def dashboard(email, password):
try:
user = users.select(users.c.email == email).execute().first()
username = user.username
#check that passwords match
if check_password_hash(password, user.password, user.salt):
#set session hash
session_token = generate_password_hash(
email,
datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
stmt = update(users).where(users.c.email == email).values(
session_token=session_token)
connection = engine.connect()
connection.execute(stmt)
connection.close()
resp = make_response(redirect('/'))
resp.set_cookie('session_token', session_token)
return resp
else:
error_msg = "Incorrect Password"
return render_template('/index.html', error_msg=error_msg)
except AttributeError:
error_msg = "no user exists"
return render_template('index.html', error_msg=error_msg)
def dashboard(email, password):
try:
user = users.select(users.c.email == email).execute().first()
username = user.username
#check that passwords match
if check_password_hash(password, user.password, user.salt):
#set session hash
session_token = generate_password_hash(email, datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"))
stmt = update(users).where(users.c.email==email).values(session_token=session_token)
connection = engine.connect()
connection.execute(stmt)
connection.close()
resp = make_response(redirect('/'))
resp.set_cookie('session_token', session_token);
return resp;
else:
error_msg = "Incorrect Password"
return render_template('/index.html', error_msg=error_msg)
except AttributeError:
error_msg = "no user exists"
return render_template('index.html', error_msg=error_msg)
def validate_login(self, field):
"""Login validation"""
user = self.get_user()
if user is None:
raise validators.ValidationError('Invalid user')
if not check_password_hash(self.password.data.encode("utf-8"), user.password.encode('utf-8'), user.salt):
raise validators.ValidationError('Invalid password')
def validate_login(self, field):
"""Login validation"""
user = self.get_user()
if user is None:
raise validators.ValidationError('Invalid user')
if not check_password_hash(self.password.data.encode("utf-8"),
user.password.encode('utf-8'), user.salt):
raise validators.ValidationError('Invalid password')
def jwt_authenticate(email, password):
user = User.query.filter_by(email=email).first()
if user is None:
return None
auth_ok = check_password_hash(password.encode('utf-8'),
user.password.encode('utf-8'), user.salt)
if auth_ok:
return user
else:
return None
def jwt_authenticate(email, password):
user = User.query.filter_by(email=email).first()
if user is None:
return None
auth_ok = check_password_hash(
password.encode('utf-8'),
user.password.encode('utf-8'),
user.salt
)
if auth_ok:
return user
else:
return None
def login():
email = request.form['email']
password = request.form['password']
user = User.objects(email=email).first()
if user is not None:
password_hash = user.accounts['internal']['password_hash']
salt = user.accounts['internal']['salt']
if check_password_hash(password, password_hash, salt):
session['user_id'] = user.get_id()
ret = json_util.dumps({"username":user.accounts['internal']['username']})
resp = Response(response=ret, status=200, mimetype="application/json")
return resp
ret = json_util.dumps({"message":"Incorrect Username or Password."})
resp = Response(response=ret, status=401, mimetype="application/json")
return resp
def validate_password(form, field):
try:
user = User.query.filter(User.email == form.email.data).one()
except (MultipleResultsFound, NoResultFound):
raise ValidationError("We couldn't find your email.")
if user is None:
raise ValidationError("We couldn't find your email.")
# check the password hash!
if not(check_password_hash(form.password.data, user.password_hash, user.salt)):
raise ValidationError("Wrong password.")
# Make the current user available
# to calling code (view).
form.user = user
def jwt_authenticate(email, password):
"""
helper function to authenticate user if credentials are correct
:param email:
:param password:
:return:
"""
user = User.query.filter_by(email=email).first()
if user is None:
return None
auth_ok = check_password_hash(password.encode('utf-8'),
user.password.encode('utf-8'), user.salt)
if auth_ok:
return user
else:
return None
def validate_login(self, field):
"""Login validation"""
users = self.get_users()
if users is None:
raise validators.ValidationError('Invalid user')
userFound = False
for u in users:
if check_password_hash(self.password.data.encode("utf-8"), u.password.encode('utf-8'), u.salt):
userFound = True
break
if not userFound:
raise validators.ValidationError('Invalid password')
else:
self.user = u
def auth_basic():
"""
Check for basic auth in header. Return a tuple as result
The second value of tuple is set only when user tried basic_auth
"""
auth = request.authorization # only works in Basic auth
if not auth:
return False, ''
user = UserModel.query.filter_by(email=auth.username).first()
auth_ok = False
if user is not None:
auth_ok = check_password_hash(auth.password.encode('utf-8'),
user.password.encode('utf-8'), user.salt)
if not auth_ok:
return False, 'Authentication failed. Wrong username or password'
g.user = user
return True, ''
def validate_login(self, field):
"""Login validation"""
users = self.get_users()
if users is None:
raise validators.ValidationError('Invalid user')
userFound = False
for u in users:
if check_password_hash(self.password.data.encode("utf-8"),
u.password.encode('utf-8'), u.salt):
userFound = True
