def main():
"""Create a configured wsgi app"""
settings = {}
debug = os.environ.get('DEBUG', True)
settings['reload_all'] = debug
settings['debug_all'] = debug
settings['auth.username'] = os.environ.get('AUTH_USERNAME', 'admin')
manager = BCRYPTPasswordManager()
settings['auth.password'] = os.environ.get(
'AUTH_PASSWORD', manager.encode('secret'))
if not os.environ.get('TESTING', False):
# only bind the session if we are not testing
engine = sa.create_engine(DATABASE_URL)
DBSession.configure(bind=engine)
# add a secret value for auth tkt signing
auth_secret = os.environ.get('JOURNAL_AUTH_SECRET', 'itsaseekrit')
# configuration setup
config = Configurator(
settings=settings,
authentication_policy=AuthTktAuthenticationPolicy(
secret=auth_secret,
hashalg='sha512'
),
authorization_policy=ACLAuthorizationPolicy(),
)
config.include('pyramid_tm')
config.include('pyramid_jinja2')
config.add_route('home', '/')
config.add_route('add', '/add')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_static_view('static', os.path.join(HERE, 'static'))
config.scan()
app = config.make_wsgi_app()
return app
def test_fail_2(self):
def return_none(*args):
return None
bcrypt = BCRYPTPasswordManager()
bcrypt.crypt_rn = return_none
bcrypt.encode("foo")
def main():
"""Create a configured wsgi app"""
settings = {}
settings['reload_all'] = os.environ.get('DEBUG', True)
settings['debug_all'] = os.environ.get('DEBUG', True)
settings['db'] = os.environ.get(
'DATABASE_URL', 'dbname=learning_journal user=efrain-petercamacho')
settings['auth.username'] = os.environ.get('AUTH_USERNAME', 'admin')
manager = BCRYPTPasswordManager()
settings['auth.password'] = os.environ.get('AUTH_PASSWORD',
manager.encode('secret'))
secret = os.environ.get('JOURNAL_SESSION_SECRET', 'itsaseekrit')
session_factory = SignedCookieSessionFactory(secret)
auth_secret = os.environ.get('JOURNAL_AUTH_SECRET', 'anotherseekrit')
# configuration setup
config = Configurator(
settings=settings,
session_factory=session_factory,
authentication_policy=AuthTktAuthenticationPolicy(secret=auth_secret,
hashalg='sha512'),
authorization_policy=ACLAuthorizationPolicy(),
)
jinja2.filters.FILTERS['markdown'] = markd
config.include('pyramid_jinja2')
config.add_static_view('static', os.path.join(here, 'static'))
config.add_route('home', '/')
config.add_route('add', '/add')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('details', '/details/{id}')
config.add_route('editor', '/editor/{id}')
config.add_route('delete', '/delte/{id}')
config.scan()
app = config.make_wsgi_app()
return app
def main(argv=None):
if len(argv) != 3:
print "Usage: create_user.py <username> <password>"
sys.exit(1)
session = dbsession()
username = argv[1]
password = argv[2]
manager = BCRYPTPasswordManager()
hashed_password = manager.encode(password)
user = User()
user.username = username
user.password = hashed_password
user.active_ind = True
try:
session.add(user)
session.commit()
print "User {0} created.".format(username)
except:
print "Error adding user."
session.rollback()
session.close()
sys.exit(1)
session.close()
sys.exit(0)
def password_check(password, stored_passw):
"""
Returns a boolean of whether the password was correct.
