def insert_password():
data = json.loads(
rsa.decrypt(
request.data,
rsa.PrivateKey.load_pkcs1(
app.config['SECRET_KEY'].encode())).decode())
ch = check_input(data, ['key', 'name_place', 'login', 'password'],
current_user)
if ch['status']:
return ch["massage"], ch['num_error']
passes = current_user.passes \
.filter_by(name_place=data['name_place']) \
.filter_by(login=data['login']).first()
if passes is not None:
return {'status': 'Error', 'massage': 'Already exists'}, 422
password = Password(name_place=data['name_place'],
login=data['login'],
password=data['password'],
key=data['key'],
author=current_user)
if 'tag' in data and data['tag'] is '':
password.tag = data['tag']
db.session.add(password)
db.session.commit()
return {'status': 'Success'}
def add_password():
title = 'Add Password'
encryption_key = session['encryption_key']
form = NewPasswordForm()
if form.validate_on_submit():
name = form.name.data
site = form.site.data
if not name and site:
name = site
elif not name and not site:
name = '(unnamed)'
username = form.username.data
password = form.password.data
user = current_user
entry = Password(name=name,
site=site,
username=username,
password=password,
user=user)
entry = encrypt_password(encryption_key, entry)
db.session.add(entry)
db.session.commit()
flash('Password has been saved.', 'success')
return redirect(url_for('user_data.access_passwords'))
return render_template('user_data/passwords/edit_password.html',
title=title,
form=form)
async def update_identity(uuid: UUID, body: schemas.IdentityUpdate):
identity = await Identity.get(uuid=uuid
).prefetch_related("roles__permissions")
if body.is_active is not None:
identity.is_active = body.is_active
if body.credentials is not None:
old_ids = set(await identity.credentials.all().values_list("id",
flat=True))
new_ids = set()
for identifier_pair in body.credentials:
c, _ = await Credential.get_or_create(
identifier=identifier_pair.identifier,
identifier_type=identifier_pair.identifier_type,
identity=identity,
)
if identifier_pair.password:
pwd = await c.passwords.all().first()
if not pwd:
pwd = Password.from_raw(c, identifier_pair.password)
pwd.set_password(identifier_pair.password)
await pwd.save()
new_ids.add(c.id)
await Credential.filter(id__in=(old_ids - new_ids)).delete()
if body.roles is not None:
old_roles = set(await identity.roles.all())
new_roles = set(await
Role.filter(code__in=[r.code
for r in body.roles]).all())
await identity.roles.remove(*(old_roles - new_roles))
await identity.roles.add(*(new_roles - old_roles))
await identity.save()
return await schemas.IdentityDetail.from_object(identity)
async def test_pwd():
pwd = Password.from_raw(None, "1234", permanent=True)
assert not pwd.is_expired
pwd.expires_at = datetime.utcnow() - timedelta(days=1)
assert pwd.is_expired
assert pwd.validate_password("1234")
assert not pwd.validate_password("12345")
def add_password():
hash_password = bcrypt.generate_password_hash(request.form['password']).decode('utf-8')
new_password = Password(allies=request.form['allies'].lower(), fake_password=hash_password,\
original_password=request.form['password'], author=current_user)
db.session.add(new_password)
db.session.commit()
return jsonify({'returns':'success'})
def import_encrypted_user_data(data, master_key):
data = json.loads(data)
encryption_key = get_key(master_key)
passwords = []
for entry_id in data['passwords']:
entry = data['passwords'][entry_id]
entry['name'] = entry['name']
entry['site'] = entry['site']
entry['username'] = entry['username']
entry['password'] = entry['password']
passwords.append(
Password(name=entry['name'],
site=entry['site'],
username=entry['username'],
password=entry['password']))
secure_notes = []
for entry_id in data['secure_notes']:
entry = data['secure_notes'][entry_id]
entry['name'] = entry['name']
entry['content'] = entry['content']
secure_notes.append(
SecureNote(name=entry['name'], content=entry['content']))
credit_cards = []
for entry_id in data['credit_cards']:
entry = data['credit_cards'][entry_id]
entry['name'] = entry['name']
entry['number'] = entry['number']
entry['expiration_date'] = entry['expiration_date']
entry['cvv'] = entry['cvv']
entry['cardholder_name'] = entry['cardholder_name']
credit_cards.append(
CreditCard(name=entry['name'],
number=entry['number'],
expiration_date=entry['expiration_date'],
cvv=entry['cvv'],
cardholder_name=entry['cardholder_name']))
decrypted_passwords = []
for entry in passwords:
entry = decrypt_password(encryption_key, entry)
decrypted_passwords.append(entry)
decrypted_secure_notes = []
for entry in secure_notes:
entry = decrypt_secure_note(encryption_key, entry)
decrypted_secure_notes.append(entry)
decrypted_credit_cards = []
for entry in credit_cards:
entry = decrypt_credit_card(encryption_key, entry)
decrypted_credit_cards.append(entry)
