Changed the way the master password hashing works

Switched from Bcrypt to Scrypt for master password hashing
Changed models to use new sizes for hashes and salts, doubled the size of enc_login and enc_passwd for accounts
Created new function to check master password validity
Increased salt sizes for accounts and master passwords
Removed bcrypt from requirements

.dockerignore

@@ -24,3 +24,4 @@
 **/secrets.dev.yaml
 **/values.dev.yaml
 README.md
+data/

Dockerfile

@@ -13,9 +13,6 @@ RUN adduser -u 1000 --disabled-password --gecos "" appuser && chown -R appuser /
 
 # Install deps
 RUN apt update && apt full-upgrade -y
-RUN apt install curl gcc -y
-RUN curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | bash
-RUN apt install libmariadb3 libmariadb-dev -y
 
 # Install pip requirements
 COPY requirements.txt .

README.md

@@ -21,6 +21,8 @@
 - /reset_master_pass- удалить все аккаунты и изменить мастер пароль
 - /cancel - отмена текущего действия
 - /help - помощь
+- /export - получить пароли в json формате
+- /import - импортировать пароли из json в файле в таком же формате, как из /export
 
 ### Настройка
 

compose.yaml

@@ -20,7 +20,7 @@ services:
       - password_manager
 
   db:
-    image: jc21/mariadb-aria
+    image: stnicolay/mariadb-aria
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: example123!

requirements.txt

@@ -1,6 +1,6 @@
-bcrypt
 cryptography
-mariadb
+pymysql
 python-dotenv
 pyTelegramBotAPI
-sqlmodel
+sqlmodel
+pydantic

src/bot/__init__.py

@@ -1,14 +1,14 @@
 import functools
 
-import mariadb
+from sqlalchemy.future import Engine
 import telebot
 
-from . import handlers
+from . import handlers, utils
 
-__all__ = ["handlers"]
+__all__ = ["handlers", "utils"]
 
 
-def create_bot(token: str, engine: mariadb.Connection) -> telebot.TeleBot:
+def create_bot(token: str, engine: Engine) -> telebot.TeleBot:
     bot = telebot.TeleBot(token)
     bot.register_message_handler(
         functools.partial(handlers.set_master_password, bot, engine),
@@ -40,4 +40,10 @@ def create_bot(token: str, engine: mariadb.Connection) -> telebot.TeleBot:
     bot.register_message_handler(
         functools.partial(handlers.cancel, bot), commands=["cancel"]
     )
+    bot.register_message_handler(
+        functools.partial(handlers.export, bot, engine), commands=["export"]
+    )
+    bot.register_message_handler(
+        functools.partial(handlers.import_accounts, bot, engine), commands=["import"]
+    )
     return bot

src/bot/handlers.py

@@ -6,42 +6,45 @@ import telebot
 from sqlalchemy.future import Engine
 
 from .. import cryptography, database
+from .utils import (
+    accounts_to_json,
+    base_handler,
+    check_account_name,
+    check_login,
+    check_passwd,
+    check_account,
+    get_all_accounts,
+    json_to_accounts,
+    send_tmp_message,
+)
 
 Message = telebot.types.Message
 
 
-def _send_tmp_message(
-    bot: telebot.TeleBot, chat_id: telebot.types.Message, text: str, timeout: int = 5
-) -> None:
-    bot_mes = bot.send_message(chat_id, text, parse_mode="MarkdownV2")
-    time.sleep(timeout)
-    bot.delete_message(chat_id, bot_mes.id)
-
-
 def get_accounts(
     bot: telebot.TeleBot, engine: Engine, mes: telebot.types.Message
 ) -> None:
+    base_handler(bot, mes)
     accounts = database.get.get_accounts(engine, mes.from_user.id)
-    bot.delete_message(mes.chat.id, mes.id)
+    if not accounts:
+        return send_tmp_message(bot, mes.chat.id, "У вас нет аккаунтов")
 
