示例#1
0
 def login(self, email, password):
     encrypted_password = helpers.encrypt_password(password)
     doc = {
         "email": email,
         "password": encrypted_password
     }
     return self.db.customers.find_one(doc)
示例#2
0
def change_password():
    post_args = flask.request.get_json()
    post_headers = flask.request.headers
    if not authenticate_route(post_headers):
        return {"status": 401, "error": "Missing session key."}, 200
    username = global_vars.sessions.get(post_headers.get("Session-Key"))
    conn = sqlite3.connect("db.db")
    c = conn.cursor()
    c.execute(
        "SELECT password FROM users WHERE username = '******'".format(username))

    old_password = post_args.get("old_password")
    old_hashed_password = c.fetchone()[0]
    new_password = post_args.get("new_password")

    if check_encrypted_password(old_password, old_hashed_password):
        c.execute(
            "UPDATE users SET password = '******' WHERE username = '******'".format(
                encrypt_password(new_password), username))
        conn.commit()
        conn.close()
        return {"status": 200}, 200
    else:
        conn.commit()
        conn.close()
        return {
            "error": "Your password does not match your current password.",
            "status": 401,
        }, 200
示例#3
0
    def test_create_customer(self):
        customer_doc = {
            "name": "Carlos Andrade",
            "email": "*****@*****.**",
            "password": "******"
        }

        # Valid Registration
        answer = self.app.post("/api/customers",  params=customer_doc)
        self.assertEqual(answer.status_int, 200)

        # Check that was saved correctly
        customer_id = answer.json["id"]
        customer = self.db.get_customer(customer_id)
        self.assertEqual(customer["name"], customer_doc["name"])
        self.assertEqual(customer["email"], customer_doc["email"])
        self.assertEqual(customer["password"], helpers.encrypt_password(customer_doc["password"]))

        # Registration with same email
        answer = self.app.post("/api/customers", params=customer_doc, expect_errors=True)
        #self.assertEqual(answer.status_int, 400)

         # Registration with invalid email
        customer_doc = {
            "name": "Carlos Andrade",
            "email": "carlosfe.up.pt",
            "password": "******"
        }
        answer = self.app.post("/api/customers", params=customer_doc, expect_errors=True)
        self.assertEqual(answer.status_int, 400)
示例#4
0
def register():
    post_args = flask.request.get_json()
    # verify that a username and password was sent
    if post_args["username"] and post_args["password"]:
        username = post_args.get("username")
        password = post_args.get("password")
    else:
        return {
            "status": 401,
            "error": "Username or password is missing."
        }, 200
    # authenticate the account
    conn = sqlite3.connect("db.db")
    c = conn.cursor()
    c.execute(
        "SELECT username FROM users WHERE username = '******'".format(username))
    queried_user = c.fetchone()
    if queried_user:
        if queried_user[0] == username:
            return {"status": 401, "error": "That username is taken."}, 200
    c.execute(
        "INSERT INTO users (username, password, settings) VALUES ('{}', '{}', '')"
        .format(username, encrypt_password(password)))
    conn.commit()
    conn.close()
    return {"status": 200}, 200
示例#5
0
 def authenticate(cls, username, password):
     try:
         user = cls.get(username=username,
                        password=encrypt_password(password))
     except cls.DoesNotExist:
         return False
     token = generate_token()
     set_cache(token, user.pk, config.SESSION_TIME)
     return token
示例#6
0
def _publish_database_relation(relid, superuser):
    # The Casandra service needs to provide a common set of credentials
    # to a client unit. The leader creates these, if none of the other
    # units are found to have published them already (a previously elected
    # leader may have done this). The leader then tickles the other units,
    # firing a hook and giving them the opportunity to copy and publish
    # these credentials.
    username, password = _client_credentials(relid)
    if username is None:
        if hookenv.is_leader():
            # Credentials not set. The leader must generate them. We use
            # the service name so that database permissions remain valid
            # even after the relation is dropped and recreated, or the
            # juju environment rebuild and the database restored from
            # backups.
            service_name = helpers.get_service_name(relid)
            if not service_name:
                # Per Bug #1555261, we might not yet have related units,
                # so no way to calculate the remote service name and thus
                # the user.
                return  # Try again later.
            username = '******'.format(helpers.get_service_name(relid))
            if superuser:
                username += '_admin'
            password = host.pwgen()
            pwhash = helpers.encrypt_password(password)
            with helpers.connect() as session:
                helpers.ensure_user(session, username, pwhash, superuser)
            # Wake the peers, if any.
            helpers.leader_ping()
        else:
            return  # No credentials yet. Nothing to do.

