def wrongCred(index: int): auth.credentials = auth.buildCredentials(0, '', '', 0, 0) headers.jsonAPI(False) time.sleep(1) _mobile.elog('Credentials error - ' + str(index), 'auth') headers.errorResponse(translation.getValue('user_not_found'))
if extendType == 2: result['info']['serials'] = ','.join(ser_arr) result['info']['updates'] = ','.join(upd_arr) result['time'] = max_time result['count'] = count result['serial'] = serial return result # myown device will get all data that its owned def log(message: str, tag: str = ' info'): utils.log(message, tag, 'mobile') def elog(message: str, tag: str = 'error'): utils.log(message, tag, 'mobile') def sql_request(sql: str): db.sql_request(sql) def sql_request_ignore_error(sql: str): db.sql_request_ignore_error(sql) if not auth.isMobile: # check that this request from mobile application headers.jsonAPI(False) elog('Only from mobile uid:' + str(auth.user_id)) headers.errorResponse('Wrong type')
def badExit(index: int): auth.credentials = auth.buildCredentials(0, '', '', 0, 0) headers.jsonAPI(False) time.sleep(1) _mobile.elog('Request error - ' + str(index), 'reg') headers.errorResponse(translation.getValue('bad_request'))
#!/usr/local/bin/python3 # this script it's a small Hell. Live is hard... import inspect import os import sys currentdir = os.path.dirname( os.path.abspath(inspect.getfile(inspect.currentframe()))) sys.path.insert(0, os.path.dirname(os.path.dirname(currentdir))) from _common.api.auth import safeGETint from _common.api import headers from _common.api import auth from _common.api import db headers.jsonAPI() sync0 = safeGETint('sync0') sync1 = safeGETint('sync1') sync2 = safeGETint('sync2') sync3 = safeGETint('sync3') if sync0 == 1: sync0 = 0 else: sync0 = -1 if sync1 == 1: sync1 = 1 else: sync1 = -1 if sync2 == 1:
def wrongCred(): auth.credentials = auth.buildCredentials(0, '', '', 0, 0) headers.jsonAPI(False) time.sleep(1) headers.errorResponse('@str.user_not_found','@str.error', 404)
def badExit(index: int = 0): auth.credentials = auth.buildCredentials(0, '', '', 0, 0) headers.jsonAPI(False) time.sleep(1) headers.errorResponse( ' @str.bad_request', '@str.error',400)
'login'] + '" and state>0') usr = mydb.fetchone() if usr is None: wrongCred() if usr['fail_login_timestamp'] is None: usr['fail_login_timestamp'] = 0 if usr['fail_login_counter'] is None: usr['fail_login_counter'] = 0 timestamp_int = int(time.time() * 1000) if (abs(timestamp_int - int(usr['fail_login_timestamp'])) < 60 * 1000) and (int(usr['fail_login_counter']) > 5): auth.credentials = auth.buildCredentials(0, '', '', 0, 0) headers.jsonAPI(False) time.sleep(1) headers.errorResponse('@str.wait_1_min', '@str.attention', 403) timestamp_string = str(timestamp_int) if usr['password'] != jsonpost['password'] or int(usr['state']) < 1: mydb.execute( 'update users set fail_login_counter=(fail_login_counter+1),fail_login_timestamp=' + timestamp_string + ' where id=' + str( usr['id'])) wrongCred() # auth fail auth.user_id = int(usr['id']) # before! buildCredentials call if auth.isMobile: badExit() # using this form from mobile app APIs is not permitted else: mydb.execute('update users set fail_login_counter=0,fail_login_timestamp=0,lastlogin=' +