Added change password functionality
This commit is contained in:
parent
6acada7c75
commit
23cd68556e
37
binbin.py
37
binbin.py
@ -199,6 +199,24 @@ def download(uuid):
|
||||
conditional=True)
|
||||
|
||||
|
||||
@app.route('/changepass', methods=['POST'])
|
||||
def changepass():
|
||||
## FIX LATER
|
||||
check = verify_data('changepass', request.form, session)
|
||||
if not check[0]: return check[1], 400
|
||||
form = check[1]
|
||||
|
||||
salt = uuid.uuid4().hex
|
||||
to_hash = (form['password'] + salt).encode('utf-8')
|
||||
USERS.update_one({'username': form['username']},
|
||||
{'$set': {
|
||||
'password': hashlib.sha512(to_hash).digest(),
|
||||
'salt': salt
|
||||
}
|
||||
})
|
||||
return 'Operation completed'
|
||||
|
||||
|
||||
@app.route('/users/<method>', methods=['POST'])
|
||||
def users(method):
|
||||
if 'username' not in session:
|
||||
@ -217,11 +235,11 @@ def users(method):
|
||||
'username': form['username'],
|
||||
'password': hashlib.sha512(to_hash).digest(),
|
||||
'salt': salt,
|
||||
'perm_level': 1
|
||||
})
|
||||
|
||||
create_drive('virtual', user.inserted_id)
|
||||
|
||||
|
||||
elif method == 'delete':
|
||||
check = verify_data('users.delete', request.form, session)
|
||||
if not check[0]: return check[1], 400
|
||||
@ -232,6 +250,7 @@ def users(method):
|
||||
pass
|
||||
return 'Operation completed'
|
||||
|
||||
|
||||
@app.route('/drive/<drive_id>/<path:path>')
|
||||
def drive_path():
|
||||
pass
|
||||
@ -382,6 +401,7 @@ def verify_data(method, form, sess):
|
||||
'data': 'malformed data',
|
||||
'permission': 'insufficient permissions',
|
||||
'userexists': 'username already in use',
|
||||
'usernotexist': 'user does not exist',
|
||||
'driveperm': 'the drive is not shared with you',
|
||||
'pathinvalid': 'not a valid path'
|
||||
}
|
||||
@ -401,7 +421,6 @@ def verify_data(method, form, sess):
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
|
||||
elif method == 'users.delete':
|
||||
has_items = exists(data, ['username'])
|
||||
if not has_items: errors.append('data')
|
||||
@ -414,6 +433,19 @@ def verify_data(method, form, sess):
|
||||
elif method == 'users.modify':
|
||||
pass
|
||||
|
||||
elif method == 'changepass':
|
||||
### REIMPLEMENT LATER
|
||||
has_items = exists(data, ['username', 'password'])
|
||||
if not has_items: errors.append('data')
|
||||
|
||||
sanitize(data)
|
||||
|
||||
try:
|
||||
if USERS.find_one({'username': data['username']}) == None:
|
||||
errors.append('usernotexist')
|
||||
except KeyError:
|
||||
pass
|
||||
|
||||
elif method == 'files':
|
||||
has_items = exists(data, ['drive_id', 'path'])
|
||||
if not has_items: errors.append('data')
|
||||
@ -454,7 +486,6 @@ def verify_data(method, form, sess):
|
||||
# For virtual drives, the path is just the user request.
|
||||
|
||||
data['drive'] = drive
|
||||
|
||||
else:
|
||||
raise Exception('Invalid data verification method.')
|
||||
|
||||
|
||||
@ -58,6 +58,7 @@ body {
|
||||
#formContainer input {
|
||||
margin-bottom: 10%;
|
||||
padding: 5%;
|
||||
width: 90%;
|
||||
border: none;
|
||||
font-size: 130%;
|
||||
font-family: 'Roboto Slab', sans-serif;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user