-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdatabase.py
More file actions
255 lines (231 loc) · 8.79 KB
/
database.py
File metadata and controls
255 lines (231 loc) · 8.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
import sqlite3
import bcrypt
from cryptography.fernet import Fernet
import base64
import os
from typing import Optional, Tuple, List
class Database:
def __init__(self, db_file: str = 'users.db'):
"""Initialize database connection"""
self.db_file = db_file
self.initialize_database()
def get_connection(self) -> sqlite3.Connection:
"""Create and return a database connection"""
try:
conn = sqlite3.connect(self.db_file)
return conn
except sqlite3.Error as e:
raise Exception(f"Database connection error: {e}")
def initialize_database(self) -> None:
"""Create necessary tables if they don't exist"""
conn = self.get_connection()
try:
cursor = conn.cursor()
# Create users table
cursor.execute('''
CREATE TABLE IF NOT EXISTS users (
username TEXT PRIMARY KEY,
password TEXT NOT NULL,
salt TEXT NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
)
''')
# Create passwords table
cursor.execute('''
CREATE TABLE IF NOT EXISTS passwords (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL,
site TEXT NOT NULL,
site_username TEXT NOT NULL,
password TEXT NOT NULL,
notes TEXT,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (username) REFERENCES users(username) ON DELETE CASCADE
)
''')
# Create login_history table for security tracking
cursor.execute('''
CREATE TABLE IF NOT EXISTS login_history (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username TEXT NOT NULL,
login_time TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
ip_address TEXT,
success BOOLEAN,
FOREIGN KEY (username) REFERENCES users(username) ON DELETE CASCADE
)
''')
conn.commit()
except sqlite3.Error as e:
raise Exception(f"Database initialization error: {e}")
finally:
conn.close()
def add_user(self, username: str, password: str) -> bool:
"""Add a new user to the database"""
conn = self.get_connection()
try:
cursor = conn.cursor()
# Check if username already exists
cursor.execute("SELECT username FROM users WHERE username = ?", (username,))
if cursor.fetchone():
return False
# Generate salt and hash password
salt = bcrypt.gensalt()
hashed_password = bcrypt.hashpw(password.encode('utf-8'), salt)
# Store user credentials
cursor.execute(
"INSERT INTO users (username, password, salt) VALUES (?, ?, ?)",
(username, hashed_password.decode('utf-8'), salt.decode('utf-8'))
)
conn.commit()
return True
except sqlite3.Error:
return False
finally:
conn.close()
def verify_user(self, username: str, password: str) -> Tuple[bool, Optional[bytes]]:
"""Verify user credentials and return (success, salt)"""
conn = self.get_connection()
try:
cursor = conn.cursor()
cursor.execute(
"SELECT password, salt FROM users WHERE username = ?",
(username,)
)
result = cursor.fetchone()
if not result:
return False, None
stored_password, salt = result
if bcrypt.checkpw(password.encode('utf-8'), stored_password.encode('utf-8')):
return True, salt.encode('utf-8')
return False, None
except sqlite3.Error:
return False, None
finally:
conn.close()
def add_password(self, username: str, site: str, site_username: str,
encrypted_password: str, notes: str = None) -> bool:
"""Add a new password entry"""
conn = self.get_connection()
try:
cursor = conn.cursor()
cursor.execute('''
INSERT INTO passwords (username, site, site_username, password, notes)
VALUES (?, ?, ?, ?, ?)
''', (username, site, site_username, encrypted_password, notes))
conn.commit()
return True
except sqlite3.Error:
return False
finally:
conn.close()
def get_passwords(self, username: str) -> List[tuple]:
"""Retrieve all passwords for a user"""
conn = self.get_connection()
try:
cursor = conn.cursor()
cursor.execute('''
SELECT id, site, site_username, password, notes, created_at, updated_at
FROM passwords
WHERE username = ?
ORDER BY site
''', (username,))
return cursor.fetchall()
except sqlite3.Error:
return []
finally:
conn.close()
def update_password(self, password_id: int, username: str,
encrypted_password: str, notes: str = None) -> bool:
"""Update an existing password entry"""
conn = self.get_connection()
try:
cursor = conn.cursor()
cursor.execute('''
UPDATE passwords
SET password = ?, notes = ?, updated_at = CURRENT_TIMESTAMP
WHERE id = ? AND username = ?
''', (encrypted_password, notes, password_id, username))
conn.commit()
return cursor.rowcount > 0
except sqlite3.Error:
return False
finally:
conn.close()
def delete_password(self, password_id: int, username: str) -> bool:
"""Delete a password entry"""
conn = self.get_connection()
try:
cursor = conn.cursor()
cursor.execute('''
DELETE FROM passwords
WHERE id = ? AND username = ?
''', (password_id, username))
conn.commit()
return cursor.rowcount > 0
except sqlite3.Error:
return False
finally:
conn.close()
def log_login_attempt(self, username: str, success: bool, ip_address: str = None) -> None:
"""Log login attempts for security tracking"""
conn = self.get_connection()
try:
cursor = conn.cursor()
cursor.execute('''
INSERT INTO login_history (username, success, ip_address)
VALUES (?, ?, ?)
''', (username, success, ip_address))
conn.commit()
except sqlite3.Error:
pass
finally:
conn.close()
def get_login_history(self, username: str, limit: int = 10) -> List[tuple]:
"""Retrieve login history for a user"""
conn = self.get_connection()
try:
cursor = conn.cursor()
cursor.execute('''
SELECT login_time, ip_address, success
FROM login_history
WHERE username = ?
ORDER BY login_time DESC
LIMIT ?
''', (username, limit))
return cursor.fetchall()
except sqlite3.Error:
return []
finally:
conn.close()
def change_master_password(self, username: str, new_password: str) -> bool:
"""Change user's master password"""
conn = self.get_connection()
try:
cursor = conn.cursor()
# Generate new salt and hash password
new_salt = bcrypt.gensalt()
new_hash = bcrypt.hashpw(new_password.encode('utf-8'), new_salt)
cursor.execute('''
UPDATE users
SET password = ?, salt = ?
WHERE username = ?
''', (new_hash.decode('utf-8'), new_salt.decode('utf-8'), username))
conn.commit()
return True
except sqlite3.Error:
return False
finally:
conn.close()
def delete_user(self, username: str) -> bool:
"""Delete a user and all their data"""
conn = self.get_connection()
try:
cursor = conn.cursor()
cursor.execute("DELETE FROM users WHERE username = ?", (username,))
conn.commit()
return cursor.rowcount > 0
except sqlite3.Error:
return False
finally:
conn.close()