Add files via upload

2026-05-26 15:13:38 +00:00 · 2023-04-10 07:20:22 +02:00
parent 65875d8fef
commit 82d4ef7fa9
100 changed files with 20541 additions and 0 deletions
--- a/controllers/sql/api_misc.py
+++ b/controllers/sql/api_misc.py
@@ -0,0 +1,45 @@
+import web
+
+from controllers.utils import api_render
+from libs import iredpwd
+
+from libs.sqllib import decorators
+from libs.sqllib import user as sql_lib_user
+from libs.sqllib import admin as sql_lib_admin
+
+
+class APIVerifyPassword:
+    @decorators.api_require_global_admin
+    def POST(self, account_type, mail):
+        """Verify submitted (plain) password against the one stored in SQL db.
+
+        curl -X POST -i -b cookie.txt -d "var=<value>" https://<server>/api/verify_password/user/<mail>
+        curl -X POST -i -b cookie.txt -d "var=<value>" https://<server>/api/verify_password/admin/<mail>
+
+        Required parameters:
+
+        @password - plain password you want to verify
+        """
+        mail = str(mail).lower()
+
+        form = web.input()
+        pw = form.get('password', '')
+
+        if not pw:
+            return api_render((False, 'EMPTY_PASSSWORD'))
+
+        try:
+            if account_type == 'admin':
+                qr = sql_lib_admin.get_profile(mail=mail, columns=['password'], conn=None)
+            else:
+                qr = sql_lib_user.simple_profile(mail=mail, columns=['password'])
+
+            if qr[0]:
+                pw_in_db = str(qr[1].password)
+                qr_pw = iredpwd.verify_password_hash(pw_in_db, pw)
+
+                return api_render(qr_pw)
+            else:
+                return api_render(qr)
+        except Exception as e:
+            return api_render((False, repr(e)))