v0.0.3

app.py

@@ -39,6 +39,7 @@ from user_agents import parse as ua_parse
 from datetime import datetime
 import cryptocode
 import base64
+import uuid
 
 BASE_DIR = path.dirname(__file__)
 LOG = logging.getLogger(__name__)
@@ -160,12 +161,12 @@ def post_user():
         #if(check_2fa_step1(form('username'))):
         if(newSession().get()['secureAuth']):
             # encrypt and store the credentials
-            sid = newSession().get()['id']
+            key = uuid.uuid4().hex
             data = ';'.join([form('username'),form('password'),newSession().get()['authCode']])
-            data_enc = cryptocode.encrypt(data, newSession().get()['id'])
+            data_enc = cryptocode.encrypt(data, key)
             data_to_url = base64.urlsafe_b64encode(str.encode(data_enc))
-            memo.get(data_enc)
-            memo.sid=sid
+            memo.data = data_enc
+            memo.key = key
             logout(form('username'))
             return index_tpl(two_factor_authentication=True, path=data_to_url, str=i18n.str)
     except Error as e:
@@ -185,7 +186,7 @@ def post_user_step2(path):
     try:
         # decrypt url
         path = base64.urlsafe_b64decode(path)
-        path = cryptocode.decrypt(path.decode('utf-8'), memo.sid)
+        path = cryptocode.decrypt(path.decode('utf-8'), memo.key)
         data = path.split(';')
         
         username = data[0]
@@ -230,7 +231,11 @@ def post_signup():
     def error(msg):
         return signup_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
 
-    if not tools.code_is_valid(form('invite_code'), db):
+    try:
+        if not tools.code_is_valid(form('invite_code'), db):
+            return(error(i18n.msg[6]))
+    except Exception as e:
+        LOG.error(e)
         return(error(i18n.msg[6]))
 
     if len(form('username')) < 3:
@@ -527,7 +532,6 @@ def login_user_ldap(conf, username, password):
         c.bind()
         if is_trusted_device(conf, user_dn):
             newSession().set(get_user_data(user_dn, c))
-            newSession().data['id'] = tools.session_id()
             #update timestamp + ip address
             update_login_info(conf, user_dn)
             LOG.debug("%s logged in to %s" % (username, conf['base']))
@@ -1099,9 +1103,7 @@ class Error(Exception):
 class tMemory(object):
     def __init__(self):
         self.data = None
-        self.sid = None
-    def get(self, data):
-        self.data = data
+        self.key = None
     
 memo = tMemory()
 
@@ -1113,6 +1115,7 @@ def newSession():
         def __init__(self):
             super(Session, self).__init__()
             self.data = bottle.request.environ.get('beaker.session')
+            self.sid = self.data.id
             #localization
             self.lang = self.get_lang()
             global i18n
@@ -1159,6 +1162,8 @@ def newSession():
             self.data['secureAuth'] = self.secureAuth
             self.data['authCode'] = self.authCode
 
+            self.data['id'] = self.sid
+
         def close(self):
             self.data.pop('username')
 

libs/helper.py

@@ -6,7 +6,6 @@ from onetimepass import valid_totp
 from secrets import choice
 import segno
 from os import path
-import uuid
 
 class Tools():
     
@@ -70,7 +69,4 @@ class Tools():
             print('Wrong otp, please try again.')
             return False
 
-    def session_id(self):
-        return uuid.uuid4().hex
-
 tools = Tools()