def post(self): parser = reqparse.RequestParser() parser.add_argument('username') parser.add_argument('password') parser.add_argument('email') parser.add_argument('displayName') args = parser.parse_args() permissions = 2 rows = db.session.query(User).count() if (rows == 0): permissions = 0 test_user = User.query.get(args.username) if (test_user is not None): return "{'registrationError': true, 'userExists': true}", 409 password = bcrypt_sha256.hash(args.password) try: user = User(args.username, password, args.displayName, args.email, None, None, permissions) db.session.add(user) setting = Setting("configured", "true") db.session.add(setting) db.session.commit() except InvalidRequestError: return "{'registrationError': true, 'databaseError': true}", 409 return "{'registrationError': false}", 201
def change_password(): if request.method == 'GET': return render_template('change_pwd.html') # if user is not in session, redirect to login page elif request.method == 'POST': username = request.form['username'] old_password = request.form['old_password'] new_password = request.form['new_password'] conn = connect_db() cur = conn.cursor() cur.execute('SELECT id, password FROM `user` WHERE username=?', (username, )) row = cur.fetchone() # if username is not in database, redirect to login page if row is None: flash('This user does not exist. Please check again.', 'error') return redirect('/login') else: message = "" if bcrypt_sha256.verify(old_password, row[1]): encrypted_password = bcrypt_sha256.hash(new_password) cur.execute('UPDATE `user` SET password=? WHERE username=?', (encrypted_password, username)) message = "You have successfully changed your password." #print ("I am here") else: message = "You fail to change your password." conn.commit() conn.close() flash(message, 'info') return redirect('/login')
def create_account(): if request.method == 'GET': print("it comes here.") return render_template('register.html') elif request.method == 'POST': username = request.form['username'] password = request.form['password'] conn = connect_db() cur = conn.cursor() cur.execute('SELECT id, password FROM `user` WHERE username=?', (username, )) row = cur.fetchone() conn.commit() conn.close() if row is not None: flash('Error: trying to register an account that already exists.', 'error') return redirect('/create_account') print(username, password) count_for_period = 0 for i in range(len(username)): if username[i] in "&=<>+-?" or count_for_period >= 2: flash('Illegal username.', 'error') return redirect('/login') elif username[i] == '.': count_for_period += 1 encrypted_password = bcrypt_sha256.hash(password) user = create_user(username, encrypted_password) flash('You have registered successfully', 'info') return login_the_user(user)
def __init__(self, **kwargs): super(Employee, self).__init__(**kwargs) self.password = bcrypt_sha256.hash(kwargs.get("password")) self.pin_code = randint(1000, 9999) self.registration_date = datetime.utcnow() self.account_status = "Not Activated" self.user_status = "Working" self.created_on = datetime.utcnow()
def set_attributes(board_url, name, password): if not name and not password: return board = bshipdb.get(board_url) if name: board['name'] = name if password: board['password'] = bcrypt_sha256.hash(password) bshipdb.set(board_url, board)
def create_user(): cursor, conn = connect() email = request.form.get("email") password = request.form.get("password") name = request.form.get("name") class_year = request.form.get("class_year") split_email = email.split("@") school = split_email[1] find_school_stmt = "SELECT id FROM schools where email=%s" cursor.execute(find_school_stmt, (school, )) result = cursor.fetchall() if len(result) == 0: return error_with_message("must use school email") school_id = result[0][0] check_existing_users_stmt = "SELECT COUNT(*) FROM users WHERE email=%s" cursor.execute(check_existing_users_stmt, (email, )) count = cursor.fetchone()[0] if count is not 0: return error_with_message("user already exists") salt = ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(32)) h = bcrypt_sha256.hash(password + salt) create_user_stmt = "INSERT INTO users (email, password, name, class_year, school_id, salt) VALUES (%s, %s, %s, %s, %s)" cursor.execute(create_user_stmt, (email, h, name, class_year, school_id, salt)) if cursor.rowcount is not 1: return error_with_message("creating user failed") conn.commit() user_id = cursor.lastrowid confirmation_token = ''.join( random.choice(string.ascii_letters + string.digits) for _ in range(32)) create_confirmation_stmt = "INSERT INTO email_confirmations (user_id, token) VALUES (%s, %s)" cursor.execute(create_confirmation_stmt, (user_id, confirmation_token)) conn.commit() # Send confirmation email FROM = "*****@*****.