From bda66fbdde20478f4dbdfe1afb4e990177ccc03e Mon Sep 17 00:00:00 2001 From: KF7EEL Date: Mon, 10 May 2021 17:13:22 -0700 Subject: [PATCH] complicate passphrase --- hblink.py | 6 ++++-- user_managment/app.py | 50 +++++++++++++++++++++++++++++++++---------- 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/hblink.py b/hblink.py index 2c45114..b0a6660 100755 --- a/hblink.py +++ b/hblink.py @@ -59,6 +59,7 @@ logger = logging.getLogger(__name__) import os, ast import requests, json import base64 +import libscrc # Does anybody read this stuff? There's a PEP somewhere that says I should do this. @@ -502,14 +503,15 @@ class HBSYSTEM(DatagramProtocol): if self.ums_response['mode'] == 'normal': _new_peer_id = bytes_4(int(str(int_id(_peer_id))[:7])) ## print(int_id(_new_peer_id)) - calc_passphrase = base64.b64encode((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big')) + calc_passphrase = base64.b64encode(bytes.fromhex(str(hex(libscrc.ccitt((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))))[2:].zfill(8)))))[2:].zfill(4)) + (_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))))[2:].zfill(8))) + #calc_passphrase = base64.b64encode((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big')) print(calc_passphrase) _calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest()) ums_down = False except Exception as e: ## # If UMS down, default to base 64 auth ## logger.info(e) - calc_passphrase = base64.b64encode((_peer_id) + int(1).to_bytes(2, 'big')) + calc_passphrase = base64.b64encode(bytes.fromhex(str(hex(libscrc.ccitt((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))))[2:].zfill(8)))))[2:].zfill(4)) + (_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + self._CONFIG['USER_MANAGER']['APPEND_INT'].to_bytes(2, 'big'))))[2:].zfill(8))) _calc_hash = bhex(sha256(_salt_str+calc_passphrase).hexdigest()) ums_down = True if self._config['USE_USER_MAN'] == False: diff --git a/user_managment/app.py b/user_managment/app.py index 36f087f..3296bc4 100644 --- a/user_managment/app.py +++ b/user_managment/app.py @@ -17,10 +17,11 @@ import ast import json import datetime from flask_babelex import Babel +import libscrc def gen_passphrase(dmr_id): _new_peer_id = bytes_4(int(str(dmr_id)[:7])) - calc_passphrase = base64.b64encode((_new_peer_id) + append_int.to_bytes(2, 'big')) + calc_passphrase = base64.b64encode(bytes.fromhex(str(hex(libscrc.ccitt((_new_peer_id) + append_int.to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + append_int.to_bytes(2, 'big'))))[2:].zfill(8)))))[2:].zfill(4)) + (_new_peer_id) + append_int.to_bytes(2, 'big') + bytes.fromhex(str(hex(libscrc.posix((_new_peer_id) + append_int.to_bytes(2, 'big'))))[2:].zfill(8))) return str(calc_passphrase)[2:-1] def get_ids(callsign): @@ -41,7 +42,7 @@ class ConfigClass(object): """ Flask application config """ # Flask settings - SECRET_KEY = 'Change me' + SECRET_KEY = 'HFJGKSDGHFJKDFSGHJGFHJ' # Flask-SQLAlchemy settings SQLALCHEMY_DATABASE_URI = db_location # File-based SQL database @@ -219,7 +220,7 @@ def create_app(): # The Admin page requires an 'Admin' role. - @app.route('/admin', methods=['POST', 'GET']) + @app.route('/edit_user', methods=['POST', 'GET']) @roles_required('Admin') # Use of @roles_required decorator def admin_page(): #print(request.args.get('callsign')) @@ -231,24 +232,34 @@ def create_app(): if request.method == 'POST' and request.args.get('callsign') and request.form.get('user_status'): edit_user = User.query.filter(User.username == request.args.get('callsign')).first() if request.form.get('user_status') == "True": - edit_user.is_actived = 1 + edit_user.active = True + content = '''

User ''' + request.args.get('callsign') + ''' has been enabled.

''' if request.form.get('user_status') == "False": - edit_user.is_actived = 0 -## content = edit_user.is_active - db.session.commit() + edit_user.active = False + content = '''

User ''' + request.args.get('callsign') + ''' has been disabled.

''' + if request.form.get('username') != edit_user.username: + print(request.form.get('username')) + #print(edit_user.username) + print('new uname') + edit_user.username = request.form.get('username') + + #db.session.commit() + #edit_user = User.query.filter(User.username == request.args.get('callsign')).first() elif request.method == 'POST' and request.form.get('callsign') and not request.form.get('user_status'): # and request.form.get('user_status') : callsign = request.form.get('callsign') u = User.query.filter_by(username=callsign).first() content = ''' -
+ + + + + + + + + + @@ -347,8 +371,12 @@ def create_app(): ## #tu.dmr_ids = 'jkgfldj' ## #db.session.commit() ## return str([u.is_active, login_passphrase[3153591]]) - - return str(authorized_peer(3153591)[0]) + #edit_user = User.query.filter(User.username == 'bob').first() + #edit_user.active = False + + #db.session.commit() + print(type(current_user.has_roles)) + return str(current_user.roles)
-

+
+
+
+
+
+
+