"""
from cryptacular.bcrypt import BCRYPTPasswordManager
manager = BCRYPTPasswordManager()
return manager.check(stored_passw, password)
def test_fail_3(self):
def return_none(*args):
return None
bcrypt = BCRYPTPasswordManager()
pw = bcrypt.encode("foobar")
bcrypt.crypt_rn = return_none
bcrypt.check(pw, "foo")
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
@forbidden_view_config(renderer='templates/forbidden.jinja2')
def forbidden(request):
return {}
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.bind = engine
auth_secret = os.environ.get('TASTEBUDDIES_AUTH_SECRET', 'tastynoms')
authn_policy = AuthTktAuthenticationPolicy(
secret=auth_secret,
hashalg='sha512',
callback=groupfinder,
)
authz_policy = ACLAuthorizationPolicy()
settings['auth.username'] = os.environ.get('AUTH_USERNAME', 'admin')
manager = BCRYPTPasswordManager()
settings['auth.password'] = os.environ.get(
'AUTH_PASSWORD', manager.encode('secret')
)
config = Configurator(
settings=settings,
authentication_policy=authn_policy,
authorization_policy=authz_policy,
)
config.include('pyramid_jinja2')
config.include('pyramid_tm')
config.add_static_view('static', 'static', cache_max_age=3600)
config.add_route('home', '/')
config.add_route('user_create', '/create_user')
config.add_route('user_login', '/login')
config.add_route('verify', '/verify', factory=Root)
config.add_route('send_email', '/send_email', factory=Root)
config.add_route('logout', '/logout', factory=Root)
config.add_route('profile_edit', '/profile/edit/{username}',
factory=Root)
config.add_route('group_create', '/group/create_group',
factory=Root)
config.add_route('group_edit', '/group/edit/{group_name}',
factory=Root)
config.add_route('profile_detail', '/profile/{username}',
factory=UserFactory, traverse='/{username}')
config.add_route('group_detail', '/group/{group_name}',
factory=Root)
config.scan()
return config.make_wsgi_app()
def _makeOne(self, email, password, id=False):
m = BPM()
hashed = m.encode(password)
if id:
return self._getTargetClass()(id=id, email=email, password=hashed)
return self._getTargetClass()(
email=email,
password=hashed,
)
def check_password(cls, username, password, session=None):
if session is None:
session = DBSession
manager = BCRYPTPasswordManager()
try:
user = User.by_username(username)
except NoResultFound:
return False
return manager.check(user.password, password)
def do_login(request):
username = request.params.get('username', None)
password = request.params.get('password', None)
if not (username and password):
raise ValueError('both username and password are required')
settings = request.registry.settings
manager = BCRYPTPasswordManager()
if username == settings.get('auth.username', ''):
hashed = settings.get('auth.password', '')
return manager.check(hashed, password)
def login(request):
username = request.params.get("username", None)
password = request.params.get("password", None)
if not (username and password):
raise ValueError("Username and password are required")
manager = BCRYPTPasswordManager()
try:
user = User.get_by_username(username)
except:
raise ValueError("User does not exist")
return manager.check(user.password, password)
def validate_user_password(cls, username, password):
user = DBSession.query(cls).options(noload(cls.groups)).filter(cls.username == username.lower()).first()
if user is None:
return None
manager = BCRYPTPasswordManager()
if manager.check(user.credentials, password):
return user
return None
def do_login(request):
username = request.params.get('username', None)
password = request.params.get('password', None)
if not (username and password):
raise ValueError('both username and password are required')
settings = request.registry.settings
manager = BCRYPTPasswordManager()
if username == settings.get('auth.username', ''):
hashed = settings.get('auth.password', '')
return manager.check(hashed, password)
def _set_password(self, raw_password):
""" Encrypt the password.
Encrypt `raw_password` with bcrypt and set it as the account
password.
:param raw_password: the unencrypted user password
:type username: unicode
:return: the bcrypt encrypted password
:rtype: unicode
"""
bcrypt = BCRYPTPasswordManager()
self._password = unicode(bcrypt.encode(raw_password, rounds=12))
def test_create_user(db_session):
kwargs = {
'username': "******",
'password': "******"
}
kwargs['session'] = db_session
user = app.User.new(**kwargs)
db_session.flush()
u = db_session.query(app.User).filter(app.User.id == user.id).one()
assert getattr(u, 'id', '') is not None
assert getattr(u, 'username', '') == "Test_Username"
manager = BCRYPTPasswordManager()
assert manager.check(getattr(user, 'password', ''), "testpassword")
def new(cls, username=None, password=None, session=DBSession):
"""Stores password in database already hashed"""
manager = BCRYPTPasswordManager()
if not (username and password):
raise ValueError("Username and password needed")
hashed = unicode(manager.encode(password))
try:
instance = cls(username=username, password=hashed)
session.add(instance)
session.flush()
except IntegrityError:
raise ValueError("Username already in use")
return instance
def _initTestingDB(makeuser=False):
engine = create_engine('sqlite://')
Base.metadata.create_all(engine)
DBSession.configure(bind=engine)
if makeuser:
m = BPM()
hashed = m.encode(u'1234567')
with transaction.manager:
user = User(email=u'*****@*****.**',
password=hashed,
)
DBSession.add(user)
return DBSession
def auth_req(request):
manager = BCRYPTPasswordManager()
settings = {
'auth.username': '******',
'auth.password': manager.encode('secret'),
}
testing.setUp(settings=settings)
req = testing.DummyRequest()
def cleanup():
testing.tearDown()
request.addfinalizer(cleanup)
return req
def do_login(request):
username = request.params.get('username', None)
password = request.params.get('password', None)
if not (username and password):
raise ValueError('both username and password are required')
settings = request.registry.settings
# you can always get hold of application settings with
# `request.registry.settings`
manager = BCRYPTPasswordManager()
if username == settings.get('auth.username', ''):
hashed = settings.get('auth.password', '')
return manager.check(hashed, password)
return False
def _initTestingDB(makeuser=False):
engine = create_engine('sqlite://')
Base.metadata.create_all(engine)
DBSession.configure(bind=engine)
if makeuser:
m = BPM()
hashed = m.encode(u'1234567')
with transaction.manager:
user = User(
email=u'*****@*****.**',
password=hashed,
)
DBSession.add(user)
return DBSession
def auth_req(request):
manager = BCRYPTPasswordManager()
settings = {
'auth.username': '******',
'auth.password': manager.encode('secret'),
}
testing.setUp(settings=settings)
req = testing.DummyRequest()
def cleanup():
testing.tearDown()
request.addfinalizer(cleanup)
return req
def do_login(request):
login_result = False
manager = BCRYPTPasswordManager()
entered_username = request.params.get('username', None)
entered_password = request.params.get('password', None)
user_obj = User.lookup_by_attribute(username=entered_username)[0]
db_username = user_obj.username
if entered_username == db_username:
db_hashed = user_obj.password
# manager.check returns BOOL
login_result = manager.check(db_hashed, entered_password)
return login_result
def create_user(cls, username, password, first="", last="",
dflt_medium=1, timezone='America/Los_Angeles',
session=None):
"""Instantiates a new user, and writes it to the database.
User must supply a username and password.
"""
if session is None:
session = DBSession
manager = BCRYPTPasswordManager()
hashed = manager.encode(password)
instance = cls(first=first, last=last, username=username,
password=hashed, dflt_medium=dflt_medium,
timezone=timezone)
session.add(instance)
session.flush()
return instance
def main():
"""Create a configured wsgi app."""
settings = {}
settings['reload_all'] = os.environ.get('DEBUG', True)
settings['debug_all'] = os.environ.get('DEBUG', True)
# settings['db'] = os.environ.get(
# 'DATABASE_URL', 'dbname=learning-journal user=mark'
# )
settings['sqlalchemy.url'] = os.environ.get(
# must be rfc1738 URL
'DATABASE_URL', 'postgresql://mark:@localhost:5432/learning-journal'
)
engine = sa.engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
# Add authentication setting configuration
settings['auth.username'] = os.environ.get('AUTH_USERNAME', 'admin')
manager = BCRYPTPasswordManager()
settings['auth.password'] = os.environ.get(
'AUTH_PASSWORD', manager.encode('secret'))
# secret value for session signing:
secret = os.environ.get('JOURNAL_SESSION_SECRET', 'itsaseekrit')
session_factory = SignedCookieSessionFactory(secret)
# add a secret value for auth tkt signing
auth_secret = os.environ.get('JOURNAL_AUTH_SECRET', 'anotherseekrit')
# configuration setup
config = Configurator(
settings=settings,
session_factory=session_factory,
