# CET 324 Authentication System

__Notes__    
Used bcrypt for reasons given by: https://blog.cloudflare.com/keeping-passwords-safe-by-staying-up-to-date/    
Used AES for encryption of token. Create a class with a defined key for the AES encryption.    
Used Asymmetric encryption to encrypt the private shared key for Symmetric encryption

All functions provided. Maybe look at hashing the whole token rather than just the signature. Look at making an admin class with extra privilages (eg. make another user an admin/pw reset/new key for system encryption)

In [35]:
from datetime import date, datetime
from dateutil.relativedelta import relativedelta
import hashlib, io, hmac
from cryptography.fernet import Fernet
import csv
import bcrypt

In [36]:
class User:
    def __init__(self, username, password, permission):
        self.username = username
        self.password = password
        self.permission = permission
        
    def requestAccessToken(self, system):
        accessToken = AccessToken(self, system)
        return accessToken.generateToken().decode('utf-8')
    
    def userAccountPage(self, system):
        print(self.username + "\'s Account Page")
        print("___________________")
        while 1: 
            print("1. Request token")
            print("0. Logout")
            
            user_command = int(input("Enter your command: "))
            
            #if else statement to carry out user command 
            if user_command == 1:
                new_token = self.requestAccessToken(system)
                print(new_token)
            elif user_command == 0:
                print("Logging Out")
                break
            else: 
                print("Invalid Command")

In [37]:
class AccessToken:
    #declare a splitter (symbols which will be used to seperate data within the token)
    SPLIT = "!£$"
    
    def __init__(self, user, system):
        self.user = user
        self.system = system
        self.date = date.today()
        self.token = ''
        self.key = ''
        
    #function to read file 
    def read_file(self, path):
        file = open(path, 'r+')
        return file.read()
    
    def calcExpiryDate(self):
        #add 6 months to current date to calculate expiry date 
        return self.date + relativedelta(months=6)
    
    def generateToken(self): 
        splitter = self.SPLIT
        #generate a token containing username, permission, date, expiry date and digital signature 
        self.token = self.user.username + splitter + self.user.permission + splitter + str(self.date) + splitter + str(self.calcExpiryDate()) + splitter + self.system.systemName
        self.token = self.token + splitter + self.createDigitalSignature()
        return self.encryptToken(self.token)
        
    def createDigitalSignature(self):
        #digital signature uses the username and system name with added special characters
        signature = self.user.username +'!£$%^&*' + self.system.systemName
        #hash the signature 
        return self.hashString(signature)
    
    def hashString(self, plainString): 
        # convert string to array of bytes 
        bytes = plainString.encode('utf-8')
        #generate salt 
        salt = bcrypt.gensalt()
        #hash and salt string 
        hashString = bcrypt.hashpw(bytes, salt)
        #decode to prevent encoding twice 
        return hashString.decode('utf-8')
            
    def importKey(self, path):
        self.key = self.read_file(path)
    
    def encryptToken(self, token):
        #create the key 
        self.importKey(self.system.systemKeyPath)
        key = Fernet(self.key)
        #encrypt token using the key 
        encrypted_token = key.encrypt(bytes(token, 'utf-8'))
        return encrypted_token

In [38]:
class System:    
    #set default permission to 'u' (user) for creating a new account
    DEFAULT_PERMISSION = "u"
   
    def __init__(self, systemName):
        # replace spaces from system name 
        self.systemName = systemName.replace(' ', '_')
        self.systemKeyPath = "key-" + self.systemName + ".txt"
        
    #method to read from a file 
    def read_file(self, path):
        file = open(path, 'r+')
        return file.read()
    
    #method to write to a file 
    def write_file(self, path, text): 
        file = open(path, 'w')
        try:
            return file.write(text.decode('utf-8'))
        except:
            return file.write(text)
        
    #generate a key for the system and save in txt file to be used by authentication system    
    def createSystemKey(self):
        key = Fernet.generate_key()
        self.write_file(self.systemKeyPath, key)      
        
    def login(self, username, password): 
        with open(self.systemName + 'users.csv', newline='') as userscsv:
            fieldnames = ['username', 'password', 'permission']
            reader = csv.DictReader(userscsv, fieldnames=fieldnames)
            for row in reader:
                if row['username'] == username:
                    #convert password to bytes 
                    enteredPassword = password.encode('utf-8')
                    
                    savedPassword = row['password']
                
                    #check password 
                    if bcrypt.checkpw(enteredPassword, savedPassword.encode('utf-8')):
                        return User(row['username'], row['password'], row['permission'])
                    
            #return null if there is no match
            return None
    
            
    def hashpassword(self, plainPassword):
        #convert password to array of bytes 
        bytes = plainPassword.encode('utf-8')
        
        #generate salt 
        salt = bcrypt.gensalt()
        
        #hash and salt password 
        hashpassword = bcrypt.hashpw(bytes, salt)
        
        return hashpassword
    
        #function to decrypt text 
    def decrypt_text(self, key, text):
        # get the key 
        key = Fernet(key)
        # decrypt text using the key 
        decrypted_text = key.decrypt(text)
        return decrypted_text
        
    def loginWithToken(self, token):
        key = self.read_file(self.systemKeyPath)
        token = self.decrypt_text(key, token)
        user = self.checkTokenIsValid(token)
        return user
            
        
    def getPermFromToken(self, token):
        #retrieve permission from token 
        perm = token.split(bytes('!£$', 'utf-8'))[1]
        #return permission as a string 
        return perm.decode('utf-8')
        
        
    def checkTokenIsValid(self, token):
        #get username 
        username = self.getUserFromToken(token)
        #get permission of user 
        perm = self.getPermFromToken(token)
        #get system name 
        sys_name = token.split(bytes('!£$', 'utf-8'))[4]
        sys_name = sys_name.decode('utf-8')
        
