easyctf-2017/server/api/user.py

97 lines
3.2 KiB
Python
Raw Normal View History

from flask import Blueprint, session, request, redirect, url_for
2015-12-24 02:06:49 +00:00
from flask import current_app as app
from models import db, Users
2015-12-27 00:19:31 +00:00
from decorators import api_wrapper
2015-12-23 23:23:18 +00:00
2015-12-27 01:21:15 +00:00
import logger
2015-12-24 04:31:50 +00:00
import requests
2015-12-24 02:30:51 +00:00
import utils
2015-12-23 23:23:18 +00:00
blueprint = Blueprint("user", __name__)
@blueprint.route("/register", methods=["POST"])
@api_wrapper
def user_register():
2016-01-03 04:02:56 +00:00
# if not validate_captcha(request.form):
# return { "success": 0, "message": "Please do the captcha." }
2015-12-24 04:31:50 +00:00
name = request.form["name"]
username = request.form["username"]
password = request.form["password"]
password_confirm = request.form["password_confirm"]
email = request.form["email"]
2015-12-24 02:06:49 +00:00
username_exists = Users.query.add_columns("name", "uid").filter_by(username_lower=username.lower()).first()
email_exists = Users.query.add_columns("name", "uid").filter_by(email=email.lower()).first()
2015-12-24 02:06:49 +00:00
if password != password_confirm:
return { "success": 0, "message": "Passwords do not match." }
if len(password) > 128:
return { "success": 0, "message": "Password is too long." }
if len(password) == 0:
return { "success": 0, "message": "Password is too short." }
if len(username) > 64:
return { "success": 0, "message": "Username is too long." }
if username_exists:
return { "success": 0, "message": "Username is already taken." }
if email_exists:
return { "success": 0, "message": "Email has already been used." }
2015-12-24 02:06:49 +00:00
add_user(name, username, email, password)
logger.log("registrations", logger.INFO, "%s registered with %s" % (name.encode("utf-8"), email.encode("utf-8")))
2015-12-24 02:06:49 +00:00
return { "success": 1, "message": "Success!" }
2015-12-24 00:54:47 +00:00
@blueprint.route("/logout", methods=["POST"])
@api_wrapper
def user_logout():
session.clear()
2015-12-24 00:54:47 +00:00
@blueprint.route("/login", methods=["POST"])
@api_wrapper
def user_login():
email = request.form["email"]
password = request.form["password"]
user = Users.query.filter_by(email=email).first()
if user is None:
return { "success": 0, "message": "Invalid credentials." }
2015-12-25 00:57:58 +00:00
if utils.check_password(user.password, password):
session["username"] = user.username
2016-01-02 18:40:56 +00:00
if user.admin:
session["admin"] = True
session["logged_in"] = True
return { "success": 1, "message": "Success!" }
else:
return { "success": 0, "message": "Invalid credentials." }
2015-12-24 02:06:49 +00:00
@blueprint.route("/status", methods=["POST"])
@api_wrapper
def user_status():
status = {
"logged_in": is_logged_in(),
"admin": is_admin(),
"username": session["username"] if is_logged_in() else "",
}
return status
def is_logged_in():
return "logged_in" in session and session["logged_in"]
def is_admin():
return "admin" in session and session["admin"]
2015-12-24 02:06:49 +00:00
def add_user(name, username, email, password):
user = Users(name, username, email, password)
db.session.add(user)
db.session.commit()
2015-12-24 04:31:50 +00:00
def validate_captcha(form):
if "captcha_response" not in form:
return False
captcha_response = form["captcha_response"]
data = {"secret": "6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu", "response": captcha_response}
response = requests.post("https://www.google.com/recaptcha/api/siteverify", data=data)
return response.json()["success"]