authentication_policy=AuthTktAuthenticationPolicy(
secret=auth_secret,
hashalg='sha512'
),
authorization_policy=ACLAuthorizationPolicy(),
)
config.include('pyramid_jinja2')
config.include('pyramid_tm')
config.add_static_view('static', os.path.join(here, 'static'))
config.add_route('home', '/')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('detail', '/detail/{id:\d+}')
config.add_route('edit', '/edit')
config.add_route('new', '/new')
config.scan()
app = config.make_wsgi_app()
return app
def main(argv=sys.argv):
manager = BCRYPTPasswordManager()
if len(argv) < 2:
usage(argv)
config_uri = argv[1]
options = parse_vars(argv[2:])
setup_logging(config_uri)
settings = get_appsettings(config_uri, options=options)
if 'DATABASE_URL' in os.environ:
settings['sqlalchemy.url'] = os.environ['DATABASE_URL']
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
with transaction.manager:
password = manager.encode(u'admin')
admin = User(name=u'admin', password=password)
DBSession.add(admin)
def main(argv=sys.argv):
if len(argv) < 2:
usage(argv)
config_uri = argv[1]
options = parse_vars(argv[2:])
setup_logging(config_uri)
settings = get_appsettings(config_uri, options=options)
if 'DATABASE_URL' in os.environ:
settings['sqlalchemy.url'] = os.environ['DATABASE_URL']
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
with transaction.manager:
manager = Manager()
password = manager.encode(u'admin')
admin = User(username=u'admin', hashed_password=password)
DBSession.add(admin)
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
manager = BCRYPTPasswordManager()
pw = getpass.getpass('Admin password: '******'admin', email='*****@*****.**', password=hashed)
DBSession.add(admin)
def get_hashed_password(password):
"""
Returns hashed password
:param password: String
:return: String
"""
return BCRYPTPasswordManager().encode(password)
def main(argv=sys.argv):
if len(argv) < 2:
usage(argv)
config_uri = argv[1]
options = parse_vars(argv[2:])
setup_logging(config_uri)
settings = get_appsettings(config_uri, options=options)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
with transaction.manager:
manager = Manager()
password = manager.encode('admin')
DBSession.add(Entry(title=u'title', body=u'body'))
DBSession.add(User(username=u'admin', password=password))
def check_password(cls, username, password):
""" Check the user password.
Check if the submited password for username is the same than the
encrypted one recorded in the database. Return None if the username
did not exist.
:param username: the user username
:type username: unicode
:param username: the submited password
:type username: unicode
:return: True if the password is correct. false if incorect
:rtype: boolean
"""
bcrypt = BCRYPTPasswordManager()
user = cls.get_by_username(username)
if user:
return bcrypt.check(user.password, password)
def test_shorthash(self):
manager = BCRYPTPasswordManager()
def match(hash):
return True
manager.match = match
short_hash = manager.encode(self.snowpass)[:28]
assert_true(manager.match(short_hash))
manager.check(short_hash, self.snowpass)
def _store_data(self, appstruct):
password = appstruct.get('password', '')
if not password:
return
manager = getattr(self.context, 'pwd_manager', None)
if manager is None:
manager = BCRYPTPasswordManager()
self.context.pwd_manager = manager
password_encoded = self.context.pwd_manager.encode(password)
self.context.password = password_encoded
class User(Folder):
""" Represents a user. """
tzname = 'UTC' # backwards compatibility default
pwd_manager = BCRYPTPasswordManager()
groupids = multireference_sourceid_property(UserToGroup)
groups = multireference_source_property(UserToGroup)
name = renamer()
def __init__(self, password=None, email=None, tzname=None):
Folder.__init__(self)
if password is not None:
password = self.pwd_manager.encode(password)
self.password = password
self.email = email
if tzname is None:
tzname = 'UTC'
self.tzname = tzname
def __dump__(self):
return dict(password=self.password)
@property
def timezone(self):
return pytz.timezone(self.tzname)
def check_password(self, password):
""" Checks if the plaintext password passed as ``password`` matches
this user's stored, encrypted password. Returns ``True`` or
``False``."""
statsd_gauge('check_password', 1)
return self.pwd_manager.check(self.password, password)
def set_password(self, password):
self.password = self.pwd_manager.encode(password)
def email_password_reset(self, request):
""" Sends a password reset email."""
root = request.root
sitename = getattr(root, 'title', None) or 'Substance D'
principals = find_service(self, 'principals')
reset = principals.add_reset(self)
# XXX should this really point at an SDI URL?
reseturl = request.application_url + request.sdiapi.mgmt_path(reset)
if not self.email:
raise ValueError('User does not possess a valid email address.')
