def post(self): username = self.request.get('username') password = self.request.get('password') user = ndb.Key(UserModel, username).get() if user: params = urllib.urlencode({ "error": "The username is already taken, please choose another" }) self.redirect("/signup?" + params) return UserModel(key=user_key, username=username, password=bcrypt.hashpw(password, bcrypt.gensalt())).put() tok = str(random.randint(201, 300)) expiration = datetime.now() + timedelta(hours=1) SessionModel(key=ndb.Key("SessionModel", tok), token=tok, username=username, expiration=expiration).put() self.response.set_cookie('session', tok) self.redirect('/')
def post(self): old_tok = self.request.cookies.get("session") if old_tok: ndb.Key("SessionModel", old_tok).delete() username = self.request.get("username") password = self.request.get("password") user = ndb.Key(UserModel, username).get() if not user: params = urllib.urlencode( {"error": "Bad username! Please try again."}) self.redirect("/login?" + params) return for val in UserModel.query(UserModel.username == username): if val.password != bcrypt.hashpw(password, val.password): self.response.status = "401" params = urllib.urlencode( {"error": "Incorrect password! Please try again."}) self.redirect("/login?" + params) return if username == 'root': tok = str(0) else: ran_tok = random.randint(201, 300) tok = str(ran_tok) expiration = datetime.now() + timedelta(hours=1) SessionModel(key=ndb.Key("SessionModel", tok), token=tok, username=username, expiration=expiration).put() self.response.set_cookie('session', tok) self.redirect('/')
def valid_pw(name, pwd, hashed): return bcrypt.hashpw(name + pwd + SECRET, hashed) == hashed
def make_pw_hash(name, pwd): return bcrypt.hashpw(name + pwd + SECRET, bcrypt.gensalt())
# [START MODEL] class EventModel(ndb.Model): name = ndb.StringProperty() date = ndb.DateProperty() class UserModel(ndb.Model): username = ndb.StringProperty() password = ndb.StringProperty() email = ndb.StringProperty() root_user_key = ndb.Key(UserModel, 'root') pwd_hash = bcrypt.hashpw('root', bcrypt.gensalt()) UserModel(key=root_user_key, username='******', password=pwd_hash, email='*****@*****.**').put() user_key = ndb.Key(UserModel, 'test') pwd_hash = bcrypt.hashpw('test', bcrypt.gensalt()) UserModel(key=user_key, username='******', password=pwd_hash, email='*****@*****.**').put() class SessionModel(ndb.Model): token = ndb.StringProperty() username = ndb.StringProperty()
def login(cls, name, password): u = cls.by_name(name) # if user exists and his unencrypted password # matches one that haspreviously been hashed if u and bcrypt.hashpw(password, u.password) == u.password: return u
def register(cls, name, password, email=None): pw_hash = bcrypt.hashpw(password, bcrypt.gensalt()) return User(name=name, password=pw_hash, email=email)