def post(self):
username = self.request.get('username')
password = self.request.get('password')
user = ndb.Key(UserModel, username).get()
if user:
params = urllib.urlencode({
"error":
"The username is already taken, please choose another"
})
self.redirect("/signup?" + params)
return
UserModel(key=user_key,
username=username,
password=bcrypt.hashpw(password, bcrypt.gensalt())).put()
tok = str(random.randint(201, 300))
expiration = datetime.now() + timedelta(hours=1)
SessionModel(key=ndb.Key("SessionModel", tok),
token=tok,
username=username,
expiration=expiration).put()
self.response.set_cookie('session', tok)
self.redirect('/')
def post(self):
old_tok = self.request.cookies.get("session")
if old_tok:
ndb.Key("SessionModel", old_tok).delete()
username = self.request.get("username")
password = self.request.get("password")
user = ndb.Key(UserModel, username).get()
if not user:
params = urllib.urlencode(
{"error": "Bad username! Please try again."})
self.redirect("/login?" + params)
return
for val in UserModel.query(UserModel.username == username):
if val.password != bcrypt.hashpw(password, val.password):
self.response.status = "401"
params = urllib.urlencode(
{"error": "Incorrect password! Please try again."})
self.redirect("/login?" + params)
return
if username == 'root':
tok = str(0)
else:
ran_tok = random.randint(201, 300)
tok = str(ran_tok)
expiration = datetime.now() + timedelta(hours=1)
SessionModel(key=ndb.Key("SessionModel", tok),
token=tok,
username=username,
expiration=expiration).put()
self.response.set_cookie('session', tok)
self.redirect('/')
def valid_pw(name, pwd, hashed):
return bcrypt.hashpw(name + pwd + SECRET, hashed) == hashed
def make_pw_hash(name, pwd):
return bcrypt.hashpw(name + pwd + SECRET, bcrypt.gensalt())
# [START MODEL]
class EventModel(ndb.Model):
name = ndb.StringProperty()
date = ndb.DateProperty()
class UserModel(ndb.Model):
username = ndb.StringProperty()
password = ndb.StringProperty()
email = ndb.StringProperty()
root_user_key = ndb.Key(UserModel, 'root')
pwd_hash = bcrypt.hashpw('root', bcrypt.gensalt())
UserModel(key=root_user_key,
username='******',
password=pwd_hash,
email='*****@*****.**').put()
user_key = ndb.Key(UserModel, 'test')
pwd_hash = bcrypt.hashpw('test', bcrypt.gensalt())
UserModel(key=user_key,
username='******',
password=pwd_hash,
email='*****@*****.**').put()
class SessionModel(ndb.Model):
token = ndb.StringProperty()
username = ndb.StringProperty()
def valid_pw(name, pwd, hashed):
return bcrypt.hashpw(name + pwd + SECRET, hashed) == hashed
def make_pw_hash(name, pwd):
return bcrypt.hashpw(name + pwd + SECRET, bcrypt.gensalt())
def login(cls, name, password):
u = cls.by_name(name)
# if user exists and his unencrypted password
# matches one that haspreviously been hashed
if u and bcrypt.hashpw(password, u.password) == u.password:
return u
def register(cls, name, password, email=None):
pw_hash = bcrypt.hashpw(password, bcrypt.gensalt())
return User(name=name, password=pw_hash, email=email)