message = Message(
subject = 'Account information for %s' % sitename,
recipients = [self.email],
body = render('templates/resetpassword_email.pt',
dict(reseturl=reseturl))
)
mailer = get_mailer(request)
mailer.send(message)
def main():
"""Create a configured wsgi app"""
settings = {}
settings['reload_all'] = os.environ.get('DEBUG', True)
settings['debug_all'] = os.environ.get('DEBUG', True)
settings['sqlalchemy.url'] = os.environ.get(
'DATABASE_URL',
'postgresql://roberthaskell:@localhost:5432/learning_journal' #'dbname=learning_journal user=cewing'
)
engine = sa.engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
settings['auth.username'] = os.environ.get('AUTH_USERNAME', 'admin')
manager = BCRYPTPasswordManager()
settings['auth.password'] = os.environ.get('AUTH_PASSWORD',
manager.encode('secret'))
# secret value for session signing:
secret = os.environ.get('JOURNAL_SESSION_SECRET', 'itsaseekrit')
session_factory = SignedCookieSessionFactory(secret)
auth_secret = os.environ.get('JOURNAL_AUTH_SECRET', 'anotherseekrit')
# configuration setup
config = Configurator(
settings=settings,
session_factory=session_factory,
authentication_policy=AuthTktAuthenticationPolicy(secret=auth_secret,
hashalg='sha512'),
authorization_policy=ACLAuthorizationPolicy(),
)
jinja2.filters.FILTERS['markdown'] = markd
config.include('pyramid_tm')
config.include('pyramid_jinja2')
config.add_static_view('static', os.path.join(here, 'static'))
config.add_route('home', '/')
config.add_route('add', '/add')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('details', '/details/{id}')
config.add_route('editor', '/editor/{id}')
config.add_route('delete', '/delete/{id}')
config.add_route('tweet', '/tweet')
config.scan()
app = config.make_wsgi_app()
return app
def main():
# Create a configured wsgi app
settings = {}
debug = os.environ.get('DEBUG', True)
settings['reload_all'] = debug
settings['debug_all'] = debug
settings['auth.username'] = os.environ.get('AUTH_USERNAME', 'admin')
manager = BCRYPTPasswordManager()
settings['auth.password'] = os.environ.get(
'AUTH_PASSWORD', manager.encode('secret')
)
if not os.environ.get("TESTING", False):
# only bind the session if it isn't already bound, while testing
engine = sa.create_engine(DATABASE_URL)
DBSession.configure(bind=engine)
# add a secret value for auth tkt signing
auth_secret = os.environ.get('JOURNAL_AUTH_SECRET', 'itsaseekrit')
# and add a new value to the constructor for our Configurator:
config = Configurator(
settings=settings,
authentication_policy=AuthTktAuthenticationPolicy(
secret=auth_secret,
hashalg='sha512',
),
authorization_policy=ACLAuthorizationPolicy(),
)
# we want to use the transaction management provided by pyramid-tm
config.include("pyramid_tm")
config.include("pyramid_jinja2")
config.add_static_view('static', os.path.join(HERE, 'static'))
config.add_route('home', '/')
config.add_route('detail', '/detail/{id}')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('edit', '/edit/{entry_id}')
config.add_route('create', '/create')
config.scan()
app = config.make_wsgi_app()
return app
def auth_req(request):
manager = BCRYPTPasswordManager()
settings = {
'auth.username': '******',
# Password encryption
'auth.password': manager.encode('secret'),
}
testing.setUp(settings=settings)
req = testing.DummyRequest()
print
print "check fixture:"
print settings['auth.password']
def cleanup():
testing.tearDown()
request.addfinalizer(cleanup)
return req
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
m = BPM()
a_email = raw_input('Enter email for admin account: ')
a_pw = getpass('Enter password for admin account: ')
a_hashed = m.encode(a_pw)
with transaction.manager:
admin = User(
email=a_email,
password=a_hashed,
)
DBSession.add(admin)
def check_password(cls, **kwargs):
if kwargs.has_key('id'):
user = cls.get_by_id(kwargs['id'])
if kwargs.has_key('username'):
user = cls.get_by_username(kwargs['username'])
if not user:
return False
