From 46e9cea720ec0868ea7d1b525f4f30f56f8ea935 Mon Sep 17 00:00:00 2001 From: Ville Rantanen Date: Thu, 15 Feb 2018 23:05:15 +0200 Subject: [PATCH] passwords are now longer separate entities. added description field. --- code/app.py | 14 ++---- code/static/css/styles.css | 5 +- code/templates/list.html | 1 + utils/flees-manager.py | 100 ++++++++++++++++++++++++------------- 4 files changed, 76 insertions(+), 44 deletions(-) diff --git a/code/app.py b/code/app.py index 40f98e1..99866e8 100644 --- a/code/app.py +++ b/code/app.py @@ -40,7 +40,7 @@ def index(): authenticated_share = get_share(share['name']) password_set = False if authenticated_share[0]: - password_set = authenticated_share[1]['authenticated'] in ('hash', 'plain') + password_set = authenticated_share[1]['authenticated'] == 'hash' if not expired: if public or password_set: public_shares.append({ @@ -130,7 +130,8 @@ def list_view(name, password = None): upload = get_or_none(share,'upload'), overwrite = get_or_none(share,'overwrite'), direct = allow_direct, - expire = get_or_none(share,'expire') + expire = get_or_none(share,'expire'), + description = get_or_none(share,'description',"") ) @app.route('/logout/', methods=['GET']) @@ -275,11 +276,11 @@ def get_folder_size(path): return total_size -def get_or_none(d,key): +def get_or_none(d,key,none = None): if key in d: return d[key] else: - return None + return none def get_share(name, require_auth = True): @@ -291,11 +292,6 @@ def get_share(name, require_auth = True): return (False, 'Share has expired') authenticated = "no-pass" if require_auth: - if 'pass_plain' in share: - authenticated = False - if name in session: - if session[name] == hashlib.sha1(share['pass_plain'].encode('utf-8')).hexdigest(): - authenticated = "plain" if 'pass_hash' in share: authenticated = False if name in session: diff --git a/code/static/css/styles.css b/code/static/css/styles.css index 443bbc6..99271f6 100755 --- a/code/static/css/styles.css +++ b/code/static/css/styles.css @@ -57,7 +57,10 @@ tr:nth-child(even) { #list_title { margin-left: 5em; } - +#list_description { + margin-left: 2em; + margin-bottom: 1em; +} #list_menu { float:right; padding: 8px; diff --git a/code/templates/list.html b/code/templates/list.html index d5e1ef2..953e1ea 100644 --- a/code/templates/list.html +++ b/code/templates/list.html @@ -40,6 +40,7 @@

{{ name }}

+
{{ description }}
diff --git a/utils/flees-manager.py b/utils/flees-manager.py index 4c04e67..39138a3 100755 --- a/utils/flees-manager.py +++ b/utils/flees-manager.py @@ -47,30 +47,36 @@ def file_size_human(num): def list_shares(shares,opts): table = [] - table.append(('Name', 'Path','Public','Password','Upload','Overwrite','Direct','Expire')) + table.append(('Name', 'Path','Public','Password','PassHash','Upload','Overwrite','Direct','Expire','Description')) for share in shares: public = get_or_no('public',share, False) - password = 'pass_hash' in share or 'pass_plain' in share + passhash = '-' + password = 'pass_hash' in share if opts.show_password: - if not password: - password = "" if 'pass_plain' in share: - password = hashlib.sha1(share['pass_plain'].encode('utf-8')).hexdigest() + password = share['pass_plain'] + else: + password = "" if 'pass_hash' in share: - password = share['pass_hash'] + passhash = share['pass_hash'] + else: + passhash = "-" upload = get_or_no('upload',share, False) overwrite = get_or_no('overwrite',share, True) direct = get_or_no('direct_links',share, False) if password else False expire = get_or_no('expire',share, "-") + description = get_or_no('description',share, "")[0:20] table.append(( share['name'], share['path']+"/", public, password, + passhash, upload, overwrite, direct, - expire + expire, + description )) print(tabulate(table, headers = "firstrow")) @@ -115,15 +121,13 @@ def add_share(shares, config, opts): 'upload': opts.upload, 'overwrite': opts.overwrite, 'direct_links': opts.direct, + 'description': opts.description } - if opts.plain: - share.update({ - 'pass_plain': opts.plain - }) - if opts.hashed: - share.update({ - 'pass_hash': hashlib.sha1(opts.hashed).hexdigest() - }) + + if opts.password: + if opts.plain: + share['pass_plain'] = opts.password + share['pass_hash'] = hashlib.sha1(opts.password).hexdigest() if opts.expire: try: date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M") @@ -172,18 +176,35 @@ def modify_share(shares, config, opts): for attr in ('public','upload','direct_links','overwrite'): if getattr(opts,attr) != None: share[attr] = getattr(opts,attr) == 'true' - if opts.plain: - share['pass_plain'] = opts.plain - if opts.hashed: - share['pass_hash'] = hashlib.sha1(opts.hashed).hexdigest() + if opts.description != None: + share['description'] = opts.description + # REMOVE password + if opts.password == "": + if 'pass_plain' in share: + del