-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth_db.py
124 lines (97 loc) · 3.23 KB
/
auth_db.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
import sys
import string
import random
import getpass
import mysql.connector
def add_user(db, cursor, username, password):
# check if username already exists
cursor.execute("SELECT username FROM users WHERE username=%s;", (username,))
if cursor.fetchall():
print("Username '" + username + "' already exists")
return False
# generate salt
salt = ''.join(random.choice(string.ascii_lowercase + string.ascii_uppercase + string.digits) for _ in range(64))
try:
cursor.execute("INSERT INTO users VALUES (%s, SHA2(%s, 256), %s);", (username, salt + password, salt))
except mysql.connector.IntegrityError as err:
print("Error: {}".format(err))
return False
db.commit()
return True
def auth_user(cursor, username, password):
query = "SELECT * FROM users WHERE username=%s and password=SHA2(CONCAT(salt, %s), 256)"
data = (username, password)
cursor.execute(query, data)
# return whether there was a result or not
return bool(cursor.fetchall())
def connect_db(sqluser="dbadmin", host="localhost", db_name="auth"):
"""
Attempt to connect to an existing database. If it doesn't exist, it creates it.
"""
db = mysql.connector.connect(user=sqluser, host=host, db=db_name)
cur = db.cursor()
try:
cur.execute("SHOW TABLES WHERE Tables_in_" + db_name + "='users';")
if cur.fetchall():
# table exists. database is all set
return db
except mysql.connector.errors.ProgrammingError:
cur.execute("CREATE DATABASE " + db_name)
cur.execute("USE " + db_name)
# piece together the sql command to create the table
cmd = "CREATE TABLE users ("
user = "username varchar(128) NOT NULL, "
passwd = "password char(64) NOT NULL, "
salt = "salt char(64) NOT NULL, "
key = "PRIMARY KEY (`username`)) "
etc = "ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"
# create the auth table
cur.execute(cmd + user + passwd + salt + key + etc)
return db
def main(argv):
db = connect_db()
cur = db.cursor()
try:
while True:
cmd = input('> ')
cmd = cmd.split(" ")
cmd[0] = cmd[0].lower()
if cmd[0] == "create":
user = input('Username: ')
if len(user) < 3:
print("Username must be at least 3 characters long")
continue
pw = getpass.getpass()
if len(pw) < 8:
print("Password must be at least 8 characters long")
continue
confirm = getpass.getpass('Confirm Password: ')
if confirm != pw:
print("Passwords do not match")
continue
if add_user(db, cur, user, pw):
print("Account successfully created")
continue
elif cmd[0] == "login":
user = input('Username: ')
pw = getpass.getpass()
if auth_user(cur, user, pw):
print("Access Granted")
continue
else:
print("Access Denied")
continue
elif cmd[0] == "exit":
return
else:
print("Unknown Command '" + cmd[0] + "'")
print("Valid Commands are 'create' and 'login'")
except EOFError:
print("Bye")
return
finally:
# Close the database no matter what happens
db.close()
if __name__ == "__main__":
main(sys.argv)
sys.exit()