def decodestring(cookiestring, userdir): """Given a username/password encoded into a string - decode it and check it's validity. It checks the username against the one stored in the user file.. """ # try decoding the string, if it's badly formed then it may raise an excpetion - in which case we just return False try: instring, daynumber, timestamp = pass_dec(cookiestring) except: return False # check it's not a really old (or copied) cookie if not unexpired(daynumber, timestamp, AGETEST): return False # we've extracted the timestamped string from the cookie string. # Let's pull out the username and password hash try: username, pwd_hash = instring.split('||') except ValueError: return False # Now we need to check it's a valid username and check the password if username in RESERVEDNAMES or not os.path.isfile(userdir+username+'.ini'): return False user = ConfigObj(userdir+username+'.ini') stamped_pwd_hash = user['password'] maxage = user['max-age'] cookiepath = ConfigObj(userdir+'config.ini')['cookiepath'] # the password is time stamped - so we need to decode it try: stored_pwd_hash, _, _= pass_dec(stamped_pwd_hash) except: return False if pwd_hash != stored_pwd_hash: return False return user, pwd_hash, cookiepath
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie): """Process the results from edit account form submissions.""" from modules.dataenc import pass_enc, pass_dec loginaction = theform['login'].value if not loginaction == 'doeditaccountnojs': # only type of newlogin supported so far sys.exit() allentries = theform.keys() vallist = allentries + [ entry for entry in edacckeys if entry not in allentries ] formdict = getform(vallist, theform, nolist=True) # oldpass_hash = pwd_context.hash(formdict['pass0'], salt="") storedpass_hash = pass_dec(userconfig['password'])[0] pass1 = formdict['pass1'] pass2 = formdict['pass2'] # email = validateemail(formdict) oldemail = userconfig['email'] if not email: msg = 'The email address you supplied appears to be invalid.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if email != oldemail and (not oldpass_hash or oldpass_hash != storedpass_hash): msg = 'You must correctly enter your password to change your email address.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['email'] = email if not formdict['realname']: msg = 'You need to enter a name for us to use.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['realname'] = formdict['realname'] if pass1 or pass2: if pass1 != pass2: msg = "The two passwords don't match." display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if len(pass1) < 5: msg = "The password must be longer than 5 characters." display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if not oldpass_hash or oldpass_hash != storedpass_hash: msg = 'You must correctly enter your current password to change it.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) pass1_hash = pwd_context.hash(pass1, salt="") userconfig['password'] = pass_enc(pass1_hash, daynumber=True, timestamp=True) newcookie = makecookie(userconfig, pass1_hash, ConfigObj(userdir + 'config.ini')['cookiepath']) for entry in formdict: if entry not in edacckeys: userconfig[entry] = formdict[entry] userconfig.write() return action, userconfig, newcookie # XXXXX display values changed page
def confirm(theform, userdir, thisscript): """Confirm a login. Either from an invite or from a user who has registered.""" from modules.dataenc import pass_dec, pass_enc from login import encodestring fail = False try: theval, daynumber, timestamp = pass_dec(theform['id'].value) except: # FIXME: bare except.... newloginfail() tempstore = ConfigObj(userdir + 'temp.ini') if not tempstore.has_key(theval): newloginfail() uservals = tempstore[theval] del tempstore[theval] username = uservals['username'] if username in tempstore['pending']: tempstore['pending'].remove(username) tempstore.write() # newconfig = ConfigObj(userdir + 'default.ini') newpath = userdir + username + '.ini' if os.path.isfile(newpath): newloginfail() newconfig.filename = newpath # FIXME: should this be '' ? action = None for entry in uservals: if entry == 'action': action = uservals[entry] elif entry == 'password': password = uservals[entry] newconfig[entry] = pass_enc(password, timestamp=True, daynumber=True) else: newconfig[entry] = uservals[entry] newconfig.write() # # next we need to create the cookie header to return it from Cookie import SimpleCookie thecookie = SimpleCookie() thecookie['userid'] = encodestring(newconfig['username'], password) config = ConfigObj(userdir + 'config.ini') maxage = newconfig['max-age'] cookiepath = config['cookiepath'] if maxage and int(maxage): # possible cause of error here if the maxage value in a users file isn't an integer !! thecookie['userid']['max-age'] = int(maxage) if cookiepath: thecookie['userid']['path'] = cookiepath if config['adminmail']: msg = 'A new user has created a login - "%s".\n\n' % thisscript for entry in newconfig: if entry != 'password': msg += entry + ' : ' + newconfig[entry] + '\n' # FIXME: should be mailme sendmailme(config['adminmail'], msg, config['email_subject'], config['adminmail'], html=False) return action, newconfig, thecookie.output()
def gitdox_migrate_userconfig(o, config): """GitDox's scheme for user objects changed after version 0.9.1. This function checks the config to see if it uses the old scheme, and changes it if it does.""" old_pass, _, _ = pass_dec(o['password']) if not old_pass.startswith('$6$rounds=656000$$'): o['password'] = pass_enc(pwd_context.hash(old_pass, salt="")) o.write() if 'git_password' in o and o['git_password'] != "" \ and 'git_username' in o and o['git_username'] != "": old = pass_dec(o['git_password'])[0] username = o['git_username'] note = config['project'] + ", " + ctime() try: auth = github3.authorize(username, old, ['repo'], note, "") o['git_token'] = auth.token o['git_id'] = auth.id del o['git_password'] o.write() except: pass # fail silently
def get_git_credentials(user,admin): if admin==0: return scriptpath = os.path.dirname(os.path.realpath(__file__)) + os.sep userdir = scriptpath + "users" + os.sep userfile = userdir + user + '.ini' f=open(userfile,'r').read().split('\n') user_dict={} for line in f: if line!='': l=line.split(' = ') user_dict[l[0]]=l[1] git_username=user_dict['git_username'] git_password=pass_dec(user_dict['git_password']) return git_username,git_password[0]