share['pass_plain'] + if 'pass_hash' in share: + del share['pass_hash'] + + if opts.password: + # ADD/Change a password + if opts.plain: + share['pass_plain'] = opts.password + share['pass_hash'] = hashlib.sha1(opts.password).hexdigest() + if opts.expire: - try: - date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M") - except ValueError as e: - print(e) - print("Date format error") - sys.exit(1) - share['expire'] = opts.expire + if opts.expire == "": + # REMOVE EXPIRATION + if 'expire' in share: + del share['expire'] + else: + # ADD/CHANGE EXPIRATION + try: + date_object = datetime.strptime(opts.expire,"%Y-%m-%d %H:%M") + except ValueError as e: + print(e) + print("Date format error") + sys.exit(1) + share['expire'] = opts.expire if opts.insert: shares[i] = share @@ -207,6 +228,9 @@ def modify_share(shares, config, opts): if orig_share[key] != share[key]: modified.append(key) continue + for key in orig_share: + if not key in share: + modified.append(key) print("Modified values: %s"%(", ".join(modified))) print(json.dumps(share, indent = 2, sort_keys = True)) @@ -353,38 +377,46 @@ def parse_options(): parser_add.add_argument('-p','--path', action="store", dest="path", required = True, help= "path relative to data folder" ) + parser_add.add_argument('-D','--description', action="store", dest="description", default = "", + help= "Describe the contents" + ) parser_add.add_argument('-P','--public', action="store_true", dest="public", default = False) parser_add.add_argument('-u','--upload', action="store_true", dest="upload", default = False) parser_add.add_argument('-o','--overwrite', action="store_false", dest="overwrite", default = True, help = "Disable file overwrites") parser_add.add_argument('-d','--direct', action="store_true", dest="direct", default = False, help = "Allow direct file sharing (password hash included in URL)") - parser_add.add_argument('--pass-plain', action="store", dest="plain", default = False) - parser_add.add_argument('--pass-hash', action="store", dest="hashed", default = False, - help = "Hashed password enables use of login links and direct downloads") + parser_add.add_argument('--pass-plain', action="store_true", dest="plain", default = False, + help = "Save the password as plain text") + parser_add.add_argument('--password', action="store", dest="password", default = False, + help = "Setting a password enables use of login links and direct downloads") parser_add.add_argument('-e','--expire', action="store", dest="expire", default = False, help = "expire date in format '%%Y-%%m-%%d %%H:%%M' ex. '2018-12-24 21:00'" ) parser_add.add_argument('-i','--insert', action="store_true", dest="insert", default = False, help = "Insert new share directly in the shares.json file" ) - ## Modify + ## Modify parser_add = subparsers.add_parser('modify', help = "Modify share") parser_add.add_argument('-n','--name', action="store", dest="name", required = True) parser_add.add_argument('-p','--path', action="store", dest="path", default = None, help= "path relative to data folder" ) + parser_add.add_argument('-D','--description', action="store", dest="description", default = None, + help= "Describe the contents" + ) parser_add.add_argument('-P','--public', action="store", dest="public", default = None, choices = ['true','false']) parser_add.add_argument('-u','--upload', action="store", dest="upload", default = None, choices = ['true','false']) parser_add.add_argument('-o','--overwrite', action="store", dest="overwrite", default = None, choices = ['true','false'], help = "Disable file overwrites") parser_add.add_argument('-d','--direct', action="store", dest="direct_links", default = None, choices = ['true','false'], help = "Allow direct file sharing (password hash included in URL)") - parser_add.add_argument('--pass-plain', action="store", dest="plain", default = False) - parser_add.add_argument('--pass-hash', action="store", dest="hashed", default = False, - help = "Hashed password enables use of login links and direct downloads") + parser_add.add_argument('--pass-plain', action="store_true", dest="plain", default = False, + help = "Save the password as plain text") + parser_add.add_argument('--password', action="store", dest="password", default = False, + help = "Setting a password enables use of login links and direct downloads. Set as empty string to remove password protection.") parser_add.add_argument('-e','--expire', action="store", dest="expire", default = False, - help = "expire date in format '%%Y-%%m-%%d %%H:%%M' ex. '2018-12-24 21:00'" + help = "expire date in format '%%Y-%%m-%%d %%H:%%M' ex. '2018-12-24 21:00'. Set as empty string to remove expiration." ) parser_add.add_argument('-i','--insert', action="store_true", dest="insert", default = False, help = "Insert new share directly in the shares.json file"