def ready(self): try: print('Creating admin account if not exist...') hasher = PBKDF2PasswordHasher() hashed_pw = hasher.encode(settings.SUPER_ADMIN_PASSWORD, uuid.uuid4().hex[:16]) with connection.cursor() as cursor: cursor.execute( "SELECT id FROM easylogin_admins WHERE username = '******'" ) row = cursor.fetchone() if not row: cursor.execute( """ INSERT INTO easylogin_admins (username, email, password, is_superuser, is_active, deleted, is_staff, level, date_joined, first_name, last_name, phone, address, company) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) """, ('superadmin', settings.SUPER_ADMIN_EMAIL, hashed_pw, 1, 1, 0, 0, 65535, datetime.utcnow(), 'Super', 'Admin', '0400666905', '1226-14, Kanda Konya-cho, Chiyoda-ku', 'mirabo')) connection.commit() except Exception as e: print(e)
def replace_user(request, user_id): "Tries to update an user and returns the result" permission_obj = PermissionValidation(request) validation = permission_obj.validate('replace_user') if validation['status']: user_obj = User.objects.get(id=user_id) data = request.data.copy() password = data['password'] if password == "": data['password'] = user_obj.password else: hasher = PBKDF2PasswordHasher() data['password'] = hasher.encode(password, "Wake Up, Girls!") user_serializer = UserSerializer(user_obj, data=data) if user_serializer.is_valid(): user_serializer.save() return Response({ "success": True, "user_id": user_id }, status=status.HTTP_200_OK, content_type='application/json') data = error_data(user_serializer) return Response(data, status=status.HTTP_400_BAD_REQUEST, content_type='application/json') return PermissionValidation.error_response_webservice(validation, request)
def dang_ky(request): registered = False if request.method == "POST": form_user = forms.FormDangKy(request.POST, M_Khach_hang) ##################################################### hasher = PBKDF2PasswordHasher() # Them validation cho form if form_user.is_valid() and form_user.cleaned_data[ 'mat_khau'] == form_user.cleaned_data['confirm']: request.POST._mutable = True post = form_user.save(commit=False) post.ho_ten = form_user.cleaned_data['ho_ten'] post.ten_dang_nhap = form_user.cleaned_data['ten_dang_nhap'] ########################################################### post.mat_khau = hasher.encode(form_user.cleaned_data['mat_khau'], '123') post.email = form_user.cleaned_data['email'] post.phone = form_user.cleaned_data['phone'] post.dia_chi = form_user.cleaned_data['dia_chi'] post.save() print('Da ghi user vao CSDL') registered = True elif form_user.cleaned_data['mat_khau'] != form_user.cleaned_data[ 'confirm']: form_user.add_err('confirm', 'The password not match') print('Password and password confirm not match') else: form_user = forms.FormDangKy() return render(request, "mystore/registration.html", { 'user_form': form_user, 'registered': registered })
def handle(self, *args, **options): """ Handling the call of the command from the prompt :param options: options passed in to the command prompt :param args: args passed in to the command prompt """ # Step 1: Get API_SECRET and password from user api_secret = getpass.getpass("API Secret (Characters will not be visible): ") password = getpass.getpass("Password: (Characters will not be visible): ") # Step 2: Key stretching on the password to make it into an acceptable AES key try: iterations = args[0] except IndexError: iterations = 1000 hasher = PBKDF2PasswordHasher() salt = get_random_string() (algorithm, iterations, salt, key_base64) = hasher.encode(password, salt=salt, iterations=iterations).split('$') # Step 3: AES encryption of the API_SECRET using key iv = os.urandom(16) aes = AES.new(base64.b64decode(key_base64), AES.MODE_CBC, iv) enc_api_secret = aes.encrypt(iv + api_secret) # Step 4: Show user results print 'Edit config vars with the following values:' print 'Salt (BITSTAMP_ENC_SALT_BASE64):', base64.b64encode(salt).strip() print 'IV (BITSTAMP_ENC_IV_BASE64):', base64.b64encode(iv).strip() print 'Encrypted API Secret (BITSTAMP_ENC_API_SECRET_BASE64):', base64.b64encode(enc_api_secret).strip()
