def ready(self):
try:
print('Creating admin account if not exist...')
hasher = PBKDF2PasswordHasher()
hashed_pw = hasher.encode(settings.SUPER_ADMIN_PASSWORD,
uuid.uuid4().hex[:16])
with connection.cursor() as cursor:
cursor.execute(
"SELECT id FROM easylogin_admins WHERE username = '******'"
)
row = cursor.fetchone()
if not row:
cursor.execute(
"""
INSERT INTO easylogin_admins (username, email, password,
is_superuser, is_active, deleted, is_staff, level,
date_joined, first_name, last_name,
phone, address, company)
VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)
""", ('superadmin', settings.SUPER_ADMIN_EMAIL, hashed_pw,
1, 1, 0, 0, 65535, datetime.utcnow(), 'Super',
'Admin', '0400666905',
'1226-14, Kanda Konya-cho, Chiyoda-ku', 'mirabo'))
connection.commit()
except Exception as e:
print(e)
def replace_user(request, user_id):
"Tries to update an user and returns the result"
permission_obj = PermissionValidation(request)
validation = permission_obj.validate('replace_user')
if validation['status']:
user_obj = User.objects.get(id=user_id)
data = request.data.copy()
password = data['password']
if password == "":
data['password'] = user_obj.password
else:
hasher = PBKDF2PasswordHasher()
data['password'] = hasher.encode(password, "Wake Up, Girls!")
user_serializer = UserSerializer(user_obj, data=data)
if user_serializer.is_valid():
user_serializer.save()
return Response({
"success": True,
"user_id": user_id
},
status=status.HTTP_200_OK,
content_type='application/json')
data = error_data(user_serializer)
return Response(data,
status=status.HTTP_400_BAD_REQUEST,
content_type='application/json')
return PermissionValidation.error_response_webservice(validation, request)
def dang_ky(request):
registered = False
if request.method == "POST":
form_user = forms.FormDangKy(request.POST, M_Khach_hang)
#####################################################
hasher = PBKDF2PasswordHasher()
# Them validation cho form
if form_user.is_valid() and form_user.cleaned_data[
'mat_khau'] == form_user.cleaned_data['confirm']:
request.POST._mutable = True
post = form_user.save(commit=False)
post.ho_ten = form_user.cleaned_data['ho_ten']
post.ten_dang_nhap = form_user.cleaned_data['ten_dang_nhap']
###########################################################
post.mat_khau = hasher.encode(form_user.cleaned_data['mat_khau'],
'123')
post.email = form_user.cleaned_data['email']
post.phone = form_user.cleaned_data['phone']
post.dia_chi = form_user.cleaned_data['dia_chi']
post.save()
print('Da ghi user vao CSDL')
registered = True
elif form_user.cleaned_data['mat_khau'] != form_user.cleaned_data[
'confirm']:
form_user.add_err('confirm', 'The password not match')
print('Password and password confirm not match')
else:
form_user = forms.FormDangKy()
return render(request, "mystore/registration.html", {
'user_form': form_user,
'registered': registered
})
def handle(self, *args, **options):
"""
Handling the call of the command from the prompt
:param options: options passed in to the command prompt
:param args: args passed in to the command prompt
"""
# Step 1: Get API_SECRET and password from user
api_secret = getpass.getpass("API Secret (Characters will not be visible): ")
password = getpass.getpass("Password: (Characters will not be visible): ")
# Step 2: Key stretching on the password to make it into an acceptable AES key
try:
iterations = args[0]
except IndexError:
iterations = 1000
hasher = PBKDF2PasswordHasher()
salt = get_random_string()
(algorithm, iterations, salt, key_base64) = hasher.encode(password,
salt=salt,
iterations=iterations).split('$')
# Step 3: AES encryption of the API_SECRET using key
iv = os.urandom(16)
aes = AES.new(base64.b64decode(key_base64), AES.MODE_CBC, iv)
enc_api_secret = aes.encrypt(iv + api_secret)
# Step 4: Show user results
print 'Edit config vars with the following values:'
print 'Salt (BITSTAMP_ENC_SALT_BASE64):', base64.b64encode(salt).strip()
print 'IV (BITSTAMP_ENC_IV_BASE64):', base64.b64encode(iv).strip()
print 'Encrypted API Secret (BITSTAMP_ENC_API_SECRET_BASE64):', base64.b64encode(enc_api_secret).strip()
def post(self, request, *args, **kwargs):
estados = Estado.objects.all()
#preenche o form
form = RegistrarUsuarioForm(request.POST)
#verifica se eh valido
if form.is_valid():