if BCRYPTPasswordManager().check(user.password, kwargs['password']):
return True
else:
return False
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
Base.metadata.create_all(engine)
m = BPM()
a_email = raw_input('Enter email for admin account: ')
a_pw = getpass('Enter password for admin account: ')
a_hashed = m.encode(a_pw)
with transaction.manager:
admin = User(
email=a_email,
password=a_hashed,
)
DBSession.add(admin)
def edit_user(request):
user = request.context
if request.method == 'POST':
user.username = request.authenticated_userid
password = request.params.get('password')
manager = BCRYPTPasswordManager()
hashed = manager.encode(password)
user.password = hashed
user.first_name = request.params.get('first_name')
user.last_name = request.params.get('last_name')
default_medium = request.params.get('default_medium').lower()
if default_medium == 'email':
user.dflt_medium = 1
if default_medium == 'text':
user.dflt_medium = 2
else:
raise ValueError()
user.timezone = request.params.get('timezone')
return HTTPFound(request.route_url('list'))
else:
return {'user': user}
def main():
"""Create a configured wsgi app"""
settings = {}
settings['reload_all'] = os.environ.get('DEBUG', True)
settings['debug_all'] = os.environ.get('DEBUG', True)
settings['sqlalchemy.url'] = os.environ.get('DATABASE_URL',
'postgresql:///whiteknight')
engine = sa.engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
settings['auth.username'] = os.environ.get('AUTH_USERNAME', 'admin')
manager = BCRYPTPasswordManager()
settings['auth.password'] = os.environ.get('AUTH_PASSWORD',
manager.encode('secret'))
secret = os.environ.get('JOURNAL_SESSION_SECRET', 'itsaseekrit')
session_factory = SignedCookieSessionFactory(secret)
auth_secret = os.environ.get('JOURNAL_AUTH_SECRET', 'anotherseekrit')
config = Configurator(
settings=settings,
session_factory=session_factory,
authentication_policy=AuthTktAuthenticationPolicy(secret=auth_secret,
hashalg='sha512',
debug=True),
authorization_policy=ACLAuthorizationPolicy(),
)
config.add_static_view('static', os.path.join(here, 'static'))
config.include('pyramid_jinja2')
config.include('pyramid_tm')
config.add_route('home', '/')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.add_route('feed', '/feed')
config.add_route('scrape', '/scrape')
config.add_route('scrape_twitter', '/scrape_twitter')
config.add_route('tweet', '/tweet/{id}')
config.add_route('edit_comment', '/edit_comment/{id}')
config.add_route('remove_one', '/remove_one/{id}')
config.add_route('delete_all', '/delete_all')
config.scan()
app = config.make_wsgi_app()
return app
class User(Base):
"""
Class constants representing database table and its columns.
id -- integer, primary key
email -- string, unique, max 255 characters.
givenname -- string, max 255 characters.
surname -- string, max 255 characters.
password -- string, bcrypt, max 255 characters.
archived -- boolean.
blocked -- boolean.
updated -- datetime.
"""
__tablename__ = 'users'
id = Column(Integer, primary_key=True)
email = Column(String(255), unique=True, nullable=False)
givenname = Column(String(255))
surname = Column(String(255))
password = Column(String(255), nullable=False)
archived = Column(Boolean, default=False)
blocked = Column(Boolean, default=False)
last_logged = Column(DateTime, default=datetime.utcnow)
created = Column(DateTime, default=datetime.utcnow)
updated = Column(DateTime, onupdate=datetime.utcnow)
""" Class constant used for accessing Bcrypt password manager. """
pm = BCRYPTPasswordManager()
""" Method for returning a user based on id.
id -- int, user id.
"""
@classmethod
def by_id(cls, id):
return DBSession.query(User).filter(User.id == id).first()
""" Method for returning a user based on email.
We can do this, because the email column in the database is set as unique.
email -- string, email.
"""
@classmethod
def by_email(cls, email):
return DBSession.query(User).filter(User.email == email).first()
""" Method for checking object password against string.
password -- string.
