-
Notifications
You must be signed in to change notification settings - Fork 1
/
crypteduser.py
executable file
·102 lines (83 loc) · 2.77 KB
/
crypteduser.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/usr/bin/env python
# crypteduser
import jwt
from flask import Flask, request, abort, make_response
from flask.ext.sqlalchemy import SQLAlchemy
from sqlalchemy.exc import IntegrityError
from passlib.hash import pbkdf2_sha256
import ConfigParser
import os
def readconf():
config = ConfigParser.ConfigParser()
config.read(['/etc/crypteduser.conf', 'crypteduser.conf'])
return config
app = Flask(__name__)
config = readconf()
app.debug = config.get('Main', 'debug')
app.config['SQLALCHEMY_DATABASE_URI'] = config.get('Main', 'db_uri')
db = SQLAlchemy(app)
secret_key = config.get('Main', 'secret_key')
class User(db.Model):
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(80), unique=True)
password = db.Column(db.String(120))
def __init__(self, username, password):
self.username = username
self.password = password
def __repr__(self):
return '<User %r>' % self.username
def hashpass(password):
return pbkdf2_sha256.encrypt(password)
@app.route('/adduser/', methods=['POST'])
def adduser():
username = request.form["username"]
password = request.form["password"]
newuser = User(username, hashpass(password))
try:
db.session.add(newuser)
db.session.commit()
except IntegrityError:
# user already exists
abort(401, 'failed')
return '%s added' % username
@app.route('/verifycookie/', methods=['GET'])
def verifycookie():
try:
encoded = request.cookies.get('user')
assert encoded is not None
except:
abort(403, 'no cookie')
try:
payload = jwt.decode(encoded, secret_key, algorithms=['HS256'])
except jwt.DecodeError:
abort(403, 'failed decode')
return 'ok'
@app.route('/verifyuser/', methods=['POST'])
def verifyuser():
username = request.form["username"]
password = request.form["password"]
dbuser = User.query.filter_by(username=username).first()
if dbuser is not None:
if pbkdf2_sha256.verify(password, dbuser.password):
# user ok, return JWT cookie
encoded = jwt.encode({ 'uid': username }, secret_key, algorithm='HS256')
resp = make_response('ok')
resp.set_cookie('user', encoded)
return resp
abort(403, 'failed')
@app.route('/updatepass/', methods=['POST'])
def updatepass():
username = request.form["username"]
password = request.form["password"]
dbuser = User.query.filter_by(username=username).first()
if dbuser is not None:
dbuser.password = hashpass(password)
db.session.commit()
return 'ok'
abort(401, 'failed')
if __name__ == '__main__':
if os.environ.get('CREATEDB') is not None:
print 'creating database'
db.create_all()
else:
app.run()