• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• vulpy-master
  • owasp-asvs-4.0.csv
  • utils
    • rsa-sign.py
    • aes-encrypt.py
    • ca-csr-create.py
    • rsa-verify.py
    • passwords.txt
    • luncheck.py
    • httpbrute.py
    • skey.py
    • rsa-keygen.py
    • scrypt-verify.py
    • aes-decrypt.py
    • fernet-generate-key.py
    • ca-csr-load.py
    • scrypt-generate.py
    • rsa-encrypt.py
    • crack-hash.py
    • crack-cvv.py
    • ca-create.py
    • scrypt-crack.py
    • hashfile.py
    • rsa-decrypt.py
    • generate_bad_passwords.py
    • hmac_generate.py
  • .~lock.owasp-asvs-4.0.csv#
  • bad
    • libposts.py
    • db.py
    • api_post.py
    • vulpy-ssl.py
    • csp.txt
    • mod_csp.py
    • templates
      • messages.html
      • user.login.html
      • csp.html
      • mfa.enable.html
      • head.html
      • mfa.disable.html
      • welcome.html
      • footer.html
      • posts.view.html
      • user.login.mfa.html
      • user.chpasswd.html
      • user.create.html
      • navbar.html
    • brute.py
    • mod_hello.py
    • libapi.py
    • libsession.py
    • mod_mfa.py
    • api_list.py
    • mod_user.py
    • db_init.py
    • vulpy.py
    • mod_api.py
    • libuser.py
    • libmfa.py
    • .gitignore
    • static
      • w3.css
      • background.xcf
      • font-awesome.min.css
    • mod_posts.py
    • payloads
      • cookie.js
      • hello.html
      • keylogger.js
      • payload.js
  • LICENSE
  • install-on-kali.sh
  • README.rst
  • requirements.txt
  • .gitignore
  • good
    • libposts.py
    • vulpy-ssl.py
    • csp.txt
    • httpbrute.py
    • mod_csp.py
    • templates
      • messages.html
      • user.login.html
      • csp.html
      • mfa.enable.html
      • head.html
      • mfa.disable.html
      • welcome.html
      • footer.html
      • posts.view.html
      • user.login.mfa.html
      • user.chpasswd.html
      • user.create.html
      • navbar.html
    • mod_hello.py
    • libapi.py
    • libsession.py
    • mod_mfa.py
    • mod_user.py
    • db_init.py
    • cutpasswd.py
    • vulpy.py
    • mod_welcome1.py
    • mod_api.py
    • libuser.py
    • libmfa.py
    • .gitignore
    • static
      • w3.css
      • background.xcf
      • font-awesome.min.css
    • mod_posts.py
    • bad-passwords.txt
    • payloads
      • cookie.js
      • hello.html
      • keylogger.js
      • payload.js

from flask import Blueprint, render_template, redirect, request, g, session, make_response, flash
import libmfa
import libuser
import libsession

mod_user = Blueprint('mod_user', __name__, template_folder='templates')


@mod_user.route('/login', methods=['GET', 'POST'])
def do_login():

    session.pop('username', None)

    if request.method == 'POST':

        username = request.form.get('username')
        password = request.form.get('password')
        otp = request.form.get('otp')

        username = libuser.login(username, password)

        if not username:
            flash("Invalid user or password");
            return render_template('user.login.mfa.html')

        if libmfa.mfa_is_enabled(username):
            if not libmfa.mfa_validate(username, otp):
                flash("Invalid OTP");
                return render_template('user.login.mfa.html')

        response = make_response(redirect('/'))
        response = libsession.create(response=response, username=username)
        return response

    return render_template('user.login.mfa.html')


@mod_user.route('/create', methods=['GET', 'POST'])
def do_create():

    session.pop('username', None)

    if request.method == 'POST':

        username = request.form.get('username')
        password = request.form.get('password')
        #email = request.form.get('password')
        if not username or not password:
            flash("Please, complete username and password")
            return render_template('user.create.html')

        libuser.create(username, password)
        flash("User created. Please login.")
        return redirect('/user/login')

        #session['username'] = libuser.login(username, password)

        #if session['username']:
        #    return redirect('/')

    return render_template('user.create.html')


@mod_user.route('/chpasswd', methods=['GET', 'POST'])
def do_chpasswd():

    if request.method == 'POST':

        password = request.form.get('password')
        password_again = request.form.get('password_again')

        if password != password_again:
            flash("The passwords don't match")
            return render_template('user.chpasswd.html')

        if not libuser.password_complexity(password):
            flash("The password don't comply our complexity requirements")
            return render_template('user.chpasswd.html')

        libuser.password_change(g.session['username'], password) # = libuser.login(username, password)
        flash("Password changed")

    return render_template('user.chpasswd.html')