hasher = PBKDF2PasswordHasher()
dados_form = form.data
estado = Estado.objects.get(id=dados_form['estado_register'])
senha_hashed = hasher.encode(
password=dados_form['senha_register1'],
salt='salt',
iterations=25000)
user = User.objects.create_user(
username=dados_form['email_register'],
email=dados_form['email_register'],
password=dados_form['senha_register1'])
#cria o usuario
usuario = Usuario(cpf=dados_form['cpf_register'],
nome=dados_form['nome_register'],
email=dados_form['email_register'],
estado=estado,
senha=senha_hashed,
user=user)
#grava no banco
usuario.save()
return HttpResponseRedirect('/')
return render(request, self.template_name, {
'form': form,
'estados': estados
})
def dang_ky(request):
registered = False
if request.method == 'POST':
from_user = forms.FormDangKy(request.POST, M_Khach_hang)
hasher = PBKDF2PasswordHasher()
if from_user.is_valid() and from_user.cleaned_data[
'mat_khau'] == from_user.cleaned_data['confirm']:
request.POST._mutable = True
post = from_user.save(commit=False)
post.ho_ten = from_user.cleaned_data['ho_ten']
post.ten_dang_nhap = from_user.cleaned_data['ten_dang_nhap']
post.mat_khau = hasher.encode(from_user.cleaned_data['mat_khau'],
'123')
# chuỗi '123' là tuỳ ý
post.email = from_user.cleaned_data['email']
post.phone = from_user.cleaned_data['phone']
post.email = from_user.cleaned_data['email']
post.dia_chi = from_user.cleaned_data['dia_chi']
post.save()
print('Da ghi vao CSDL')
elif from_user.cleaned_data['mat_khau'] != from_user.cleaned_data[
'confirm']:
from_user.add_error('confirm', 'the password do not match')
print('password and confirm password are not the same!')
else:
from_user = forms.FormDangKy()
return render(request, 'khach_hang/registration.html', {
'user_form': from_user,
'registered': registered
})
def login_redir(request):
try:
username = request.POST['name']
password = request.POST['password']
try:
User = UserInfo.objects.get(user_name=username)
hasher = PBKDF2PasswordHasher()
password = hasher.verify(password=password,
encoded=User.user_password)
if password:
response = HttpResponseRedirect('/cooking/')
response.set_cookie('wasauthorised', User.user_secret)
if request.COOKIES.get('livetime'):
time = int(request.COOKIES.get('livetime'))
response.set_cookie('wasauthorised', User.user_secret,
time)
else:
response.set_cookie('wasauthorised', User.user_secret,
1209600)
return response
else:
password_error = "Неверный пароль"
return render(request, 'cooking/login.html',
{'password_error': password_error})
except:
user_error = "Неверное имя пользователя "
return render(request, 'cooking/login.html',
{'user_error': user_error})
except:
return HttpResponseRedirect('/cooking/login/')
def login(request):
"""Logs in the user if given credentials are valid"""
username = request.data['username']
password = request.data['password']
try:
user = User.objects.get(username=username)
except:
user = None
if user is not None:
encoded = user.password
hasher = PBKDF2PasswordHasher()
login_valid = hasher.verify(password, encoded)
if login_valid:
key = username + str(datetime.datetime.now())
key = hasher.encode(key, 'key', 10)
life = datetime.datetime.now() + datetime.timedelta(hours=14)
timezone = pytz.timezone("America/Bogota")
life_aware = timezone.localize(life)
loginsession = LoginSession(key=key, life=life_aware, user=user)
loginsession.save()
request.session['loginsession'] = key
data = {'success': True, 'key': key}
return Response(data,
status=status.HTTP_200_OK,
content_type='application/json')
data = {
'success': False,
'message': "Nombre de usuario o contraseña incorrectos"
}
return Response(data,
status=status.HTTP_200_OK,
content_type='application/json')
def create_credentials(actions):
"""Creates a login session with permissión for the given actions"""
app_a = App(name="Usuarios")
app_a.save()
created_actions = []
for action in actions:
created_actions.append(Action(name=action, label="", app=app_a))
for i in range(0, len(created_actions)):
created_actions[i].save()
profile = Profile(name='Admin', active=True)
profile.save()
for action in created_actions:
ProfilePermissions(profile=profile, action=action,
permission=True).save()
password = '******'
username = '******'
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode(password, "Wake Up, Girls!")