**" TO = [email] SUBJECT = "Confirm your StudyBuddy Account" MSG = ("Hello " + name + ",\nPlease confirm your account by visiting this link: " + "http://34.214.169.181:5000/confirm_email/" + confirmation_token + "\n" + "\nThank you,\nThe StudyBuddies Team") message = 'Subject: {}\n\n{}'.format(SUBJECT, MSG) server = smtplib.SMTP('localhost') server.sendmail(FROM, TO, message) server.quit() print(message) return success_with_data({"confirmation_token": confirmation_token})
def req_newauth(self, msg, ip, port): '''Handle request for new user password Takes care of prompting for a new password if the remote server does not already know the current nick. format of calling request: REQ_NEWAUTH:IP:PORT:USER format of response: AUTH_SETNEW:IP:PORT:USER:HASH note: HASH is AES encrypted base64 ''' global inHandshake logging.debug('inHandshake: {0}'.format(inHandshake)) # Get the username username = msg.split(':')[3] print('Password requested by {0}:{1} for new user: {2}'.format( ip, port, username)) # Get password logging.debug('First time password creation') passwordPrompt = 'Press ENTER then enter password: '******'' while pw == '' or pw == '': pw = getpass.getpass(passwordPrompt) logging.debug('PLAINTEXT: {0}'.format(pw)) pw = bcrypt_sha256.hash(pw) logging.debug('HASH: {0}'.format(pw)) if pw == '' or pw == None: print( 'Password is empty, perhaps you hit ENTER too many times') # Encrypt password with AES: pw = self.encrypt(ip, pw) logging.debug('Encrypted Hash: {0}'.format(pw)) # Convert to base64 and str pw = str(base64.b64encode(pw), 'utf8') intent = 'AUTH_SETNEW:{0}:{1}:{2}:{3}'.format(localInfo.HOST, localInfo.PORT, username, pw) # Socket creation self.sendIntent(intent, ip, port) logging.debug('SENT INTENT: {0}'.format(intent)) # Also call auth_req if the user has not authed yet logging.debug('Asking remote to auth') if not connections[ip].Authed: self.auth_req(msg, ip, port, 0)
def register_user(session, name, email, password): user = session.query(User).filter_by(email=email).first() if user: raise AccountExists('That email is already registered') if len(password) < 8: raise InvalidPassword('Password must be at least 8 characters long') user = User(name=name, email=email, password=bcrypt_sha256.hash(password)) session.add(user) session.commit() return user
def register(): if not logged_in(): if request.method == 'GET': if request.args.get('token'): return render_template('register.html', token=request.args.get('token')) elif request.method == 'POST' and len(request.form) == 5: errors = [] if len(request.form['username']) > 0 and User.query.filter_by( name=request.form['username']).first(): errors.append('This username is taken') else: name = request.form['username'] if re.match(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", request.form['email']): if User.query.filter_by(email=request.form['email']).first(): errors.append('This email has already been used') else: email = request.form['email'] else: errors.append('Invalid email') if len(request.form['token']) > 0: invite = Invite.query.filter_by( token=request.form['token']).first() if invite and not invite.expired(): invite.used = True else: errors.append('Token is invalid or may have expired') else: errors.append('Token cannot be empty') if len(request.form['password']) > 0: password = bcrypt.hash(request.form['password']) else: errors.append('Password cannot be blank') if len(errors) > 0: return jsonify(errors) else: user = User(name, email, password) db.session.add(user) db.session.commit() db.session.close() return redirect(url_for('auth.login')) return render_template('register.html') return redirect(url_for('core.home'))