break
if not userFound:
raise validators.ValidationError('Invalid password')
else:
self.user = u
def login():
email = request.form['email']
password = request.form['password']
user = User.objects(email=email).first()
if user is not None:
password_hash = user.accounts['internal']['password_hash']
salt = user.accounts['internal']['salt']
if check_password_hash(password, password_hash, salt):
session['user_id'] = user.get_id()
ret = json_util.dumps(
{"username": user.accounts['internal']['username']})
resp = Response(response=ret,
status=200,
mimetype="application/json")
return resp
ret = json_util.dumps({"message": "Incorrect Username or Password."})
resp = Response(response=ret, status=401, mimetype="application/json")
return resp
def jwt_authenticate(email, password):
"""
helper function to authenticate user if credentials are correct
:param email:
:param password:
:return:
"""
user = User.query.filter_by(email=email).first()
if user is None:
return None
auth_ok = check_password_hash(
password.encode('utf-8'),
user.password.encode('utf-8'),
user.salt
)
if auth_ok:
return user
else:
return None
def auth_basic():
"""
Check for basic auth in header. Return a tuple as result
The second value of tuple is set only when user tried basic_auth
"""
auth = request.authorization # only works in Basic auth
if not auth:
return (False, '')
user = UserModel.query.filter_by(email=auth.username).first()
auth_ok = False
if user is not None:
auth_ok = check_password_hash(
auth.password.encode('utf-8'),
user.password.encode('utf-8'),
user.salt)
if not auth_ok:
return (False, 'Authentication failed. Wrong username or password')
g.user = user
return (True, '')
def login():
error = None
form = AdminForm(request.form)
username = form.username.data
password = form.password.data
user_doc = mongo.db.users.find_one({"username": username})
if user_doc is None:
error = "Korisnik ne postoji"
elif password == "" or not check_password_hash(password, user_doc["password"], user_doc["salt"]):
error = "Pogrešna lozinka"
else:
session['logged_in'] = True
session['username'] = username
current_app.logger.info('User %s is logged in' % username)
return redirect(url_for('main.index'))
def login():
error = None
form = AdminForm(request.form)
username = form.username.data
password = form.password.data
user_doc = mongo.db.users.find_one({"username": username})
if user_doc is None:
error = "Korisnik ne postoji"
elif password == "" or not check_password_hash(
password, user_doc["password"], user_doc["salt"]):
error = "Pogrešna lozinka"
else:
session['logged_in'] = True
session['username'] = username
current_app.logger.info('User %s is logged in' % username)
return redirect(url_for('main.index'))
def login():
form = model_form(User, exclude=("salt", "email"))(request.form) # <- two hours wasted right here!
if form.validate_on_submit():
try:
user = User.objects.get(username=form.username.data)
except User.DoesNotExist as e:
flash(("Login Error", "User not found or wrong password"), "danger")
except User.MultipleObjectsReturned as e:
flash(("DB Error", str(e)), "danger")
else:
password = form.password.data
if check_password_hash(password, user.password.encode(), user.salt.encode()):
flash("You are now logged in", "success")
return redirect('/')
else:
flash(("Login Error", "User not found or wrong password"), "danger")
if form.errors:
flash(form.errors, "danger")
form.password.data=""
return render_template("login.html", form=form)
def login():
form = model_form(User, exclude=("salt", "email"))(
request.form) # <- two hours wasted right here!
if form.validate_on_submit():
try:
user = User.objects.get(username=form.username.data)
except User.DoesNotExist as e:
flash(("Login Error", "User not found or wrong password"),
"danger")
except User.MultipleObjectsReturned as e:
flash(("DB Error", str(e)), "danger")
else:
password = form.password.data
if check_password_hash(password, user.password.encode(),
user.salt.encode()):
flash("You are now logged in", "success")
return redirect('/')
else:
flash(("Login Error", "User not found or wrong password"),
"danger")
if form.errors:
flash(form.errors, "danger")
form.password.data = ""
return render_template("login.html", form=form)
def verify_password(self, password):
return check_password_hash(password, self.password_hash, self.password_salt)
def validate_user_passphrase(self, user_id, passphrase):
passphrase = base64.b64encode(passphrase.encode("utf-8"))
res = self.get_user_passphrase_hash(user_id)
pw_hash, salt = res
return check_password_hash(passphrase, pw_hash, salt)
def validate_user_passphrase(self, user_id, passphrase):
passphrase = base64.b64encode(passphrase.encode("utf-8"))
res = self.get_user_passphrase_hash(user_id)
pw_hash, salt = res
return check_password_hash(passphrase, pw_hash, salt)
def check_password(self, password):
return check_password_hash(password, self.password_hash, self.password_salt, 1 << 15)
def check_password(self, password, hash, salt):
return check_password_hash(password, hash, salt)
def verify_password(self, password):
return check_password_hash(str(password), str(self.password_hash), str(self.password_salt))
def verify_password(self, password):
return check_password_hash(str(password), str(self.password_hash),
str(self.password_salt))
def check_password(self, raw_pw):
return scrypt.check_password_hash(raw_pw,
self.password_hash,
self.salt)
def verify_password(self, password):
return check_password_hash(password, self.password_hash, self.salt)
