Skip to content
Snippets Groups Projects
Commit 60fc0d56 authored by Christian Dresen's avatar Christian Dresen
Browse files

Added Reset Password

- Missing: real password reset
parent 70a20679
No related branches found
No related tags found
No related merge requests found
Showing
with 378 additions and 231 deletions
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="PublishConfigData" autoUpload="Always" serverName="LocalDeb">
<component name="PublishConfigData" autoUpload="Always" serverName="warpauth">
<serverData>
<paths name="LocalDeb">
<paths name="warpauth">
<serverdata>
<mappings>
<mapping deploy="warpauth" local="$PROJECT_DIR$" web="/" />
......
......@@ -10,5 +10,5 @@
<ConfirmationsSetting value="0" id="Add" />
<ConfirmationsSetting value="0" id="Remove" />
</component>
<component name="ProjectRootManager" version="2" project-jdk-name="Remote Python 2.7.9 (ssh://root@10.0.0.146:22/usr/bin/python)" project-jdk-type="Python SDK" />
<component name="ProjectRootManager" version="2" project-jdk-name="Python 2.7.6 (C:\Python27\python.exe)" project-jdk-type="Python SDK" />
</project>
\ No newline at end of file
......@@ -12,7 +12,7 @@
</component>
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="jdk" jdkName="Remote Python 2.7.9 (ssh://root@10.0.0.146:22/usr/bin/python)" jdkType="Python SDK" />
<orderEntry type="jdk" jdkName="Python 2.7.6 (C:\Python27\python.exe)" jdkType="Python SDK" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
<component name="TemplatesService">
......
This diff is collapsed.
web/media/flaghunter_logo.png

