From 6d0415f89e1a4ba0c85b8b58d1e48262907ff526 Mon Sep 17 00:00:00 2001
From: jakobsn <jakob_sn_@hotmail.com>
Date: Mon, 25 Nov 2019 22:18:01 +0100
Subject: [PATCH] hash match

---
 src/app/views/login.py | 48 ++++++++++++++++++++++++++++++++++--------
 1 file changed, 39 insertions(+), 9 deletions(-)

diff --git a/src/app/views/login.py b/src/app/views/login.py
index b940c83..dc69a14 100644
--- a/src/app/views/login.py
+++ b/src/app/views/login.py
@@ -4,6 +4,7 @@ import models.login
 from views.utils import get_nav_bar
 import os, hmac, base64, pickle, hashlib
 from io import StringIO
+from deepdiff import DeepDiff
 
 # Get html templates
 render = web.template.render('templates/')
@@ -23,13 +24,34 @@ class Login():
             :return: The login page showing other users if logged in
         """
         session = web.ctx.session
+
+        # If the user selected 'remember me' they log in automatically
+        try:
+            print("secret" ,self.secret)
+            cookies = web.cookies()
+            print("cookie", cookies)
+            remember_hash = bytes(cookies.remember[2:][:-1], 'ascii')
+            print("remember_hash")
+            print(remember_hash)
+            print(remember_hash == b'gANdcQAoWCAAAAAxN2UxZWJmOGJiODhkNzdmZWNjM2E5MmYxMTFkMjU4OHEBWAUAAABhZG1pbnECZS4=')
+
+            encode = base64.b64decode(remember_hash)
+            print("dencode", encode)
+
+            username, sign = pickle.loads(encode)
+
+
+            if self.sign_username(username) == sign:
+                print("HASH MATCH")
+        except Exception as e:
+            raise e
+
         if session.username:
             friends = models.login.get_users()
         else:
             friends = [[],[]]
         nav = get_nav_bar(session)
-        if 1 == 1:
-            print(web.cookies())
+
 
         return render.login(nav, login_form, friends)
 
@@ -48,8 +70,14 @@ class Login():
             session.username = user[0][1]
             session.userid = user[0][0]
             print('remember me')
-            
-            web.setcookie('remember', self.rememberme())
+            remember = self.rememberme()
+            web.setcookie('remember', remember , 12000000)
+            print("equal at start?", remember == b'gANdcQAoWCAAAAAxN2UxZWJmOGJiODhkNzdmZWNjM2E5MmYxMTFkMjU4OHEBWAUAAABhZG1pbnECZS4=')
+            cookies = web.cookies()
+            print("equal at start?", cookies.remember == b'gANdcQAoWCAAAAAxN2UxZWJmOGJiODhkNzdmZWNjM2E5MmYxMTFkMjU4OHEBWAUAAABhZG1pbnECZS4=')
+            print(remember)
+            print(cookies.remember)
+            print(DeepDiff(remember, cookies.remember, 'ascii'))
         else:
             friends = [[],[]]
         nav = get_nav_bar(session)
@@ -57,8 +85,9 @@ class Login():
 
     def rememberme(self):
         session = web.ctx.session
-        creds = [session.username , self.sign() ]
+        creds = [ session.username, self.sign() ]
         print(creds)
+        print("save", base64.b64encode(pickle.dumps(creds)))
         return base64.b64encode(pickle.dumps(creds))
 
     def sign(self):
@@ -68,17 +97,18 @@ class Login():
     @classmethod
     def sign_username(self, username):
         secret = base64.b64decode(self.secret)
+        print(secret)
         print(username)
-        return hmac.HMAC(secret, username.encode('utf-8')).hexdigest()
+        return hmac.HMAC(secret, username.encode('ascii')).hexdigest()
  
     @classmethod
     def valid_rememberme(self, cookie):
-        userame, userid, sign = pickle.load(StringIO.StringIO(base64.b64decode(cookie)))
-        if User.sign_username(user) == sign:
+        userame, sign = pickle.load(StringIO(base64.b64decode(cookie)))
+        if self.sign_username(user) == sign:
             return True
         return False
         
     @classmethod
     def from_rememberme(self, cookie):
-        user, sign= pickle.load(StringIO.StringIO(base64.b64decode(cookie)))
+        user, sign= pickle.load(StringIO(base64.b64decode(cookie)))
         return user