easyctf-2017/server/api/user.py

from flask import Blueprint, session, request
from flask import current_app as app

from models import db, Users
from utils import api_wrapper

import requests
import utils

blueprint = Blueprint("user", __name__)

@blueprint.route("/register", methods=["POST"])
@api_wrapper
def user_register():
    if not validate_captcha(request.form):
        return { "success": 0, "message": "Please do the captcha." }

    name = request.form["name"]
    username = request.form["username"]
    password = request.form["password"]
    password_confirm = request.form["password_confirm"]
    email = request.form["email"]

    username_exists = Users.query.add_columns("name", "uid").filter_by(username_lower=username.lower()).first()
    email_exists = Users.query.add_columns("name", "uid").filter_by(email=email).first()

    if password != password_confirm:
        return { "success": 0, "message": "Passwords do not match." }
    if len(password) > 128:
        return { "success": 0, "message": "Password is too long." }
    if len(password) == 0:
        return { "success": 0, "message": "Password is too short." }
    if len(username) > 64:
        return { "success": 0, "message": "Username is too long." }
    if username_exists:
        return { "success": 0, "message": "Username is already taken." }
    if email_exists:
        return { "success": 0, "message": "Email has already been used." }

    add_user(name, username, email, password)

    return { "success": 1, "message": "Success!" }

@blueprint.route("/logout", methods=["POST"])
@api_wrapper
def user_logout():
    session.clear()

@blueprint.route("/login", methods=["POST"])
@api_wrapper
def user_login():
    username = request.form["username"]
    password = request.form["password"]
    user = Users.query.filter_by(username=username).first()
    if utils.check_password(user.password, password):
        session["username"] = username
        session["admin"] = user.admin
        return { "success": 1, "message": "Success!" }
    else:
        return { "success": 0, "message": "Invalid credentials." }

def add_user(name, username, email, password):
    user = Users(name, username, email, password)
    db.session.add(user)
    db.session.commit()

def validate_captcha(form):
    if "captcha_response" not in form:
        return False
    captcha_response = form["captcha_response"]
    data = {"secret": "6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu", "response": captcha_response}
    response = requests.post("https://www.google.com/recaptcha/api/siteverify", data=data)
    if response.json()["success"]:
        return True
    return False
Begin work on user registration 2015-12-24 02:06:49 +00:00			`from flask import Blueprint, session, request`
			`from flask import current_app as app`

			`from models import db, Users`
create registration endpoint 2015-12-23 23:23:18 +00:00			`from utils import api_wrapper`

Validate recaptcha for registration 2015-12-24 04:31:50 +00:00			`import requests`
Add user login functionality 2015-12-24 02:30:51 +00:00			`import utils`

create registration endpoint 2015-12-23 23:23:18 +00:00			`blueprint = Blueprint("user", __name__)`

			`@blueprint.route("/register", methods=["POST"])`
			`@api_wrapper`
			`def user_register():`
Validate recaptcha for registration 2015-12-24 04:31:50 +00:00			`if not validate_captcha(request.form):`
			`return { "success": 0, "message": "Please do the captcha." }`

Begin work on user registration 2015-12-24 02:06:49 +00:00			`name = request.form["name"]`
			`username = request.form["username"]`
			`password = request.form["password"]`
			`password_confirm = request.form["password_confirm"]`
			`email = request.form["email"]`

Make username duplication check case insensitive 2015-12-24 04:09:05 +00:00			`username_exists = Users.query.add_columns("name", "uid").filter_by(username_lower=username.lower()).first()`
Begin work on user registration 2015-12-24 02:06:49 +00:00			`email_exists = Users.query.add_columns("name", "uid").filter_by(email=email).first()`

			`if password != password_confirm:`
			`return { "success": 0, "message": "Passwords do not match." }`
			`if len(password) > 128:`
			`return { "success": 0, "message": "Password is too long." }`
			`if len(password) == 0:`
			`return { "success": 0, "message": "Password is too short." }`
			`if len(username) > 64:`
			`return { "success": 0, "message": "Username is too long." }`
			`if username_exists:`
			`return { "success": 0, "message": "Username is already taken." }`
			`if email_exists:`
			`return { "success": 0, "message": "Email has already been used." }`

			`add_user(name, username, email, password)`

			`return { "success": 1, "message": "Success!" }`
Add user blueprint to app.py 2015-12-24 00:54:47 +00:00
			`@blueprint.route("/logout", methods=["POST"])`
			`@api_wrapper`
			`def user_logout():`
Add user login functionality 2015-12-24 02:30:51 +00:00			`session.clear()`
Add user blueprint to app.py 2015-12-24 00:54:47 +00:00
			`@blueprint.route("/login", methods=["POST"])`
			`@api_wrapper`
			`def user_login():`
Add user login functionality 2015-12-24 02:30:51 +00:00			`username = request.form["username"]`
			`password = request.form["password"]`
			`user = Users.query.filter_by(username=username).first()`
			`if utils.check_password(user.password, password):`
			`session["username"] = username`
			`session["admin"] = user.admin`
			`return { "success": 1, "message": "Success!" }`
			`else:`
			`return { "success": 0, "message": "Invalid credentials." }`
Begin work on user registration 2015-12-24 02:06:49 +00:00
			`def add_user(name, username, email, password):`
			`user = Users(name, username, email, password)`
			`db.session.add(user)`
			`db.session.commit()`
Validate recaptcha for registration 2015-12-24 04:31:50 +00:00
			`def validate_captcha(form):`
			`if "captcha_response" not in form:`
			`return False`
			`captcha_response = form["captcha_response"]`
			`data = {"secret": "6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu", "response": captcha_response}`
			`response = requests.post("https://www.google.com/recaptcha/api/siteverify", data=data)`
			`if response.json()["success"]:`
			`return True`
			`return False`