kjao/binbin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added change password functionality

Browse Source
This commit is contained in:
Kenneth Jao 2020-08-06 23:03:36 -04:00
parent 6acada7c75
commit 23cd68556e
2 changed files with 50 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
binbin.py
View File

@ -68,7 +68,7 @@ def login():
error = None error = None
u, p = request.form['username'], request.form['password'] u, p = request.form['username'], request.form['password']
success = validate_login(u, p) success = validate_login(u, p)
if success: if success:
session['username'] = u session['username'] = u
return flask.jsonify(True) return flask.jsonify(True)
else: else:
@ -106,7 +106,7 @@ def mydrives():
for drive in shared: for drive in shared:
drive_info = { drive_info = {
'_id': str(drive['_id']), '_id': str(drive['_id']),
'name': drive['name'], 'name': drive['name'],
'size': drive['size'] 'size': drive['size']
} }
@ -180,8 +180,8 @@ def download(uuid):
if link == None: return redirect(url_for('index')) if link == None: return redirect(url_for('index'))
if get_user(session)['_id'] not in link['shared']: if get_user(session)['_id'] not in link['shared']:
return redirect(url_for('index')) return redirect(url_for('index'))
if link['expiry'] == -1: if link['expiry'] == -1:
LINKS.delete_one({'uuid': uuid}) LINKS.delete_one({'uuid': uuid})
else: else:
LINKS.update_one({'uuid': uuid}, { LINKS.update_one({'uuid': uuid}, {
@ -195,9 +195,27 @@ def download(uuid):
return r return r
else: else:
return send_file(link['path'], as_attachment=True, return send_file(link['path'], as_attachment=True,
attachment_filename=link['name'], attachment_filename=link['name'],
conditional=True) conditional=True)
@app.route('/changepass', methods=['POST'])
def changepass():
## FIX LATER
check = verify_data('changepass', request.form, session)
if not check[0]: return check[1], 400
form = check[1]
salt = uuid.uuid4().hex
to_hash = (form['password'] + salt).encode('utf-8')
USERS.update_one({'username': form['username']},
{'$set': {
'password': hashlib.sha512(to_hash).digest(),
'salt': salt
}
})
return 'Operation completed'
@app.route('/users/<method>', methods=['POST']) @app.route('/users/<method>', methods=['POST'])
def users(method): def users(method):
@ -217,10 +235,10 @@ def users(method):
'username': form['username'], 'username': form['username'],
'password': hashlib.sha512(to_hash).digest(), 'password': hashlib.sha512(to_hash).digest(),
'salt': salt, 'salt': salt,
'perm_level': 1
}) })
create_drive('virtual', user.inserted_id) create_drive('virtual', user.inserted_id)
elif method == 'delete': elif method == 'delete':
check = verify_data('users.delete', request.form, session) check = verify_data('users.delete', request.form, session)
@ -232,6 +250,7 @@ def users(method):
pass pass
return 'Operation completed' return 'Operation completed'
@app.route('/drive/<drive_id>/<path:path>') @app.route('/drive/<drive_id>/<path:path>')
def drive_path(): def drive_path():
pass pass
@ -318,16 +337,16 @@ def dir_info(path, t, drive_id):
drives = DRIVES.find_one({'_id': drive_id}) drives = DRIVES.find_one({'_id': drive_id})
tree = drives['tree'] tree = drives['tree']
path = path.replace('.',':').split("/")[1:] path = path.replace('.',':').split("/")[1:]
if path != []: if path != []:
for sub in path: tree = tree[sub] for sub in path: tree = tree[sub]
for k,v in tree.items(): for k,v in tree.items():
is_fol = type(v).__name__ != 'str' is_fol = type(v).__name__ != 'str'
if is_fol: if is_fol:
stats, kind = None, None stats, kind = None, None
else: else:
stats = list(os.stat(drives['path'] + '/' + v)) stats = list(os.stat(drives['path'] + '/' + v))
kind = magic.from_file(drives['path'] + '/' + v, kind = magic.from_file(drives['path'] + '/' + v,
mime=True) mime=True)
full_items.append(info_dict(k.replace(':','.'), \ full_items.append(info_dict(k.replace(':','.'), \
@ -374,14 +393,15 @@ def verify_data(method, form, sess):
''' '''
Verifies permissions and format and sanitizes user input. Verifies permissions and format and sanitizes user input.
For each method, 1) Check for malformed data. 3) Check permissions For each method, 1) Check for malformed data. 3) Check permissions
for operation based on session. 3) Sanitize data. 4) Check for operation based on session. 3) Sanitize data. 4) Check
operation specific requirements. operation specific requirements.
''' '''
err_msgs = { err_msgs = {
'data': 'malformed data', 'data': 'malformed data',
'permission': 'insufficient permissions', 'permission': 'insufficient permissions',
'userexists': 'username already in use', 'userexists': 'username already in use',
'usernotexist': 'user does not exist',
'driveperm': 'the drive is not shared with you', 'driveperm': 'the drive is not shared with you',
'pathinvalid': 'not a valid path' 'pathinvalid': 'not a valid path'
} }
@ -401,7 +421,6 @@ def verify_data(method, form, sess):
except KeyError: except KeyError:
pass pass
elif method == 'users.delete': elif method == 'users.delete':
has_items = exists(data, ['username']) has_items = exists(data, ['username'])
if not has_items: errors.append('data') if not has_items: errors.append('data')
@ -410,10 +429,23 @@ def verify_data(method, form, sess):
return errors.append('permission') return errors.append('permission')
sanitize(data) sanitize(data)
elif method == 'users.modify': elif method == 'users.modify':
pass pass
elif method == 'changepass':
### REIMPLEMENT LATER
has_items = exists(data, ['username', 'password'])
if not has_items: errors.append('data')
sanitize(data)
try:
if USERS.find_one({'username': data['username']}) == None:
errors.append('usernotexist')
except KeyError:
pass
elif method == 'files': elif method == 'files':
has_items = exists(data, ['drive_id', 'path']) has_items = exists(data, ['drive_id', 'path'])
if not has_items: errors.append('data') if not has_items: errors.append('data')
@ -434,7 +466,7 @@ def verify_data(method, form, sess):
errors.append('pathinvalid') errors.append('pathinvalid')
data['is_fol'] = os.path.isdir(drive['path'] + \ data['is_fol'] = os.path.isdir(drive['path'] + \
data['path']) data['path'])
# For real drives, the path is kept as the full real path. # For real drives, the path is kept as the full real path.
data['path'] = drive['path']+data['path'] data['path'] = drive['path']+data['path']
elif drive['type'] == 'virtual': elif drive['type'] == 'virtual':
@ -452,9 +484,8 @@ def verify_data(method, form, sess):
data['is_fol'] = True data['is_fol'] = True
# For virtual drives, the path is just the user request. # For virtual drives, the path is just the user request.
data['drive'] = drive data['drive'] = drive
else: else:
raise Exception('Invalid data verification method.') raise Exception('Invalid data verification method.')
@ -519,4 +550,4 @@ def create_drive(method, owner, form=None):
if __name__ == '__main__': if __name__ == '__main__':
app.run(debug=True) app.run(debug=True)

1
css/index.css
View File

@ -58,6 +58,7 @@ body {
#formContainer input { #formContainer input {
margin-bottom: 10%; margin-bottom: 10%;
padding: 5%; padding: 5%;
width: 90%;
border: none; border: none;
font-size: 130%; font-size: 130%;
font-family: 'Roboto Slab', sans-serif; font-family: 'Roboto Slab', sans-serif;