Added change password functionality

2020-08-06 23:03:36 -04:00 · 2020-08-06 23:03:36 -04:00 · 23cd68556e
commit 23cd68556e
parent 6acada7c75
2 changed files with 50 additions and 18 deletions
--- a/binbin.py
+++ b/binbin.py
@ -106,7 +106,7 @@ def mydrives():

 	for drive in shared:
 		drive_info = {
-			'_id': str(drive['_id']),
+ 			'_id': str(drive['_id']),
 			'name': drive['name'],
 			'size': drive['size']
 		}
@ -199,6 +199,24 @@ def download(uuid):
 							conditional=True)


+@app.route('/changepass', methods=['POST'])
+def changepass():
+	## FIX LATER
+	check = verify_data('changepass', request.form, session)
+	if not check[0]: return check[1], 400
+	form = check[1]
+
+	salt = uuid.uuid4().hex
+	to_hash = (form['password'] + salt).encode('utf-8')
+	USERS.update_one({'username': form['username']},
+		{'$set': {
+			'password': hashlib.sha512(to_hash).digest(),
+			'salt': salt
+		}
+	})
+	return 'Operation completed'
+
+
@app.route('/users/<method>', methods=['POST'])
 def users(method):
 	if 'username' not in session:
@ -217,11 +235,11 @@ def users(method):
 			'username': form['username'],
 			'password': hashlib.sha512(to_hash).digest(),
 			'salt': salt,
-			'perm_level': 1
 		})

 		create_drive('virtual', user.inserted_id)
 		
+
 	elif method == 'delete':
 		check = verify_data('users.delete', request.form, session)
 		if not check[0]: return check[1], 400
@ -232,6 +250,7 @@ def users(method):
 		pass
 	return 'Operation completed'

+
@app.route('/drive/<drive_id>/<path:path>')
 def drive_path():
 	pass
@ -382,6 +401,7 @@ def verify_data(method, form, sess):
 		'data': 'malformed data',
 		'permission': 'insufficient permissions',
 		'userexists': 'username already in use',
+		'usernotexist': 'user does not exist',
 		'driveperm': 'the drive is not shared with you',
 		'pathinvalid': 'not a valid path'
 	}
@ -401,7 +421,6 @@ def verify_data(method, form, sess):
 		except KeyError:
 			pass

-
 	elif method == 'users.delete':
 		has_items = exists(data, ['username'])
 		if not has_items: errors.append('data')
@ -414,6 +433,19 @@ def verify_data(method, form, sess):
 	elif method == 'users.modify':
 		pass

+	elif method == 'changepass':
+		### REIMPLEMENT LATER
+		has_items = exists(data, ['username', 'password'])
+		if not has_items: errors.append('data')
+
+		sanitize(data)
+
+		try:
+			if USERS.find_one({'username': data['username']}) == None:
+				errors.append('usernotexist')
+		except KeyError:
+			pass
+
 	elif method == 'files':
 		has_items = exists(data, ['drive_id', 'path'])
 		if not has_items: errors.append('data')
@ -454,7 +486,6 @@ def verify_data(method, form, sess):
 			# For virtual drives, the path is just the user request.

 		data['drive'] = drive
-		
 	else:
 		raise Exception('Invalid data verification method.')

--- a/css/index.css
+++ b/css/index.css
@ -58,6 +58,7 @@ body {
 #formContainer input {
 	margin-bottom: 10%;
 	padding: 5%;
+	width: 90%;
 	border: none;
 	font-size: 130%;
 	font-family: 'Roboto Slab', sans-serif;