        #check token is for the right system 
        if self.systemName == sys_name:
            #check username is stored within the CSV file 
            with open(self.systemName + 'users.csv', newline='') as userscsv:
                fieldnames = ['username', 'password', 'permission']
                reader = csv.DictReader(userscsv, fieldnames=fieldnames)
                for row in reader:
                    #check the username and permission match what's stored 
                    if row['username'] == username and row['permission'] == perm:
                        #retrieve the expiry date 
                        expiry_str = token.split(bytes('!£$', 'utf-8'))[3]
                        expiry_str = expiry_str.decode('utf-8')
                        #convert expiry date to a datetime object to compare to today's date 
                        expiry_date = datetime.strptime(expiry_str, '%Y-%m-%d').date()
                        #check expiry date 
                        if date.today() < expiry_date:
                            #check signature 
                            if self.checkSignature(token):
                                return User(row['username'], row['password'], row['permission'])
        #return null if there is no match
        return None
    
    def checkSignature(self, token):
        hashed_sig = token.split(bytes('!£$', 'utf-8'))[5]
        hashed_sig = hashed_sig.decode('utf-8')
        plain_sig = self.getUserFromToken(token) + '!£$%^&*' + self.systemName
        #check signature 
        if bcrypt.checkpw(plain_sig.encode('utf-8'), hashed_sig.encode('utf-8')):
            return True
        else:
            return False
    
    def getUserFromToken(self, token): 
        #retrieve username from the token 
        username = token.split(bytes('!£$', 'utf-8'))[0]
        #return username as a string 
        return username.decode('utf-8')
    
    
    def createAccount(self, user):
        with open(self.systemName + 'users.csv', 'a', newline='') as userscsv:
            fieldnames = ['username', 'password', 'permission', 'token']
            writer = csv.DictWriter(userscsv, delimiter=',', quotechar='|', 
                                   quoting=csv.QUOTE_MINIMAL, fieldnames=fieldnames)
            hashedpw = self.hashpassword(user.password)
        
            writer.writerow({'username': user.username, 'password': hashedpw.decode('utf-8'), 'permission': user.permission})

    def read_csv(self):
        with open(self.systemName + 'users.csv', newline='') as userscsv:
            fieldnames = ['username', 'password']
            reader = csv.DictReader(userscsv, fieldnames=fieldnames)
            for row in reader:
                print("", row['username'], row['password'], row['permission'])
            
    def display_main_menu(self):
        while 1: 
            print(self.systemName)
            print("___________________")
            print("Main Menu")
            print("1. Login")
            print("2. Create Account")
            print("3. Login With Access Token")
            print("0. Exit")
            
            user_command = int(input("Enter your command: "))
            
            #if else statement to carry out user command 
            if user_command == 1:
                username = input("Enter Username: ")
                password = input("Enter password: ")
                user = self.login(username,  password)
                if user is None:
                    print("Incorrect username or password")                    
                else:
                    user.userAccountPage(self)
            elif user_command == 2:
                username = input("Enter new Username: ")
                password = input("Enter new password: ")
                self.createAccount(User(username, password, self.DEFAULT_PERMISSION))
            elif user_command == 3:
                accessToken = input("Enter Access Token: ")
                user = self.loginWithToken(accessToken)
                if user is None:
                    print("Invalid token supplied")
                else: 
                    user.userAccountPage(self)
            elif user_command == 0:
                print("Exiting")
                break
            else: 
                print("Invalid Command")

In [39]:
system = System("Super Secure System")

system.display_main_menu()

Super_Secure_System
___________________
Main Menu
1. Login
2. Create Account
3. Login With Access Token
0. Exit
Enter your command: 1
Enter Username: user
Enter password: password
user's Account Page
___________________
1. Request token
0. Logout
Enter your command: 1
gAAAAABmPNbUnIgN4jZu6Xug0N8XgmTmy7duFs2r6Lho_5XwkZke7Huw12T0SYAmIj5Q6tGpveRWnOFr2E_n-ri9fZGPVVaPdy-3YymgtQRxQvLnX6VXtN44vHzi12NeysKN7pMFyGm6TAgvc0Q-qpWgZgyd_nE5q60mOSd5xiT_tbLbiLEwQgFviwsC9K5-0-xz9-u9O0wawX_Kkk6kctb5d7Pw1Lc-TKsrRpPZxMDOfH9u9xYzXk0=
1. Request token
0. Logout
Enter your command: 0
Logging Out
Super_Secure_System
___________________
Main Menu
1. Login
2. Create Account
3. Login With Access Token
0. Exit
Enter your command: 3
Enter Access Token: gAAAAABmPNbUnIgN4jZu6Xug0N8XgmTmy7duFs2r6Lho_5XwkZke7Huw12T0SYAmIj5Q6tGpveRWnOFr2E_n-ri9fZGPVVaPdy-3YymgtQRxQvLnX6VXtN44vHzi12NeysKN7pMFyGm6TAgvc0Q-qpWgZgyd_nE5q60mOSd5xiT_tbLbiLEwQgFviwsC9K5-0-xz9-u9O0wawX_Kkk6kctb5d7Pw1Lc-TKsrRpPZxMDOfH9u9xYzXk0=
user's Account Pag