user1 = User(username=username,
password=encoded,
name='ADMINISTRADOR',
lastname='ADMINISTRADOR',
active=True,
profile=profile)
user1.save()
return user1
def signup_user(request):
request_data = json.loads(request.body)
# request_data = request.GET
back = "False"
hasher = ''
verify_code = ''
username_check = GlobalUsers.objects.filter(
gus_email=request_data['email']).values_list('gus_email', flat=True)
if request.method == 'POST' and request_data['email'] not in username_check:
verify_code = str(random.randint(10000, 99999))
hasher = PBKDF2PasswordHasher()
signup_details = GlobalUsers()
# signup_details.gus_username = str(request_data['username'])
signup_details.gus_password = hasher.encode(
password=request_data['password'], salt='salt', iterations=50000)
signup_details.gus_email = request_data['email']
signup_details.gus_address = request_data['address']
signup_details.gus_pincode = request_data['pincode']
signup_details.gus_createdon = datetime.datetime.now()
signup_details.gus_isused = 0
signup_details.gus_confirmcode = verify_code
signup_details.gus_phone = request_data['phone']
signup_details.save()
subject = "email verification HUL"
message = "please verify your email by typing the following code in your Distributor App " + verify_code
sender = "*****@*****.**"
send_mail(subject, message, sender, [request_data['email']])
back = "True"
print back
data = back
return HttpResponse(data)
def test_login_user(self):
password = '******'
username = '******'
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode(password, "Wake Up, Girls!")
user1 = User(username=username,
password=encoded,
name='Edgar',
lastname='Ceron',
active=True,
profile=None)
user1.save()
url = reverse('login_user')
data = {'username': username, 'password': password}
response = self.client.post(url, data, format='json')
result = response.data['success']
self.assertEqual(result, True)
key = response.data['key']
try:
found = True
LoginSession.objects.get(key=key)
except:
found = False
self.assertTrue(found)
data = {'username': '******', 'password': '******'}
response2 = self.client.post(url, data, format='json')
result2 = response2.data['success']
self.assertEqual(result2, False)
def pwd_reset(self):
reset_form = npyscreen.Form(name="Reset Password",
lines=0,
columns=0,
minimum_lines=24,
minimum_columns=80)
user_list = []
check_user = "******"
cursor.execute(check_user)
exist = cursor.fetchall()
for line in range(0, len(exist)):
user_list.append(exist[line][0])
select = reset_form.add(npyscreen.TitleSelectOne,
max_height=4,
name="Utente:",
values=user_list,
scroll_exit=True)
password = reset_form.add(npyscreen.TitlePassword, name="Password:"******"Conferma:")
pwd = PBKDF2PasswordHasher()
reset_form.edit()
if password.get_value() == password_confirm.get_value(
) and password.get_value() != '':
sql_ctx = "UPDATE aron.auth_user SET password=\"%s\" WHERE username=\"%s\";" % \
(str(pwd.encode(password.get_value(), str(uuid.uuid4()), 12)),
str(select.get_selected_objects())[2:-2])
cursor.execute(sql_ctx)
db.commit()
npyscreen.notify_confirm(
"La password per l'utente %s e' stata cambiata." %
str(select.get_selected_objects())[1:-1])
else:
npyscreen.notify_confirm(
"La password NON sono uguale. Controllare di nuovo")
def add_user(request):
"""Tries to create an user and returns the result"""
permission_obj = PermissionValidation(request)
validation = permission_obj.validate('add_user')
if validation['status']:
data = request.data.copy()
password = data['password']
hasher = PBKDF2PasswordHasher()
data['password'] = hasher.encode(password, "Wake Up, Girls!")
