-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadditional_funcs.py
123 lines (101 loc) · 3.02 KB
/
additional_funcs.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
import json
import os
import bcrypt
import sqlite3
from flask import flash, session, request
import base64
APP_ROOT = os.path.dirname(os.path.abspath(__file__))
CONFIG_ARGS = json.loads(open(os.path.join(APP_ROOT, 'config.json')).read())
def cursor_results(cursor):
"""Runs fetchall once on the attached cursor.
Gets the column names. Iterates the fetched
results and attaches a dictionary of the
column name and value of the column for each
row.
:param cursor:
:return:
"""
r = cursor.fetchall()
c = cursor.description
output = []
for row in r:
output_d = {}
for col, col_name in zip(row, c):
output_d[col_name[0]] = col
output.append(output_d)
return output
def verify_csrf():
"""
Gets the csrf token from the form
and from the session cookie. Validates
that they match and returns True.
Otherwise if there's any missing data or
they don't match, flashes the appropriate
message and returns False.
:return: True if valid csrf token else False
"""
csrf_token = request.form.get('csrf-token', '')
cookie_token = session.get('csrf-token', False)
if cookie_token is False:
flash_message('Your session has expired.', 'danger')
return False
if csrf_token != cookie_token:
flash_message('Invalid CSRF token.', 'danger')
return False
return True
def make_csrf():
session['csrf-token'] = base64.b64encode(
os.urandom(16)).decode()
def flash_message(msg, alert):
"""Flash a message on the next loaded page.
alert options:
primary
secondary
success
danger
warning
info
light
dark
:param msg: The message str
:param alert: Must be a valid alert str
"""
flash({'alert': alert, 'message': msg})
def create_db_conn():
"""Returns a tuple of the
sqlite connection and cursor,
in that order.
:return:
"""
conn = sqlite3.connect(os.path.join(
APP_ROOT, CONFIG_ARGS['DB_NAME']
))
cursor = conn.cursor()
return conn, cursor
def create_hash_pw(pw, salt=None):
"""
Hashes a given password and returns both the hashed
pw and the salt that was used.
:param pw: A password you'd like to create a hash for.
:param salt: Default is None, however this func is
used in checking the pw and that's the only
time this should be provided.
:returns: hashed pw, salt
"""
if salt is None:
salt = bcrypt.gensalt().decode()
combo = pw + salt + CONFIG_ARGS['MASTER_SECRET_KEY']
return bcrypt.hashpw(combo.encode(), salt.encode()), salt
def check_pw(pw, hashed_pw, salt):
"""
Checks a provided password against a hashed pw,
requires the same salt that the hashed pw was
made with.
:param str pw: The typed password
:param str hashed_pw:
:param str salt:
:return: True if passwords match else False
"""
if hashed_pw != create_hash_pw(pw, salt)[0]:
return False
return True