-    return _send_tmp_message(
+    # Make accounts copyable and escape special chars
+    accounts = [f"`{account}`" for account in accounts]
+    send_tmp_message(
         bot,
         mes.chat.id,
-        "Ваши аккаунты:\n" + "\n".join(accounts) if accounts else "У вас нет аккаунтов",
+        "Ваши аккаунты:\n"
-        timeout=30,
+        + "\n".join(accounts)
+        + "\nНажмите на название, чтобы скопировать",
+        30,
     )
 
 
-def _base(bot: telebot.TeleBot, mes: Message, prev_mes: Message | None = None) -> None:
-    bot.delete_message(mes.chat.id, mes.id)
-    if prev_mes is not None:
-        bot.delete_message(prev_mes.chat.id, prev_mes.id)
-
-
 def delete_all(
     bot: telebot.TeleBot, engine: Engine, mes: telebot.types.Message
 ) -> None:
-    _base(bot, mes)
+    base_handler(bot, mes)
     bot_mes = bot.send_message(
         mes.chat.id,
         "Вы действительно хотите удалить все ваши аккаунты? Это действие нельзя отменить. Отправьте YES для подтверждения",
@@ -54,20 +57,20 @@ def delete_all(
 def _delete_all(
     bot: telebot.TeleBot, engine: Engine, prev_mes: Message, mes: Message
 ) -> None:
-    _base(bot, mes, prev_mes)
+    base_handler(bot, mes, prev_mes)
     text = mes.text.strip()
     if text == "YES":
         database.delete.purge_accounts(engine, mes.from_user.id)
         database.delete.delete_master_pass(engine, mes.from_user.id)
-        _send_tmp_message(bot, mes.chat.id, "Всё успешно удалено", timeout=10)
+        send_tmp_message(bot, mes.chat.id, "Всё успешно удалено", timeout=10)
     else:
-        _send_tmp_message(bot, mes.chat.id, "Вы отправили не YES, ничего не удалено")
+        send_tmp_message(bot, mes.chat.id, "Вы отправили не YES, ничего не удалено")
 
 
 def set_master_password(bot: telebot.TeleBot, engine: Engine, mes: Message) -> None:
-    _base(bot, mes, None)
+    base_handler(bot, mes, None)
     if database.get.get_master_pass(engine, mes.from_user.id) is not None:
-        return _send_tmp_message(bot, mes.chat.id, "Мастер пароль уже существует")
+        return send_tmp_message(bot, mes.chat.id, "Мастер пароль уже существует")
     bot_mes = bot.send_message(mes.chat.id, "Отправьте мастер пароль")
     bot.register_next_step_handler(
         mes, functools.partial(_set_master_pass2, bot, engine, bot_mes)
@@ -77,22 +80,22 @@ def set_master_password(bot: telebot.TeleBot, engine: Engine, mes: Message) -> N
 def _set_master_pass2(
     bot: telebot.TeleBot, engine: Engine, prev_mes: Message, mes: Message
 ) -> None:
-    _base(bot, mes, prev_mes)
+    base_handler(bot, mes, prev_mes)
     text = mes.text.strip()
     if text == "/cancel":
-        return _send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
 
-    hash_, salt = cryptography.master_pass.encrypt_master_pass(text)
+    hash_pass, master_salt = cryptography.master_pass.encrypt_master_pass(text)
-    database.add.add_master_pass(engine, mes.from_user.id, salt, hash_)
+    database.add.add_master_pass(engine, mes.from_user.id, master_salt, hash_pass)
-    _send_tmp_message(bot, mes.chat.id, "Успех")
+    send_tmp_message(bot, mes.chat.id, "Успех")
     del mes, text
     gc.collect()
 
 
 def reset_master_pass(bot: telebot.TeleBot, engine: Engine, mes: Message) -> None:
-    _base(bot, mes)
+    base_handler(bot, mes)
     if database.get.get_master_pass(engine, mes.from_user.id) is None:
-        return _send_tmp_message(bot, mes.chat.id, "Мастер пароль не задан")
+        return send_tmp_message(bot, mes.chat.id, "Мастер пароль не задан")
     bot_mes = bot.send_message(
         mes.chat.id,
         "Отправьте новый мастер пароль, осторожно, все текущие аккаунты будут удалены навсегда",
@@ -105,15 +108,15 @@ def reset_master_pass(bot: telebot.TeleBot, engine: Engine, mes: Message) -> Non
 def _reset_master_pass2(
     bot: telebot.TeleBot, engine: Engine, prev_mes: Message, mes: Message
 ) -> None:
-    _base(bot, mes, prev_mes)
+    base_handler(bot, mes, prev_mes)
     text = mes.text.strip()
     if text == "/cancel":
-        return _send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
 
