diff --git a/__pycache__/app.cpython-39.pyc b/__pycache__/app.cpython-39.pyc index cc12dc6..6bf1bf6 100644 Binary files a/__pycache__/app.cpython-39.pyc and b/__pycache__/app.cpython-39.pyc differ diff --git a/app.py b/app.py index b0e1cfe..36e5d3d 100644 --- a/app.py +++ b/app.py @@ -19,9 +19,6 @@ message = b'This is a secret message.' ciphertext = cipher.encrypt(message) # Decrypt the ciphertext - - - app = Flask(__name__, static_url_path='', static_folder='static',) @@ -34,11 +31,13 @@ def captcha_handler(): # TODO: set JWT to expire very soon. payload = jwt.decode(token, JWT_SECRET_KEY, algorithms=['HS256']) b64_and_encrypted_correct_answer = payload['encrypted_correct_answer'] + n = payload['n'] encrypted_correct_answer_bytes = base64.b64decode(b64_and_encrypted_correct_answer) correct_answer = cipher.decrypt(encrypted_correct_answer_bytes).decode('utf-8').split('|||')[0] + ## Redirect to the original page the user wanted - with a token letting that they can validate from us that says that the user passed a specific captcha attempt (we will sign the attempt with a code we give them with the captcha, like an id, so they know it was that specific attempt) return f''' The correct answer was {correct_answer} - You flipped it {captcha_attempt} + You flipped it {int(captcha_attempt) % n} ''' except jwt.ExpiredSignatureError: @@ -54,7 +53,8 @@ def captcha_handler(): ## If not: Redirect them to the GET version of this same URL, with warning enabled to tell them they failed if request.method == "GET": image_path = captcha.random_image() - answer, options = captcha.captchafy(image_path) + n = 6 + answer, options = captcha.captchafy(image_path, n) print('the correct answer is: ', answer) # remember to store the salt since we'll need it when we compare the hashes salt = uuid.uuid4() @@ -64,7 +64,8 @@ def captcha_handler(): ciphertext = base64.b64encode(encrypted_bytes).decode('utf-8') token = jwt.encode({ 'encrypted_correct_answer': ciphertext, - 'salt': str(salt) + 'salt': str(salt), + 'n': n }, JWT_SECRET_KEY, algorithm='HS256') # Set the Authorization header cookie with the JWT @@ -79,52 +80,6 @@ def captcha_handler(): # We will use UUID's as the salts. # # Anyway, we pass the data to our Jinja template and render it. + else: + return "Unsupported HTTP method." # Flask should take care of unsupported methods for us. - - - - ## Handle cookie - - ## Get random image - ## Generate - return captcha.generate_captcha_html(os.listdir('static/images/')) - -@app.route("/captcha_old", methods=['GET', 'POST']) -def login(): - # This means they just submitted a CAPTCHA - # We need to see if they got it right - incorrect_captcha = False - if request.method == 'POST': - captcha_guess = len(list(request.form)) - print(request.form.get('captcha')) - # What if they POST with the cookie below absent? Uh oh... - captcha_cookie = request.cookies.get('freecaptcha_cookie') - - real_answer = captcha_solutions.get(captcha_cookie, None) - if real_answer is not None: - if captcha_guess == int(real_answer): - captcha_solved.append(captcha_cookie) - return redirect("/", code=302) - else: - incorrect_captcha = True - - - # Select an image - image_path = captcha.random_image() - - # Generate list of rotated versions of image - # and save which one is correct - # change answer to be the number of turns needed? - answer, options = captcha.captchafy(image_path) - print(answer) - - # Provide the CAPTCHA options to the web page using the CAPTCHA - resp = make_response(render_template("index.html", captcha_options=options, incorrect_captcha=incorrect_captcha)) - resp = make_response(captcha.generate_captcha_html(list(options))) - # Track this user with a cookie and store the correct answer - # by linking the cookie with the answer, we can check their answer later - freecaptcha_cookie = str(uuid.uuid4()) - resp.set_cookie('freecaptcha_cookie', freecaptcha_cookie) - captcha_solutions[freecaptcha_cookie] = answer - - return resp diff --git a/curl b/curl new file mode 100755 index 0000000..71b662e Binary files /dev/null and b/curl differ