def browse_profile(username):
page_name = 'search'
user = utils.get_user_from_cookie(request)
if username and utils.check_username(username):
user_profile = utils.check_username(username)
page_content = render_template("user_profile.html", message=None, user_profile=user_profile, user=user)
return render_page(page_content, page_name)
return redirect("/")
def browse_profile(username):
page_name = 'search'
user = utils.get_user_from_cookie(request)
if username and utils.check_username(username):
user_profile = utils.check_username(username)
page_content = render_template("user_profile.html",
message=None,
user_profile=user_profile,
user=user)
return render_page(page_content, page_name)
return redirect("/")
def message_compose():
user = utils.get_user_from_cookie(request)
page_name = "messages"
if request.method.lower() == 'post':
message_to = request.form.get('message_to') or ''
message_title = request.form.get('message_title') or ''
message_contents = request.form.get('message_contents') or ''
if not (message_to and message_title and message_contents):
message = "Missing field"
page_content = render_template('compose.html', user=user, message=message)
return render_page(page_content, page_name, user=user)
to_user = utils.check_username(message_to)
if not to_user:
message = "Invalid user"
page_content = render_template('compose.html', user=user, message=message)
return render_page(page_content, page_name, user=user)
utils.create_message(to_user['user_id'], user['user_id'], message_title, message_contents)
return redirect('/messages/view')
page_content = render_template('compose.html', user=user)
return render_page(page_content, page_name, user=user)
def show_registration():
user = utils.get_user_from_cookie(request)
page_name = 'register'
if request.method.lower() == 'get':
page_content = render_template("register.html")
return render_page(page_content, "register", user=user)
if request.method.lower() == 'post':
username = request.form.get("username") or ""
password = request.form.get("password") or ""
if not username or not password:
page_content = render_template("register.html",
message='Missing field')
return render_page(page_content, page_name)
if utils.check_username(username):
page_content = render_template("register.html",
message='That username is taken!')
return render_page(page_content, page_name)
seed = utils.generate_seed(username, request.remote_addr)
totp_key = utils.get_totp_key(seed)
utils.register_user(username, password, request.remote_addr)
qr_url = 'http://api.qrserver.com/v1/create-qr-code/?data=otpauth://totp/%s?secret=%s&size=220x220&margin=0' % (
username, totp_key)
page_content = render_template(
"register.html",
message=
"Success! <a href='/login'>login here</a><br />TOTP Key: %s<br /><img src='%s' />"
% (totp_key, qr_url))
return render_page(page_content, page_name)
def index():
# Use session cookie to store username for entire game duration
if "username" in session:
# User already picked a name, redirect them to the game
return redirect("/riddles")
with open("data/scores.json") as scores_file:
# Load scores file to check username against and to render hiscores
userscores = json.load(scores_file)
if request.method == "GET":
return render_template("index.html", hiscores=userscores)
if request.method == "POST":
# Homepage shows user form which sends POST request back to itself here
username = request.form["username"]
if not check_username(userscores, username):
# Username was invalid
return render_template(
"index.html",
username=username,
error=True,
hiscores=userscores)
else:
'''
Username was valid, add it to the json and then write file so
nobody else can use it
'''
userscores[username] = 0
with open("data/scores.json", "w") as write_file:
json.dump(userscores, write_file)
# Also store username in session cookie
session["username"] = username
return redirect("/riddles")
# If neither GET or POST requests brought us here, I'll use this as fallback
return render_template("index.html", hiscores=userscores)
def show_registration():
user = utils.get_user_from_cookie(request)
page_name = 'register'
if request.method.lower() == 'get':
page_content = render_template("register.html")
return render_page(page_content, "register", user=user)
if request.method.lower() == 'post':
username = request.form.get("username") or ""
password = request.form.get("password") or ""
if not username or not password :
page_content = render_template("register.html", message='Missing field')
return render_page(page_content, page_name)
if utils.check_username(username):
page_content = render_template("register.html", message='That username is taken!')