def post(self, request, *args, **kwargs): estados = Estado.objects.all() #preenche o form form = RegistrarUsuarioForm(request.POST) #verifica se eh valido if form.is_valid(): hasher = PBKDF2PasswordHasher() dados_form = form.data estado = Estado.objects.get(id=dados_form['estado_register']) senha_hashed = hasher.encode( password=dados_form['senha_register1'], salt='salt', iterations=25000) user = User.objects.create_user( username=dados_form['email_register'], email=dados_form['email_register'], password=dados_form['senha_register1']) #cria o usuario usuario = Usuario(cpf=dados_form['cpf_register'], nome=dados_form['nome_register'], email=dados_form['email_register'], estado=estado, senha=senha_hashed, user=user) #grava no banco usuario.save() return HttpResponseRedirect('/') return render(request, self.template_name, { 'form': form, 'estados': estados })
def dang_ky(request): registered = False if request.method == 'POST': from_user = forms.FormDangKy(request.POST, M_Khach_hang) hasher = PBKDF2PasswordHasher() if from_user.is_valid() and from_user.cleaned_data[ 'mat_khau'] == from_user.cleaned_data['confirm']: request.POST._mutable = True post = from_user.save(commit=False) post.ho_ten = from_user.cleaned_data['ho_ten'] post.ten_dang_nhap = from_user.cleaned_data['ten_dang_nhap'] post.mat_khau = hasher.encode(from_user.cleaned_data['mat_khau'], '123') # chuỗi '123' là tuỳ ý post.email = from_user.cleaned_data['email'] post.phone = from_user.cleaned_data['phone'] post.email = from_user.cleaned_data['email'] post.dia_chi = from_user.cleaned_data['dia_chi'] post.save() print('Da ghi vao CSDL') elif from_user.cleaned_data['mat_khau'] != from_user.cleaned_data[ 'confirm']: from_user.add_error('confirm', 'the password do not match') print('password and confirm password are not the same!') else: from_user = forms.FormDangKy() return render(request, 'khach_hang/registration.html', { 'user_form': from_user, 'registered': registered })
def login_redir(request): try: username = request.POST['name'] password = request.POST['password'] try: User = UserInfo.objects.get(user_name=username) hasher = PBKDF2PasswordHasher() password = hasher.verify(password=password, encoded=User.user_password) if password: response = HttpResponseRedirect('/cooking/') response.set_cookie('wasauthorised', User.user_secret) if request.COOKIES.get('livetime'): time = int(request.COOKIES.get('livetime')) response.set_cookie('wasauthorised', User.user_secret, time) else: response.set_cookie('wasauthorised', User.user_secret, 1209600) return response else: password_error = "Неверный пароль" return render(request, 'cooking/login.html', {'password_error': password_error}) except: user_error = "Неверное имя пользователя " return render(request, 'cooking/login.html', {'user_error': user_error}) except: return HttpResponseRedirect('/cooking/login/')
def login(request): """Logs in the user if given credentials are valid""" username = request.data['username'] password = request.data['password'] try: user = User.objects.get(username=username) except: user = None if user is not None: encoded = user.password hasher = PBKDF2PasswordHasher() login_valid = hasher.verify(password, encoded) if login_valid: key = username + str(datetime.datetime.now()) key = hasher.encode(key, 'key', 10) life = datetime.datetime.now() + datetime.timedelta(hours=14) timezone = pytz.timezone("America/Bogota") life_aware = timezone.localize(life) loginsession = LoginSession(key=key, life=life_aware, user=user) loginsession.save() request.session['loginsession'] = key data = {'success': True, 'key': key} return Response(data, status=status.HTTP_200_OK, content_type='application/json') data = { 'success': False, 'message': "Nombre de usuario o contraseña incorrectos" } return Response(data, status=status.HTTP_200_OK, content_type='application/json')
def create_credentials(actions): """Creates a login session with permissión for the given actions""" app_a = App(name="Usuarios") app_a.save() created_actions = [] for action in actions: created_actions.append(Action(name=action, label="", app=app_a)) for i in range(0, len(created_actions)): created_actions[i].save() profile = Profile(name='Admin', active=True) profile.save() for action in created_actions: ProfilePermissions(profile=profile, action=action, permission=True).save() password = '******' username = '******' hasher = PBKDF2PasswordHasher() encoded = hasher.encode(password, "Wake Up, Girls!") user1 = User(username=username, password=encoded, name='ADMINISTRADOR', lastname='ADMINISTRADOR', active=True, profile=profile) user1.save() return user1