"""
def verify_password(self, password):
return self.pm.check(self.password, password)
class User(Base):
__tablename__ = 'users'
id = Column(Integer, primary_key=True)
username = Column(Unicode(255), unique=True, nullable=False)
email = Column(Unicode(255), unique=True, nullable=False)
password = Column(Unicode(255), nullable=False)
last_logged = Column(DateTime, default=datetime.utcnow)
pm = BCRYPTPasswordManager()
@classmethod
def by_id(cls, id):
return DBSession.query(User).filter(User.id == id).first()
@classmethod
def by_uname_email(cls, login):
return DBSession.query(User).filter(or_(User.username == login,\
User.email == login))\
.first()
def verify_password(self, password):
return self.pm.check(self.password, password)
def hash_password(self, password):
return self.pm.encode(password)
def my(self):
return DBSession.query(Bookmark).filter(Bookmark.owner_id == self.id)
def bookmarks(self, request, page=1):
page_url = PageURL_WebOb(request)
return Page(self.my().all(), page, url=page_url, items_per_page=12)
def bookmark(self, id):
return self.my().filter(Bookmark.id == id).first()
def bookmark_tags(self, request, string='', page=1):
page_url = PageURL_WebOb(request)
tag = "%" + string + "%"
bookmarks = self.my().filter(Bookmark.tags.like(tag)).all()
return Page(bookmarks, page, url=page_url, items_per_page=12)
def bookmark_search(self, request, string='', page=1):
page_url = PageURL_WebOb(request)
string = "%" + string + "%"
bookmarks = self.my().filter(or_(Bookmark.title.like(string),\
Bookmark.url.like(string))).all()
return Page(bookmarks, page, url=page_url, items_per_page=12)
def user_create_view(request):
username = request.authenticated_userid
if request.method == 'POST':
try:
manager = BCRYPTPasswordManager()
username = request.params.get('username')
password = request.params.get('password')
hashed = manager.encode(password)
email = request.params.get('email')
user = User.add(
username=username,
password=hashed,
email=email,
)
Criteria.add(user=user)
headers = remember(request, username)
return HTTPFound(request.route_url('send_email'), headers=headers)
except:
return {}
return {'username': username}
class User(Base):
__tablename__ = 'stucco_user'
# When fallbacks are set, DelegatingPasswordManager will recognize
# and automatically upgrade those password formats to the preferred
# format when the correct password is provided:
passwordmanager = DelegatingPasswordManager(
preferred=BCRYPTPasswordManager(),
fallbacks=(PlaceholderPasswordChecker(), ))
user_id = Column(Integer, primary_key=True, nullable=False)
username = Column(Unicode(32), unique=True, nullable=False, index=True)
first_name = Column(Unicode(64))
last_name = Column(Unicode(64))
email = Column(Unicode(254))
password = Column(String(80), default='*', nullable=False)
is_active = Column(Boolean, default=True, nullable=False)
last_login = Column(DateTime)
last_password_change = Column(DateTime, default=datetime.date(2001, 1, 1))
date_joined = Column(DateTime, default=sqlalchemy.func.current_timestamp())
groups = relationship(Group, secondary=users_groups, backref="users")
@property
def is_anonymous(self):
return False
def set_password(self, raw_password):
self.password = self.passwordmanager.encode(raw_password)
self.last_password_change = sqlalchemy.func.current_timestamp()
def check_password(self, raw_password):
if not self.is_active:
return False
return self.passwordmanager.check(self.password,
raw_password,
setter=self.set_password)
def __str__(self):
# XXX self.user_id is None for new users
return 'user:%s' % self.user_id
class User(Folder):
""" Represents a user. """
pwd_manager = BCRYPTPasswordManager()
groupids = multireference_sourceid_property(UserToGroup)
groups = multireference_source_property(UserToGroup)
def __init__(self, password, email):
Folder.__init__(self)
self.password = self.pwd_manager.encode(password)
self.email = email
def check_password(self, password):
""" Checks if the plaintext password passed as ``password`` matches
this user's stored, encrypted passowrd. Returns ``True`` or
``False``."""
return self.pwd_manager.check(self.password, password)
def set_password(self, password):
self.password = self.pwd_manager.encode(password)
def email_password_reset(self, request):
""" Sends a password reset email."""
