incomplete authentication system (lecture is over)
This commit is contained in:
parent
5c9efaadb4
commit
dc44f6334d
|
@ -0,0 +1,16 @@
|
|||
# This is probably false advertising because it doesn't actually add a user for you.
|
||||
# It only generates a string that you can copy-paste into users.py
|
||||
|
||||
from pyshare_receiver import salthash
|
||||
import sys
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
if len(sys.argv) != 3:
|
||||
print('''
|
||||
Usage:
|
||||
$ python add_user.py <username> <password>
|
||||
''')
|
||||
sys.exit(0)
|
||||
else:
|
||||
print()
|
|
@ -1,19 +0,0 @@
|
|||
# this file can be run on a server to act as the endpoint of the script.
|
||||
# I mainly want to test whether this is faster than sftp
|
||||
|
||||
from flask import Flask, request
|
||||
from werkzeug.utils import secure_filename
|
||||
|
||||
app = Flask(__name__)
|
||||
|
||||
@app.route('/', methods=['POST'])
|
||||
def receive_file() -> tuple:
|
||||
if 'file' in request.files:
|
||||
file = request.files.get('file')
|
||||
filename = secure_filename(file.filename)
|
||||
file.save(filename)
|
||||
return filename, 201
|
||||
return 'you\'re doing this wrong', 418
|
||||
|
||||
if __name__ == "__main__":
|
||||
app.run(ssl_context='adhoc')
|
|
@ -0,0 +1,43 @@
|
|||
# this file can be run on a server to act as the endpoint of the script.
|
||||
# I mainly want to test whether this is faster than sftp
|
||||
|
||||
from flask import Flask, request
|
||||
from werkzeug.utils import secure_filename
|
||||
from hashlib import sha3_256
|
||||
from users import users
|
||||
|
||||
app = Flask(__name__)
|
||||
|
||||
|
||||
def salthash(password, salt):
|
||||
return sha3_256((password + salt).encode('utf8')).hexdigest()
|
||||
|
||||
|
||||
def authenticate(request):
|
||||
print(request.form)
|
||||
if 'name' not in request.form or 'passwd' not in request.form:
|
||||
return False
|
||||
name = request.form.get('name')
|
||||
passwd = request.form.get('passwd')
|
||||
if name in users:
|
||||
user = users.get(name)
|
||||
if salthash(passwd, user[1]) == user[0]:
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
@app.route('/', methods=['POST'])
|
||||
def receive_file() -> tuple:
|
||||
if 'file' in request.files:
|
||||
if authenticate(request) is True:
|
||||
file = request.files.get('file')
|
||||
filename = secure_filename(file.filename)
|
||||
file.save(filename)
|
||||
return filename, 201
|
||||
else:
|
||||
return 'Wrong or no credentials', 403
|
||||
return 'you\'re doing this wrong', 418
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
app.run(ssl_context='adhoc')
|
|
@ -0,0 +1,12 @@
|
|||
# Add credentials for your own users here.
|
||||
# Since I'll only have very few users (probably just me), using a proper DB is overkill
|
||||
# The password hash is generated by
|
||||
# hashlib.sha3_256(bytes((password + salt).encode('utf8'))).hexdigest()
|
||||
|
||||
users = {
|
||||
'user1': ['c7d9c9621e417ea09141edbac126cd1f3ab1b2b94b2ad3b155a1e26a88b216c0', 'user1salt'],
|
||||
}
|
||||
|
||||
# And btw, the password is just 'password'.
|
||||
# I'm just saying this because there will be that one guy who actually thinks
|
||||
# "Oh, I could totally brute-force this password now"
|
Loading…
Reference in New Issue
Block a user