return decrypted_passwords, decrypted_secure_notes, decrypted_credit_cards
def fake_probes():
Domain(name='example', chunk_size=256).save()
with open('dict/top-usernames-shortlist.txt') as file:
for line in file:
Username(username=line.rstrip()).save()
with open('dict/10-million-password-list-top-100.txt') as file:
for line in file:
Password(password=line.rstrip()).save()
def addpassword():
form = AddpasswordForm()
if form.validate_on_submit():
password = Password(password_attribute=form.password_attribute.data,
password_account=form.password_account.data,
password_body=form.password_body.data,
user_id=current_user.id)
db.session.add(password)
db.session.commit()
flash('添加密码成功')
return redirect(url_for('passwordbook'))
return render_template('addpassword.html', title='添加新的密码', form=form)
async def create_identity(body: schemas.IdentityCreate):
roles = await Role.filter(code__in=body.role_codes).all()
if not len(roles) == len(body.role_codes):
diff = set(body.role_codes) - {r.name for r in roles}
raise EvaException(message=f"specified roles {diff} not found")
new_identity = Identity(is_active=body.is_active)
await new_identity.save()
await new_identity.roles.add(*roles)
credentials = []
for identifier_pair in body.credentials:
c = Credential(
identifier=identifier_pair.identifier,
identifier_type=identifier_pair.identifier_type,
identity=new_identity,
)
await c.save()
pwd = Password.from_raw(c, identifier_pair.password)
await pwd.save()
credentials.append(c)
await new_identity.fetch_related("roles__permissions")
return await schemas.IdentityDetail.from_object(new_identity)
def insert():
data = json.loads(request.data.decode())
user = User.query.filter_by(token=data['token']).first()
if check_token(user):
return {"status": "Error", "massage": "Authenticate"}, 401
passes = user.posts.filter_by(name_place=data['name_place']).filter_by(
login=data["login"]).first()
if passes is not None:
return {"status": "Error", "massage": "Already exists"}, 422
db.session.add(
Password(name_place=data['name_place'],
login=data["login"],
password=data["password"],
author=user))
db.session.commit()
return {"status": "Success"}
def process_user_data_manipulation_request(data, user):
action = data['action']
data_type = data['data_type']
data = data['data']
if action == 'add':
entry = data
if data_type == 'password':
name = entry['name']
site = entry['site']
username = entry['username']
password = entry['password']
entry = Password(name=name,
site=site,
username=username,
password=password,
user=user)
db.session.add(entry)
db.session.commit()
return True
elif data_type == 'secure_note':
name = entry['name']
content = entry['content']
entry = SecureNote(name=name, content=content, user=user)
db.session.add(entry)
db.session.commit()
return True
elif data_type == 'credit_card':
name = entry['name']
number = entry['number']
expiration_date = entry['expiration_date'].encode()
cvv = entry['cvv']
cardholder_name = entry['cardholder_name']
entry = CreditCard(name=name,
number=number,
expiration_date=expiration_date,
cvv=cvv,
cardholder_name=cardholder_name,
user=user)
db.session.add(entry)
db.session.commit()
return True
elif action == 'edit':
to_edit = list(data)[0]
entry_dict = data[to_edit]
if data_type == 'password':
entry_obj = Password.query.get(to_edit)
if entry_obj and entry_obj.user_id == user.id:
entry_obj.name = entry_dict['name']
entry_obj.site = entry_dict['site']
entry_obj.username = entry_dict['username']
entry_obj.password = entry_dict['password']
db.session.commit()
return True
elif data_type == 'secure_note':
entry_obj = SecureNote.query.get(to_edit)
if entry_obj and entry_obj.user_id == user.id:
entry_obj.name = entry_dict['name']
entry_obj.content = entry_dict['content']
db.session.commit()
return True
elif data_type == 'credit_card':
entry_obj = CreditCard.query.get(to_edit)
if entry_obj and entry_obj.user_id == user.id:
entry_obj.name = entry_dict['name']
entry_obj.number = entry_dict['number']
entry_obj.expiration_date = entry_dict['expiration_date']
entry_obj.cvv = entry_dict['cvv']
entry_obj.cardholder_name = entry_dict['cardholder_name']
db.session.commit()
return True
elif action == 'delete':
to_delete = data
if data_type == 'password':
entry = Password.query.get(to_delete)
if entry and entry.user_id == user.id:
db.session.delete(entry)
db.session.commit()
return True
elif data_type == 'secure_note':
entry = SecureNote.query.get(to_delete)
if entry and entry.user_id == user.id:
db.session.delete(entry)
db.session.commit()
return True
elif data_type == 'credit_card':
entry = CreditCard.query.get(to_delete)
if entry and entry.user_id == user.id:
db.session.delete(entry)
db.session.commit()
return True
return False
def setUp(self):
'''
Set up method that will run before every Test
'''
self.new_password = Password()