def login():
response = request.Response()
data = forms.get_form_data()
if "username" not in data or "password" not in data:
login_failure(response)
return
username = data["username"]
password = data["password"]
user = database.get_user_by_name(username)
if not user:
login_failure(response)
return
known = user["password"]
salt = user["salt"]
password = data["password"]
success = hashing.check_hash(password, salt, known)
if not success:
login_failure(response)
return
new_session(response, user)
def _verify(*args, **kwargs):
print(request.headers)
auth_headers = request.headers.get('Authorization', '').split()
invalid_msg = {
'message':
'Invalid token. Registeration and / or authentication required',
'authenticated': False
}
expired_msg = {
'message': 'Expired token. Reauthentication required.',
'authenticated': False
}
if len(auth_headers) != 2:
response = jsonify(invalid_msg)
response.headers.add('Access-Control-Allow-Origin', '*')
return response, 401
try:
token = auth_headers[1]
data = decode(token, current_app.config['SECRET_KEY'])
user = db.get_user_by_name(data['sub']) #CHANGE
if not user:
raise RuntimeError('User not found')
return f(*args, **kwargs)
except ExpiredSignatureError:
response = jsonify(expired_msg)
response.headers.add('Access-Control-Allow-Origin', '*')
return response, 401 # 401 is Unauthorized HTTP status code
except (InvalidTokenError, Exception) as e:
print(e)
response = jsonify(invalid_msg)
response.headers.add('Access-Control-Allow-Origin', '*')
return response, 401
def get(self, user_name):
if not database.get_user_by_name(user_name):
self.error(404)
if self.get_current_user():
self.render_user_page(user_name)
else:
self.redirect("/signup")
def authenticate(username, password):
user = database.get_user_by_name(username)
if user:
valid_password = check_password(password, user['password'])
if valid_password:
session['username'] = username
session['user_id'] = user['id']
return True
if not valid_password:
return False
if not user:
return False
def valid_signup(self, email, password, verify, user_name):
if not valid_email(email):
return "That's not a valid email."
if not valid_password(password):
return "That's a valid password."
if password != verify:
return "Your passwords didn't match."
if not valid_user_name(user_name):
return "That's not a valid username."
if database.get_user_by_name(user_name):
return "This user already exists."
if database.get_user_by_email(email):
return "This email already registered."
def valid_signup(self, email, password, verify, user_name):
if not valid_email(email):
return "That's not a valid email."
if not valid_password(password):
return "That's a valid password."
if password != verify:
return "Your passwords didn't match."
if not valid_user_name(user_name):
return "That's not a valid username."
if database.get_user_by_name(user_name):
return "This user already exists."
if database.get_user_by_email(email):
return "This email already registered."
def login():
data = request.get_json()
username = data.get("username", "NULL")
password = data.get("password", "NULL")
user = db.get_user_by_name(username) #CHANGE
if user and safe_str_cmp(user.password.encode('utf-8'),
password.encode('utf-8')):
token = encode(
{
'sub': user.username,
'iat': datetime.datetime.utcnow(),
'exp':
datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
}, current_app.config['SECRET_KEY'])
response = jsonify({'token': token.decode('UTF-8')})
return response
response = jsonify({
'message': 'Invalid credentials',
'authenticated': False
})
return response
import database
if __name__ == '__main__':
# ret = database.signup('llipter', 'xxx', 'xxx')
# print(ret)
user = database.get_user_by_name('admin')
print(user)