mirror of
https://github.com/RYGhub/royalnet.git
synced 2024-11-23 19:44:20 +00:00
Added password change command
This commit is contained in:
parent
45401da9c9
commit
e506249bd3
2 changed files with 55 additions and 5 deletions
20
basicbot.py
20
basicbot.py
|
@ -132,10 +132,30 @@ Sintassi: `/sync <username> <password>`"""
|
|||
await update.message.chat.send_message(bot, "⚠ Username o password non validi.")
|
||||
|
||||
|
||||
async def changepassword(bot, update, arguments):
|
||||
"""Cambia la tua password del Database Royal Games.
|
||||
|
||||
Sintassi: `/changepassword <username> <oldpassword> <newpassword>`"""
|
||||
if len(arguments) != 3:
|
||||
await update.message.chat.send_message(bot, "⚠ Sintassi del comando non valida.\n`/sync <username> <password>`")
|
||||
return
|
||||
# TODO: this can be improved
|
||||
# Try to login
|
||||
_, logged_user = database.login(arguments[0], arguments[1])
|
||||
# Check if the login is successful
|
||||
if logged_user is not None:
|
||||
# Change the password
|
||||
database.change_password(logged_user.username, arguments[2])
|
||||
await update.message.chat.send_message(bot, f"Il cambio password è riuscito!\n\n_Info per smanettoni: la tua password è hashata nel database come_ `{logged_user.password}`.")
|
||||
else:
|
||||
await update.message.chat.send_message(bot, "⚠ Username o password non validi.")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
b.commands["leggi"] = leggi
|
||||
b.commands["diario"] = diario
|
||||
b.commands["discord"] = discord
|
||||
b.commands["sync"] = sync
|
||||
b.commands["changepassword"] = changepassword
|
||||
b.commands["help"] = help
|
||||
b.run()
|
34
database.py
34
database.py
|
@ -3,6 +3,14 @@ from sqlalchemy.orm import sessionmaker
|
|||
from sqlalchemy.ext.declarative import declarative_base
|
||||
import bcrypt
|
||||
|
||||
class NoUsersMatchingError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
class InvalidPasswordError(Exception):
|
||||
pass
|
||||
|
||||
|
||||
# Initialize the database
|
||||
engine = create_engine("sqlite:///db.sqlite")
|
||||
Base = declarative_base()
|
||||
|
@ -35,7 +43,24 @@ def create_user(username, password, royal=False):
|
|||
# Commit the changes
|
||||
session.commit()
|
||||
|
||||
def login(username, password):
|
||||
|
||||
# TODO: check for vulnerabilities
|
||||
def change_password(username, newpassword):
|
||||
# Create a new session
|
||||
session = Session()
|
||||
# Hash the new password using bcrypt
|
||||
hashed_password = bcrypt.hashpw(newpassword.encode("utf8"), bcrypt.gensalt())
|
||||
# Find the user entry
|
||||
users = session.query(User).filter_by(username=username).all()
|
||||
if len(users) == 0:
|
||||
raise NoUsersMatchingError("No users with the specified username found.")
|
||||
db_user = users[0]
|
||||
# Change the password and commit
|
||||
db_user.password = hashed_password
|
||||
session.commit()
|
||||
|
||||
|
||||
def login(username, password, enable_exceptions=False):
|
||||
"""Try to login using the database password. The session is always returned, while the user object is returned if the login is successful."""
|
||||
# Create a new session
|
||||
session = Session()
|
||||
|
@ -43,13 +68,18 @@ def login(username, password):
|
|||
users = session.query(User).filter(User.username == username).all()
|
||||
# No user with a matching username found
|
||||
if len(users) == 0:
|
||||
return session, None
|
||||
if enable_exceptions:
|
||||
raise NoUsersMatchingError("No users with the specified username found.")
|
||||
else:
|
||||
return session, None
|
||||
db_user = users[0]
|
||||
# Test the password and return the session and the user if successful
|
||||
if bcrypt.hashpw(password.encode("utf8"), db_user.password) == db_user.password:
|
||||
# TODO: Maybe there's a better way to do this?
|
||||
return session, db_user
|
||||
else:
|
||||
if enable_exceptions:
|
||||
raise InvalidPasswordError("The specified password doesn't match the user's.")
|
||||
else:
|
||||
return session, None
|
||||
|
||||
|
|
Loading…
Reference in a new issue