-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsignup.py
132 lines (110 loc) · 4.89 KB
/
signup.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# -*- coding: utf-8 -*-
import binascii
from vial import render_template
from params import param_dict
import datetime as dt
import math
import sqlite3
import bcrypt
import uuid
import os
def signup(headers, body, data):
login = str(data['login']) if 'login' in data else ''
password = str(data['password']) if 'password' in data else ''
email = str(data['email']) if 'email' in data else ''
if (login == '') and (password == '') and (email == ''):
return render_template('templates/signup.html', body=body, data=data, headers=headers), 200, {}
elif not login_correct_length(login):
return render_template('templates/signup.html', body=body, data=data, headers=headers,
message='Username length should be 3-16 characters'), 200, {}
elif not login_correct_chars(login):
return render_template('templates/signup.html', body=body, data=data, headers=headers,
message='Username contains invalid characters'), 200, {}
elif not login_not_used(login):
return render_template('templates/signup.html', body=body, data=data, headers=headers,
message='Username is already in use'), 200, {}
elif not pass_correct_length(password):
return render_template('templates/signup.html', body=body, data=data, headers=headers,
message='Password length should be 6-24 characters'), 200, {}
elif pass_entropy(password) < 50.0:
return render_template('templates/signup.html', body=body, data=data, headers=headers,
message='Password is too simple. Entropy: ' + str(round(pass_entropy(password), 2))), 200, {}
elif not email_correct_format(email):
return render_template('templates/signup.html', body=body, data=data, headers=headers,
message='Email address is in an invalid format'), 200, {}
elif not email_not_used(email):
return render_template('templates/signup.html', body=body, data=data, headers=headers,
message='Email address is already in use'), 200, {}
cookie = str(uuid.UUID(hex=binascii.b2a_hex(os.urandom(16))))
expires = (dt.datetime.utcnow() + dt.timedelta(days=1))
token = str(uuid.UUID(hex=binascii.b2a_hex(os.urandom(16))))
add_user(login, password, email, cookie, expires.strftime("%Y-%m-%d %H:%M:%S"), token)
expires = expires.strftime("%a, %d %b %Y %H:%M:%S GMT")
cookie = 'sessionid={}; Domain={}; Path=/; Expires={}'.format(cookie, param_dict['domain'], expires)
return render_template('templates/redirect.html', body=body, data=data, headers=headers,
message='Successfully signed up'), 200, {'Set-Cookie': cookie}
def add_user(login, password, email, cookie, expires, token):
salt = bcrypt.gensalt()
for i in range(3):
password = bcrypt.hashpw(password, salt)
conn = sqlite3.connect(param_dict['db_file'])
cursor = conn.cursor()
cursor.execute("INSERT INTO users VALUES (?, ?, ?, ?, ?, ?);", (login, password, email, cookie, expires, token))
try:
os.mkdir('uploads/'+login)
except OSError:
os.mkdir('uploads')
os.mkdir('uploads/'+login)
conn.commit()
def pass_entropy(password):
small = big = num = spec = 0
for c in password:
if 96 < ord(c) < 123:
small = 1
elif 64 < ord(c) < 91:
big = 1
elif 47 < ord(c) < 58:
num = 1
else:
spec = 1
alpha = small * 26 + big * 26 + num * 10 + spec * 66
entropy = len(password) * math.log(alpha if alpha > 0 else 1, 2)
return entropy
def pass_correct_length(password):
if 6 <= len(password) <= 24:
return True
return False
def login_correct_chars(login):
for c in login:
if not ((96 < ord(c) < 123) or (64 < ord(c) < 91) or (47 < ord(c) < 58)):
return False
return True
def login_correct_length(login):
if 3 <= len(login) <= 16:
return True
return False
def login_not_used(login):
conn = sqlite3.connect(param_dict['db_file'])
cursor = conn.cursor()
cursor.execute("SELECT login FROM users WHERE login=?;", (login,))
if cursor.fetchone() is None:
return True
return False
def email_correct_format(email):
if not 6 <= len(email) <= 30:
return False
elif email.count('@') != 1 or not (0 < email.index('@') < (len(email) - 4)):
return False
elif email.count('.') == 0:
return False
for c in email:
if not ((96 < ord(c) < 123) or (63 < ord(c) < 91) or (47 < ord(c) < 58) or ord(c) == 46):
return False
return True
def email_not_used(email):
conn = sqlite3.connect(param_dict['db_file'])
cursor = conn.cursor()
cursor.execute("SELECT login FROM users WHERE email=?;", (email,))
if cursor.fetchone() is None:
return True
return False