    # Publish the information the client needs on the relation where
    # they can find it.
    #  - authentication credentials
    #  - address and port
    #  - cluster_name, so clients can differentiate multiple clusters
    #  - datacenter + rack, so clients know what names they can use
    #    when altering keyspace replication settings.
    config = hookenv.config()
    hookenv.relation_set(relid,
                         username=username, password=password,
                         host=helpers.rpc_broadcast_ip_address(),
                         native_transport_port=config['native_transport_port'],
                         rpc_port=config['rpc_port'],
                         cluster_name=config['cluster_name'],
                         datacenter=config['datacenter'],
                         rack=config['rack'])
示例#7
0
def setup(args):
    # read all of the databases from the yaml file
    connections = get_connections(
        args.db_file) if args.db_file else get_connections()

    # make sure the directory that stores the credentials exists
    if (not os.path.isdir('./program_creds')):
        os.mkdir('./program_creds')

    # get the user's master password
    print('\nFirst things first, lets encrypt your passwords.\n')
    master_pass = input(
        'Your passwords will be encrypted with a master password, type it in now: '
    )

    # store the
    if (str.lower(
            input(
                'Would you like to store your master password in your OS\'s keychain? (y/n): '
            )) == 'y'):
        keyring.set_password('socialchorus_query_tool', 'master_pass',
                             master_pass)

    # get and encrypt the password for each database
    for conn, values in connections.items():
        input_pass = input(
            f'\nEnter the password for the {conn} database or enter S to skip: '
        )

        # check if the user wants to skip setting up this database
        if (str.lower(input_pass) == 's'):
            continue

        # encrypt the password
        encrypted_pass = encrypt_password(input_pass, master_pass)

        creds_file_name = f'./program_creds/{values["db_name"]}_creds'
        # if the credentials file already exists ask if they want to create a new one
        if (os.path.isfile(creds_file_name)):
            if (str.lower(
                    input(
                        f'The credentials file for this database already exists, would you like to delete it and create a new one? (y/n): '
                    )) == 'y'):
                os.remove(creds_file_name)

        # create the file write the password to it so we can read it in when establishing connections
        with open(creds_file_name, 'wb') as f:
            f.write(encrypted_pass)
示例#8
0
 def create_customer(self, name, email, password):
     self.db.customers.ensure_index("email", unique=True)
     if not helpers.email_is_valid(email) or not helpers.name_is_valid(name) or not helpers.password_is_valid(password):
         return False
     encrypted_password = helpers.encrypt_password(password)
     customer_doc = {
         "name": name,
         "email": email,
         "password": encrypted_password,
         "auction": ""
     }
     try:
         result = self.db.customers.insert(customer_doc)
     except errors.DuplicateKeyError:
         result = False
     return result
示例#9
0
def reset_default_password():
    if hookenv.leader_get('default_admin_password_changed'):
        hookenv.log('Default admin password already changed')
        return