def signup_user(request): request_data = json.loads(request.body) # request_data = request.GET back = "False" hasher = '' verify_code = '' username_check = GlobalUsers.objects.filter( gus_email=request_data['email']).values_list('gus_email', flat=True) if request.method == 'POST' and request_data['email'] not in username_check: verify_code = str(random.randint(10000, 99999)) hasher = PBKDF2PasswordHasher() signup_details = GlobalUsers() # signup_details.gus_username = str(request_data['username']) signup_details.gus_password = hasher.encode( password=request_data['password'], salt='salt', iterations=50000) signup_details.gus_email = request_data['email'] signup_details.gus_address = request_data['address'] signup_details.gus_pincode = request_data['pincode'] signup_details.gus_createdon = datetime.datetime.now() signup_details.gus_isused = 0 signup_details.gus_confirmcode = verify_code signup_details.gus_phone = request_data['phone'] signup_details.save() subject = "email verification HUL" message = "please verify your email by typing the following code in your Distributor App " + verify_code sender = "*****@*****.**" send_mail(subject, message, sender, [request_data['email']]) back = "True" print back data = back return HttpResponse(data)
def test_login_user(self): password = '******' username = '******' hasher = PBKDF2PasswordHasher() encoded = hasher.encode(password, "Wake Up, Girls!") user1 = User(username=username, password=encoded, name='Edgar', lastname='Ceron', active=True, profile=None) user1.save() url = reverse('login_user') data = {'username': username, 'password': password} response = self.client.post(url, data, format='json') result = response.data['success'] self.assertEqual(result, True) key = response.data['key'] try: found = True LoginSession.objects.get(key=key) except: found = False self.assertTrue(found) data = {'username': '******', 'password': '******'} response2 = self.client.post(url, data, format='json') result2 = response2.data['success'] self.assertEqual(result2, False)
def pwd_reset(self): reset_form = npyscreen.Form(name="Reset Password", lines=0, columns=0, minimum_lines=24, minimum_columns=80) user_list = [] check_user = "******" cursor.execute(check_user) exist = cursor.fetchall() for line in range(0, len(exist)): user_list.append(exist[line][0]) select = reset_form.add(npyscreen.TitleSelectOne, max_height=4, name="Utente:", values=user_list, scroll_exit=True) password = reset_form.add(npyscreen.TitlePassword, name="Password:"******"Conferma:") pwd = PBKDF2PasswordHasher() reset_form.edit() if password.get_value() == password_confirm.get_value( ) and password.get_value() != '': sql_ctx = "UPDATE aron.auth_user SET password=\"%s\" WHERE username=\"%s\";" % \ (str(pwd.encode(password.get_value(), str(uuid.uuid4()), 12)), str(select.get_selected_objects())[2:-2]) cursor.execute(sql_ctx) db.commit() npyscreen.notify_confirm( "La password per l'utente %s e' stata cambiata." % str(select.get_selected_objects())[1:-1]) else: npyscreen.notify_confirm( "La password NON sono uguale. Controllare di nuovo")
def add_user(request): """Tries to create an user and returns the result""" permission_obj = PermissionValidation(request) validation = permission_obj.validate('add_user') if validation['status']: data = request.data.copy() password = data['password'] hasher = PBKDF2PasswordHasher() data['password'] = hasher.encode(password, "Wake Up, Girls!") user_serializer = UserSerializer(data=data) if user_serializer.is_valid(): user_serializer.save() return Response( { "success": True, "user_id": user_serializer.data['id'] }, status=status.HTTP_201_CREATED, content_type='application/json') data = error_data(user_serializer) return Response(data, status=status.HTTP_400_BAD_REQUEST, content_type='application/json') return PermissionValidation.error_response_webservice(validation, request)
def post(self, request): data = request.POST key = data['key'] newpass = data['newpass'] conpass = data['conpass'] print(key) print(newpass) print(conpass) hasher = PBKDF2PasswordHasher() try: obj = Front_Users.objects.get(key=key) newpass = hasher.encode(password=newpass, salt='salt', iterations=50000) obj.password = newpass obj.key = "" obj.save() return render( request, 'registration/login.html', { 'message': 'Password Updated, Please Log-in with you new credentials' }) except Front_Users.DoesNotExist: return render( request, 'registration/login.html', {'message': 'Something Went Wrong, Try After Sometime'})