def decodestring(cookiestring, userdir): """Given a username/password encoded into a string - decode it and check it's validity. It checks the username against the one stored in the user file.. """ # try decoding the string, if it's badly formed then it may raise an excpetion - in which case we just return False try: instring, daynumber, timestamp = pass_dec(cookiestring) except: return False # check it's not a really old (or copied) cookie if not unexpired(daynumber, timestamp, AGETEST): return False # we've extracted the timestamped string from the cookie string. # Let's pull out the username and password hash try: username, passhash, ranstring = instring.split('||') except ValueError: return False if not len(ranstring) == 10: return False # Now we need to check it's a valid username and check the password if username in RESERVEDNAMES or not os.path.isfile(userdir+username+'.ini'): return False user = ConfigObj(userdir+username+'.ini') stampedpass = user['password'] maxage = user['max-age'] cookiepath = ConfigObj(userdir+'config.ini')['cookiepath'] # the password is time stamped - so we need to decode it try: password, daynumber, timestamp = pass_dec(stampedpass) except: return False thishash = hashlib.sha1(password+ranstring).hexdigest() if thishash != passhash: return False return user, password, cookiepath
def doeditaccount(theform, userconfig, userdir, thisscript, action, newcookie): """Process the results from edit account form submissions.""" from modules.dataenc import pass_enc, pass_dec loginaction = theform['login'].value if not loginaction == 'doeditaccountnojs': # only type of newlogin supported so far sys.exit() allentries = theform.keys() vallist = allentries + [entry for entry in edacckeys if entry not in allentries] formdict = getform(vallist, theform, nolist=True) # oldpass = formdict['pass0'] storedpass = pass_dec(userconfig['password'])[0] pass1 = formdict['pass1'] pass2 = formdict['pass2'] # email = validateemail(formdict) oldemail = userconfig['email'] if not email: msg = 'The email address you supplied appears to be invalid.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if email != oldemail and (not oldpass or oldpass != storedpass): msg = 'You must correctly enter your password to change your email address.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['email'] = email if not formdict['realname']: msg = 'You need to enter a name for us to use.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['realname'] = formdict['realname'] if pass1 or pass2: if pass1 != pass2: msg = "The two passwords don't match." display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if len(pass1) < 5: msg = "The password must be longer than 5 characters." display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) if not oldpass or oldpass != storedpass: msg = 'You must correctly enter your current password to change it.' display_edit(formdict, userdir, thisscript, msg, action, newcookie, userconfig) userconfig['password'] = pass_enc(pass1, daynumber=True, timestamp=True) newcookie = makecookie(userconfig, pass1, ConfigObj(userdir+'config.ini')['cookiepath']) for entry in formdict: if entry not in edacckeys: userconfig[entry] = formdict[entry] userconfig.write() return action, userconfig, newcookie # XXXXX display values changed page
def checkpass(username, password, userdir, thisscript, action): """Check the password from a new login.""" # XXXX log failed login attempts if username in RESERVEDNAMES: return False if not os.path.isfile(userdir+username+'.ini'): return False user = ConfigObj(userdir+username+'.ini') stampedpass = user['password'] cookiepath = ConfigObj(userdir+'config.ini')['cookiepath'] # we need to un-time stamp the password realpass, daynumber, timestamp = pass_dec(stampedpass) if realpass != password: return False #open('xxxtest.txt', 'w').write(str(user)) # if we've got this far then the login was successful and we need to return a cookie thecookie = makecookie(user, password, cookiepath) return action, user, thecookie
def confirm(theform, userdir, thisscript): """Confirm a login. Either from an invite or from a user who has registered.""" from modules.dataenc import pass_dec, pass_enc from login import encodestring fail = False try: theval, daynumber, timestamp = pass_dec(theform['id'].value) except: # FIXME: bare except.... newloginfail() tempstore = ConfigObj(userdir + 'temp.ini') if not tempstore.has_key(theval): newloginfail() uservals = tempstore[theval] del tempstore[theval] username = uservals['username'] if username in tempstore['pending']: tempstore['pending'].remove(username) tempstore.write() # newconfig = ConfigObj(userdir + 'default.ini') newpath = userdir + username + '.ini' if os.path.isfile(newpath): newloginfail() newconfig.filename = newpath # FIXME: should this be '' ? action = None for entry in uservals: if entry == 'action': action = uservals[entry] elif entry == 'password': password = uservals[entry] pwd_hash = pwd_context.hash(password, salt="") newconfig[entry] = pass_enc(pwd_hash, timestamp=True, daynumber=True) else: newconfig[entry] = uservals[entry] newconfig.write() # # next we need to create the cookie header to return it from Cookie import SimpleCookie thecookie = SimpleCookie() pwd_hash = pwd_context.hash(password, salt="") thecookie['userid'] = encodestring(newconfig['username'], pwd_hash) config = ConfigObj(userdir + 'config.ini') maxage = newconfig['max-age'] cookiepath = config['cookiepath'] if maxage and int( maxage ): # possible cause of error here if the maxage value in a users file isn't an integer !! thecookie['userid']['max-age'] = int(maxage) if cookiepath: thecookie['userid']['path'] = cookiepath if config['adminmail']: msg = 'A new user has created a login - "%s".\n\n' % thisscript for entry in newconfig: if entry != 'password': msg += entry + ' : ' + newconfig[entry] + '\n' # FIXME: should be mailme sendmailme(config['adminmail'], msg, config['email_subject'], config['adminmail'], html=False) return action, newconfig, thecookie.output()