11.3 KiB

web/media/flaghunter_logo2.png

23.8 KiB

web/media/itsecteam_ms_logo.png

45.4 KiB

File moved
"""FlagHunter URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
https://docs.djangoproject.com/en/1.8/topics/http/urls/
Examples:
Function views
1. Add an import: from my_app import views
2. Add a URL to urlpatterns: url(r'^$', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home')
Including another URLconf
1. Add an import: from blog import urls as blog_urls
2. Add a URL to urlpatterns: url(r'^blog/', include(blog_urls))
"""
from django.conf.urls import include, url
from django.contrib import admin
from django.conf import settings
......
......@@ -6,6 +6,9 @@ class PasswordResetToken(models.Model):
user = models.CharField(max_length=100)
email = models.CharField(max_length=100)
hash = models.CharField(max_length=100)
created = models.DateTimeField(auto_now_add=True)
# LDAP
class LdapUser(ldapdb.models.Model):
......
<link rel="stylesheet" href="{{ MEDIA_URL }}/media/css/bootstrap.min.css"></link>
<script type="text/javascript" src="{{ MEDIA_URL }}/media/js/jquery.js"></script>
<script src="/media/js/bootstrap.js"></script>
<link rel="stylesheet" href="{{ MEDIA_URL }}/media/css/bootstrap.min.css" />
<script type="text/javascript" src="{{ MEDIA_URL }}/media/js/jquery.js" />
<script src="/media/js/bootstrap.js" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
......@@ -24,7 +24,7 @@
<div class="container">
<div class="navbar-header">
<a class="navbar-brand" href="/">
<img style="display: inline; text-align:left" height="25" width="25" src='/media/warpzone_logo.png'/>WarpAuth
<img style="display: inline; text-align:left" height="25" width="25" src='/media/warpzone_logo.png'/>&nbsp;&nbsp;WarpAuth
</a>
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#myNavbar">
<span class="icon-bar"></span>
......
{% extends "base.html" %} {% block content %}
<form class="form-signin" style="max-width: 330px; margin: 0 auto; padding: 40px">
{% csrf_token %}
<h2 class="form-signin-heading">Please sign in</h2>
<label for="inputUser" class="sr-only">User</label>
<input name="username" type="user" id="inputUser" class="form-control" placeholder="User" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input name="password" type="password" id="inputPassword" class="form-control" placeholder="Password" required>
{% if fail == True %}
<div class="alert alert-warning alert-dismissible" role="alert">
<strong>Invalid email or password.</strong>
</div>
{% else %}
<br>
{% endif %}
<button class="btn btn-lg btn-primary btn-block" type="submit" formmethod="post" class="btn btn-default">Sign in</button>
</form>
{% endblock %}
\ No newline at end of file
{% extends "base.html" %}
{% load i18n %}
{% block content %}
<form class="form-signin" style="max-width: 330px; margin: 0 auto; padding: 40px">
{% csrf_token %}
<h2 class="form-signin-heading">Please sign in</h2>
<label for="inputUser">User</label>
<input name="username" type="user" id="inputUser" class="form-control" placeholder="User" required autofocus>
<label for="inputPassword" style="padding-top:10px;">Password</label>
<input name="password" type="password" id="inputPassword" class="form-control" placeholder="Password" required>
{% if fail == True %}
<div class="alert alert-warning alert-dismissible" role="alert">
<strong>Invalid email or password.</strong>
</div>
{% else %}
<br>
{% endif %}
<button class="btn btn-lg btn-primary btn-block" type="submit" formmethod="post" class="btn btn-default">Sign in</button>
<a class="btn" href="/reset_password">{% trans "Forgot Password?" %}</a>
</form>
{% endblock %}
{% extends "base.html" %} {% block content %}
{% if token_error %}
<h2 class="form-signin-heading">The Token was invalid</h2>
{% elif request.POST and not form_error%}
{{ request.POST }}
{% else %}
<form class="form" style="max-width: 330px; margin: 0 auto; padding: 40px">
{% csrf_token %}
<h2 class="form-signin-heading">Please enter your new Password for user {{ username }}</h2>
<label for="inputPassword" class="sr-only">Password</label>
<input name="password" type="password" id="inputPassword" class="form-control" placeholder="Password" required autofocus>
<label for="inputPassword2" class="sr-only">Repeat Password</label>
<input name="password2" type="password" id="inputPassword2" class="form-control" placeholder="Repeat Password" required>
{% if form_error == True %}
<div class="alert alert-warning alert-dismissible" role="alert">
<strong>Passwords didnt match.</strong>
</div>
{% else %}
<br>
{% endif %}
<button class="btn btn-lg btn-primary btn-block" type="submit" formmethod="post" class="btn btn-default">Reset Password</button>
</form>
{% endif %}
{% endblock %}
\ No newline at end of file
from django.conf.urls import url
from warpauthWeb import views
from warpauthWeb.views import main,login,reset_password
urlpatterns = [
# Authentication Pages
url(r'^login/$', views.login_view, name='index'),
