This commit is contained in:
aitzol 2022-04-25 13:10:25 +02:00
parent ae4122cacf
commit 6d30add55e
8 changed files with 43 additions and 37 deletions

63
app.py
View File

@ -30,7 +30,7 @@ from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult,
LDAPSocketOpenError, LDAPExceptionError LDAPSocketOpenError, LDAPExceptionError
import logging import logging
from os import getenv, environ, path from os import getenv, environ, path
import re #import re
from libs import flist, slist from libs import flist, slist
from libs.localization import * from libs.localization import *
from libs.helper import * from libs.helper import *
@ -107,21 +107,18 @@ def get_index():
@post('/user') @post('/user')
def post_user(): def post_user():
form = request.forms.getunicode form = request.forms.getunicode
tools = Tools()
def error(msg): def error(msg):
return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str) return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
def username_validation(e):
regex = r'^\w+$'
return(bool(re.fullmatch(regex, e)))
if len(form('username')) < 3: if len(form('username')) < 3:
return error(i18n.msg[1]) return error(i18n.msg[1])
elif not username_validation(form('username')): elif not tools.input_validation(form('username')):
return error(i18n.msg[6]) return error(i18n.msg[6])
if len(form('password')) < 1: if not tools.pwd_validation(form('password')):
return error(i18n.msg[2]) return error(i18n.msg[21])
try: try:
login(form('username'), form('password')) login(form('username'), form('password'))
@ -133,6 +130,7 @@ def post_user():
@post('/signup') @post('/signup')
def post_signup(): def post_signup():
#ensure that i18n exists #ensure that i18n exists
if 'i18n' not in globals(): if 'i18n' not in globals():
newSession() newSession()
@ -140,17 +138,9 @@ def post_signup():
form = request.forms.getunicode form = request.forms.getunicode
isFake = False isFake = False
manage_codes = Tools() tools = Tools()
db = 'data/invite-codes.db' db = 'data/invite-codes.db'
def username_validation(e):
regex = r'^\w+$'
return(bool(re.fullmatch(regex, e)))
def email_validation(e):
regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
return(bool(re.fullmatch(regex, e)))
def auto_complete(arg): def auto_complete(arg):
if arg == 'firstname': if arg == 'firstname':
result = random.choice(flist.firstname) result = random.choice(flist.firstname)
@ -161,14 +151,14 @@ def post_signup():
def error(msg): def error(msg):
return signup_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str) return signup_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
if not manage_codes.code_is_valid(form('invite_code'), db): if not tools.code_is_valid(form('invite_code'), db):
return(error(i18n.msg[4])) return(error(i18n.msg[4]))
if len(form('username')) < 3: if len(form('username')) < 3:
return error(i18n.msg[5]) return error(i18n.msg[5])
username = form('username').lower() username = form('username').lower()
if not username_validation(username): if not tools.input_validation(username):
return error(i18n.msg[6]) return error(i18n.msg[6])
if len(form('firstname')) == 0: if len(form('firstname')) == 0:
@ -184,15 +174,14 @@ def post_signup():
surname = form('surname').lower() surname = form('surname').lower()
email = form('email').lower() email = form('email').lower()
if not email_validation(email): if not tools.email_validation(email):
return error(i18n.msg[14]) return error(i18n.msg[14])
if form('password') != form('confirm-password'): if not tools.pwd_validation(form('password')):
return error(i18n.msg[8]) #mezua ALDATU egin behar da
elif form('password') != form('confirm-password'):
return error(i18n.msg[7]) return error(i18n.msg[7])
if len(form('password')) < 8:
return error(i18n.msg[8])
try: try:
account_request(username, firstname, surname, form('password'), email, isFake) account_request(username, firstname, surname, form('password'), email, isFake)
except Error as e: except Error as e:
@ -200,7 +189,7 @@ def post_signup():
return error(str(e)) return error(str(e))
try: try:
manage_codes.mark_code_as_used(form('invite_code'), db) tools.mark_code_as_used(form('invite_code'), db)
except Error as e: except Error as e:
LOG.warning("There was a problem verifying the invitation code, please try again later.", e) LOG.warning("There was a problem verifying the invitation code, please try again later.", e)
return error(str(e)) return error(str(e))
@ -212,6 +201,7 @@ def post_signup():
@post('/edit_fullname') @post('/edit_fullname')
def post_edit_fullname(): def post_edit_fullname():
form = request.forms.getunicode form = request.forms.getunicode
tools = Tools()
try: try:
username = newSession().get()['username'] username = newSession().get()['username']
@ -225,9 +215,13 @@ def post_edit_fullname():
if len(form('firstname')) < 3: if len(form('firstname')) < 3:
return error(i18n.msg[11]) return error(i18n.msg[11])
elif not tools.input_validation(form('firstname')):
return error(i18n.msg[6]) #Not allowed characters for the firstname field. ALDATU
if len(form('surname')) < 3: if len(form('surname')) < 3:
return error(i18n.msg[12]) return error(i18n.msg[12])
elif not tools.input_validation(form('surname')):
return error(i18n.msg[6]) #Not allowed characters for the surname field. ALDATU
try: try:
edit_fullname(username, old_firstname, old_surname, form('firstname').lower(), form('surname').lower()) edit_fullname(username, old_firstname, old_surname, form('firstname').lower(), form('surname').lower())
@ -240,6 +234,7 @@ def post_edit_fullname():
@post('/edit_email') @post('/edit_email')
def post_edit_email(): def post_edit_email():
form = request.forms.getunicode form = request.forms.getunicode
tools = Tools()
try: try:
username = newSession().get()['username'] username = newSession().get()['username']
@ -247,14 +242,10 @@ def post_edit_email():
except Error as e: except Error as e:
return index_tpl(alerts=[('error', str(e), 'fadeOut')], str=i18n.str) return index_tpl(alerts=[('error', str(e), 'fadeOut')], str=i18n.str)
def email_is_valid(e):
regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
return(bool(re.fullmatch(regex, e)))
def error(msg): def error(msg):
return edit_email_tpl(alerts=[('error', msg, 'fadeOut')], data=newSession().get(), str=i18n.str) return edit_email_tpl(alerts=[('error', msg, 'fadeOut')], data=newSession().get(), str=i18n.str)
if not email_is_valid(form('email')): if not tools.email_validation(form('email')):
return(error(i18n.msg[14])) return(error(i18n.msg[14]))
try: try:
@ -268,6 +259,8 @@ def post_edit_email():
@post('/change_pwd') @post('/change_pwd')
def post_change_pwd(): def post_change_pwd():
form = request.forms.getunicode form = request.forms.getunicode
tools = Tools()
try: try:
username=newSession().get()['username'] username=newSession().get()['username']
except Error as e: except Error as e:
@ -276,13 +269,11 @@ def post_change_pwd():
def error(msg): def error(msg):
return change_pwd_tpl(username=username, alerts=[('error', msg, 'fadeOut')], str=i18n.str) return change_pwd_tpl(username=username, alerts=[('error', msg, 'fadeOut')], str=i18n.str)
if form('new-password') != form('confirm-password'): if (not tools.pwd_validation(form('new-password')) or not tools.pwd_validation(form('confirm-password'))):
return error(i18n.msg[8]) #mezua aldatu egin behar da
elif form('new-password') != form('confirm-password'):
return error(i18n.msg[7]) return error(i18n.msg[7])
elif form('old-password') == form('confirm-password'):
if len(form('new-password')) < 8:
return error(i18n.msg[8])
if form('old-password') == form('confirm-password'):
return error(i18n.msg[17]) return error(i18n.msg[17])
try: try:

Binary file not shown.

Binary file not shown.

View File

@ -1,6 +1,7 @@
#!/usr/bin/python3 #!/usr/bin/python3
import sqlite3 import sqlite3
import re
class Tools(): class Tools():
@ -22,4 +23,18 @@ class Tools():
cur = con.cursor() cur = con.cursor()
cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code)) cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code))
con.commit() con.commit()
#forms validation
def input_validation(self, e):
regex = r'^\w+$'
return(bool(re.fullmatch(regex, e)))
def email_validation(self, e):
regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
return(bool(re.fullmatch(regex, e)))
def pwd_validation(self, e):
regex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$'
return(bool(re.fullmatch(regex, e)))