Pyscii-BBS/auth.py

'''
auth.py - an authentication library for adding users and checking them against a flat-file database

part of Py-BBS.
'''
import sys, json, configparser, comms, hashlib, random, string, menus


config = configparser.ConfigParser()
config.read(sys.argv[1])

dbFile = config.get("Auth","userDb")

def login(conn, username, password, node):
     with open(dbFile) as userdb:
          users = json.loads(userdb.read())
          for user in users['users']:
               if user['name'] == username.replace('\x00',''):
                    if user['id'] == 0:
                         comms.sendString(conn, "\r\nThis account is not usable. This event has been logged.\r\n")
                         conn.close()
                         return
                    password = hashlib.sha256(''.join(password.replace('\x00','')).join(user['salt']).encode('utf-8')).hexdigest()
                    if user['password'] == password:
                         menus.printMenu(conn, 0, node, user['id'])
                    else:
                         comms.sendString(conn, "\r\nInvalid Username or Password!\r\n")

def setProfile(conn):
     comms.sendString(conn,"\r\nDo you want to set a Description?(Y/N) ")
     if comms.getString(conn,2).replace("\x00",'')== "Y":
          comms.sendString(conn,"\r\nWhat do you want to set as your Description?(max 150 char) ")
          description = comms.getString(conn, 150)
     else:
          description = "You Exist!"
     return description

def setPassword(conn, salt):
     comms.sendString(conn, "\r\nWhat do you want your password to be?(max 32 char) ")
     comms.sendString(conn, "\r\nThis will be stored salted and hashed")
     password = comms.getString(conn, 32).replace('\x00','')
     password = hashlib.sha256(''.join(password).join(salt).encode('utf-8')).hexdigest()
     return password

def create(conn):
     salt = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(16))
     comms.sendString(conn, "\r\nWelcome to SB17's BBS!\r\nPowered by Pyscii-BBS!")
     comms.sendString(conn, "\r\nWhat is your name? (max 16 char) ")
     name = comms.getString(conn, 16)
     comms.sendString(conn, "\r\nYou want your name to be " + name + "?(Y/N) ")
     if comms.getChar(conn) == "N":
          comms.sendString(conn, "\r\nRestarting... Press Enter to continue...")
          comms.getChar(conn)
     password = setPassword(conn, salt)
     description = setProfile(conn)
     with open(dbFile) as userdb:
          users = json.load(userdb)
          user = {}
          user["id"] = users["users"][-1]["id"] + 1
          user["name"] = name.replace('\x00','').replace('\u0000','')
          user["password"] = password
          user["salt"] = salt
          user["description"] = description
          users["users"].append(user)
          with open(dbFile,'w') as output:
               json.dump(users, output, indent=4)

     comms.sendString(conn,"\r\nYour profile has been created" + name + "! Reconnect to login!")