def decorated_function(*args, **kwargs):
if not request.authorization:
return abort(400)
auth = request.authorization
# Check user
user = User.query.filter(User.email == auth.username, User.password == auth.password).first()
if not user:
return abort(400)
g.user = user
# Device allowed?
device = Device.query.filter(Device.user_id == user.id, Device.device == get_device()).first()
if not device or not device.active:
if not device:
device = Device(user.id, get_device())
db.session.add(device)
db.session.commit()
if send_device_authentication(device):
return Response(json.dumps({"device": device.device, "id": device.id}), 400, content_type='application/json')
return Response(json.dumps({"message": "I'm a little tea pot."}), 404, content_type='application/json')
# Log ip
ip = get_ip()
login = Login.query.filter(Login.user_id == user.id, Login.ip == ip).first()
if not login:
login = Login(user.id, ip)
gi = pygeoip.GeoIP('GeoLiteCity.dat').record_by_addr(ip)
if gi:
login.latitude = gi.get('latitude', 0)
login.longitude = gi.get('longitude', 0)
db.session.add(login)
else:
login.time = datetime.now()
db.session.commit()
return f(*args, **kwargs)
def login(request):
# if this is a POST request we need to process the form data
if request.method == 'POST':
# create a form instance and populate it with data from the request:
form = Login(request.POST)
# check whether it's valid:
if form.is_valid():
email = form.cleaned_data['email']
wachtwoord = form.cleaned_data['wachtwoord']
print(email)
try:
selectedEerder=Users.objects.get(Email=email, Wachtwoord=wachtwoord)
request.session['email'] = email;
request.session['Rechten'] = selectedEerder.Rechten
return HttpResponseRedirect('/')
except Users.DoesNotExist:
selectedEerder = None
form.errors[""] = ErrorList([u"Email of wachtwoord komen niet overeen!"])
# process the data in form.cleaned_data as required
# ...
# redirect to a new URL:
# if a GET (or any other method) we'll create a blank form
else:
form = Login()
return render_to_response('login.html',{'form': form},
context_instance=RequestContext(request))
def index():
form = Login()
if form.validate_on_submit():
session['username'] = form.username.data
session['room'] = form.room.data
return redirect(url_for('chat'))
elif request.method == 'GET':
form.username.data = session.get('username', '')
form.room.data = session.get('room', '')
return render_template('index.html', form=form, username=session.get('username'))
def dologin(request):
try:
uname = request.POST["username"]
passw = request.POST["password"]
u = User.objects.get(username=uname, password=passw)
l = Login(user = u, loginlast = datetime.now())
l.save()
request.session['logged_in'] = True
request.session['uid'] = u.id
return HttpResponseRedirect('profile')
except (KeyError, User.DoesNotExist, User.MultipleObjectsReturned):
return HttpResponseRedirect('/?err=true')
def post(self):
account = self.get_body_argument('email')
password = self.get_body_argument('password')
login = Login(account, password)
if login.login():
url = '/detail/'
name = login.emailToname(account)[0][0]
self.set_cookie("user", name)
self.set_cookie('email', account)
self.redirect(url)
else:
self.render('login.html', flag=True)
def login(request):
form = Loginform()
if request.method == 'POST':
form = Loginform(request.POST)
if form.is_valid():
Usr = request.POST.get('Username')
pwd = request.POST.get('Password')
p = Login(Username=Usr, Password=pwd)
p.save()
return HttpResponseRedirect(reverse('Done'))
else:
form = Loginform()
return render(request, 'login/login.html', {'form': form})
def test_save_data_to_db(self, downloader_obj, modifier_obj):
persons = len(Person.select())
contacts = len(Contact.select())
logins = len(Login.select())
localizations = len(Location.select())
modifier_obj.execute_modifications()
save_obj = ApiDataSave(downloader_obj, 'results')
save_obj.save_data_to_db()
error = 'Incorrect number of objects saved in the database'
assert len(Person.select()) == persons + API_PERSONS, error
assert len(Contact.select()) == contacts + API_PERSONS, error
assert len(Login.select()) == logins + API_PERSONS, error
assert len(Location.select()) == localizations + API_PERSONS, error
def NewUserLogin(request):
if request.method == "POST":
userid = request.POST['userid']
passwd = request.POST['passwd']
loginType = request.POST['oAuthType']
try:
res = Login.objects.get(userId=userid)
return render(request, 'oAuthSignup.html', {
"error": "userId Already Exists...",
"loginType": loginType
})
except:
if loginType == "fbLogin":
ins = Login(userId=userid,
password=passwd,
username=request.session['fbName'],
fbId=request.session['fbId'])
ins.save()
res = Login.objects.get(fbId=request.session['fbId'])
request.session['uID'] = res.id
request.session['uName'] = res.username
return viewDetails(request)
else:
ins = Login(userId=userid,
password=passwd,
username=request.session['goggleName'],
email=request.session['gId'])
ins.save()
res = Login.objects.get(email=request.session['gId'])
request.session['uID'] = res.id
request.session['uName'] = res.username
return viewDetails(request)
else:
return viewDetails(request)
def login():
"""Login a user: recieve JSON form data and authenticate username/password."""
