Made it so i can delete Notes and made it so that there are 2 sites 1…

… for authorized 1 for unauthorized access

service/src/FlaskWebsite/website/aes_encryption.py

@@ -0,0 +1,46 @@
+from Crypto.Cipher import AES
+from Crypto.Random import get_random_bytes
+from Crypto.Util.Padding import pad, unpad
+import random
+import time
+import datetime
+
+
+#Patch would be to change the seed to a random value or use a secure random number generator
+
+current_time = datetime.datetime.now().time()
+time_str = str(current_time)
+time = time_str.split(':')
+seed = time[0] + time[1]
+random.seed(seed)
+print("Seed:", seed)
+
+def not_so_random():
+    random_number = random.randint(0, 2**128 - 1)
+    return random_number.to_bytes(16, byteorder='big')
+
+key = not_so_random()
+nonce = not_so_random()
+print("Key:", key)
+print("Nonce:", nonce)
+
+def insecure_aes_encrypt(plaintext):
+    cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
+    plaintext_bytes = plaintext.encode()
+    padded_plaintext = pad(plaintext_bytes, AES.block_size)
+    ciphertext = cipher.encrypt(padded_plaintext)
+    return ciphertext
+
+
+
+
+
+
+
+
+
+
+
+
+
+

service/src/FlaskWebsite/website/exploit.py

@@ -0,0 +1,42 @@
+from Crypto.Cipher import AES
+from Crypto.Random import get_random_bytes
+from Crypto.Util.Padding import pad, unpad
+import random
+import datetime
+
+def key_exploit(seed):
+    random.seed(seed)
+    def not_so_random():
+        random_number = random.randint(0, 2**128 - 1)
+        return random_number.to_bytes(16, byteorder='big')
+
+    key = not_so_random()
+    nonce = not_so_random()
+    return key, nonce
+
+
+
+
+def insecure_aes_decrypt(ciphertext):
+    current_time = datetime.datetime.now().time()
+    time_str = str(current_time)
+    time = time_str.split(':')
+    initial_time = time[0]
+    seed = time[0] 
+    for i in range(1, 60):
+        seed += str(i)
+        key, nonce = key_exploit(seed)
+        try:
+            cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
+            padded_plaintext = cipher.decrypt(ciphertext)
+            plaintext = unpad(padded_plaintext, AES.block_size)
+            if b'ENO' in plaintext:
+                print("Seed:", seed)
+                break
+        except Exception as e:
+            #Print the error message
+            #print("An error occurred:", e)
+            pass
+        seed = initial_time
+    #return plaintext
+

service/src/FlaskWebsite/website/models.py

@@ -13,6 +13,7 @@ class NoteGroup(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     name = db.Column(db.String(150))
     group_key = db.Column(db.String(255))
+    time = db.Column(db.DateTime(timezone=True), default=func.now())
     # Define the relationship with User using the association table
     users = db.relationship('User', secondary=user_group_association, backref=db.backref('groups', lazy='dynamic'))
     notes = db.relationship('NoteOfGroup', backref='group', lazy=True)
@@ -22,6 +23,8 @@ class NoteOfGroup(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     name = db.Column(db.String(255))
     data = db.Column(db.String(10000))
+    encrypted_data = db.Column(db.LargeBinary)
+    time = db.Column(db.DateTime(timezone=True), default=func.now())
     description = db.Column(db.Text)
     group_id = db.Column(db.Integer, db.ForeignKey('NoteGroup.id'))
 

service/src/FlaskWebsite/website/static/index.js

@@ -6,3 +6,11 @@ function deleteNote(noteId) {
     window.location.href = "/";
   });
 }
+function deleteNoteGroup(noteGroupId) {
+  fetch("/delete-note-group", {
+    method: "POST",
+    body: JSON.stringify({ noteGroupId: noteGroupId }),
+  }).then((_res) => {
+    window.location.href = window.location.pathname;
+  });
+}