return render_page(page_content, page_name)
seed = utils.generate_seed(username, request.remote_addr)
totp_key = utils.get_totp_key(seed)
utils.register_user(username, password, request.remote_addr)
qr_url = 'http://api.qrserver.com/v1/create-qr-code/?data=otpauth://totp/%s?secret=%s&size=220x220&margin=0'%(username, totp_key)
page_content = render_template(
"register.html",
message="Success! <a href='/login'>login here</a><br />TOTP Key: %s<br /><img src='%s' />" % (totp_key, qr_url)
)
return render_page(page_content, page_name)
def message_compose():
user = utils.get_user_from_cookie(request)
page_name = 'messages'
if request.method.lower() == "post":
message_to = request.form.get("message_to") or ""
message_title = request.form.get("message_title") or ""
message_contents = request.form.get("message_contents") or ""
if not (message_to and message_title and message_contents):
message = 'Missing field'
page_content = render_template("compose.html", user=user, message=message)
return render_page(page_content, page_name, user=user)
to_user = utils.check_username(message_to)
if not to_user:
message = 'Invalid user'
page_content = render_template("compose.html", user=user, message=message)
return render_page(page_content, page_name, user=user)
utils.create_message(to_user["user_id"], user["user_id"], message_title, message_contents)
return redirect("/messages/view")
page_content = render_template("compose.html", user=user)
return render_page(page_content, page_name, user=user)
def register():
if request.method == 'GET':
return render_template('register.html')
else:
username = request.form.get('username')
password = request.form.get('password')
repeat_password = request.form.get('repeat_password')
email = request.form.get('email')
ip = request.remote_addr
if username == '' or username.isspace():
return 'error1'
elif email == '' or email.isspace():
return 'error2'
elif password == '':
return 'error3'
elif repeat_password == '':
return 'error4'
elif password != repeat_password:
return 'error5'
elif not check_username(username):
return 'error6'
elif not check_mail(email):
return 'error7'
elif db_users.Users().register(username=username, password=password, email=email, last_ip=ip):
session['username'] = username
return 'success'
else:
return 'error8'
def show_registration():
user = utils.get_user_from_cookie(request)
page_name = "register"
if request.method.lower() == "get":
page_content = render_template('register.html')
return render_page(page_content, 'register', user=user)
if request.method.lower() == "post":
username = request.form.get('username') or ''
password = request.form.get('password') or ''
if not username or not password :
page_content = render_template('register.html', message="Missing field")
return render_page(page_content, page_name)
if utils.check_username(username):
page_content = render_template('register.html', message="That username is taken!")
return render_page(page_content, page_name)
seed = utils.generate_seed(username, request.remote_addr)
totp_key = utils.get_totp_key(seed)
utils.register_user(username, password, request.remote_addr)
qr_url = "http://api.qrserver.com/v1/create-qr-code/?data=otpauth://totp/%s?secret=%s&size=220x220&margin=0"%(username, totp_key)
page_content = render_template(
'register.html',
message='Success! <a href="/login">login here</a><br />TOTP Key: %s<br /><img src="%s" />' % (totp_key, qr_url)
)
return render_page(page_content, page_name)
def message_compose():
user = utils.get_user_from_cookie(request)
page_name = 'messages'
if request.method.lower() == "post":
message_to = request.form.get("message_to") or ""
message_title = request.form.get("message_title") or ""
message_contents = request.form.get("message_contents") or ""
if not (message_to and message_title and message_contents):
message = 'Missing field'
page_content = render_template("compose.html",
user=user,
message=message)
return render_page(page_content, page_name, user=user)
to_user = utils.check_username(message_to)
if not to_user:
message = 'Invalid user'
page_content = render_template("compose.html",
user=user,
message=message)
return render_page(page_content, page_name, user=user)
utils.create_message(to_user["user_id"], user["user_id"],
message_title, message_contents)
return redirect("/messages/view")
page_content = render_template("compose.html", user=user)
return render_page(page_content, page_name, user=user)
def __call__(self, form, field):
length = field.data and len(field.data) or 0
if length == 0:
pass
elif check_username(field.data):
pass
else:
raise ValidationError(self.message)
def login():
if 'username' in session:
return redirect(url_for('index'))
username = request.form.get('username', None)
if request.method == 'GET' or username is None:
return render_template('login.html')
if not check_username(username):
return render_template('login.html', error='Logging in with specified username is highly prohibited!')
session['username'] = username
return redirect(url_for('index'))
def post(self):
user_username = self.request.get("username")
user_password = self.request.get("password")
user_verify = self.request.get("verify")
user_email = self.request.get("email")
uname = user_username
email = user_email
uname_err = utils.check_username(user_username)
pw_err=""
vpw_err=""
email_err=""
Success= True
if uname_err != "":
Success= False
if utils.check_password(user_password)==False:
pw_err="That's not a valid password."
Success= False
if utils.verify_password(user_password, user_verify)==False:
vpw_err="Your passwords didn't match."
Success= False
if len(email) != 0:
if utils.check_email(user_email)==False:
email_err="That's not a valid email."
Success= False
if Success:
x = utils.make_pw_hash(uname, user_password)
saltedPass = x.split("|")[0]
salt = x.split("|")[1]
if len(email) != 0:
newUser = User(key_name = uname, username = uname, email=email, password = saltedPass, salt = salt)
else:
newUser = User(key_name = uname, username = uname, password = saltedPass, salt = salt)
newUser.put()
setUser = "******" + uname
self.response.headers.add_header('Set-Cookie', setUser.encode())
self.redirect("/")
else:
self.render_signup(uname, email,uname_err, pw_err, vpw_err,email_err)
def show_login():
page_name = 'login'
if request.method.lower() == 'get':
page_content = render_template("login.html")
return render_page(page_content, "login")
username = request.form.get("username") or ""
password = request.form.get("password") or ""
verification_code = request.form.get("verification_code") or ""
if not (username and password and verification_code):
page_content = render_template("login.html", message='Missing field')
return render_page(page_content, page_name)
if not utils.auth_user(username, password):
page_content = render_template("login.html",
message='Invalid credentials')
return render_page(page_content, page_name)
user = utils.check_username(username)
seed = utils.generate_seed(username, user["user_ip"])
totp_key = utils.get_totp_key(seed)
totp = pyotp.TOTP(totp_key)
if verification_code != totp.now():
page_content = render_template("login.html",
message='Invalid verification code')
return render_page(page_content, page_name)
# user/pass/totp all valid by now
session_cookie = utils.make_cookie(app.config["COOKIE_SECRET"], username,
request.remote_addr)
response = app.make_response(redirect("/"))
response.set_cookie('session', session_cookie)
return response
page_content = render_template("login.html")
return render_page(page_content, page_name)
def show_login():
page_name = "login"
if request.method.lower() == "get":
page_content = render_template('login.html')
return render_page(page_content, 'login')
username = request.form.get('username') or ''
password = request.form.get('password') or ''
verification_code = request.form.get('verification_code') or ''
if not (username and password and verification_code):
page_content = render_template('login.html', message="Missing field")
return render_page(page_content, page_name)
if not utils.auth_user(username, password):
page_content = render_template('login.html', message="Invalid credentials")
return render_page(page_content, page_name)
user = utils.check_username(username)
seed = utils.generate_seed(username, user['user_ip'])
totp_key = utils.get_totp_key(seed)
totp = pyotp.TOTP(totp_key)
if verification_code != totp.now():
page_content = render_template('login.html', message="Invalid verification code")
return render_page(page_content, page_name)
# user/pass/totp all valid by now
session_cookie = utils.make_cookie(app.config['COOKIE_SECRET'], username, request.remote_addr)
response = app.make_response(redirect('/'))
response.set_cookie("session", session_cookie)
return response
page_content = render_template('login.html')
return render_page(page_content, page_name)
def show_login():
page_name = 'login'
if request.method.lower() == 'get':
page_content = render_template("login.html")
return render_page(page_content, "login")
username = request.form.get("username") or ""
password = request.form.get("password") or ""
verification_code = request.form.get("verification_code") or ""
if not (username and password and verification_code):
page_content = render_template("login.html", message='Missing field')
return render_page(page_content, page_name)
if not utils.auth_user(username, password):
page_content = render_template("login.html", message='Invalid credentials')
return render_page(page_content, page_name)
user = utils.check_username(username)
seed = utils.generate_seed(username, user["user_ip"])
totp_key = utils.get_totp_key(seed)
totp = pyotp.TOTP(totp_key)
if verification_code != totp.now():
page_content = render_template("login.html", message='Invalid verification code')
return render_page(page_content, page_name)
# user/pass/totp all valid by now
session_cookie = utils.make_cookie(app.config["COOKIE_SECRET"], username, request.remote_addr)
response = app.make_response(redirect("/"))
response.set_cookie('session', session_cookie)
return response
page_content = render_template("login.html")
return render_page(page_content, page_name)
def test_username_taken(self):
result = check_username(USERSCORES, "smithers")
self.assertFalse(result, "Taken username was not marked as taken")
def test_username_empty(self):
result = check_username(USERSCORES, "")
self.assertFalse(result, "Empty username was not marked as empty")