success = {'user':{}}
form = LoginForm()
if form.validate_on_submit():
username = request.json["username"]
password = request.json["password"]
user = User.authenticate(username, password)
if user:
session['username'] = user.username
session['user_id'] = user.id
log = Login.record_login(user.id)
db.session.commit()
success['user']['login'] = True
success['user']['username'] = session['username']
success['user']['userId'] = session['user_id']
return jsonify(success)
else:
success['login'] = False
success['message'] = "The username/password is incorrect"
return jsonify(success), 401
else:
success['login'] = False
success['message'] = "The username/password is incorrect"
return jsonify(success), 401
def MainMenu():
print("1. Register")
print("2. Login")
print("3. Exit")
#code
option = int(input("Enter Your Choice: "))
if (option == 1):
username = input("Enter Username: "******"Enter password: "******"Enter Type (L/T/S): ")
login = Login(username=username, password=password, usertype=usertype)
dl.AddLogin(login)
elif (option == 2):
username = input("Username: "******"Password: "******"Invalid Usename or password")
return False
def signup():
error = None
successful = None
if request.method == 'POST':
userN = request.form['username']
passwN = request.form['password']
keyN = request.form['key']
try:
# check errors - duplicate user
if userN == (Login.query.filter(
Login.users == userN).first()).users:
# print(test.users)
error = 'duplicate user name'
# check errors - invalid secret key
except:
if keyN == (Login.query.filter(
Login.users == 'secretkey').first()).password:
# newUser = Login(users=userN, password=passwN)
harshpass = bcrypt.generate_password_hash(passwN).decode(
'utf-8')
newUser = Login(users=userN, password=harshpass)
db.session.add(newUser)
db.session.commit()
successful = 'user created'
else:
error = 'invalid secret key'
return render_template('createUser.html',
error=error,
successful=successful)
def studentRegistration():
if(session['logged_in'] == True): #if user login
if(request.method == 'GET'):
return render_template('studentRegistration.html')
elif(request.method == 'POST'):
try:
userId = request.json['user_id']
name = request.json['name']
grade = request.json['grade']
student = Student(userId, name, grade)
newUser = Login(userId, userId,"student") #Create new user
DataPipelineObj.insert_data(newUser) #Add details to the database (Into login table)
DataPipelineObj.insert_data(student)#Add details to the database(Into Student table
return jsonify({'status':"Student successfully registered"})
except:
return jsonify({'status':"Fill the required details"})
else:
abort(405)
else: #if user not login
return render_template('showSignIn.html')
def login():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = LoginForm(meta={'csrf_context': session})
user = User.query.filter_by(login=form.login.data).first()
if user and form.password.data: # A login attempt
ip = request.remote_addr
login = Login(successful=form.validate(), ip=ip, user=user)
db.session.add(login)
db.session.commit()
# Slow down brute force attempts
time_boundary = datetime.utcnow() - timedelta(minutes=5)
recent_login_attempts = len(
[a for a in user.login_attempts if a.timestamp > time_boundary and not a.successful])
sleep(calculate_login_delay(recent_login_attempts))
if form.validate_on_submit():
login_user(user)
next_page = session.get('next', None)
session['next'] = None
if not next_page:
next_page = url_for('notes.view_notes')
return redirect(next_page)
return render_template('login.html', form=form)
def post(self):
try:
data = request.json
login = Login(username=data['username'], password=data['password'])
login.save()
response = {'message': 'User {} was created successfully'.format(login.id),
'id': login.id,
'username': login.username,
'password': login.password
}
except KeyError:
response = {
'status': 'error',
'message': 'API error, consult the administrator'
}
return response
def signUp():
if(request.method == 'GET'):
return render_template('showSignUp.html')
elif(request.method == 'POST'):
DataPipelineSignUpObj = DataPipeline() # DataPipeline object
try:
username = request.json['username']
userPassword = request.json['userPassword']
userNIC = request.json['userNIC']