root = request.root
sitename = getattr(root, 'title', None) or 'Substance D'
principals = find_service(self, 'principals')
resets = principals['resets']
reset = resets.add_reset(self)
reseturl = request.application_url + request.mgmt_path(reset)
message = Message(subject='Account information for %s' % sitename,
recipients=[self.email],
body=render('templates/resetpassword_email.pt',
dict(reseturl=reseturl)))
mailer = get_mailer(request)
mailer.send(message)
def check_password(cls, **kwargs):
if kwargs.has_key('id'):
user = cls.get_by_id(kwargs['id'])
if kwargs.has_key('login'):
user = cls.get_by_login(kwargs['login'])
if not user:
return False
try:
if BCRYPTPasswordManager().check(user.password,
'%s%s' % (kwargs['password'], user.salt)):
return True
except TypeError:
pass
request = get_current_request()
fallback_auth = request.registry.settings.get('apex.fallback_auth')
if fallback_auth:
resolver = DottedNameResolver(fallback_auth.split('.', 1)[0])
fallback = resolver.resolve(fallback_auth)
return fallback().check(DBSession, request, user, \
kwargs['password'])
return False
def test_fail_1(self):
def return_none(*args): return None
bcrypt = BCRYPTPasswordManager()
bcrypt.crypt_gensalt_rn = return_none
bcrypt.encode('foo')
def setup(self):
self.manager = BCRYPTPasswordManager()
class TestBCRYPTPasswordManager(object):
snowpass = "******"
def setup(self):
self.manager = BCRYPTPasswordManager()
@raises(TypeError)
def test_None1(self):
self.manager.encode(None)
@raises(TypeError)
def test_None2(self):
self.manager.check(None, 'xyzzy')
@raises(TypeError)
def test_None3(self):
hash = self.manager.encode('xyzzy')
self.manager.check(hash, None)
def test_badhash(self):
eq_(self.manager.check('$p5k2$400$ZxK4ZBJCfQg=$kBpklVI9kA13kP32HMZL0rloQ1M=', self.snowpass), False)
@raises(ValueError)
def test_shorthash(self):
manager = BCRYPTPasswordManager()
def match(hash):
return True
manager.match = match
short_hash = manager.encode(self.snowpass)[:28]
assert_true(manager.match(short_hash))
manager.check(short_hash, self.snowpass)
@raises(ValueError)
def test_too_few_rounds(self):
self.manager.encode(self.snowpass, rounds=1)
@raises(ValueError)
def test_too_many_rounds(self):
self.manager.encode(self.snowpass, rounds=100)
def test_emptypass(self):
self.manager.encode('')
def test_general(self):
manager = self.manager
hash = manager.encode(self.snowpass)
eq_(manager.match(hash), True)
eq_(len(hash), 60)
assert_true(manager.check(hash, self.snowpass))
password = "******"
hash = manager.encode(password)
assert_true(manager.check(hash, password))
assert_true(manager.check(unicode(hash), password))
assert_false(manager.check(password, password))
assert_not_equal(manager.encode(password), manager.encode(password))
hash = manager.encode(password, rounds=4)
assert_true(manager.check(hash, password))
@raises(ValueError)
def test_fail_1(self):
def return_none(*args): return None
bcrypt = BCRYPTPasswordManager()
bcrypt.crypt_gensalt_rn = return_none
bcrypt.encode('foo')
@raises(ValueError)
def test_fail_2(self):
def return_none(*args): return None
bcrypt = BCRYPTPasswordManager()
bcrypt.crypt_rn = return_none
bcrypt.encode('foo')
@raises(ValueError)
def test_fail_3(self):
def return_none(*args): return None
bcrypt = BCRYPTPasswordManager()
pw = bcrypt.encode('foobar')
bcrypt.crypt_rn = return_none
bcrypt.check(pw, 'foo')
def test_fail_2(self):
def return_none(*args): return None
bcrypt = BCRYPTPasswordManager()
bcrypt.crypt_rn = return_none
bcrypt.encode('foo')
def verify_password(self, password):
manager = Manager()
return manager.check(self.password, password)
def test_fail_3(self):
def return_none(*args): return None
bcrypt = BCRYPTPasswordManager()
pw = bcrypt.encode('foobar')
bcrypt.crypt_rn = return_none
bcrypt.check(pw, 'foo')
def _set_password(self, password):
self.salt = self.get_salt(24)
password = password + self.salt
self._password = BCRYPTPasswordManager().encode(password, rounds=12)