user_serializer = UserSerializer(data=data)
if user_serializer.is_valid():
user_serializer.save()
return Response(
{
"success": True,
"user_id": user_serializer.data['id']
},
status=status.HTTP_201_CREATED,
content_type='application/json')
data = error_data(user_serializer)
return Response(data,
status=status.HTTP_400_BAD_REQUEST,
content_type='application/json')
return PermissionValidation.error_response_webservice(validation, request)
def post(self, request):
data = request.POST
key = data['key']
newpass = data['newpass']
conpass = data['conpass']
print(key)
print(newpass)
print(conpass)
hasher = PBKDF2PasswordHasher()
try:
obj = Front_Users.objects.get(key=key)
newpass = hasher.encode(password=newpass,
salt='salt',
iterations=50000)
obj.password = newpass
obj.key = ""
obj.save()
return render(
request, 'registration/login.html', {
'message':
'Password Updated, Please Log-in with you new credentials'
})
except Front_Users.DoesNotExist:
return render(
request, 'registration/login.html',
{'message': 'Something Went Wrong, Try After Sometime'})
def post(self, request):
data = request.POST
hasher = PBKDF2PasswordHasher()
email = data['email']
password = data['password']
message = ''
password = hasher.encode(password=password,
salt='salt',
iterations=50000)
try:
# events_data=EventsForm.objects.get(event_date=date)
Front_Users.objects.get(email=email)
try:
user_data = Front_Users.objects.get(password=password)
request.session['name'] = user_data.name
request.session['logged_in'] = True
request.session['username'] = user_data.email
return 1
except Front_Users.DoesNotExist:
return render(request, 'coaching.html',
{'message': 'Password entered is Incorrect'})
except Front_Users.DoesNotExist:
# events= EventsForm(title=title,description=description)
# print('user not logged in')
return render(request, 'coaching.html', {
'message': 'Email Does not exists ',
'email': email
})
def password_reset(request):
if request.method == "POST":
otp = request.POST["otp"]
password1 = request.POST["password1"]
password2 = request.POST["password2"]
if otp_verification.objects.filter(otp=otp).exists():
email = otp_verification.objects.get(otp=otp).email
if password1 == password2:
user = User.objects.get(email=email)
hasher = PBKDF2PasswordHasher()
newpassword = hasher.encode(password=password1,
salt='salt',
iterations=50000)
user.password = newpassword
user.save()
messages.success(request, "Password Changed Successfully!")
return redirect('login')
else:
messages.warning(request, "Password does not match!")
return redirect('password-reset')
else:
messages.warning(request, 'Invalid OTP!')
return redirect('password-reset')
else:
return render(request, 'TaskPhamer/password_reset.html')
def test_low_level_pbkdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$100000$seasalt2$Tl4GMr+Yt1zzO1sbKoUaDBdds5NkR3RxaDWuQsliFrI='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pbkdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$150000$seasalt2$5xGh/XsAm2L9fQXShAI1qf739n97YlTaaLY8/t6Ms7o='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pbkdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$216000$seasalt2$gHyszNJ9lwTG5y3MQUjZe+OJmYVTBPl/y7bYq9dtk8M='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$20000$seasalt2$Flpve/uAcyo6+IFI6YAhjeABGPVbRQjzHDxRhqxewgw='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('letmein', 'seasalt')
self.assertEqual(
encoded,
'pbkdf2_sha256$10000$seasalt$FQCNpiZpTb0zub+HBsH6TOwyRxJ19FwvjbweatNmK/Y='
)
self.assertTrue(hasher.verify('letmein', encoded))
def clean_password(self):
password = self.cleaned_data.get('password')
if not password:
raise forms.ValidationError('No password')
self.moi_password = password
salt = "salt"
hasher = PBKDF2PasswordHasher()
return make_password(password, salt, hasher)
def test_low_level_pbkdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$260000$seasalt2$UCGMhrOoaq1ghQPArIBK5RkI6IZLRxlIwHWA1dMy7y8='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$12000$seasalt2$hlDLKsxgkgb1aeOppkM5atCYw5rPzAjCNQZ4NYyUROw='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$24000$seasalt2$TUDkfilKHVC7BkaKSZgIKhm0aTtXlmcw/5C1FeS/DPk='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pbkdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$320000$seasalt2$BRr4pYNIQDsLFP+u4dzjs7pFuWJEin4lFMMoO9wBYvo='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$15000$seasalt2$uSQqI+91wgObKdP6L6S75LLzyxrZRWNcaujEZPA3/nA='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pbkdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$30000$seasalt2$a75qzbogeVhNFeMqhdgyyoqGKpIzYUo651sq57RERew='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pkbdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt')
self.assertEqual(
encoded,
'pbkdf2_sha256$10000$seasalt$CWWFdHOWwPnki7HvkcqN9iA2T3KLW1cf2uZ5kvArtVY='
)
self.assertTrue(hasher.verify('lètmein', encoded))
def test_low_level_pbkdf2(self):
hasher = PBKDF2PasswordHasher()
encoded = hasher.encode('lètmein', 'seasalt2')
self.assertEqual(
encoded,
'pbkdf2_sha256$36000$seasalt2$QkIBVCvGmTmyjPJ5yox2y/jQB8isvgUNK98FxOU1UYo='
)
self.assertTrue(hasher.verify('lètmein', encoded))
