forked from fportantier/vulpy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlibuser.py
137 lines (95 loc) · 3.14 KB
/
libuser.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
import hashlib
import os
import sqlite3
from binascii import hexlify, unhexlify
from pathlib import Path
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
from cryptography.exceptions import InvalidKey
HERE = Path(__file__).parent
def login(username, password, **kwargs):
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
user = c.execute("SELECT * FROM users WHERE username = ?", (username,)).fetchone()
if not user:
#print('The user doesnt exists')
return False
backend = default_backend()
kdf = Scrypt(
salt=unhexlify(user['salt']),
length=32,
n=2**14,
r=8,
p=1,
backend=backend
)
try:
kdf.verify(password.encode(), unhexlify(user['password']))
#print('valid')
return username
except InvalidKey:
#print('invalid1')
return False
except Exception as e:
#print('invalid2', e)
return False
#print('No deberia haber llegado aca')
return False
def user_create(username, password=None):
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("INSERT INTO users (username, password, salt, failures, mfa_enabled, mfa_secret) VALUES ('%s', '%s', '%s', '%d', '%d', '%s')" %(username, '', '', 0, 0, ''))
conn.commit()
if password:
password_set(username, password)
return True
def password_set(username, password):
backend = default_backend()
salt = os.urandom(16)
kdf = Scrypt(
salt=salt,
length=32,
n=2**14,
r=8,
p=1,
backend=backend
)
key = kdf.derive(password.encode())
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
print('Changing password for', username)
c.execute("UPDATE users SET password = ?, salt = ? WHERE username = ?", (hexlify(key).decode(), hexlify(salt).decode(), username))
conn.commit()
def userlist():
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
users = c.execute("SELECT * FROM users").fetchall()
if not users:
return []
else:
return [ user['username'] for user in users ]
def password_change(username, old_password, new_password):
if not login(username, old_password):
return False
if not is_password_allowed(new_password):
return False
password_set(username, new_password)
return True
def is_password_complex(password):
return len(password) >= 12
def is_password_leaked(password):
with (HERE / 'leaked_passwords.txt').open() as leaked_password_file:
for p in leaked_password_file.read().split('\n'):
if password == p:
return True
return False
def is_password_allowed(password):
return is_password_complex(password) and not is_password_leaked(password)