def post(self, request): data = request.POST hasher = PBKDF2PasswordHasher() email = data['email'] password = data['password'] message = '' password = hasher.encode(password=password, salt='salt', iterations=50000) try: # events_data=EventsForm.objects.get(event_date=date) Front_Users.objects.get(email=email) try: user_data = Front_Users.objects.get(password=password) request.session['name'] = user_data.name request.session['logged_in'] = True request.session['username'] = user_data.email return 1 except Front_Users.DoesNotExist: return render(request, 'coaching.html', {'message': 'Password entered is Incorrect'}) except Front_Users.DoesNotExist: # events= EventsForm(title=title,description=description) # print('user not logged in') return render(request, 'coaching.html', { 'message': 'Email Does not exists ', 'email': email })
def password_reset(request): if request.method == "POST": otp = request.POST["otp"] password1 = request.POST["password1"] password2 = request.POST["password2"] if otp_verification.objects.filter(otp=otp).exists(): email = otp_verification.objects.get(otp=otp).email if password1 == password2: user = User.objects.get(email=email) hasher = PBKDF2PasswordHasher() newpassword = hasher.encode(password=password1, salt='salt', iterations=50000) user.password = newpassword user.save() messages.success(request, "Password Changed Successfully!") return redirect('login') else: messages.warning(request, "Password does not match!") return redirect('password-reset') else: messages.warning(request, 'Invalid OTP!') return redirect('password-reset') else: return render(request, 'TaskPhamer/password_reset.html')
def test_low_level_pbkdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$100000$seasalt2$Tl4GMr+Yt1zzO1sbKoUaDBdds5NkR3RxaDWuQsliFrI=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pbkdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$150000$seasalt2$5xGh/XsAm2L9fQXShAI1qf739n97YlTaaLY8/t6Ms7o=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pbkdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$216000$seasalt2$gHyszNJ9lwTG5y3MQUjZe+OJmYVTBPl/y7bYq9dtk8M=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$20000$seasalt2$Flpve/uAcyo6+IFI6YAhjeABGPVbRQjzHDxRhqxewgw=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('letmein', 'seasalt') self.assertEqual( encoded, 'pbkdf2_sha256$10000$seasalt$FQCNpiZpTb0zub+HBsH6TOwyRxJ19FwvjbweatNmK/Y=' ) self.assertTrue(hasher.verify('letmein', encoded))
def clean_password(self): password = self.cleaned_data.get('password') if not password: raise forms.ValidationError('No password') self.moi_password = password salt = "salt" hasher = PBKDF2PasswordHasher() return make_password(password, salt, hasher)
def test_low_level_pbkdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$260000$seasalt2$UCGMhrOoaq1ghQPArIBK5RkI6IZLRxlIwHWA1dMy7y8=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$12000$seasalt2$hlDLKsxgkgb1aeOppkM5atCYw5rPzAjCNQZ4NYyUROw=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$24000$seasalt2$TUDkfilKHVC7BkaKSZgIKhm0aTtXlmcw/5C1FeS/DPk=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pbkdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$320000$seasalt2$BRr4pYNIQDsLFP+u4dzjs7pFuWJEin4lFMMoO9wBYvo=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$15000$seasalt2$uSQqI+91wgObKdP6L6S75LLzyxrZRWNcaujEZPA3/nA=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pbkdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$30000$seasalt2$a75qzbogeVhNFeMqhdgyyoqGKpIzYUo651sq57RERew=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt') self.assertEqual( encoded, 'pbkdf2_sha256$10000$seasalt$CWWFdHOWwPnki7HvkcqN9iA2T3KLW1cf2uZ5kvArtVY=' ) self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pbkdf2(self): hasher = PBKDF2PasswordHasher() encoded = hasher.encode('lètmein', 'seasalt2') self.assertEqual( encoded, 'pbkdf2_sha256$36000$seasalt2$QkIBVCvGmTmyjPJ5yox2y/jQB8isvgUNK98FxOU1UYo=' ) self.assertTrue(hasher.verify('lètmein', encoded))