From 6d30add55eab04940224a2afcafe2dbc361f1841 Mon Sep 17 00:00:00 2001
From: aitzol <aitzol@lainoa.eus>
Date: Mon, 25 Apr 2022 13:10:25 +0200
Subject: [PATCH] forms

---
 app.py                                       |  63 ++++++++-----------
 data/invite-codes (kopia).db                 | Bin 0 -> 8192 bytes
 data/invite-codes.db                         | Bin 8192 -> 8192 bytes
 libs/__pycache__/flist.cpython-39.pyc        | Bin 21988 -> 21988 bytes
 libs/__pycache__/helper.cpython-39.pyc       | Bin 992 -> 1610 bytes
 libs/__pycache__/localization.cpython-39.pyc | Bin 3293 -> 3293 bytes
 libs/__pycache__/slist.cpython-39.pyc        | Bin 8243 -> 8243 bytes
 libs/helper.py                               |  17 ++++-
 8 files changed, 43 insertions(+), 37 deletions(-)
 create mode 100644 data/invite-codes (kopia).db

diff --git a/app.py b/app.py
index 55244c9..97e852f 100644
--- a/app.py
+++ b/app.py
@@ -30,7 +30,7 @@ from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult,
     LDAPSocketOpenError, LDAPExceptionError
 import logging
 from os import getenv, environ, path
-import re
+#import re
 from libs import flist, slist
 from libs.localization import *
 from libs.helper import *
@@ -107,21 +107,18 @@ def get_index():
 @post('/user')
 def post_user():
     form = request.forms.getunicode
+    tools = Tools()
 
     def error(msg):
         return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
 
-    def username_validation(e):
-        regex = r'^\w+$'
-        return(bool(re.fullmatch(regex, e)))
-
     if len(form('username')) < 3:
         return error(i18n.msg[1])
-    elif not username_validation(form('username')):
+    elif not tools.input_validation(form('username')):
         return error(i18n.msg[6])
 
-    if len(form('password')) < 1:
-        return error(i18n.msg[2])
+    if not tools.pwd_validation(form('password')):
+        return error(i18n.msg[21])
 
     try:
         login(form('username'), form('password'))
@@ -133,6 +130,7 @@ def post_user():
 
 @post('/signup')
 def post_signup():
+    
     #ensure that i18n exists
     if 'i18n' not in globals():
         newSession()
@@ -140,17 +138,9 @@ def post_signup():
     form = request.forms.getunicode
     isFake = False
 
-    manage_codes = Tools()
+    tools = Tools()
     db = 'data/invite-codes.db'
 
-    def username_validation(e):
-        regex = r'^\w+$'
-        return(bool(re.fullmatch(regex, e)))
-
-    def email_validation(e):
-        regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
-        return(bool(re.fullmatch(regex, e)))
-
     def auto_complete(arg):
         if arg == 'firstname':
             result = random.choice(flist.firstname)
@@ -161,14 +151,14 @@ def post_signup():
     def error(msg):
         return signup_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
 
-    if not manage_codes.code_is_valid(form('invite_code'), db):
+    if not tools.code_is_valid(form('invite_code'), db):
         return(error(i18n.msg[4]))
 
     if len(form('username')) < 3:
         return error(i18n.msg[5])
 
     username = form('username').lower()
-    if not username_validation(username):
+    if not tools.input_validation(username):
         return error(i18n.msg[6])
 
     if len(form('firstname')) == 0:
@@ -184,15 +174,14 @@ def post_signup():
         surname = form('surname').lower()
 
     email = form('email').lower()
-    if not email_validation(email):
+    if not tools.email_validation(email):
         return error(i18n.msg[14])
 
-    if form('password') != form('confirm-password'):
+    if not tools.pwd_validation(form('password')):
+        return error(i18n.msg[8]) #mezua ALDATU egin behar da
+    elif form('password') != form('confirm-password'):
         return error(i18n.msg[7])
 
-    if len(form('password')) < 8:
-        return error(i18n.msg[8])
-
     try:
         account_request(username, firstname, surname, form('password'), email, isFake)
     except Error as e:
@@ -200,7 +189,7 @@ def post_signup():
         return error(str(e))
 
     try:
-        manage_codes.mark_code_as_used(form('invite_code'), db)
+        tools.mark_code_as_used(form('invite_code'), db)
     except Error as e:
         LOG.warning("There was a problem verifying the invitation code, please try again later.", e)
         return error(str(e))
@@ -212,6 +201,7 @@ def post_signup():
 @post('/edit_fullname')
 def post_edit_fullname():
     form = request.forms.getunicode
+    tools = Tools()
 