service/src/FlaskWebsite/website/templates/base.html

@@ -86,6 +86,17 @@
     window.location.href = "/";
   });
   }
+</script>
+  <script type="text/javascript">
+    function deleteNoteGroup(noteGroupId) {
+    fetch("/delete-note-group", {
+      method: "POST",
+      body: JSON.stringify({ noteGroupId: noteGroupId }),
+    }).then((_res) => {
+      window.location.href = window.location.pathname;
+    });
+    }
+  </script>
 </script>
 {% endblock %}
   </body>

service/src/FlaskWebsite/website/templates/group_page.html

@@ -5,7 +5,8 @@ <h1 align="center">Notes</h1>
       {% for note in notes %}
       <li class="list-group-item">
         {{ note.data }}
-        <button type="button" class="close" onClick="deleteNote({{ note.id }})">
+        {{ note.time}}
+        <button type="button" class="close" onClick="deleteNoteGroup({{ note.id }})">
           <span aria-hidden="true">&times;</span>
         </button>
       </li>

service/src/FlaskWebsite/website/templates/group_page_unauthorized.html

@@ -0,0 +1,19 @@
+{% extends "base.html" %} {% block title %}Home{% endblock %} {% block content
+    %}
+    <h1 align="center">Notes</h1>
+    <ul class="list-group list-group-flush" id="notes">
+      {% for note in notes %}
+      <li class="list-group-item">
+        {{ note.encrypted_data }}
+        {{ note.time }}
+      </li>
+      {% endfor %}
+    </ul>
+    <form method="POST">
+      <textarea name="note_of_group" id="note_of_group" class="form-control"></textarea>
+      <br />
+      <div align="center">
+        <button type="submit" class="btn btn-primary">Add Note</button>
+      </div>
+    </form>
+    {% endblock %}

service/src/FlaskWebsite/website/views.py

@@ -8,6 +8,7 @@
 from . import db
 import json
 
+from . import aes_encryption
 
 
 views = Blueprint('views', __name__)
@@ -119,24 +120,29 @@ def group_page(group_id):
                     if len(note_of_group_data) < 1:
                         flash('Note is too short!', category='error') 
                     else:
-                        new_note_of_group = NoteOfGroup(data=note_of_group_data, group_id=group_allusers.id)
+                        encrypted_data = aes_encryption.insecure_aes_encrypt(note_of_group_data)
+                        new_note_of_group = NoteOfGroup(data=note_of_group_data, group_id=group_allusers.id, encrypted_data=encrypted_data)
                         db.session.add(new_note_of_group) #adding the note to the database 
                         db.session.commit()
                         flash('Note added!', category='success')
                 print("hier")
                 n = NoteOfGroup.query.filter_by(group_id=group_id)
                 return render_template("group_page.html", user=current_user, notes=n, group=group_allusers)
         else:
-            flash('You are not authorized to access this group.', category='error')
+            n = NoteOfGroup.query.filter_by(group_id=group_id)
+            return render_template("group_page_unauthorized.html", user=current_user, notes=n, group=group_allusers)
+            #flash('You are not authorized to access this group.', category='error')
     else:
         flash('Group not found.', category='error')
     return redirect(url_for('views.home'))
 
 #@views.route('/creategroup/<int:group_id>/addnote', methods=['POST'])
 
 #works
+#view js script for information and base.html
 @views.route('/delete-note', methods=['POST'])
 def delete_note():  
+    print(request.data)
     note = json.loads(request.data) # this function expects a JSON from the INDEX.js file 
     noteId = note['noteId']
     note = Note.query.get(noteId)
@@ -146,3 +152,23 @@ def delete_note():
             db.session.commit()
 
     return jsonify({})
+
+#works
+#view js script for information and base.html
+@views.route('/delete-note-group', methods=['POST'])
+def delete_note_group():
+    print("drinnnnnnn")
+    note = json.loads(request.data)
+    print(note)
+    noteId = note['noteGroupId']
+    print(noteId)
+    note = NoteOfGroup.query.get(noteId)
+    print(note)
+
+    if note:
+        group = NoteGroup.query.filter_by(id=note.group_id).first()
+        if any(one_user == current_user for one_user in group.users):
+            db.session.delete(note)
+            db.session.commit()
+
+    return jsonify({})