    # Cassandra ships with well known credentials, rather than
    # providing a tool to reset credentials. This is a huge security
    # hole we must close.
    try:
        # We need a big timeout here, as the cassandra user actually
        # springs into existence some time after Cassandra has started
        # up and is accepting connections.
        with helpers.connect('cassandra',
                             'cassandra',
                             timeout=120,
                             auth_timeout=120) as session:
            # But before we close this security hole, we need to use these
            # credentials to create a different admin account for the
            # leader, allowing it to create accounts for other nodes as they
            # join. The alternative is restarting Cassandra without
            # authentication, which this charm will likely need to do in the
            # future when we allow Cassandra services to be related together.
            helpers.status_set('maintenance',
                               'Creating initial superuser account')
            username, password = helpers.superuser_credentials()
            pwhash = helpers.encrypt_password(password)
            helpers.ensure_user(session, username, pwhash, superuser=True)
            helpers.set_unit_superusers([hookenv.local_unit()])

            helpers.status_set('maintenance',
                               'Changing default admin password')
            helpers.query(session, 'ALTER USER cassandra WITH PASSWORD %s',
                          cassandra.ConsistencyLevel.ALL, (host.pwgen(), ))
    except cassandra.AuthenticationFailed:
        hookenv.log('Default superuser account already reset')
        try:
            with helpers.connect():
                hookenv.log("Leader's superuser account already created")
        except cassandra.AuthenticationFailed:
            # We have no known superuser credentials. Create the account
            # the hard, slow way. This will be the normal method
            # of creating the service's initial account when we allow
            # services to be related together.
            helpers.create_unit_superuser_hard()

    hookenv.leader_set(default_admin_password_changed=True)
示例#10
0
def request_unit_superuser():
    relid = helpers.peer_relid()
    if relid is None:
        hookenv.log('Request deferred until peer relation exists')
        return

    relinfo = hookenv.relation_get(unit=hookenv.local_unit(), rid=relid)
    if relinfo and relinfo.get('username'):
        # We must avoid blindly setting the pwhash on the relation,
        # as we will likely get a different value everytime we
        # encrypt the password due to the random salt.
        hookenv.log('Superuser account request previously made')
    else:
        # Publish the requested superuser and hash to our peers.
        username, password = helpers.superuser_credentials()
        pwhash = helpers.encrypt_password(password)
        hookenv.relation_set(relid, username=username, pwhash=pwhash)
        hookenv.log('Requested superuser account creation')
示例#11
0
    def test_create_customer(self):
        payload = self.customer1
        r = requests.post("http://localhost:8080/api/customers", params=payload)
        answer = r.json()
        customer = data.get_customer(answer["id"])
        self.assertEqual(customer["name"], payload["name"])
        self.assertEqual(customer["email"], payload["email"])
        self.assertEqual(customer["password"], helpers.encrypt_password(payload["password"]))
        self.assertEqual(customer["nif"], payload["nif"])
        self.assertEqual(customer["creditCard"]["type"], payload["ccType"])
        self.assertEqual(customer["creditCard"]["number"], payload["ccNumber"])
        self.assertEqual(customer["creditCard"]["validity"], payload["ccValidity"])
        self.assertEqual(customer["_id"], ObjectId(answer["id"]))
        self.assertEqual(customer["pin"], answer["pin"])

        r = requests.post("http://localhost:8080/api/customers", params=payload)
        self.assertEqual(r.status_code, 400)
        data.delete_customer(answer["id"])
示例#12
0
def _publish_database_relation(relid, superuser):
    # The Casandra service needs to provide a common set of credentials
    # to a client unit. The leader creates these, if none of the other
    # units are found to have published them already (a previously elected
    # leader may have done this). The leader then tickles the other units,
    # firing a hook and giving them the opportunity to copy and publish
    # these credentials.
    username, password = _client_credentials(relid)
    if username is None:
        if hookenv.is_leader():
            # Credentials not set. The leader must generate them. We use
            # the service name so that database permissions remain valid
            # even after the relation is dropped and recreated, or the
            # juju environment rebuild and the database restored from
            # backups.
            username = '******'.format(helpers.get_service_name(relid))
            if superuser:
                username += '_admin'
            password = host.pwgen()
            pwhash = helpers.encrypt_password(password)
            with helpers.connect() as session:
                helpers.ensure_user(session, username, pwhash, superuser)
            # Wake the peers, if any.
            helpers.leader_ping()
        else:
            return  # No credentials yet. Nothing to do.