     try:
         username = newSession().get()['username']
@@ -225,9 +215,13 @@ def post_edit_fullname():
 
     if len(form('firstname')) < 3:
         return error(i18n.msg[11])
+    elif not tools.input_validation(form('firstname')):
+        return error(i18n.msg[6]) #Not allowed characters for the firstname field. ALDATU
 
     if len(form('surname')) < 3:
         return error(i18n.msg[12])
+    elif not tools.input_validation(form('surname')):
+        return error(i18n.msg[6]) #Not allowed characters for the surname field. ALDATU
 
     try:
         edit_fullname(username, old_firstname, old_surname, form('firstname').lower(), form('surname').lower())
@@ -240,6 +234,7 @@ def post_edit_fullname():
 @post('/edit_email')
 def post_edit_email():
     form = request.forms.getunicode
+    tools = Tools()
 
     try:
         username = newSession().get()['username']
@@ -247,14 +242,10 @@ def post_edit_email():
     except Error as e:
         return index_tpl(alerts=[('error', str(e), 'fadeOut')], str=i18n.str)
 
-    def email_is_valid(e):
-        regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
-        return(bool(re.fullmatch(regex, e)))
-
     def error(msg):
         return edit_email_tpl(alerts=[('error', msg, 'fadeOut')], data=newSession().get(), str=i18n.str)
 
-    if not email_is_valid(form('email')):
+    if not tools.email_validation(form('email')):
         return(error(i18n.msg[14]))
 
     try:
@@ -268,6 +259,8 @@ def post_edit_email():
 @post('/change_pwd')
 def post_change_pwd():
     form = request.forms.getunicode
+    tools = Tools()
+
     try:
         username=newSession().get()['username']
     except Error as e:
@@ -276,13 +269,11 @@ def post_change_pwd():
     def error(msg):
         return change_pwd_tpl(username=username, alerts=[('error', msg, 'fadeOut')], str=i18n.str)
 
-    if form('new-password') != form('confirm-password'):
+    if (not tools.pwd_validation(form('new-password')) or not tools.pwd_validation(form('confirm-password'))):
+        return error(i18n.msg[8]) #mezua aldatu egin behar da
+    elif form('new-password') != form('confirm-password'):
         return error(i18n.msg[7])
-
-    if len(form('new-password')) < 8:
-        return error(i18n.msg[8])
-
-    if form('old-password') == form('confirm-password'):
+    elif form('old-password') == form('confirm-password'):
         return error(i18n.msg[17])
 
     try:
diff --git a/data/invite-codes (kopia).db b/data/invite-codes (kopia).db
new file mode 100644
index 0000000000000000000000000000000000000000..b718294a0c7ce53257d89b629028c46d4ce19890
GIT binary patch
literal 8192
zcmeIu%Sr<=6b9f-FJgrfcim<;EqElixnyUR?h2x|J2$yPu~N_?zJRae-Y4;OObcDO
zQkTLxOfos)&oKG!Zsx0PWNGvCXtzv}Q&JS<f-ypf&ZCpZp^Cid9h&^!^*@y+=hv^p
zoGR!C$qyC^pa2S>01BW03ZMWApa2S>01BYMUj$~w(P%U(9=6u4qu+%1yq`K(x3lSD
z#un4d`HbziPT2Pv?{?4Fi(Rk6WJo_rpAHBe(0BSq@2UFBPhb`WPyhu`00mG01yBG5
zPyhu`00sV;z_{oxX^bK?!B-&LT7$OUfzc-BRwwDS=7LL6_PfhL6@rk$CWvitpc8lC
z8mpkGoVVO_6@xE(IT%dM9hVM5+s6FKrUF}Y4^E2cOmejoZQ0GiSUV*ftw5!=2JNE&
ut5O3w!-b1NRx*{H989hDT0{j#8U?zp3^=0&G(6^$Mp>R>#-AMj<~CoTKwAd@

literal 0
HcmV?d00001

diff --git a/data/invite-codes.db b/data/invite-codes.db
index bb2c159c67a5687a104df5a5cb37693e900021ba..b718294a0c7ce53257d89b629028c46d4ce19890 100644
GIT binary patch
delta 75
zcmZp0XmFSy&1f=F#+l!QLC?Q}mw|zSk$)!x|IUqt9{iKH@q2UfUuR(D=VajL+{`8L
fpO008kvWuq@*Q~<M#IU*@=I8N8Z;;0mRAJ;w$2hF

delta 67
zcmZp0XmFSy&B#7c#+jd;LC<?4F9QPuBmYhY{+$~OJ@_YY<M-wSim>t<Gw@&E%q8%j
WZ(@ViWMlaytm=%+p&XO><W&GDa1cWP

diff --git a/libs/__pycache__/flist.cpython-39.pyc b/libs/__pycache__/flist.cpython-39.pyc
index fd0bc85af4427ac45ee3cd6dc46dd3c8588be541..d1a10086619964c8f77dbb5f021636be29babf17 100644
GIT binary patch
delta 22
ccmaE|n(@hMM(#vjUM>b8I4PI5k^5#S08}3a=l}o!