userType = request.json['userType']
user = DataPipelineSignUpObj.fetch_data(userType,userNIC) #fetch data
newLoginUser = Login(username, userPassword,userType) #Create new user
if(user.count() != 0):
result = DataPipelineSignUpObj.isUsernameExists(userType, username) #fetch login data from the database
if(result.count() != 0): #if usernae alredy exists
return jsonify({'status':"Username already exists"})
DataPipelineSignUpObj.insert_data(newLoginUser) #if new user insert data to the database
for u in user:
DataPipelineSignUpObj.update_table(u,username) #update the user tables(teacher and admin)
return jsonify({'status':"Sign up successfully"})
return jsonify({'status':"You are not a registered user"}) # if not registred person
except:
return jsonify({'status':"Fill the required details"}) #if required details are not filled
else:
abort(405)
def save_login(self, dict_obj, person):
"""Save login data to the database"""
dataset = {
'uuid': ('login', 'uuid'),
'username': ('login', 'username'),
'password': ('login', 'password'),
'salt': ('login', 'salt'),
'md5': ('login', 'md5'),
'sha1': ('login', 'sha1'),
'sha256': ('login', 'sha256'),
'registration_date': ('registered', 'date'),
'years_since_registration': ('registered', 'age')
}
self.collect_data(dataset, dict_obj)
dataset['person'] = person
with db:
Login.create(**dataset)
def user():
provider = SimpleResourceProvider()
auth = provider.get_authorization()
if not auth.is_valid:
abort(401)
login = Login.find_by_id(auth.login_id)
if login == None:
abort(404)
return jsonify(username=login.login,
is_active=login.is_active,
id=login.id)
def test_save_login(self, downloader_obj, modifier_obj):
modifier_obj.execute_modifications()
dict_obj = modifier_obj._data[0]
save_obj = ApiDataSave(downloader_obj, 'results')
p = save_obj.save_person(dict_obj)
save_obj.save_login(dict_obj, p)
assert len(Login.select()) == 1, 'The Login object has not been saved'
login = Login.select()[0]
error = 'Invalid data has been written'
assert login.uuid == dict_obj['login']['uuid'], error
assert login.username == dict_obj['login']['username'], error
assert login.password == dict_obj['login']['password'], error
assert login.salt == dict_obj['login']['salt'], error
assert login.md5 == dict_obj['login']['md5'], error
assert login.sha1 == dict_obj['login']['sha1'], error
assert login.sha256 == dict_obj['login']['sha256'], error
assert login.registration_date == dict_obj['registered']['date'], error
assert login.years_since_registration == dict_obj['registered'][
'age'], error
assert login.person == p, error
def NewUserLogin(request):
if request.method == "POST":
userid = request.POST['userid']
passwd = request.POST['passwd']
loginType = request.POST['oAuthType']
try:
res = Login.objects.get(userId = userid)
return render(request, 'oAuthSignup.html', {"error" : "userId Already Exists...", "loginType" : loginType})
except:
if loginType == "fbLogin":
ins = Login(userId = userid, password = passwd, username = request.session['fbName'], fbId = request.session['fbId'])
ins.save()
res = Login.objects.get(fbId = request.session['fbId'])
request.session['uID'] = res.id
request.session['uName'] = res.username
return viewDetails(request)
else:
ins = Login(userId = userid, password = passwd, username = request.session['goggleName'], email = request.session['gId'])
ins.save()
res = Login.objects.get(email = request.session['gId'])
request.session['uID'] = res.id
request.session['uName'] = res.username
return viewDetails(request)
else:
return viewDetails(request)
def register_route():
if request.method == 'POST':
username = request.form.get('username')
email = request.form.get('email')
password = request.form.get('password')
user = User(name=username, email=email)
db.session.add(user)
db.session.commit()
login = Login(user_id=user.id, password=password)
db.session.add(login)
db.session.commit()
flash('User created')
return redirect(url_for('login_route'))
return render_template('register.html', hide_logout=True)
def login_post(client_id):
login = request.form['login']
password = request.form['password']
login = Login.find(login)
if login == None:
flash('User not found!', 'error')
return redirect(url_for('.login_get', client_id=client_id))
p_ok = sha256_crypt.verify(password, login.password)