    # Publish the information the client needs on the relation where
    # they can find it.
    #  - authentication credentials
    #  - address and port
    #  - cluster_name, so clients can differentiate multiple clusters
    #  - datacenter + rack, so clients know what names they can use
    #    when altering keyspace replication settings.
    config = hookenv.config()
    hookenv.relation_set(relid,
                         username=username,
                         password=password,
                         host=hookenv.unit_public_ip(),
                         native_transport_port=config['native_transport_port'],
                         rpc_port=config['rpc_port'],
                         cluster_name=config['cluster_name'],
                         datacenter=config['datacenter'],
                         rack=config['rack'])
示例#13
0
def reset_default_password():
    if hookenv.leader_get('default_admin_password_changed'):
        hookenv.log('Default admin password already changed')
        return

    # Cassandra ships with well known credentials, rather than
    # providing a tool to reset credentials. This is a huge security
    # hole we must close.
    try:
        # We need a big timeout here, as the cassandra user actually
        # springs into existence some time after Cassandra has started
        # up and is accepting connections.
        with helpers.connect('cassandra', 'cassandra',
                             timeout=120, auth_timeout=120) as session:
            # But before we close this security hole, we need to use these
            # credentials to create a different admin account for the
            # leader, allowing it to create accounts for other nodes as they
            # join. The alternative is restarting Cassandra without
            # authentication, which this charm will likely need to do in the
            # future when we allow Cassandra services to be related together.
            helpers.status_set('maintenance',
                               'Creating initial superuser account')
            username, password = helpers.superuser_credentials()
            pwhash = helpers.encrypt_password(password)
            helpers.ensure_user(session, username, pwhash, superuser=True)
            helpers.set_unit_superusers([hookenv.local_unit()])

            helpers.status_set('maintenance',
                               'Changing default admin password')
            helpers.query(session, 'ALTER USER cassandra WITH PASSWORD %s',
                          cassandra.ConsistencyLevel.ALL, (host.pwgen(),))
    except cassandra.AuthenticationFailed:
        hookenv.log('Default superuser account already reset')
        try:
            with helpers.connect():
                hookenv.log("Leader's superuser account already created")
        except cassandra.AuthenticationFailed:
            # We have no known superuser credentials. Create the account
            # the hard, slow way. This will be the normal method
            # of creating the service's initial account when we allow
            # services to be related together.
            helpers.create_unit_superuser_hard()

    hookenv.leader_set(default_admin_password_changed=True)
示例#14
0
def request_unit_superuser():
    relid = helpers.peer_relid()
    if relid is None:
        hookenv.log('Request deferred until peer relation exists')
        return

    relinfo = hookenv.relation_get(unit=hookenv.local_unit(),
                                   rid=relid)
    if relinfo and relinfo.get('username'):
        # We must avoid blindly setting the pwhash on the relation,
        # as we will likely get a different value everytime we
        # encrypt the password due to the random salt.
        hookenv.log('Superuser account request previously made')
    else:
        # Publish the requested superuser and hash to our peers.
        username, password = helpers.superuser_credentials()
        pwhash = helpers.encrypt_password(password)
        hookenv.relation_set(relid, username=username, pwhash=pwhash)
        hookenv.log('Requested superuser account creation')
示例#15
0
 def test_encrypt_password(self):
     config.PASSWORD_SALT = 'salt'
     self.assertEqual(encrypt_password('password'),
                      'd514dee5e76bbb718084294c835f312c')
示例#16
0
 def set_password(self, password):
     self.password = encrypt_password(password)
     self.save()
示例#17
0
 def add(cls, username, password, email=None):
     return cls.create(username=username,
                       password=encrypt_password(password),
                       email=email)