import argparse
import hashlib
import logging
import threading
from bottle import abort, error, HTTPResponse, request, response, route, run, static_file, template
import requests
def success():
print \'OK...\'
def test():
PARAMS = {
\'password\': \'foo\',
}
resp = requests.post(\'http://localhost:58080/login/test\', data=PARAMS)
if resp.status_code != 201:
raise Exception(\'User creation failed\')
success()
resp = requests.get(\'http://localhost:58080/login/test\', params=PARAMS)
if resp.status_code != 200:
raise Exception(\'login failed\')
success()
resp = requests.get(\'http://localhost:58080/login/test\', params={\'password\':\'foobarbaz\'})
if resp.status_code != 401:
raise Exception(\'login failed with status code {0}\'.format(resp.status_code))
success()
def get_nonce():
PARAMS = {
\'num\': \'4\',
\'len\': \'16\',
\'lowerlpha\': \'on\',
\'rnd\': \'new\',
\'upperalpha\': \'on\',
\'digits\': \'on\',
\'format\': \'plain\',
\'unique\': \'on\'}
resp = requests.get(\'https://www.random.org/strings/\', params=PARAMS).content
ret = resp.replace(\'\\n\',\'\').replace(\' \',\'\')
logging.debug(ret)
return ret
NONCE = get_nonce()
@route(\'/login/<name>\', method=\'POST\')
def greet(name):
if request.remote_addr != \'127.0.0.1\':
raise "Your IP, {0}, is banned from this endpoint".format(request.remote_addr)
pwd = request.POST.get(\'password\')
m = hashlib.sha256()
m.update(pwd)
USERS[name] = m.hexdigest()
response.status = 201
return response
@route(\'/\', method=\'GET\')
@route(\'/login/<user>\', method=\'GET\')
def login(user):
pwd = request.GET.get(\'password\')
if USERS[user] == my_hash(pwd):
response.set_cookie("account", user, secret=NONCE)
response.status = 200
else:
response.status = 401
return response
@error(404)
def error404(error):
return \'Nothing here, sorry\'
def my_hash(passwd_candidate):
m = hashlib.sha256()
m.update(passwd_candidate)
password_candidate = m.hexdigest()
return password_candidate
def runthr():
run(host=\'localhost\', port=58080, debug=parsed.debug, reloader=parsed.debug)
USERS = {}
parser = argparse.ArgumentParser(description=\'Run the finance web application\')
parser.add_argument(\'-v\',\'--debug\', action=\'store_true\', dest=\'debug\')
parsed = parser.parse_args()
if parsed.debug:
logging.basicConfig(level=logging.DEBUG)
test()
else:
logging.basicConfig()
runthr()