def __call__(self, form, field):
schema = PasswordValidator()
schema \
.min(6) \
.has().digits()
if not schema.validate(field.data):
raise ValidationError(self.message)
def __call__(self, form: FlaskForm, field: Field):
the_schema = PasswordValidator()
the_schema \
.min(8) \
.has().lowercase() \
.has().digits()
if not the_schema.validate(field.data):
raise ValidationError(self.message)
def register():
error_list = []
form = RegistrationForm()
if request.method == 'POST':
#print(request.form['user_name'])
try:
user_name = form.user_name.data
password = form.password.data
if len(user_name) < 3:
#print("a")
if len(user_name) == 0:
error_list.append('Your username is required.')
else:
error_list.append('Your username is too short.')
schema = PasswordValidator()
schema.min(8) \
.has().uppercase() \
.has().lowercase() \
.has().digits()
if not schema.validate(password):
#print("b")
if len(password) == 0:
error_list.append("Your password is required.")
error_list.append('Your password is invalid, please refer to Account notes.')
#print(error_list)
if len(error_list) == 0:
services.add_user(user_name, password, repo.repo_instance)
# All is well, redirect the user to the login page.
return redirect(url_for('authen_bp.login'))
else:
return render_template(
'authen/credentials.html',
title='Register',
form=form,
error_list=error_list,
handler_url=url_for('authen_bp.register'),
)
except services.NameNotUniqueException:
error_list.append("Your username is already taken - please supply another.")
# For a GET or a failed POST request, return the Registration Web page.
return render_template(
'authen/credentials.html',
title='Register',
form=form,
error_list=error_list,
handler_url=url_for('authen_bp.register'),
)
class SqlManager:
def __init__(self):
self.conn = conn
self.cursor = conn.cursor()
self.pass_validator = PasswordValidator()
self.pass_hash = PassHasher()
def create_structure(self):
with open(SQL_STRUCTURE_FILE) as f:
sql_file = f.read()
self.cursor.executescript(sql_file)
def change_message(self, new_message, logged_user):
update_sql = '''UPDATE clients
SET message = ?
WHERE id = ?'''
self.cursor.execute(update_sql, (new_message, logged_user.get_id()))
self.conn.commit()
logged_user.set_message(new_message)
def change_pass(self, new_pass, logged_user):
if self.pass_validator.validate(logged_user.get_username(), new_pass):
user_pass, user_salt = self.pass_hash.make_pass(new_pass)
else:
raise StrongPasswordError
update_sql = '''UPDATE clients
SET password =?,
salt =?
WHERE id =?'''
self.cursor.execute(update_sql, (user_pass, user_salt, logged_user.get_id()))
self.conn.commit()
def register(self, username, password):
if self.pass_validator.validate(username, password):
user_pass, user_salt = self.pass_hash.make_pass(password)
else:
return False
insert_sql = '''INSERT INTO clients (username, password, salt)
VALUES (?, ?, ?)'''
self.cursor.execute(insert_sql, (username, user_pass, user_salt))
self.conn.commit()
def __get_salt(self, username):
sql = '''SELECT username, password, salt
FROM clients
WHERE username =?'''
self.cursor.execute(sql, (username, ))
data = self.cursor.fetchone()
if data is None:
return None
else:
return data['salt']
def _login(self, username):
if not self._is_blocked(username):
def _is_blocked(self, username):
client_id = self.get_client_id_by_username(username)
now = datetime.datetime.now()
sql = '''SELECT id, block_end
FROM blocked_users
WHERE client_id=?
ORDER BY id
DESC
LIMIT 1'''
self.cursor.execute(sql, (client_id, ))
result = self.cursor.fetchone()
if result is None:
return False
return (now, result['blocked_end'])
def block_user(self, username):
start = datetime.datetime.now()
end = start + BLOCK_TIME
client_id = self.get_client_id_by_username(username)
sql = '''INSERT INTO blocked_users
(client_id, blocked_start, blocked_end)
VALUES (?, ?, ?)'''
def create_login_attempt(self, username, password, status='FAIL'):
login_attempts = BLOCK_ATTEMPTS
if self.pass_validator.validate(username, password):
status = 'SUCCEED'
else:
if login_attempts > 0:
login_attempts -= 1
else:
status = 'BLOCKED'
client_id = self.get_client_id_by_username(username)
now = datetime.datetime.now()
sql = '''INSERT INTO login_attemps
(client_id, attempt_status, time_stamp)
values (?, ?, ?)'''
self.cursor.execute(sql, (client_id, status, now))
def login(self, username, password):
self._login(username)
data = self.__get_salt(username)
if data is None:
return False
select_query = '''SELECT id, username, balance, message
FROM clients
WHERE username =?
AND password =?
LIMIT 1'''
passkey = self.pass_hash.make_pass(password, data)
self.cursor.execute(select_query, (username, passkey[0]))
user = self.cursor.fetchone()
if(user):
return Client(user[0], user[1], user[2], user[3])
else:
return False
def get_client_id_by_username(self, username):
sql = '''SELECT id from clients where username=? '''
self.cursor.execute(sql, (username, ))
result = self.cursor.fetchone()
return result['id']
