-
Notifications
You must be signed in to change notification settings - Fork 0
/
lib.py
106 lines (80 loc) · 2.68 KB
/
lib.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
import sqlite3
import pyotp
import json
import base64
def login(username, password):
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
user = c.execute("SELECT * FROM users WHERE username = '{}' and password = '{}'".format(username, password)).fetchone()
if user:
return user['username']
else:
return False
def create(response, username):
session = base64.b64encode(json.dumps({'username': username}).encode())
response.set_cookie('vulpy_session', session)
return response
def password_change(username, password):
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("UPDATE users SET password = '{}' WHERE username = '{}'".format(password, username))
conn.commit()
return True
def password_complexity(password):
return True
def mfa_is_enabled(username):
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
user = c.execute("SELECT * FROM users WHERE username = ? and mfa_enabled = 1", (username, )).fetchone()
if user:
return True
else:
return False
def mfa_disable(username):
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("UPDATE users SET mfa_enabled = 0 WHERE username = ?", (username,))
conn.commit()
return True
def mfa_enable(username):
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("UPDATE users SET mfa_enabled = 1 WHERE username = ?", (username,))
conn.commit()
return True
def mfa_get_secret(username):
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
user = c.execute("SELECT * FROM users WHERE username = ?", (username, )).fetchone()
if user:
return user['mfa_secret'] #True
else:
return False
def mfa_reset_secret(username):
secret=pyotp.random_base32()
conn = sqlite3.connect('db_users.sqlite')
conn.set_trace_callback(print)
conn.row_factory = sqlite3.Row
c = conn.cursor()
c.execute("UPDATE users SET mfa_secret = ? WHERE username = ?", (secret, username))
conn.commit()
return False
def mfa_validate(username, otp):
secret = mfa_get_secret(username)
totp = pyotp.TOTP(secret)
if secret and totp.verify(otp):
return True
else:
return False