Merge pull request #87 from knownsec/dev

update():remove username and password authenticate method

Author: wh0am1i

README.rst

@@ -57,12 +57,7 @@ After successfully installing ``ZoomEye-python``, you can use the
 
 Before using the ``ZoomEye-python cli``, the user ``token`` needs to be
 initialized. The credential is used to verify the user’s identity to
-query data from ``ZoomEye``; we provide two authentication methods:
-
-::
-
-   1.username/password
-   2.APIKEY (recommend)
+query data from ``ZoomEye``; only support API-KEY authentication methods.
 
 You can view the help through ``zoomeye init -h``, and use ``APIKEY`` to
 demonstrate below:
@@ -79,10 +74,6 @@ information (https://www.zoomeye.org/profile); ``APIKEY`` will not
 expire, users can reset in personal information according to their
 needs.
 
-in addition, we also provide the initialization method of
-``username/password``. After authentication in this way, the
-``JWT-token`` will be returned, which has certain timeliness and
-requires the user to login again after failure.
 
 2.query quota
 ^^^^^^^^^^^^^
@@ -623,18 +614,10 @@ The ``-dot`` parameter will generate a picture in ``png`` format and save the or
 1.initialize token
 ^^^^^^^^^^^^^^^^^^
 
-Similarly, the SDK also supports two authentication methods,
-``username/password`` and ``APIKEY``, as follows:
-
-**1.user/pass**
-
-.. code:: python
-
-   from zoomeye.sdk import ZoomEye
-
-   zm = ZoomEye(username="username", password="password")
+Similarly, the SDK also supports API-KEY authentication methods,
+ ``APIKEY``, as follows:
 
-**2.APIKEY**
+**APIKEY**
 
 .. code:: python
 
@@ -649,27 +632,25 @@ The following are the interfaces and instructions provided by the SDK:
 
 ::
 
-   1.login()
-     use username/password or APIKEY for authentication
-   2.dork_search(dork, page=0, resource="host", facets=None)
+   1.dork_search(dork, page=0, resource="host", facets=None)
      search the data of the specified page according to dork
-   3.multi_page_search(dork, page=1, resource="host", facets=None)
+   2.multi_page_search(dork, page=1, resource="host", facets=None)
      search multiple pages of data according to dork
-   4.resources_info()
+   3.resources_info()
      get current user information
-   5.show_count()
+   4.show_count()
      get the number of all matching results under the current dork
-   6.dork_filter(keys)
+   5.dork_filter(keys)
      extract the data of the specified field from the search results
-   7.get_facet()
+   6.get_facet()
      get statistical results of all data from search results
-   8.history_ip(ip)
+   7.history_ip(ip)
      query historical data information of an ip
-   9.show_site_ip(data)
+   8.show_site_ip(data)
      traverse the web-search result set, and output the domain name and ip address
-   10.show_ip_port(data)
+   9.show_ip_port(data)
      traverse the host-search result set and output the ip address and port
-   11.generate_dot(self, q, source=0, page=1)
+   10.generate_dot(self, q, source=0, page=1)
      Generate graphviz files and pictures written in the domain center
 
 3.SDK example
@@ -684,12 +665,8 @@ The following are the interfaces and instructions provided by the SDK:
    '__file__', '__loader__', '__name__', '__package__', '__spec__',
    'fields_tables_host', 'fields_tables_web', 'getpass', 'requests',
    'show_ip_port', 'show_site_ip', 'zoomeye_api_test']
-   >>> # Use username and password to login
-   >>> zm = zoomeye.ZoomEye()
-   >>> zm.username = 'username@zoomeye.org'
-   >>> zm.password = 'password'
-   >>> print(zm.login())
-   ....JIUzI1NiIsInR5cCI6IkpXVCJ9.....
+   >>> # Use API-KEY search
+   >>> zm = zoomeye.ZoomEye(api_key="01234567-acbd-00000-1111-22222222222")
    >>> data = zm.dork_search('apache country:cn')
    >>> zoomeye.show_site_ip(data)
    213.***.***.46.rev.vo***one.pt ['46.***.***.213']

