diff --git a/app.py b/app.py index 55244c9..97e852f 100644 --- a/app.py +++ b/app.py @@ -30,7 +30,7 @@ from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult, LDAPSocketOpenError, LDAPExceptionError import logging from os import getenv, environ, path -import re +#import re from libs import flist, slist from libs.localization import * from libs.helper import * @@ -107,21 +107,18 @@ def get_index(): @post('/user') def post_user(): form = request.forms.getunicode + tools = Tools() def error(msg): return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str) - def username_validation(e): - regex = r'^\w+$' - return(bool(re.fullmatch(regex, e))) - if len(form('username')) < 3: return error(i18n.msg[1]) - elif not username_validation(form('username')): + elif not tools.input_validation(form('username')): return error(i18n.msg[6]) - if len(form('password')) < 1: - return error(i18n.msg[2]) + if not tools.pwd_validation(form('password')): + return error(i18n.msg[21]) try: login(form('username'), form('password')) @@ -133,6 +130,7 @@ def post_user(): @post('/signup') def post_signup(): + #ensure that i18n exists if 'i18n' not in globals(): newSession() @@ -140,17 +138,9 @@ def post_signup(): form = request.forms.getunicode isFake = False - manage_codes = Tools() + tools = Tools() db = 'data/invite-codes.db' - def username_validation(e): - regex = r'^\w+$' - return(bool(re.fullmatch(regex, e))) - - def email_validation(e): - regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b' - return(bool(re.fullmatch(regex, e))) - def auto_complete(arg): if arg == 'firstname': result = random.choice(flist.firstname) @@ -161,14 +151,14 @@ def post_signup(): def error(msg): return signup_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str) - if not manage_codes.code_is_valid(form('invite_code'), db): + if not tools.code_is_valid(form('invite_code'), db): return(error(i18n.msg[4])) if len(form('username')) < 3: return error(i18n.msg[5]) username = form('username').lower() - if not username_validation(username): + if not tools.input_validation(username): return error(i18n.msg[6]) if len(form('firstname')) == 0: @@ -184,15 +174,14 @@ def post_signup(): surname = form('surname').lower() email = form('email').lower() - if not email_validation(email): + if not tools.email_validation(email): return error(i18n.msg[14]) - if form('password') != form('confirm-password'): + if not tools.pwd_validation(form('password')): + return error(i18n.msg[8]) #mezua ALDATU egin behar da + elif form('password') != form('confirm-password'): return error(i18n.msg[7]) - if len(form('password')) < 8: - return error(i18n.msg[8]) - try: account_request(username, firstname, surname, form('password'), email, isFake) except Error as e: @@ -200,7 +189,7 @@ def post_signup(): return error(str(e)) try: - manage_codes.mark_code_as_used(form('invite_code'), db) + tools.mark_code_as_used(form('invite_code'), db) except Error as e: LOG.warning("There was a problem verifying the invitation code, please try again later.", e) return error(str(e)) @@ -212,6 +201,7 @@ def post_signup(): @post('/edit_fullname') def post_edit_fullname(): form = request.forms.getunicode + tools = Tools() try: username = newSession().get()['username'] @@ -225,9 +215,13 @@ def post_edit_fullname(): if len(form('firstname')) < 3: return error(i18n.msg[11]) + elif not tools.input_validation(form('firstname')): + return error(i18n.msg[6]) #Not allowed characters for the firstname field. ALDATU if len(form('surname')) < 3: return error(i18n.msg[12]) + elif not tools.input_validation(form('surname')): + return error(i18n.msg[6]) #Not allowed characters for the surname field. ALDATU try: edit_fullname(username, old_firstname, old_surname, form('firstname').lower(), form('surname').lower()) @@ -240,6 +234,7 @@ def post_edit_fullname(): @post('/edit_email') def post_edit_email(): form = request.forms.getunicode + tools = Tools() try: username = newSession().get()['username'] @@ -247,14 +242,10 @@ def post_edit_email(): except Error as e: return index_tpl(alerts=[('error', str(e), 'fadeOut')], str=i18n.str) - def email_is_valid(e): - regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b' - return(bool(re.fullmatch(regex, e))) - def error(msg): return edit_email_tpl(alerts=[('error', msg, 'fadeOut')], data=newSession().get(), str=i18n.str) - if not email_is_valid(form('email')): + if not tools.email_validation(form('email')): return(error(i18n.msg[14])) try: @@ -268,6 +259,8 @@ def post_edit_email(): @post('/change_pwd') def post_change_pwd(): form = request.forms.getunicode + tools = Tools() + try: username=newSession().get()['username'] except Error as e: @@ -276,13 +269,11 @@ def post_change_pwd(): def error(msg): return change_pwd_tpl(username=username, alerts=[('error', msg, 'fadeOut')], str=i18n.str) - if form('new-password') != form('confirm-password'): + if (not tools.pwd_validation(form('new-password')) or not tools.pwd_validation(form('confirm-password'))): + return error(i18n.msg[8]) #mezua aldatu egin behar da + elif form('new-password') != form('confirm-password'): return error(i18n.msg[7]) - - if len(form('new-password')) < 8: - return error(i18n.msg[8]) - - if form('old-password') == form('confirm-password'): + elif form('old-password') == form('confirm-password'): return error(i18n.msg[17]) try: diff --git a/data/invite-codes (kopia).db b/data/invite-codes (kopia).db new file mode 100644 index 0000000..b718294 Binary files /dev/null and b/data/invite-codes (kopia).db differ diff --git a/data/invite-codes.db b/data/invite-codes.db index bb2c159..b718294 100644 Binary files a/data/invite-codes.db and b/data/invite-codes.db differ diff --git a/libs/__pycache__/flist.cpython-39.pyc b/libs/__pycache__/flist.cpython-39.pyc index fd0bc85..d1a1008 100644 Binary files a/libs/__pycache__/flist.cpython-39.pyc and b/libs/__pycache__/flist.cpython-39.pyc differ diff --git a/libs/__pycache__/helper.cpython-39.pyc b/libs/__pycache__/helper.cpython-39.pyc index 0a0d14d..f46e5c6 100644 Binary files a/libs/__pycache__/helper.cpython-39.pyc and b/libs/__pycache__/helper.cpython-39.pyc differ diff --git a/libs/__pycache__/localization.cpython-39.pyc b/libs/__pycache__/localization.cpython-39.pyc index cd9f3a1..40109f8 100644 Binary files a/libs/__pycache__/localization.cpython-39.pyc and b/libs/__pycache__/localization.cpython-39.pyc differ diff --git a/libs/__pycache__/slist.cpython-39.pyc b/libs/__pycache__/slist.cpython-39.pyc index 0b0bb15..4d2b8a4 100644 Binary files a/libs/__pycache__/slist.cpython-39.pyc and b/libs/__pycache__/slist.cpython-39.pyc differ diff --git a/libs/helper.py b/libs/helper.py index f3e8eb9..6f6afd0 100644 --- a/libs/helper.py +++ b/libs/helper.py @@ -1,6 +1,7 @@ #!/usr/bin/python3 import sqlite3 +import re class Tools(): @@ -22,4 +23,18 @@ class Tools(): cur = con.cursor() cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code)) - con.commit() \ No newline at end of file + con.commit() + + #forms validation + + def input_validation(self, e): + regex = r'^\w+$' + return(bool(re.fullmatch(regex, e))) + + def email_validation(self, e): + regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b' + return(bool(re.fullmatch(regex, e))) + + def pwd_validation(self, e): + regex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$' + return(bool(re.fullmatch(regex, e))) \ No newline at end of file