def _fetchLoginByUsername(self, username, password_hash=None):
"""
Fetches the Login model corresponding to the given username.
If an optional password_hash is given, verifies that the password hash
matches as well.
"""
try:
if password_hash is None:
return Login.objects(username=username).get()
else:
return Login.objects(username=username,
password_hash=password_hash).get()
except:
return None
def _fetchLoginByUsername(self, username, password_hash=None):
"""
Fetches the Login model corresponding to the given username.
If an optional password_hash is given, verifies that the password hash
matches as well.
"""
try:
if password_hash is None:
return Login.objects(username=username).get()
else:
return Login.objects(username=username,
password_hash=password_hash).get()
except:
return None
def _fetchLogin(self, login_id):
"""
Fetches the Login model by ID.
"""
try:
return Login.objects(login_id=login_id).get()
except:
return None
def _fetchLogin(self, login_id):
"""
Fetches the Login model by ID.
"""
try:
return Login.objects(login_id=login_id).get()
except:
return None
def login():
if request.method == "GET":
return render_template('login.html')
elif request.method == "POST":
form = request.form
username = form['username']
password = form['password']
# có thể lấy username và password ở database
user = Login.objects(username=username,
password=password
)
if username == username and password == password:
session['logged in'] = True
return redirect(url_for('admin'))
else:
return "Wrong username or password"
class LoginService:
"""
Handles the Login class during login, logout and persistence of sessions with
session cookies.
It allows different roles to have different token timeouts, both for active
sessions and for global sessions.
"""
def configure(self, app):
"""
Configures the various timeouts and flags for each of the roles.
"""
# Initialize the token service used within.
token_service.configure(app.config)
def performLoginFromCredentials(self, username, password, push_token=None):
"""
Handles the login process for the given username and password, rejecting or
logging in the respective Login model.
Returns the Login model that was logged in, or None if login failed.
"""
# Check if the credentials match.
login = self._fetchLoginByUsername(username)
if (not login or not self._isLoginPasswordMatch(login, password)):
raise Exception("Incorrect username or password.")
# Mark the Login as authenticated.
login.authenticated = True
login.push_token = push_token
login.save()
return token_service.generateToken(login)
def performLogout(self, login):
"""
Logs out the given Login model.
"""
# Mark the Login as not authenticated.
login.authenticated = False
login.save()
def performUserSignup(self, username, password, payment_nonce):
"""
Signs up the User with the given username and password.
"""
# First check if the user already in the database.
user_login = self._fetchLoginByUsername(username)
if user_login:
raise Exception("User '%s' already exist.<br>"
"Please contact us for more information." %
username)
user_login = Login(username=username)
# Get the hash of the given password to store in the database.
pass_hash = self._getHashedPassword(str(password))
# Create a customer object in BrainTree
result = braintree.Customer.create({
"first_name": username,
"last_name": "User",
"payment_method_nonce": payment_nonce,
"id": username,
})
if not result.is_success:
raise Exception("Could not create BrainTree customer")
# Save the User credentials in the databae.
user_login.password_hash = pass_hash
user_login.urole = int(Login.Role.USER)
user_login.save()
return user_login
def loadLoginFromID(self, login_id):
"""
Returns the Login corresponding to the given login ID.
"""
# Check if the Login is valid under the various timeout conditions.
login = self._fetchLogin(login_id)
if not self._isLoginValid(login):
return None
return login
def loadLoginFromToken(self, token_data):
"""
Loads the token from the given serialized token data, returning the Login
that matches or None if no match.
"""
# First, get the deserialized data from the token using token_service.
try:
(username, password_hash) = token_service.loadToken(token_data)
except Exception, e:
print "ERROR: LoginService.loadLogin failed to deserialize token: %s" % e
return None
# Fetch the corresponding Login object.
try:
login = Login.objects(username=username,
password_hash=password_hash).get()
except Exception, e:
print "ERROR: LoginService.loadToken failed to load Login: %s" % e
return None