docs/README_CN.md

@@ -39,10 +39,7 @@ optional arguments:
 ```
 
 #### 1.初始化token
-在使用 `ZoomEye-python cli` 前需要先初始化用户 `token`，该凭证用于验证用户身份以便从 `ZoomEye` 查询数据；我们提供了两种认证方式：
-
-	1.username/password
-	2.APIKEY (推荐)
+在使用 `ZoomEye-python cli` 前需要先初始化用户 `token`，该凭证用于验证用户身份以便从 `ZoomEye` 查询数据；仅支持 API-KEY 认证。
 
 可以通过 `zoomeye init -h` 查看帮助，下面通过 `APIKEY` 来进行演示：
 
@@ -55,7 +52,6 @@ Quota: 10000
 
 用户可以通过登陆 `ZoomEye` 在个人信息中(<https://www.zoomeye.org/profile>) 获取 `APIKEY`；`APIKEY` 不会过期，用户可根据需求在个人信息中进行重置。
 
-除此之外，我们还提供了 `username/password` 的初始化方式，通过这种方式认证后会返回 `JWT-token`，具有一定的时效性，失效后需要用户重新登陆。
 
 #### 2.查询配额
 用户可以通过 `info` 命令查询个人信息以及数据配额，如下：
@@ -495,17 +491,9 @@ total: 90/79882
 
 ### 0x04 使用SDK
 #### 1.初始化token
-同样，在 SDK 中也支持 `username/password` 和 `APIKEY` 两种认证方式，如下：
-
-**1.user/pass**
-
-```python
-from zoomeye.sdk import ZoomEye
-
-zm = ZoomEye(username="username", password="password")
-```
+同样，在 SDK 中仅支持通过 `APIKEY` 认证，如下：
 
-**2.APIKEY**
+**APIKEY**
 
 ```python
 from zoomeye.sdk import ZoomEye
@@ -516,27 +504,25 @@ zm = ZoomEye(api_key="01234567-acbd-00000-1111-22222222222")
 #### 2.SDK API
 以下是 SDK 提供的接口以及说明：
 
-	1.login()
-	  使用 username/password 或者 APIKEY 进行认证
-	2.dork_search(dork, page=0, resource="host", facets=None)
+	1.dork_search(dork, page=0, resource="host", facets=None)
 	  根据 dork 搜索指定页的数据
-	3.multi_page_search(dork, page=1, resource="host", facets=None)
+	2.multi_page_search(dork, page=1, resource="host", facets=None)
 	  根据 dork 搜索多页数据
-	4.resources_info()
+	3.resources_info()
 	  获取当前用户的信息
-	5.show_count()
+	4.show_count()
 	  获取当前 dork 下全部匹配结果的数量
-	6.dork_filter(keys)
+	5.dork_filter(keys)
 	  从搜索结果中提取指定字段的数据
-	7.get_facet()
+	6.get_facet()
 	  从搜索结果中获取全量数据的聚合结果
-	8.history_ip(ip)
+	7.history_ip(ip)
 	  查询某个 ip 的历史数据信息
-	9.show_site_ip(data)
+	8.show_site_ip(data)
 	  遍历 web-search 结果集，并输出域名和ip地址
-	10.show_ip_port(data)
+	9.show_ip_port(data)
 	  遍历 host-search 结果集，并输出ip地址和端口
-	11.generate_dot(self, q, source=0, page=1)
+	10.generate_dot(self, q, source=0, page=1)
 		生成以域名中心写出graphviz文件和图片
 
 #### 3.使用示例
@@ -549,12 +535,8 @@ $ python3
 '__file__', '__loader__', '__name__', '__package__', '__spec__',
 'fields_tables_host', 'fields_tables_web', 'getpass', 'requests',
 'show_ip_port', 'show_site_ip', 'zoomeye_api_test']
->>> # Use username and password to login
+>>> # Use API-KEY search dork
 >>> zm = zoomeye.ZoomEye()
->>> zm.username = 'username@zoomeye.org'
->>> zm.password = 'password'
->>> print(zm.login())
-....JIUzI1NiIsInR5cCI6IkpXVCJ9.....
 >>> data = zm.dork_search('apache country:cn')
 >>> zoomeye.show_site_ip(data)
 213.***.***.46.rev.vo***one.pt ['46.***.***.213']

zoomeye/__init__.py

@@ -11,5 +11,5 @@
 
 __name__ = 'zoomeye'
 __package__ = 'zoomeye'
-__version__ = 'v2.1.2'
+__version__ = 'v2.2.0'
 __site__ = "https://www.zoomeye.org/doc"

zoomeye/cli.py

@@ -153,8 +153,6 @@ def main():
     # initial account configuration related commands
     parser_init = subparsers.add_parser("init", help="Initialize the token for ZoomEye-python")
     parser_init.add_argument("-apikey", help="ZoomEye API Key", default=None, metavar='[api key]')
-    parser_init.add_argument("-username", help="ZoomEye account username", default=None, metavar='[username]')
-    parser_init.add_argument("-password", help="ZoomEye account password", default=None, metavar='[password]')
     parser_init.set_defaults(func=core.init)
 
     parser_ip_info = subparsers.add_parser("ip", help="Query IP information")

zoomeye/core.py

@@ -43,52 +43,17 @@ def key_init(key):
     os.chmod(key_file, 0o600)
 
