1
Fork 0
mirror of https://github.com/RYGhub/royalnet.git synced 2024-11-23 19:44:20 +00:00

Added password change command

This commit is contained in:
Steffo 2017-03-10 10:34:27 +01:00
parent 45401da9c9
commit e506249bd3
2 changed files with 55 additions and 5 deletions

View file

@ -132,10 +132,30 @@ Sintassi: `/sync <username> <password>`"""
await update.message.chat.send_message(bot, "⚠ Username o password non validi.")
async def changepassword(bot, update, arguments):
"""Cambia la tua password del Database Royal Games.
Sintassi: `/changepassword <username> <oldpassword> <newpassword>`"""
if len(arguments) != 3:
await update.message.chat.send_message(bot, "⚠ Sintassi del comando non valida.\n`/sync <username> <password>`")
return
# TODO: this can be improved
# Try to login
_, logged_user = database.login(arguments[0], arguments[1])
# Check if the login is successful
if logged_user is not None:
# Change the password
database.change_password(logged_user.username, arguments[2])
await update.message.chat.send_message(bot, f"Il cambio password è riuscito!\n\n_Info per smanettoni: la tua password è hashata nel database come_ `{logged_user.password}`.")
else:
await update.message.chat.send_message(bot, "⚠ Username o password non validi.")
if __name__ == "__main__":
b.commands["leggi"] = leggi
b.commands["diario"] = diario
b.commands["discord"] = discord
b.commands["sync"] = sync
b.commands["changepassword"] = changepassword
b.commands["help"] = help
b.run()

View file

@ -3,6 +3,14 @@ from sqlalchemy.orm import sessionmaker
from sqlalchemy.ext.declarative import declarative_base
import bcrypt
class NoUsersMatchingError(Exception):
pass
class InvalidPasswordError(Exception):
pass
# Initialize the database
engine = create_engine("sqlite:///db.sqlite")
Base = declarative_base()
@ -35,7 +43,24 @@ def create_user(username, password, royal=False):
# Commit the changes
session.commit()
def login(username, password):
# TODO: check for vulnerabilities
def change_password(username, newpassword):
# Create a new session
session = Session()
# Hash the new password using bcrypt
hashed_password = bcrypt.hashpw(newpassword.encode("utf8"), bcrypt.gensalt())
# Find the user entry
users = session.query(User).filter_by(username=username).all()
if len(users) == 0:
raise NoUsersMatchingError("No users with the specified username found.")
db_user = users[0]
# Change the password and commit
db_user.password = hashed_password
session.commit()
def login(username, password, enable_exceptions=False):
"""Try to login using the database password. The session is always returned, while the user object is returned if the login is successful."""
# Create a new session
session = Session()
@ -43,13 +68,18 @@ def login(username, password):
users = session.query(User).filter(User.username == username).all()
# No user with a matching username found
if len(users) == 0:
return session, None
if enable_exceptions:
raise NoUsersMatchingError("No users with the specified username found.")
else:
return session, None
db_user = users[0]
# Test the password and return the session and the user if successful
if bcrypt.hashpw(password.encode("utf8"), db_user.password) == db_user.password:
# TODO: Maybe there's a better way to do this?
return session, db_user
else:
if enable_exceptions:
raise InvalidPasswordError("The specified password doesn't match the user's.")
else:
return session, None