if not p_ok:
flash('Incorect password!', 'error')
return redirect(url_for('.login_get', client_id=client_id))
session['user'] = login
app = Application.find(client_id)
return redirect(url_for('.authorization_code', client_id=client_id,
redirect_uri=app.redirect_uri, response_type='code'))
def login():
if not 'nonce' in session:
session['nonce'] = hashlib.sha256(
str(random.randint(0, 0xFFFFFFF)).encode('ascii')).hexdigest()
csrf_token = hashlib.sha256(session['nonce'].encode('ascii')).hexdigest()
if request.method == 'GET':
return render_template("login.html", csrf_token=csrf_token)
csrf = request.form['csrf']
if csrf != csrf_token:
return render_template("login.html",
message="Incorrect",
csrf_token=csrf_token)
uname = request.form['uname']
pw = request.form['pword'].encode('utf-8')
phone = request.form['2fa'].encode('utf-8')
hash = hashlib.sha256(phone + pw[::-1]).hexdigest()[::-1]
u = User.query.filter_by(uname=uname).first()
if not u:
return render_template("login.html",
message="Incorrect",
csrf_token=csrf_token)
u = User.query.filter_by(uname=uname).filter_by(
phone=request.form['2fa']).first()
if not u:
return render_template("login.html",
message="Two-factor failure",
csrf_token=csrf_token)
u = User.query.filter_by(uname=uname).filter_by(
phone=request.form['2fa']).filter_by(hash=hash).first()
if not u:
return render_template("login.html",
message="Incorrect",
csrf_token=csrf_token)
ses_num = hashlib.sha256(
str(random.randint(0, 0xFFFFFFF)).encode('ascii')).hexdigest()
l = Login(u, ses_num + session['nonce'])
session['token'] = ses_num
db.session.add(l)
db.session.commit()
db.session.refresh(l)
return render_template("login.html",
message="success",
csrf_token=csrf_token)
def register():
"""Register a user: receive JSON form data and submit to DB"""
success = {'user':{}}
form = RegisterForm()
if form.validate_on_submit():
username = request.json["username"]
password = request.json["password"]
try:
user = User.register(username, password)
db.session.add(user)
db.session.commit()
prefs = Preference(user_id=user.id)
log = Login.record_login(user.id)
db.session.add(prefs)
db.session.commit()
session['username'] = user.username
session['user_id'] = user.id
success['user']['login'] = True
success['user']['username'] = session['username']
success['user']['userId'] = session['user_id']
return jsonify(success), 201
except exc.IntegrityError:
db.session.rollback()
success['login'] = False
success['message'] = "taken"
return jsonify(success), 400
else:
success['login'] = False
success['message'] = "invalid"
return jsonify(success), 400
def login():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = LoginForm(meta={'csrf_context': session})
user = User.query.filter_by(login=form.login.data).first()
if user and form.password.data: # podejście do logowania
ip = request.remote_addr
login = Login(successful=form.validate(), ip=ip, user=user)
db.session.add(login)
db.session.commit()
# opóźnienie w przypadku brute force
time_boundary = datetime.utcnow() - timedelta(minutes=5)
tries = len([
a for a in user.login_attempts
if a.timestamp > time_boundary and not a.successful
])
delay = 0
if tries > 3:
delay = 3
if tries > 10:
delay = 5
if tries > 30:
delay = 15
sleep(delay)
if form.validate_on_submit():
login_user(user)
next_page = session.get('next', None)
session['next'] = None
if not next_page:
next_page = url_for('view_notes')
return redirect(next_page)
return render_template('login.html', form=form)
def login2(request):
m = Login.objects.all()
if request.method == "POST":
form = LoginForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password1 = form.cleaned_data['password1']
password2 = form.cleaned_data['password2']
name = form.cleaned_data['name']
email = form.cleaned_data['email']
idnumber = form.cleaned_data['idnumber']
home = form.cleaned_data['home']
if password1 != password2:
return render(request, 'login2.html')
else:
login = Login()
login.username = username
login.password1 = password1
login.password2 = password2
login.name = name
login.email = email
login.idnumber = idnumber
login.home = home
login.save()
#return render(request, 'login2.html')
return render_to_response('login2.html', {'m': m})
else:
return HttpResponse("error!")