 
-def jwt_init(username, password):
-    """
-    initialize through the user name and password, write jwt to the local configuration file,
-    the expiration time is about 12 hours, so it is recommended to initialize through the api key.
-    :param username: str, login zoomeye account
-    :param password: str, login zoomeye account password
-    :return:
-    """
-    file.check_exist(zoomeye_dir)
-    try:
-        zoom = ZoomEye(username=username, password=password)
-        access_token = zoom.login()
-    except Exception:
-        return
-    jwt_file = zoomeye_dir + "/jwt"
-    if access_token:
-        # display the remaining resources of the current account
-        user_data = zoom.resources_info()
-        show.printf("Role: {}".format(user_data["plan"]))
-        show.printf("Quota: {}".format(user_data["resources"].get("search")))
-        with open(jwt_file, 'w') as f:
-            f.write(access_token)
-        show.printf("successfully initialized", color="green")
-        # change the permission of the configuration file to read-only
-        os.chmod(jwt_file, 0o600)
-    else:
-        show.printf("failed initialized!", color="red")
-
-
 def init(args):
     """
     the initialization processing function will select the initialization method according to the user's input.
     :param args:
     :return:
     """
     api_key = args.apikey
-    username = args.username
-    password = args.password
     # use api key init
-    if api_key and username is None and password is None:
+    if api_key:
         key_init(api_key)
         return
-    # use username and password init
-    if api_key is None and username and password:
-        jwt_init(username, password)
-        return
     # invalid parameter
     show.printf("input parameter error", color="red")
     show.printf("please run <zoomeye init -h> for help.", color="red")
@@ -134,8 +99,8 @@ def info(args):
     :param args:
     :return:
     """
-    api_key, access_token = file.get_auth_key()
-    zm = ZoomEye(api_key=api_key, access_token=access_token)
+    api_key = file.get_auth_key()
+    zm = ZoomEye(api_key=api_key)
     # get user information
     user_data = zm.resources_info()
     if user_data:

zoomeye/data.py

@@ -346,8 +346,8 @@ def __init__(self, dork, num, resource, facet=None, force=False):
         self.facet_data = None
         self.total = 0
 
-        self.api_key, self.access_token = file.get_auth_key()
-        self.zoomeye = ZoomEye(api_key=self.api_key, access_token=self.access_token)
+        self.api_key = file.get_auth_key()
+        self.zoomeye = ZoomEye(api_key=self.api_key)
 
     def handle_page(self):
         try:
@@ -652,8 +652,8 @@ def get_data(self):
         get user level and IP historical data
         """
         normal_user = ['user', 'developer']
-        api_key, access_token = file.get_auth_key()
-        zm = ZoomEye(api_key=api_key, access_token=access_token)
+        api_key = file.get_auth_key()
+        zm = ZoomEye(api_key=api_key)
         role = zm.resources_info()
         # permission restrictions
         if role["plan"] in normal_user:
@@ -716,8 +716,8 @@ def request_data(self):
         """
         get api data
         """
-        api_key, access_token = file.get_auth_key()
-        zm = ZoomEye(api_key=api_key, access_token=access_token)
+        api_key = file.get_auth_key()
+        zm = ZoomEye(api_key=api_key)
         data = zm.dork_search(self.dork)
         return data
 
@@ -755,8 +755,8 @@ def __init__(self, q, source, page):
         self.q = q
         self.source = source
         self.page = page
-        api_key, access_token = file.get_auth_key()
-        self.zm = ZoomEye(api_key=api_key, access_token=access_token)
+        api_key = file.get_auth_key()
+        self.zm = ZoomEye(api_key=api_key)
 
     def show_information(self):
         """show domain search data"""

zoomeye/file.py

@@ -63,28 +63,19 @@ def get_auth_key():
     :return:
     """
     api_key = None
-    access_token = None
     try:
         # read the api key from the configuration file,
         # if not, it will throw an exception that the file is not found.
         api_key = get_api_key(zoomeye_dir + "/apikey")
-        return api_key, access_token
+        return api_key
         # catch file not found exception
     except FileNotFoundError:
-        # try to get the json web token in the configuration file
-        try:
-            access_token = get_jwt_token(zoomeye_dir + "/jwt")
-            return api_key, access_token
-        except FileNotFoundError:
-            print("please run 'zoomeye init -apikey <api key>' "
-                  "or 'zoomeye init -username <username> -password <password>before using this command")
-            exit(0)
+        print("please run 'zoomeye init -apikey <api key>' before using this command")
+        exit(0)
         # catch other exceptions
     except Exception:
-        # there is no past api key and json web token in the configuration file
-        # tell users that they need to be initialized before use
-        print("please run 'zoomeye init -apikey <api key>' "
-              "or 'zoomeye init -username <username> -password <password>before using this command")
+        # unknown error
+        print("Unknown Error! Please submit issue.")
         exit(0)