     hash_, salt = cryptography.master_pass.encrypt_master_pass(text)
     database.delete.purge_accounts(engine, mes.from_user.id)
     database.change.change_master_pass(engine, mes.from_user.id, salt, hash_)
-    _send_tmp_message(
+    send_tmp_message(
         bot, mes.chat.id, "Все ваши аккаунты удалены, а мастер пароль изменён"
     )
     del mes, text
@@ -121,11 +124,11 @@ def _reset_master_pass2(
 
 
 def add_account(bot: telebot.TeleBot, engine: Engine, mes: Message) -> None:
-    _base(bot, mes)
+    base_handler(bot, mes)
 
     master_password_from_db = database.get.get_master_pass(engine, mes.from_user.id)
     if master_password_from_db is None:
-        return _send_tmp_message(bot, mes.chat.id, "Нет мастер пароля")
+        return send_tmp_message(bot, mes.chat.id, "Нет мастер пароля")
 
     bot_mes = bot.send_message(mes.chat.id, "Отправьте название аккаунта")
 
@@ -137,13 +140,15 @@ def add_account(bot: telebot.TeleBot, engine: Engine, mes: Message) -> None:
 def _add_account2(
     bot: telebot.TeleBot, engine: Engine, prev_mes: Message, mes: Message
 ) -> None:
-    _base(bot, mes, prev_mes)
+    base_handler(bot, mes, prev_mes)
     text = mes.text.strip()
     if text == "/cancel":
-        return _send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
 
+    if not check_account_name(text):
+        return send_tmp_message(bot, mes.chat.id, "Не корректное название аккаунта")
     if text in database.get.get_accounts(engine, mes.from_user.id):
-        return _send_tmp_message(
+        return send_tmp_message(
             bot, mes.chat.id, "Аккаунт с таким именем уже существует"
         )
 
@@ -162,10 +167,12 @@ def _add_account3(
     data: dict[str, str],
     mes: Message,
 ) -> None:
-    _base(bot, mes, prev_mes)
+    base_handler(bot, mes, prev_mes)
     text = mes.text.strip()
     if text == "/cancel":
-        return _send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+    if not check_login(text):
+        return send_tmp_message(bot, mes.chat.id, "Не корректный логин")
 
     data["login"] = text
 
@@ -183,10 +190,12 @@ def _add_account4(
     data: dict[str, str],
     mes: Message,
 ) -> None:
-    _base(bot, mes, prev_mes)
+    base_handler(bot, mes, prev_mes)
     text = mes.text.strip()
     if text == "/cancel":
-        return _send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+    if not check_passwd(text):
+        return send_tmp_message(bot, mes.chat.id, "Не корректный пароль")
 
     data["passwd"] = text
 
@@ -204,14 +213,14 @@ def _add_account5(
     data: dict[str, str],
     mes: Message,
 ) -> None:
-    _base(bot, mes, prev_mes)
+    base_handler(bot, mes, prev_mes)
     text = mes.text.strip()
     if text == "/cancel":
-        return _send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
 
     salt, hash_ = database.get.get_master_pass(engine, mes.from_user.id)
-    if cryptography.master_pass.encrypt_master_pass(text, salt) != hash_:
+    if not cryptography.master_pass.check_master_pass(text, hash_, salt):
-        return _send_tmp_message(bot, mes.chat.id, "Не подходит главный пароль")
+        return send_tmp_message(bot, mes.chat.id, "Не подходит главный пароль")
 
     name, login, passwd = data["name"], data["login"], data["passwd"]
 
@@ -219,9 +228,13 @@ def _add_account5(
         login, passwd, text.encode("utf-8")
     )
 
-    database.add.add_account(engine, mes.from_user.id, name, salt, enc_login, enc_pass)
+    result = database.add.add_account(
+        engine, mes.from_user.id, name, salt, enc_login, enc_pass
+    )
 
-    _send_tmp_message(bot, mes.chat.id, "Успех")
+    send_tmp_message(
+        bot, mes.chat.id, "Успех" if result else "Произошла не предвиденная ошибка"
+    )
 
     del data, name, login, passwd, enc_login
 
@@ -229,8 +242,13 @@ def _add_account5(
 
 
 def get_account(bot: telebot.TeleBot, engine: Engine, mes: Message) -> None:
-    _base(bot, mes)
+    base_handler(bot, mes)
     bot_mes = bot.send_message(mes.chat.id, "Отправьте название аккаунта")
+
+    master_pass = database.get.get_master_pass(engine, mes.from_user.id)
+    if master_pass is None:
+        return send_tmp_message(bot, mes.chat.id, "Нет мастер пароля")
+
     bot.register_next_step_handler(
         mes, functools.partial(_get_account2, bot, engine, bot_mes)
     )
@@ -239,13 +257,13 @@ def get_account(bot: telebot.TeleBot, engine: Engine, mes: Message) -> None:
 def _get_account2(
     bot: telebot.TeleBot, engine: Engine, prev_mes: Message, mes: Message
 ) -> None:
-    _base(bot, mes, prev_mes)
+    base_handler(bot, mes, prev_mes)
     text = mes.text.strip()
     if text == "/cancel":
-        return _send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
 
     if text not in database.get.get_accounts(engine, mes.from_user.id):
-        return _send_tmp_message(bot, mes.chat.id, "Нет такого аккаунта")
+        return send_tmp_message(bot, mes.chat.id, "Нет такого аккаунта")
 
     bot_mes = bot.send_message(mes.chat.id, "Отправьте мастер пароль")
     bot.register_next_step_handler(
@@ -256,19 +274,15 @@ def _get_account2(
 def _get_account3(
     bot: telebot.TeleBot, engine: Engine, prev_mes: Message, name: str, mes: Message
 ) -> None:
-    _base(bot, mes, prev_mes)
+    base_handler(bot, mes, prev_mes)
     text = mes.text.strip()
     if text == "/cancel":
-        return _send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
 
-    master_pass = database.get.get_master_pass(engine, mes.from_user.id)
+    master_salt, hash_pass = database.get.get_master_pass(engine, mes.from_user.id)
-    if master_pass is None:
-        return _send_tmp_message(bot, mes.chat.id, "Нет мастер пароля")
 
-    master_salt, hash_pass = master_pass
+    if not cryptography.master_pass.check_master_pass(text, hash_pass, master_salt):
-
+        return send_tmp_message(bot, mes.chat.id, "Не подходит мастер пароль")
-    if cryptography.master_pass.encrypt_master_pass(text, master_salt) != hash_pass:
-        return _send_tmp_message(bot, mes.chat.id, "Не подходит мастер пароль")
 
     salt, enc_login, enc_pass = database.get.get_account_info(
         engine, mes.from_user.id, name
@@ -276,7 +290,7 @@ def _get_account3(
     login, passwd = cryptography.other_accounts.decrypt_account_info(
         enc_login, enc_pass, text.encode("utf-8"), salt
     )
-    _send_tmp_message(
+    send_tmp_message(
         bot,
         mes.chat.id,
         f"Логин:\n`{login}`\nПароль:\n`{passwd}`\nНажмите на логин или пароль, чтобы скопировать",
@@ -288,7 +302,12 @@ def _get_account3(
 
 
 def delete_account(bot: telebot.TeleBot, engine: Engine, mes: Message) -> None:
-    _base(bot, mes)
+    base_handler(bot, mes)
+
+    master_pass = database.get.get_master_pass(engine, mes.from_user.id)
+    if master_pass is None:
+        return send_tmp_message(bot, mes.chat.id, "Нет мастер пароля")
+
     bot_mes = bot.send_message(
         mes.chat.id, "Отправьте название аккаунта, который вы хотите удалить"
     )
@@ -301,16 +320,16 @@ def delete_account(bot: telebot.TeleBot, engine: Engine, mes: Message) -> None:
 def _delete_account2(
     bot: telebot.TeleBot, engine: Engine, prev_mes: Message, mes: Message
 ) -> None:
-    _base(bot, mes, prev_mes)
+    base_handler(bot, mes, prev_mes)
     text = mes.text.strip()
     if text == "/cancel":
-        return _send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
 
     if text not in database.get.get_accounts(engine, mes.from_user.id):
-        return _send_tmp_message(bot, mes.chat.id, "Нет такого аккаунта")
+        return send_tmp_message(bot, mes.chat.id, "Нет такого аккаунта")
 
     database.delete.delete_account(engine, mes.from_user.id, text)
-    _send_tmp_message(bot, mes.chat.id, "Аккаунт удалён")
+    send_tmp_message(bot, mes.chat.id, "Аккаунт удалён")
 
 
 def help(bot: telebot.TeleBot, mes: telebot.types.Message) -> None:
@@ -323,9 +342,132 @@ def help(bot: telebot.TeleBot, mes: telebot.types.Message) -> None:
 /delete_all - удалить все аккаунты и мастер пароль
 /reset_master_pass - удалить все аккаунты и изменить мастер пароль
 /cancel - отмена текущего действия
-/help - помощь"""
+/help - помощь
+/export - получить пароли в json формате
+/import - импортировать пароли из json в файле в таком же формате, как из /export"""
     bot.send_message(mes.chat.id, message)
 
 
 def cancel(bot: telebot.TeleBot, mes: Message) -> None:
-    _send_tmp_message(bot, mes.chat.id, "Нет активного действия")
+    send_tmp_message(bot, mes.chat.id, "Нет активного действия")
+
+
+def export(bot: telebot.TeleBot, engine: Engine, mes: Message) -> None:
+    base_handler(bot, mes)
+    master_password_from_db = database.get.get_master_pass(engine, mes.from_user.id)
+
+    if master_password_from_db is None:
+        return send_tmp_message(bot, mes.chat.id, "Нет мастер пароля")
+
+    if not database.get.get_accounts(engine, mes.from_user.id):
+        return send_tmp_message(bot, mes.chat.id, "Нет аккаунтов")
+
+    bot_mes = bot.send_message(mes.chat.id, "Отправьте мастер пароль")
+
+    bot.register_next_step_handler(
+        mes, functools.partial(_export2, bot, engine, bot_mes)
+    )
+
+
+def _export2(
+    bot: telebot.TeleBot, engine: Engine, prev_mes: Message, mes: Message
+) -> None:
+    base_handler(bot, mes, prev_mes)
+    text = mes.text.strip()
+    if text == "/cancel":
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+
+    master_salt, hash_pass = database.get.get_master_pass(engine, mes.from_user.id)
+    if not cryptography.master_pass.check_master_pass(text, hash_pass, master_salt):
+        return send_tmp_message(bot, mes.chat.id, "Не подходит мастер пароль")
+
+    accounts = get_all_accounts(engine, mes.from_user.id, text)
+    json_io = accounts_to_json(accounts)
+    bot_mes = bot.send_document(mes.chat.id, json_io)
+
+    del text, accounts, json_io
+    gc.collect()
+    time.sleep(30)
+    bot.delete_message(bot_mes.chat.id, bot_mes.id)
+
+
+def import_accounts(bot: telebot.TeleBot, engine: Engine, mes: Message) -> None:
+    base_handler(bot, mes)
+    master_password_from_db = database.get.get_master_pass(engine, mes.from_user.id)
+
+    if master_password_from_db is None:
+        return send_tmp_message(bot, mes.chat.id, "Нет мастер пароля")
+
+    bot_mes = bot.send_message(mes.chat.id, "Отправьте json файл")
+
+    bot.register_next_step_handler(
+        mes, functools.partial(_import2, bot, engine, bot_mes)
+    )
+
+
+def _import2(
+    bot: telebot.TeleBot, engine: Engine, prev_mes: Message, mes: Message
+) -> None:
+    base_handler(bot, mes, prev_mes)
+    if mes.text is not None:
+        text = mes.text.strip()
+        if text == "/cancel":
+            return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+
+    if mes.document is None:
+        return send_tmp_message(bot, mes.chat.id, "Вы должны отправить документ")
+    if mes.document.file_size > 102_400:  # If file size is bigger that 100 MB
+        return send_tmp_message(bot, mes.chat.id, "Файл слишком большой")
+
+    file_info = bot.get_file(mes.document.file_id)
+    downloaded_file = bot.download_file(file_info.file_path)
+    try:
+        accounts = json_to_accounts(downloaded_file.decode("utf-8"))
+    except Exception:
+        return send_tmp_message(bot, mes.chat.id, "Ошибка во время работы с файлом")
+
+    bot_mes = bot.send_message(mes.chat.id, "Отправьте мастер пароль")
+    bot.register_next_step_handler(
+        mes, functools.partial(_import3, bot, engine, bot_mes, accounts)
+    )
+
+
+def _import3(
+    bot: telebot.TeleBot,
+    engine: Engine,
+    prev_mes: Message,
+    accounts: list[tuple[str, str, str]],
+    mes: Message,
+) -> None:
+    base_handler(bot, mes, prev_mes)
+    text = mes.text.strip()
+    if text == "/cancel":
+        return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
+
+    master_salt, hash_pass = database.get.get_master_pass(engine, mes.from_user.id)
+    if not cryptography.master_pass.check_master_pass(text, hash_pass, master_salt):
+        return send_tmp_message(bot, mes.chat.id, "Не подходит мастер пароль")
+
+    # List of names of accounts, which failed to be added to the database or failed tests
+    failed: list[str] = []
+    for account in accounts:
+        name, login, passwd = account
+        if not check_account(name, login, passwd):
+            failed.append(name)
+            continue
+        enc_login, enc_passwd, salt = cryptography.other_accounts.encrypt_account_info(
+            login, passwd, text.encode("utf-8")
+        )
+        result = database.add.add_account(
+            engine, mes.from_user.id, name, salt, enc_login, enc_passwd
+        )
+        if not result:
+            failed.append(name)
+
+    if failed:
+        mes_text = "Не удалось добавить:\n" + "\n".join(failed)
+    else:
+        mes_text = "Успех"
+    send_tmp_message(bot, mes.chat.id, mes_text, 10)
+    del text, mes, accounts
+    gc.collect()

src/bot/utils.py

@@ -0,0 +1,102 @@
+import io
+import time
+from typing import Self, Type
+
+import pydantic
+import telebot
+from sqlalchemy.future import Engine
+
+from .. import database, cryptography
+
+
+class Account(pydantic.BaseModel):
+    name: str
+    login: str
+    passwd: str
+
+    @classmethod
+    def from_tuple(cls: Type[Self], tuple_: tuple[str, str, str]) -> Self:
+        return cls(name=tuple_[0], login=tuple_[1], passwd=tuple_[2])
+
+    def as_tuple(self: Self) -> tuple[str, str, str]:
+        return (self.name, self.login, self.passwd)
+
+
+class _Accounts(pydantic.BaseModel):
+    accounts: list[Account] = pydantic.Field(default_factory=list)
+
+
+def _accounts_list_to_json(accounts: list[tuple[str, str, str]]) -> str:
+    accounts = _Accounts(accounts=[Account.from_tuple(i) for i in accounts])
+    return accounts.json()
+
+
+def json_to_accounts(json_: str) -> list[tuple[str, str, str]]:
+    accounts = _Accounts.parse_raw(json_)
+    return [i.as_tuple() for i in accounts.accounts]
+
+
+Message = telebot.types.Message
+
+
+def send_tmp_message(
+    bot: telebot.TeleBot, chat_id: telebot.types.Message, text: str, timeout: int = 5
+) -> None:
+    bot_mes = bot.send_message(chat_id, text, parse_mode="MarkdownV2")
+    time.sleep(timeout)
+    bot.delete_message(chat_id, bot_mes.id)
+
+
+def base_handler(
+    bot: telebot.TeleBot, mes: Message, prev_mes: Message | None = None
+) -> None:
+    bot.delete_message(mes.chat.id, mes.id)
+    if prev_mes is not None:
+        bot.delete_message(prev_mes.chat.id, prev_mes.id)
+
+
+def get_all_accounts(
+    engine: Engine, user_id: int, master_pass: str
+) -> list[tuple[str, str, str]]:
+    accounts: list[tuple[str, str, str]] = []
+    master_pass = master_pass.encode("utf-8")
+    for account_name in database.get.get_accounts(engine, user_id):
+        salt, enc_login, enc_passwd = database.get.get_account_info(
+            engine, user_id, account_name
+        )
+        login, passwd = cryptography.other_accounts.decrypt_account_info(
+            enc_login, enc_passwd, master_pass, salt
+        )
+        accounts.append((account_name, login, passwd))
+    return accounts
+
+
+def accounts_to_json(accounts: list[tuple[str, str, str]]) -> io.StringIO:
+    file = io.StringIO(_accounts_list_to_json(accounts))
+    file.name = "passwords.json"
+    return file
+
+
+def _base_check(val: str) -> bool:
+    "Returns false if finds new lines or backtick (`)"
+    return not ("\n" in val or "`" in val)
+
+
+def check_account_name(name: str) -> bool:
+    "Returns true if account name is valid"
+    return _base_check(name)
+
+
+def check_login(login: str) -> bool:
+    "Returns true if login is valid"
+    return _base_check(login)
+
+
+def check_passwd(passwd: str) -> bool:
+    "Returns true if password is valid"
+    return _base_check(passwd)
+
+
+def check_account(name: str, login: str, passwd: str) -> bool:
+    """Runs checks for account name, login and password"""
+    return check_account_name(name) and check_login(login) and check_passwd(passwd)

src/cryptography/master_pass.py

@@ -1,26 +1,35 @@
-from typing import overload
+import os
 
-import bcrypt
+from cryptography.exceptions import InvalidKey
+from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
+
+_memory_use = 2**14
 
 
-@overload
+def _get_kdf(salt: bytes) -> Scrypt:
-def encrypt_master_pass(passwd: str, salt: bytes) -> bytes:
+    kdf = Scrypt(
-    ...
+        salt=salt,
+        length=128,
+        n=_memory_use,
+        r=8,
+        p=1,
+    )
+    return kdf
 
 
-@overload
 def encrypt_master_pass(passwd: str) -> tuple[bytes, bytes]:
-    ...
-
-
-def encrypt_master_pass(
-    passwd: str, salt: bytes | None = None
-) -> tuple[bytes, bytes] | bytes:
     """Hashes master password and return tuple of hashed password and salt"""
-    if salt is None:
+    salt = os.urandom(64)
-        salt = bcrypt.gensalt()
+    kdf = _get_kdf(salt)
-        gened_salt = True
+    return kdf.derive(passwd.encode("utf-8")), salt
+
+
+def check_master_pass(passwd: str, enc_pass: bytes, salt: bytes) -> bool:
+    """Checks if the master password is correct"""
+    kdf = _get_kdf(salt)
+    try:
+        kdf.verify(passwd.encode("utf-8"), enc_pass)
+    except InvalidKey:
+        return False
     else:
-        gened_salt = False
+        return True
-    hashed = bcrypt.hashpw(passwd.encode("utf-8"), salt)
-    return (hashed, salt) if gened_salt else hashed

src/cryptography/other_accounts.py

@@ -1,6 +1,5 @@
 import base64
-
+import os
-import bcrypt
 
 from cryptography.fernet import Fernet
 from cryptography.hazmat.backends import default_backend
@@ -23,9 +22,9 @@ def _generate_key(salt: bytes, master_pass: bytes) -> bytes:
 def encrypt_account_info(
     login: str, passwd: str, master_pass: bytes
 ) -> tuple[bytes, bytes, bytes]:
-    """Encrypts login and password of a user using hash of their master password as a key.
+    """Encrypts login and password of a user using their master password as a key.
-    Returns a tuple of encrypted login password and salt"""
+    Returns a tuple of encrypted login, password and salt"""
-    salt = bcrypt.gensalt()
+    salt = os.urandom(64)
     key = _generate_key(salt, master_pass)
     f = Fernet(key)
     enc_login = f.encrypt(login.encode("utf-8"))
@@ -36,6 +35,8 @@ def encrypt_account_info(
 def decrypt_account_info(
     enc_login: bytes, enc_pass: bytes, master_pass: bytes, salt: bytes
 ) -> tuple[str, str]:
+    """Decrypts login and password using their master password as a key.
+    Returns a tuple of decrypted login and password"""
     key = _generate_key(salt, master_pass)
     f = Fernet(key)
     login_bytes = f.decrypt(enc_login)

src/database/change.py

@@ -7,10 +7,10 @@ from . import models
 def change_master_pass(
     engine: Engine, user_id: int, salt: bytes, passwd: bytes
 ) -> None:
-    statement = sqlmodel.update(
+    statement = (
-        models.MasterPass,
+        sqlmodel.update(models.MasterPass)
-        models.MasterPass.user_id == user_id,
+        .where(models.MasterPass.user_id == user_id)
-        {"salt": salt, "passwd": passwd},
+        .values(salt=salt, passwd=passwd)
     )
     with sqlmodel.Session(engine) as session:
         session.exec(statement)

src/database/get.py

@@ -29,7 +29,7 @@ def get_account_info(
 ) -> tuple[bytes, bytes, bytes]:
     """Gets account info. Returns tuple of salt, login and password"""
     statement = sqlmodel.select(models.Account).where(
-        models.Account.user_id == user_id and models.Account.name == name
+        models.Account.user_id == user_id, models.Account.name == name
     )
     with sqlmodel.Session(engine) as session:
         result = session.exec(statement).first()

src/database/models.py

@@ -8,10 +8,10 @@ class MasterPass(sqlmodel.SQLModel, table=True):
     id: Optional[int] = sqlmodel.Field(primary_key=True)
     user_id: int = sqlmodel.Field(nullable=False, index=True, unique=True)
     salt: bytes = sqlmodel.Field(
-        sa_column=sqlmodel.Column(type_=sqlmodel.VARBINARY(255), nullable=False)
+        sa_column=sqlmodel.Column(sqlmodel.BINARY(64), nullable=False)
     )
     passwd: bytes = sqlmodel.Field(
-        sa_column=sqlmodel.Column(type_=sqlmodel.VARBINARY(255), nullable=False)
+        sa_column=sqlmodel.Column(sqlmodel.BINARY(128), nullable=False)
     )
 
 
@@ -22,11 +22,11 @@ class Account(sqlmodel.SQLModel, table=True):
     user_id: int = sqlmodel.Field(nullable=False, index=True)
     name: str = sqlmodel.Field(nullable=False, index=True, max_length=255)
     salt: bytes = sqlmodel.Field(
-        sa_column=sqlmodel.Column(type_=sqlmodel.VARBINARY(255), nullable=False)
+        sa_column=sqlmodel.Column(sqlmodel.BINARY(64), nullable=False)
     )
     enc_login: bytes = sqlmodel.Field(
-        sa_column=sqlmodel.Column(type_=sqlmodel.VARBINARY(255), nullable=False)
+        sa_column=sqlmodel.Column(sqlmodel.VARBINARY(500), nullable=False)
     )
     enc_pass: bytes = sqlmodel.Field(
-        sa_column=sqlmodel.Column(type_=sqlmodel.VARBINARY(255), nullable=False)
+        sa_column=sqlmodel.Column(sqlmodel.VARBINARY(500), nullable=False)
     )

src/database/prepare.py

@@ -5,14 +5,9 @@ from . import models
 
 
 def get_engine(host: str, user: str, passwd: str, db: str) -> Engine:
-    engine = sqlmodel.create_engine(
+    engine = sqlmodel.create_engine(f"mariadb+pymysql://{user}:{passwd}@{host}/{db}")
-        f"mariadb+mariadbconnector://{user}:{passwd}@{host}/{db}"
-    )
     return engine
 
 
 def prepare(engine: Engine) -> None:
-    sqlmodel.SQLModel.metadata.create_all(
+    sqlmodel.SQLModel.metadata.create_all(engine)
-        engine,
-        # [models.Account, models.MasterPass]
-    )