else:
form = LoginForm()
return render_to_response('login2.html', {'m': m})
def authorization_class(self):
return AdverbResourceAuthorization
def get_authorization_header(self):
if 'Authorization' in request.headers:
return request.headers['Authorization']
def validate_access_token(self, access_token, authorization):
access_key = 'oauth2.access_token:%s' % access_token
data = self.redis.get(access_key)
if data is not None:
data = json.loads(data)
authorization.is_valid = data.get('scope') == ''
authorization.client_id = data['client_id']
authorization.expires_in = self.redis.ttl(access_key)
authorization.login_id = data['user_id']
if __name__ == '__main__':
from flask import Flask, request
from models import Login
import logging
logging.basicConfig(filename='example.log',level=logging.DEBUG)
app = Flask(__name__)
app.secret_key = 'secret'
with app.test_request_context('/hello', method='POST'):
session['user'] = Login.find('*****@*****.**')
p = AdverbAuthorizationProvider()
r = p.get_authorization_code_from_uri('http://localhost:5000/oauth2/auth?client_id=51051fa6d00cf2206b0d7db3&response_type=code&redirect_uri=http://localhost:5000/oauth/redirect')
for k, v in r.headers.iteritems():
print k, v
def sign_up(request):
name = request.POST.get('txt_name')
email = request.POST.get('txt_email')
password = request.POST.get('txt_password')
confirm_pwd = request.POST.get('txt_confirm_pwd')
me = "*****@*****.**"
you = email
msg = MIMEMultipart('alternative')
msg['Subject'] = "Confirmation Email"
msg['From'] = me
msg['To'] = you
text = "Hi!\nHow are you?\nHere is the link you wanted:\nhttps://www.python.org"
html = """\
<html>
<head>
</head>
<body>
<p><font color="Blue"><h1>Hello !!!<h1></font><br>
<h2><font color="Blue">This is the verification message....</font</h2><br>
<h2><font color="Black">Click to verify :</font></h2>
<button type="submit"><a href="http://127.0.0.1:8000/single_photon/email/">VERIFY</a></button></p>
</body>
</html>
"""
part1 = MIMEText(text, 'plain')
part2 = MIMEText(html, 'html')
msg.attach(part1)
msg.attach(part2)
s = smtplib.SMTP('smtp.gmail.com', 587)
s.starttls()
s.login(me, 'dingu@123')
s.sendmail(me, you, msg.as_string())
s.quit()
try:
check_email_exist = Login.objects.filter(login_username=email).exists()
if check_email_exist == False:
a = Login(login_username=email, login_password=password)
a.save()
fk_id = a.id
#----c is the object created here------
c = Login.objects.get(id=fk_id)
request.session['loginid'] = fk_id
b = Signup(name=name, login=c)
b.save()
template = loader.get_template('login.html')
context = {"Email": "PLEASE VERIFY YOUR EMAIL !!!"}
else:
template = loader.get_template('sign_up.html')
context = {"email_err": "Email already Exists"}
except Exception, e:
template = loader.get_template('sign_up.html')
context = {"error": "Invalid Login Credentials"}
print("########## This is the error ############")
print e
def sync():
Login.sync_all()
def acceptlogin(request):
if request.method=='POST':
print request.POST['userName']
a=Login(username=request.POST['userName'])
a.save()
return HttpResponse("Ur Login!!!!")
