login.html') return render_page(page_content, page_name)
def test_username_taken(self): result = check_username(USERSCORES, "smithers") self.assertFalse(result, "Taken username was not marked as taken")
def test_username_empty(self): result = check_username(USERSCORES, "") self.assertFalse(result, "Empty username was not marked as empty")