Compare commits
No commits in common. "a1bed9014d6fc680b1604fdf9804c748b01c8774" and "570f15001e874a4d3454279531843d5a6384130d" have entirely different histories.
a1bed9014d
...
570f15001e
@ -1,3 +1,4 @@
|
|||||||
|
bcrypt
|
||||||
cryptography
|
cryptography
|
||||||
pymysql
|
pymysql
|
||||||
python-dotenv
|
python-dotenv
|
||||||
|
@ -26,19 +26,17 @@ def get_accounts(
|
|||||||
) -> None:
|
) -> None:
|
||||||
base_handler(bot, mes)
|
base_handler(bot, mes)
|
||||||
accounts = database.get.get_accounts(engine, mes.from_user.id)
|
accounts = database.get.get_accounts(engine, mes.from_user.id)
|
||||||
if not accounts:
|
if accounts:
|
||||||
return send_tmp_message(bot, mes.chat.id, "У вас нет аккаунтов")
|
accounts = [f"`{account}`" for account in accounts]
|
||||||
|
return send_tmp_message(
|
||||||
# Make accounts copyable and escape special chars
|
bot,
|
||||||
accounts = [f"`{account}`" for account in accounts]
|
mes.chat.id,
|
||||||
send_tmp_message(
|
"Ваши аккаунты:\n"
|
||||||
bot,
|
+ "\n".join(accounts)
|
||||||
mes.chat.id,
|
+ "\nНажмите на название, чтобы скопировать",
|
||||||
"Ваши аккаунты:\n"
|
30,
|
||||||
+ "\n".join(accounts)
|
)
|
||||||
+ "\nНажмите на название, чтобы скопировать",
|
send_tmp_message(bot, mes.chat.id, "У вас нет аккаунтов")
|
||||||
30,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def delete_all(
|
def delete_all(
|
||||||
@ -219,7 +217,7 @@ def _add_account5(
|
|||||||
return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
|
return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
|
||||||
|
|
||||||
salt, hash_ = database.get.get_master_pass(engine, mes.from_user.id)
|
salt, hash_ = database.get.get_master_pass(engine, mes.from_user.id)
|
||||||
if not cryptography.master_pass.check_master_pass(text, hash_, salt):
|
if cryptography.master_pass.encrypt_master_pass(text, salt) != hash_:
|
||||||
return send_tmp_message(bot, mes.chat.id, "Не подходит главный пароль")
|
return send_tmp_message(bot, mes.chat.id, "Не подходит главный пароль")
|
||||||
|
|
||||||
name, login, passwd = data["name"], data["login"], data["passwd"]
|
name, login, passwd = data["name"], data["login"], data["passwd"]
|
||||||
@ -281,7 +279,7 @@ def _get_account3(
|
|||||||
|
|
||||||
master_salt, hash_pass = database.get.get_master_pass(engine, mes.from_user.id)
|
master_salt, hash_pass = database.get.get_master_pass(engine, mes.from_user.id)
|
||||||
|
|
||||||
if not cryptography.master_pass.check_master_pass(text, hash_pass, master_salt):
|
if cryptography.master_pass.encrypt_master_pass(text, master_salt) != hash_pass:
|
||||||
return send_tmp_message(bot, mes.chat.id, "Не подходит мастер пароль")
|
return send_tmp_message(bot, mes.chat.id, "Не подходит мастер пароль")
|
||||||
|
|
||||||
salt, enc_login, enc_pass = database.get.get_account_info(
|
salt, enc_login, enc_pass = database.get.get_account_info(
|
||||||
@ -378,7 +376,7 @@ def _export2(
|
|||||||
return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
|
return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
|
||||||
|
|
||||||
master_salt, hash_pass = database.get.get_master_pass(engine, mes.from_user.id)
|
master_salt, hash_pass = database.get.get_master_pass(engine, mes.from_user.id)
|
||||||
if not cryptography.master_pass.check_master_pass(text, hash_pass, master_salt):
|
if cryptography.master_pass.encrypt_master_pass(text, master_salt) != hash_pass:
|
||||||
return send_tmp_message(bot, mes.chat.id, "Не подходит мастер пароль")
|
return send_tmp_message(bot, mes.chat.id, "Не подходит мастер пароль")
|
||||||
|
|
||||||
accounts = get_all_accounts(engine, mes.from_user.id, text)
|
accounts = get_all_accounts(engine, mes.from_user.id, text)
|
||||||
@ -445,7 +443,7 @@ def _import3(
|
|||||||
return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
|
return send_tmp_message(bot, mes.chat.id, "Успешная отмена")
|
||||||
|
|
||||||
master_salt, hash_pass = database.get.get_master_pass(engine, mes.from_user.id)
|
master_salt, hash_pass = database.get.get_master_pass(engine, mes.from_user.id)
|
||||||
if not cryptography.master_pass.check_master_pass(text, hash_pass, master_salt):
|
if cryptography.master_pass.encrypt_master_pass(text, master_salt) != hash_pass:
|
||||||
return send_tmp_message(bot, mes.chat.id, "Не подходит мастер пароль")
|
return send_tmp_message(bot, mes.chat.id, "Не подходит мастер пароль")
|
||||||
|
|
||||||
# List of names of accounts, which failed to be added to the database or failed tests
|
# List of names of accounts, which failed to be added to the database or failed tests
|
||||||
|
@ -1,35 +1,26 @@
|
|||||||
import os
|
from typing import overload
|
||||||
|
|
||||||
from cryptography.exceptions import InvalidKey
|
import bcrypt
|
||||||
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
|
|
||||||
|
|
||||||
_memory_use = 2**14
|
|
||||||
|
|
||||||
|
|
||||||
def _get_kdf(salt: bytes) -> Scrypt:
|
@overload
|
||||||
kdf = Scrypt(
|
def encrypt_master_pass(passwd: str, salt: bytes) -> bytes:
|
||||||
salt=salt,
|
...
|
||||||
length=128,
|
|
||||||
n=_memory_use,
|
|
||||||
r=8,
|
|
||||||
p=1,
|
|
||||||
)
|
|
||||||
return kdf
|
|
||||||
|
|
||||||
|
|
||||||
|
@overload
|
||||||
def encrypt_master_pass(passwd: str) -> tuple[bytes, bytes]:
|
def encrypt_master_pass(passwd: str) -> tuple[bytes, bytes]:
|
||||||
|
...
|
||||||
|
|
||||||
|
|
||||||
|
def encrypt_master_pass(
|
||||||
|
passwd: str, salt: bytes | None = None
|
||||||
|
) -> tuple[bytes, bytes] | bytes:
|
||||||
"""Hashes master password and return tuple of hashed password and salt"""
|
"""Hashes master password and return tuple of hashed password and salt"""
|
||||||
salt = os.urandom(64)
|
if salt is None:
|
||||||
kdf = _get_kdf(salt)
|
salt = bcrypt.gensalt()
|
||||||
return kdf.derive(passwd.encode("utf-8")), salt
|
gened_salt = True
|
||||||
|
|
||||||
|
|
||||||
def check_master_pass(passwd: str, enc_pass: bytes, salt: bytes) -> bool:
|
|
||||||
"""Checks if the master password is correct"""
|
|
||||||
kdf = _get_kdf(salt)
|
|
||||||
try:
|
|
||||||
kdf.verify(passwd.encode("utf-8"), enc_pass)
|
|
||||||
except InvalidKey:
|
|
||||||
return False
|
|
||||||
else:
|
else:
|
||||||
return True
|
gened_salt = False
|
||||||
|
hashed = bcrypt.hashpw(passwd.encode("utf-8"), salt)
|
||||||
|
return (hashed, salt) if gened_salt else hashed
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
import base64
|
import base64
|
||||||
import os
|
|
||||||
|
import bcrypt
|
||||||
|
|
||||||
from cryptography.fernet import Fernet
|
from cryptography.fernet import Fernet
|
||||||
from cryptography.hazmat.backends import default_backend
|
from cryptography.hazmat.backends import default_backend
|
||||||
@ -22,9 +23,9 @@ def _generate_key(salt: bytes, master_pass: bytes) -> bytes:
|
|||||||
def encrypt_account_info(
|
def encrypt_account_info(
|
||||||
login: str, passwd: str, master_pass: bytes
|
login: str, passwd: str, master_pass: bytes
|
||||||
) -> tuple[bytes, bytes, bytes]:
|
) -> tuple[bytes, bytes, bytes]:
|
||||||
"""Encrypts login and password of a user using their master password as a key.
|
"""Encrypts login and password of a user using hash of their master password as a key.
|
||||||
Returns a tuple of encrypted login, password and salt"""
|
Returns a tuple of encrypted login password and salt"""
|
||||||
salt = os.urandom(64)
|
salt = bcrypt.gensalt()
|
||||||
key = _generate_key(salt, master_pass)
|
key = _generate_key(salt, master_pass)
|
||||||
f = Fernet(key)
|
f = Fernet(key)
|
||||||
enc_login = f.encrypt(login.encode("utf-8"))
|
enc_login = f.encrypt(login.encode("utf-8"))
|
||||||
@ -35,8 +36,6 @@ def encrypt_account_info(
|
|||||||
def decrypt_account_info(
|
def decrypt_account_info(
|
||||||
enc_login: bytes, enc_pass: bytes, master_pass: bytes, salt: bytes
|
enc_login: bytes, enc_pass: bytes, master_pass: bytes, salt: bytes
|
||||||
) -> tuple[str, str]:
|
) -> tuple[str, str]:
|
||||||
"""Decrypts login and password using their master password as a key.
|
|
||||||
Returns a tuple of decrypted login and password"""
|
|
||||||
key = _generate_key(salt, master_pass)
|
key = _generate_key(salt, master_pass)
|
||||||
f = Fernet(key)
|
f = Fernet(key)
|
||||||
login_bytes = f.decrypt(enc_login)
|
login_bytes = f.decrypt(enc_login)
|
||||||
|
@ -8,10 +8,10 @@ class MasterPass(sqlmodel.SQLModel, table=True):
|
|||||||
id: Optional[int] = sqlmodel.Field(primary_key=True)
|
id: Optional[int] = sqlmodel.Field(primary_key=True)
|
||||||
user_id: int = sqlmodel.Field(nullable=False, index=True, unique=True)
|
user_id: int = sqlmodel.Field(nullable=False, index=True, unique=True)
|
||||||
salt: bytes = sqlmodel.Field(
|
salt: bytes = sqlmodel.Field(
|
||||||
sa_column=sqlmodel.Column(sqlmodel.BINARY(64), nullable=False)
|
sa_column=sqlmodel.Column(sqlmodel.VARBINARY(255), nullable=False)
|
||||||
)
|
)
|
||||||
passwd: bytes = sqlmodel.Field(
|
passwd: bytes = sqlmodel.Field(
|
||||||
sa_column=sqlmodel.Column(sqlmodel.BINARY(128), nullable=False)
|
sa_column=sqlmodel.Column(sqlmodel.VARBINARY(255), nullable=False)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@ -22,11 +22,11 @@ class Account(sqlmodel.SQLModel, table=True):
|
|||||||
user_id: int = sqlmodel.Field(nullable=False, index=True)
|
user_id: int = sqlmodel.Field(nullable=False, index=True)
|
||||||
name: str = sqlmodel.Field(nullable=False, index=True, max_length=255)
|
name: str = sqlmodel.Field(nullable=False, index=True, max_length=255)
|
||||||
salt: bytes = sqlmodel.Field(
|
salt: bytes = sqlmodel.Field(
|
||||||
sa_column=sqlmodel.Column(sqlmodel.BINARY(64), nullable=False)
|
sa_column=sqlmodel.Column(sqlmodel.VARBINARY(255), nullable=False)
|
||||||
)
|
)
|
||||||
enc_login: bytes = sqlmodel.Field(
|
enc_login: bytes = sqlmodel.Field(
|
||||||
sa_column=sqlmodel.Column(sqlmodel.VARBINARY(500), nullable=False)
|
sa_column=sqlmodel.Column(sqlmodel.VARBINARY(255), nullable=False)
|
||||||
)
|
)
|
||||||
enc_pass: bytes = sqlmodel.Field(
|
enc_pass: bytes = sqlmodel.Field(
|
||||||
sa_column=sqlmodel.Column(sqlmodel.VARBINARY(500), nullable=False)
|
sa_column=sqlmodel.Column(sqlmodel.VARBINARY(255), nullable=False)
|
||||||
)
|
)
|
||||||
|
Reference in New Issue
Block a user