This commit is contained in:
aitzol 2022-04-25 13:10:25 +02:00
parent ae4122cacf
commit 6d30add55e
8 changed files with 43 additions and 37 deletions

63
app.py
View File

@ -30,7 +30,7 @@ from ldap3.core.exceptions import LDAPBindError, LDAPConstraintViolationResult,
LDAPSocketOpenError, LDAPExceptionError
import logging
from os import getenv, environ, path
import re
#import re
from libs import flist, slist
from libs.localization import *
from libs.helper import *
@ -107,21 +107,18 @@ def get_index():
@post('/user')
def post_user():
form = request.forms.getunicode
tools = Tools()
def error(msg):
return index_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
def username_validation(e):
regex = r'^\w+$'
return(bool(re.fullmatch(regex, e)))
if len(form('username')) < 3:
return error(i18n.msg[1])
elif not username_validation(form('username')):
elif not tools.input_validation(form('username')):
return error(i18n.msg[6])
if len(form('password')) < 1:
return error(i18n.msg[2])
if not tools.pwd_validation(form('password')):
return error(i18n.msg[21])
try:
login(form('username'), form('password'))
@ -133,6 +130,7 @@ def post_user():
@post('/signup')
def post_signup():
#ensure that i18n exists
if 'i18n' not in globals():
newSession()
@ -140,17 +138,9 @@ def post_signup():
form = request.forms.getunicode
isFake = False
manage_codes = Tools()
tools = Tools()
db = 'data/invite-codes.db'
def username_validation(e):
regex = r'^\w+$'
return(bool(re.fullmatch(regex, e)))
def email_validation(e):
regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
return(bool(re.fullmatch(regex, e)))
def auto_complete(arg):
if arg == 'firstname':
result = random.choice(flist.firstname)
@ -161,14 +151,14 @@ def post_signup():
def error(msg):
return signup_tpl(alerts=[('error', msg, 'fadeOut')], str=i18n.str)
if not manage_codes.code_is_valid(form('invite_code'), db):
if not tools.code_is_valid(form('invite_code'), db):
return(error(i18n.msg[4]))
if len(form('username')) < 3:
return error(i18n.msg[5])
username = form('username').lower()
if not username_validation(username):
if not tools.input_validation(username):
return error(i18n.msg[6])
if len(form('firstname')) == 0:
@ -184,15 +174,14 @@ def post_signup():
surname = form('surname').lower()
email = form('email').lower()
if not email_validation(email):
if not tools.email_validation(email):
return error(i18n.msg[14])
if form('password') != form('confirm-password'):
if not tools.pwd_validation(form('password')):
return error(i18n.msg[8]) #mezua ALDATU egin behar da
elif form('password') != form('confirm-password'):
return error(i18n.msg[7])
if len(form('password')) < 8:
return error(i18n.msg[8])
try:
account_request(username, firstname, surname, form('password'), email, isFake)
except Error as e:
@ -200,7 +189,7 @@ def post_signup():
return error(str(e))
try:
manage_codes.mark_code_as_used(form('invite_code'), db)
tools.mark_code_as_used(form('invite_code'), db)
except Error as e:
LOG.warning("There was a problem verifying the invitation code, please try again later.", e)
return error(str(e))
@ -212,6 +201,7 @@ def post_signup():
@post('/edit_fullname')
def post_edit_fullname():
form = request.forms.getunicode
tools = Tools()
try:
username = newSession().get()['username']
@ -225,9 +215,13 @@ def post_edit_fullname():
if len(form('firstname')) < 3:
return error(i18n.msg[11])
elif not tools.input_validation(form('firstname')):
return error(i18n.msg[6]) #Not allowed characters for the firstname field. ALDATU
if len(form('surname')) < 3:
return error(i18n.msg[12])
elif not tools.input_validation(form('surname')):
return error(i18n.msg[6]) #Not allowed characters for the surname field. ALDATU
try:
edit_fullname(username, old_firstname, old_surname, form('firstname').lower(), form('surname').lower())
@ -240,6 +234,7 @@ def post_edit_fullname():
@post('/edit_email')
def post_edit_email():
form = request.forms.getunicode
tools = Tools()
try:
username = newSession().get()['username']
@ -247,14 +242,10 @@ def post_edit_email():
except Error as e:
return index_tpl(alerts=[('error', str(e), 'fadeOut')], str=i18n.str)
def email_is_valid(e):
regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
return(bool(re.fullmatch(regex, e)))
def error(msg):
return edit_email_tpl(alerts=[('error', msg, 'fadeOut')], data=newSession().get(), str=i18n.str)
if not email_is_valid(form('email')):
if not tools.email_validation(form('email')):
return(error(i18n.msg[14]))
try:
@ -268,6 +259,8 @@ def post_edit_email():
@post('/change_pwd')
def post_change_pwd():
form = request.forms.getunicode
tools = Tools()
try:
username=newSession().get()['username']
except Error as e:
@ -276,13 +269,11 @@ def post_change_pwd():
def error(msg):
return change_pwd_tpl(username=username, alerts=[('error', msg, 'fadeOut')], str=i18n.str)
if form('new-password') != form('confirm-password'):
if (not tools.pwd_validation(form('new-password')) or not tools.pwd_validation(form('confirm-password'))):
return error(i18n.msg[8]) #mezua aldatu egin behar da
elif form('new-password') != form('confirm-password'):
return error(i18n.msg[7])
if len(form('new-password')) < 8:
return error(i18n.msg[8])
if form('old-password') == form('confirm-password'):
elif form('old-password') == form('confirm-password'):
return error(i18n.msg[17])
try:

Binary file not shown.

Binary file not shown.

View File

@ -1,6 +1,7 @@
#!/usr/bin/python3
import sqlite3
import re
class Tools():
@ -23,3 +24,17 @@ class Tools():
cur.execute('''UPDATE codes SET valid=? WHERE code==?''',(0, code))
con.commit()
#forms validation
def input_validation(self, e):
regex = r'^\w+$'
return(bool(re.fullmatch(regex, e)))
def email_validation(self, e):
regex = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
return(bool(re.fullmatch(regex, e)))
def pwd_validation(self, e):
regex = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*#?&])[A-Za-z\d@$!#%*?&]{8,18}$'
return(bool(re.fullmatch(regex, e)))