delta 22
ccmaE|n(@hMM(#vjUM>b8&{z?;k^5#S08)zvyZ`_I

diff --git a/libs/__pycache__/helper.cpython-39.pyc b/libs/__pycache__/helper.cpython-39.pyc
index 0a0d14d93b38615bf6da118bd20be126b6699bfb..f46e5c6332e70d684a6600d8c65e81cc77eb7ca3 100644
GIT binary patch
delta 750
zcmaFBeu{@Lk(ZZ?0SL_M(vm(iPvnzPQUdZ)7*ZH>7@{CFV-%x1Lkd$0a|=TXb2C#E
z(?l0FMw^M*sxm1YEeug?DV!->K$<;;JB0^GbENPFGidTnoRZDRv58TZk&$Py91|m>
z=wx|j&H7{}kY!N745V3s*cph6MSw&KV=Yq&LkZ&orW&Ri#)VAHj6jo^{Hj>vV#>8u
zRx%gy0Ttb1DoVY@nO2&UlbcwQoB<RCnQ@CTHHx(;H9fVWhz-bv5bPicfy}&u(vtYH
z#GK5O`oxmV{5(0Ja4`#zU|?intP%^!&(A5=LsA7+M4n5HW0ImBb)yn>s|<84_2N~v
zbz`+15F+(@Kz@uKNT3F&Cbrs0r#2?3NF3;tA}J7o?)KE&#LOIs+rh2^MGl73(G}r#
zdOf~S_K4H4x7E{%202U<!UVb#%8W^Y3OT4Ks%k0QtHo+Uy%m!J6jD~z0t!`I=onhm
zs^IpIDPKW(3X*r!P`o1oi3wCCewv(<y_rq8WkA6r3nJtuS2N2fgF>p92S{)*aj<Z3
f0wD_rOA#n}X)+gag49V&UeBz}0g7i1Mh+$beygAP

delta 132
zcmX@b^MIW%k(ZZ?0SKJ+qmxXTCi2NhNdb8&3@MB`3{ed33@J=0%q<Kl%*{+uj1zs-
z7*!?~tFi<$XmU*4lFi7zS%FcOk&%0`9TOv?$YgtFO=dq$w#hSDO(x%Am5^WsnpDgN
cBsiEjSU5O~n1D=8rXtSC;%wS%APxr;0G=Bb&j0`b

diff --git a/libs/__pycache__/localization.cpython-39.pyc b/libs/__pycache__/localization.cpython-39.pyc
index cd9f3a1b17a28c0d77fa99dd43a8f2865cfab6f8..40109f8b90527a6274501879dbd96cb0e815efa7 100644
GIT binary patch
delta 20
acmcaBc~_D<k(ZZ?0SHdYrETQC!~+01Vg+OX

delta 20
acmcaBc~_D<k(ZZ?0SM&Pqc?J2;sF3Oy9BrZ

diff --git a/libs/__pycache__/slist.cpython-39.pyc b/libs/__pycache__/slist.cpython-39.pyc
index 0b0bb150110ca5aa016bbfbe4e6fbfae0c0bf0d5..4d2b8a4b1e5dee168f015f8715b848632babacda 100644
GIT binary patch
delta 20
acmdn&u-Sn-k(ZZ?0SHdYrETQaPyhfoVg$$l

delta 20
acmdn&u-Sn-k(ZZ?0SGi!1a9QkPyhfm&IFtQ

diff --git a/libs/helper.py b/libs/helper.py
index f3e8eb9..6f6afd0 100644
--- a/libs/helper.py
+++ b/libs/helper.py
@@ -1,6 +1,7 @@
 #!/usr/bin/python3
 
 import sqlite3
+import re
 
 class Tools():
     
@@ -22,4 +23,18 @@ class Tools():
       cur = con.cursor()
 
       cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code))
-      con.commit()
\ No newline at end of file
+      con.commit()
+
+   #forms validation
+
+   def input_validation(self, e):
+      regex = r'^\w+$'
+      return(bool(re.fullmatch(regex, e)))
+
+   def email_validation(self, e):
+      regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
+      return(bool(re.fullmatch(regex, e)))
+
+   def pwd_validation(self, e):
+      regex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$'
+      return(bool(re.fullmatch(regex, e)))
\ No newline at end of file