def login(self):
"""
login user function
"""
print "Login...."
self.send(actions.USERNAME_ACTION)
username = self.receive() # get username
print username
password_hash = None
salt = None
hash_and_salt = database.get_password(
username) # get salt and hashed password from database
if hash_and_salt:
password_hash = hash_and_salt[0]
salt = hash_and_salt[1]
if not salt: # user does not exist in database
salt = passwords.get_salt(
) # to not reveal if username exist or not
# behave naturally with newly generated salt
nonce = passwords.get_salt()
self.send(actions.NONCE_ACTION + ":" + salt + ":" + nonce)
self.send(actions.PASSWORD_ACTION)
password = self.receive() # get password
if password_hash is not None and passwords.check_password(
password, nonce, password_hash):
self.send("Successfully login") # passwords matched
self.loggedin(username) # access granted
else:
self.send("User or password incorrect") # passwords mismatch
def changepassword():
# if request.method == "POST":
oldpassword = request.form.get("oldpass")
newpassword1 = request.form.get("newpass1")
newpassword2 = request.form.get("newpass2")
print("oldpass")
print("newpass1")
print("newpass2")
user = session["user"]
username = user["username"]
password = db.get_password(username)
if oldpassword == password and newpassword1 == newpassword2:
db.change_db(username, newpassword1)
change_error = "Password has been updated"
return render_template("changepassword.html",
change_error=change_error)
print(customer)
print(newpassword)
elif oldpassword != password:
change_error = "Wrong current Password"
return render_template("changepassword.html",
change_error=change_error)
else:
change_error = "New Passwords do not Match"
return render_template("changepassword.html",
change_error=change_error)
return render_template('changepassword.html')
def post_sign_in():
next_url = request.args['next']
email = request.form['email']
password = request.form['password']
# Check if the fields were filled.
email_valid = email is not None and email != ''
email_feedback = 'Please enter your email address'
password_valid = password is not None and password != ''
password_feedback = 'Please enter your password'
# Check if the fields match our simple regex.
#if email_valid:
#email_valid = re.match(r'[^@]+@[^@]+\.[^@]+', email)
#email_feedback = 'The value you’ve entered is not a valid email address'
if password_valid:
password_valid = len(password) >= 6
password_feedback = 'The password you’ve entered is too short to be valid'
# Check if the user exists in the DB.
if email_valid:
email_valid = database.user_exists(email)
email_feedback = 'The email you’ve entered doesn’t match any account'
# Check if the password is correct. Do not run this check if the email is incorrect, since we can't tell if the user
# inputted a correct password or not until they input a correct email.
if email_valid and password_valid:
salt, password_hash = database.get_password(email)
password_valid = password_hash == scrypt.hash(password, salt)
password_feedback = 'The password you’ve entered is incorrect'
if email_valid and password_valid:
# Set the login cookie.
session['user_id'] = database.get_user_id(email)
session['email'] = email
return redirect(next_url)
else:
return render_template('sign_in.html',
next=next_url,
email=email,
email_valid=email_valid,
email_feedback=email_feedback,
password=password,
password_valid=password_valid,
password_feedback=password_feedback)
def check_password():
#get password from db
pass_from_db = database.get_password()
#gets hashed and salt
hashed_pass, salt = pass_from_db[0][0].split(':')
#get Post var of raw password
if request.method == 'POST':
password = request.form['password']
else:
return 'No password supplied'
#hash and check with salt
if hashed_pass == hashlib.sha256(salt.encode() +
password.encode()).hexdigest():
session['successful_load'] = 'true'
return 'correct password'
else:
return 'incorrect password'
def step_impl(context, user_mail, password):
"""Check confirmed_at is updated"""
current_password = get_password(context.vls['db_file'], user_mail)
assert_that(BCRYPT.check_password_hash(current_password, password),
equal_to(1))