url(r'^logout/$', views.logout_view, name='index'),
url(r'^reset_password/$', views.reset_password, name='index'),
url(r'^reset_password/(?P<reset_hash>\w+)/$', views.reset_password, name='index'),
url(r'^login/$', login.login_view, name='index'),
url(r'^logout/$', login.logout_view, name='index'),
url(r'^reset_password/$', reset_password.gen_token, name='index'),
url(r'^reset_password/(?P<reset_hash>\w+)/$', reset_password.change_password, name='index'),
# Main Page
url(r'^$', views.index, name='index'),
url(r'^$', main.index, name='index'),
]
......
#
# Copyright (C) 2015 Sergej Schumilo - Muenster IT Security Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This file is part of FlagHunter.
# See the file LICENSE for copying permission.
#
__author__ = 'Sergej Schumilo'
pages = {'pages': [
{"link":"services", "name": "Services"},
{"link":"exploits", "name": "Exploits"},
{"link":"results", "name": "Results"},
{"link":"pcap_files", "name": "PCAP-Files"},
{"link":"about", "name": "About"},
{"link":"logout", "name": "Logout"},
{"link":"admin", "name": "Admin"}
......
__author__ = 'chris'
......@@ -3,12 +3,8 @@ from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseNotAll
from django.contrib.auth import authenticate, login, logout
from django.shortcuts import redirect
from django.contrib.auth.decorators import login_required
from django.views.decorators.cache import cache_page
from warpauthWeb.util import *
from warpauthWeb.models import PasswordResetToken, LdapUser
import hashlib
import logging
def login_view(request):
pages['body'] = "login"
......@@ -34,33 +30,4 @@ def logout_view(request):
logout(request)
return redirect('/login/')
def reset_password(request, reset_hash=None):
logger = logging.getLogger("reset_password")
if reset_hash is None:
if request.POST:
try:
usr = LdapUser.objects.get(uid=request.POST["username"])
if usr.email == request.POST["email"]:
# p = PasswordResetToken()
# p.user=usr.uid
# p.email=usr.email
# m = hashlib.sha512("asdasd").hexdigest()
# print (m)
#p.save()
# print(p)
logger.info("Success for %s", usr.uid)
except Exception as e:
logger.error("Failed for %s with %s", request.POST["username"],e)
else:
pass
return HttpResponse(render(request, 'reset_password.html', pages))
else:
passwordHash = PasswordResetToken.objects.get(hash=reset_hash)
print(passwordHash)
return HttpResponse(render(request, 'reset_password.html', pages))
@login_required(login_url='/login/', redirect_field_name=None)
def index(request):
pages['body'] = "index"
pages['body_text'] = "WarpAuth"
return HttpResponse(render(request, 'about.html', pages))
from django.shortcuts import render
from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseNotAllowed, HttpResponseNotFound
from django.shortcuts import redirect
from django.contrib.auth.decorators import login_required
from warpauthWeb.util import *
@login_required(login_url='/login/', redirect_field_name=None)
def index(request):
pages['body'] = "index"
pages['body_text'] = "WarpAuth"
print(request.user.ldap_user.group_names)
return HttpResponse(render(request, 'about.html', pages))
from django.shortcuts import render
from django.http import HttpResponse, HttpResponseBadRequest, HttpResponseNotAllowed, HttpResponseNotFound
from django.contrib.auth import authenticate, login, logout
from django.shortcuts import redirect
from django.contrib.auth.decorators import login_required
from django.views.decorators.cache import cache_page
from warpauthWeb.util import *
from warpauthWeb.models import PasswordResetToken, LdapUser
import hashlib
import logging
import os
import datetime
def gen_token(request):
logger = logging.getLogger("reset_password")
if request.POST:
try:
usr = LdapUser.objects.get(uid=request.POST["username"])
if usr.email == request.POST["email"]:
p = PasswordResetToken()
p.user=usr.uid
p.email=usr.email
p.hash = hashlib.sha1(os.urandom(128)).hexdigest()
print (p.hash)
p.save()
logger.info("Success for %s", usr.uid)
except Exception as e:
print(e)
logger.error("Failed for %s with %s", request.POST["username"],e)
else:
pass
return HttpResponse(render(request, 'reset_password/token_gen.html', pages))
def change_password(request, reset_hash=None):
logger = logging.getLogger("reset_password")
# Debug
for pw in PasswordResetToken.objects.all():
print (pw.hash)
#
try:
passwordHash = PasswordResetToken.objects.get(hash=reset_hash)
timediff = datetime.datetime.now() - passwordHash.created
if timediff.seconds/60 > 5:
# passwordHash.delete()
raise ValidationError("Token not valid")
if request.POST:
if request.POST["password"] != request.POST["password2"]:
pages["form_error"] = True
else:
pass
else:
pages["username"] = passwordHash.user
except (ObjectDoesNotExist, ValidationError) as e:
pages["token_error"] = True
except Exception as e:
print(e)
return HttpResponse(render(request, 'reset_password/change_password.html', pages))
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment