From 048eea106ef378fc7aa8d7d74fab9c298cfae83a Mon Sep 17 00:00:00 2001 From: Nick Leeman Date: Sun, 9 Oct 2022 15:14:14 +0200 Subject: [PATCH] implemented encyption --- models/log.py | 31 ++++++++---------------------- models/user.py | 23 +++++++++++----------- services/encryption.py | 10 ++++++---- services/search.py | 43 +++++++++++++++++++++++++++++------------- 4 files changed, 56 insertions(+), 51 deletions(-) diff --git a/models/log.py b/models/log.py index eb5cd15..f56dcd9 100644 --- a/models/log.py +++ b/models/log.py @@ -1,5 +1,5 @@ import sqlite3 - +from services.encryption import Encryption class Log: def __init__(self, connection : sqlite3.Connection, id = None, username = None, date = None, time = None, description = None, additional_information = None, suspicious = None): @@ -26,26 +26,11 @@ class Log: def save(self): cur = self.connection.cursor() + cur.execute(""" INSERT INTO logs (id, username, date, time, description, additional_information, suspicious) VALUES (?, ?, ?, ?, ?, ?, ?) - """, (self.id, self.username, self.date, self.time, self.description, self.additional_information, self.suspicious)) - - self.connection.commit() - cur.close() - return True - - def update(self): - cur = self.connection.cursor() - cur.execute(""" - UPDATE logs SET - username = ?, - date = ?, - description = ?, - additional_information = ?, - suspicious = ? - WHERE id = ? - """, (self.firstname, self.lastname, self.zipcode, self.city_id, self.email, self.phone, self.password, self.role, self.id)) + """, (self.id, Encryption.encrypt(self.username), Encryption.encrypt(self.date), Encryption.encrypt(self.time), Encryption.encrypt(self.description), Encryption.encrypt(self.additional_information), self.suspicious)) self.connection.commit() cur.close() @@ -60,10 +45,10 @@ class Log: def _set_row_values(self, row): self.id = row[0] - self.username = row[1] - self.date = row[2] - self.time = row[3] - self.description = row[4] - self.additional_information = row[5] + self.username = Encryption.decrypt(row[1]) + self.date = Encryption.decrypt(row[2]) + self.time = Encryption.decrypt(row[3]) + self.description = Encryption.decrypt(row[4]) + self.additional_information = Encryption.decrypt(row[5]) self.suspicious = row[6] return self \ No newline at end of file diff --git a/models/user.py b/models/user.py index 8a0228b..299d391 100644 --- a/models/user.py +++ b/models/user.py @@ -1,5 +1,6 @@ import sqlite3 from datetime import datetime +from services.encryption import Encryption class User: def __init__(self, connection : sqlite3.Connection, id = None, username = None, firstname = None, lastname = None, address = None, zipcode = None, city_id = None, email = None, phone = None, password = None, role = None): @@ -46,7 +47,7 @@ class User: cur.execute(""" INSERT INTO users (id, username, firstname, lastname, address, zipcode, city_id, email, phone, password, role, created) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) - """, (self.id, self.username, self.firstname, self.lastname, self.address, self.zipcode, self.city_id, self.email, self.phone, self.password, self.role, current_date)) + """, (self.id, Encryption.encrypt(self.username), Encryption.encrypt(self.firstname), Encryption.encrypt(self.lastname), Encryption.encrypt(self.address), Encryption.encrypt(self.zipcode), self.city_id, Encryption.encrypt(self.email), Encryption.encrypt(self.phone), Encryption.encrypt(self.password), Encryption.encrypt(self.role), current_date)) self.connection.commit() cur.close() @@ -67,7 +68,7 @@ class User: password = ?, role = ? WHERE id = ? - """, (self.username, self.firstname, self.lastname, self.address, self.zipcode, self.city_id, self.email, self.phone, self.password, self.role, self.id)) + """, (Encryption.encrypt(self.username), Encryption.encrypt(self.firstname), Encryption.encrypt(self.lastname), Encryption.encrypt(self.address), Encryption.encrypt(self.zipcode), self.city_id, Encryption.encrypt(self.email), Encryption.encrypt(self.phone), self.password, self.role, self.id)) self.connection.commit() cur.close() @@ -82,15 +83,15 @@ class User: def _set_row_values(self, row): self.id = row[0] - self.username = row[1] - self.firstname = row[2] - self.lastname = row[3] - self.address = row[4] - self.zipcode = row[5] + self.username = Encryption.decrypt(row[1]) + self.firstname = Encryption.decrypt(row[2]) + self.lastname = Encryption.decrypt(row[3]) + self.address = Encryption.decrypt(row[4]) + self.zipcode = Encryption.decrypt(row[5]) self.city_id = row[6] - self.email = row[7] - self.phone = row[8] - self.password = row[9] - self.role = row[10] + self.email = Encryption.decrypt(row[7]) + self.phone = Encryption.decrypt(row[8]) + self.password = Encryption.decrypt(row[9]) + self.role = Encryption.decrypt(row[10]) self.created = row[11] return self \ No newline at end of file diff --git a/services/encryption.py b/services/encryption.py index a0cd8f7..f9bcb2e 100644 --- a/services/encryption.py +++ b/services/encryption.py @@ -1,4 +1,6 @@ class Encryption: + ENCRYTPION_KEY = "MASTER_KEY" + @staticmethod def vigenere(text: str, key: str, encrypt=True): result = '' @@ -17,9 +19,9 @@ class Encryption: return result @staticmethod - def encrypt(text: str, key: str): - return Encryption.vigenere(text=text, key=key, encrypt=True) + def encrypt(text: str): + return Encryption.vigenere(text=text, key=Encryption.ENCRYTPION_KEY, encrypt=True) @staticmethod - def decrypt(text: str, key: str): - return Encryption.vigenere(text=text, key=key, encrypt=False) \ No newline at end of file + def decrypt(text: str): + return Encryption.vigenere(text=text, key=Encryption.ENCRYTPION_KEY, encrypt=False) \ No newline at end of file diff --git a/services/search.py b/services/search.py index e37bec4..5a97bc2 100644 --- a/services/search.py +++ b/services/search.py @@ -6,22 +6,29 @@ class Search: @staticmethod def search_members(query): cur = Database.connection.cursor() - cur.execute(""" - SELECT * FROM users WHERE - id LIKE ? OR - username LIKE ? OR - firstname LIKE ? OR - lastname LIKE ? OR - email LIKE ? OR - phone LIKE ? - """, (f"%{query}%", f"%{query}%", f"%{query}%", f"%{query}%", f"%{query}%", f"%{query}%")) + # cur.execute(""" + # SELECT * FROM users WHERE + # id LIKE ? OR + # username LIKE ? OR + # firstname LIKE ? OR + # lastname LIKE ? OR + # email LIKE ? OR + # phone LIKE ? + # """, (f"%{query}%", f"%{query}%", f"%{query}%", f"%{query}%", f"%{query}%", f"%{query}%")) + + cur.execute("""SELECT * FROM users""") rows = cur.fetchall() payload = [] for row in rows: user = User(Database.connection)._set_row_values(row) - if user.role == "MEMBER": + if str(user.id) == user.id: payload.append(user) + continue + + if user.role == "MEMBER": + if user.username in query or user.firstname in query or user.lastname in query or user.email in query or user.phone in query: + payload.append(user) return payload @@ -42,8 +49,13 @@ class Search: payload = [] for row in rows: user = User(Database.connection)._set_row_values(row) - if user.role == "ADVISOR": + if str(user.id) == user.id: payload.append(user) + continue + + if user.role == "ADVISOR": + if user.username in query or user.firstname in query or user.lastname in query or user.email in query or user.phone in query: + payload.append(user) return payload @@ -64,9 +76,14 @@ class Search: payload = [] for row in rows: user = User(Database.connection)._set_row_values(row) - if user.role == "SYSTEM_ADMIN": + if str(user.id) == user.id: payload.append(user) - + continue + + if user.role == "SYSTEM_ADMIN": + if user.username in query or user.firstname in query or user.lastname in query or user.email in query or user.phone in query: + payload.append(user) + return payload @staticmethod