def register(): if request.method == "GET": return serve_template("register.html") username = request.form.get("username") password = request.form.get("password") password_repeated = request.form.get("password_repeated") admin_code = request.form.get("code") admin_value = False if not username or not password or not password_repeated: add_alert(Alert("Error", "danger", "All fields must be filled out.")) return serve_template("register.html") if password != password_repeated: add_alert(Alert("Error", "danger", "Passwords must match.")) return serve_template("register.html") # User already exists if User.query.filter_by(username=username).first(): add_alert(Alert("Error", "danger", "User already exists.")) return serve_template("register.html") if request.form.get("admin"): if check_admin_code(admin_code): admin_value = True else: add_alert(Alert("Error", "danger", "Wrong or no Admin Code.")) return serve_template("register.html") try: password = bcrypt_sha256.hash(password) user = User(username, password, admin=admin_value) db.session.add(user) db.session.commit() if admin_value: add_alert(Alert("Success", "success", "New Admin registered")) return redirect("index") else: add_alert(Alert("Success", "success", "New User registered")) return redirect("index") except Exception as e: db.session.rollback() abort(500)
def __init__(self, userID, userName="******", userPassword="", hashPass=True, isAdmin=False, sessionID=None): self.name = userName self.isAdmin = isAdmin self.userID = userID if sessionID: self.sessionID = sessionID else: self.sessionID = str(uuid.uuid4())[-12:] self.id = self.sessionID if hashPass: self.password = "" if (userPassword == "") else bcrypt_sha256.hash(userPassword) else: self.password = userPassword
def setup(): if not is_setup(): if request.method == 'POST' and len(request.form) == 5: errors = [] if len(request.form['username']) > 0 and User.query.filter_by( name=request.form['username']).first(): errors.append('This username is taken') else: name = request.form['username'] if re.match(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", request.form['email']): if User.query.filter_by(email=request.form['email']).first(): errors.append('This email has already been used') else: email = request.form['email'] else: errors.append('Invalid email') if len(request.form['team_name']) > 0: team = request.form['team_name'] else: errors.append('Team name cannot be empty') if len(request.form['password']) > 0: password = bcrypt.hash(request.form['password']) else: errors.append('Password cannot be blank') if len(errors) > 0: return jsonify(errors) else: user = User(name, email, password) user.admin = True db.session.add(user) db.session.add(Config('TEAM_NAME', team)) db.session.add(Config('SETUP', "True")) db.session.commit() return redirect(url_for('auth.login')) return render_template('setup.html') return redirect(url_for('core.home'))
def register(): form = RegisterForm(request.form) if request.method == 'POST' and form.validate(): name = form.name.data email = form.email.data password = bcrypt_sha256.hash(str(form.password.data)) # Create cursor cursor = mysql.connection.cursor() # Execute query cursor.execute("INSERT INTO t_user(use_name, use_email, password) VALUES(%s, %s, %s)", (name, email, password)) # Commit to database mysql.connection.commit() # Close cursor cursor.close() flash('You are now registered and can log in', 'success') return redirect(url_for('login')) return render_template('register.html', form=form)
def generate_passw(passw: str) -> str: # bcrypt has 2 issues 1. it will quit on null byte and had maximum # capicity of 72 bytes, passlib solves those issues by hashing password # using sha256 algorithm and after bcrypting this hash. return bcrypt_sha256.hash(passw)
def hash_password(plaintext): return bcrypt_sha256.hash(str(plaintext))
def set_password(self, password): self.password_hash = bcrypt_sha256.hash(password)
def hash_password(senha): return bcrypt_sha256.hash(senha)
def Crypter(args): if args.encrypt == 'pbkdf2_sha256': return pbkdf2_sha256.hash(args.text) elif args.encrypt == 'oracle11': return oracle11.hash(args.text) elif args.encrypt == 'argon2': return argon2.hash(args.text) elif args.encrypt == 'bcrypt': return bcrypt.hash(args.text) elif args.encrypt == 'bcrypt_sha256': return bcrypt_sha256.hash(args.text) elif args.encrypt == 'cisco_asa': return cisco_asa.hash(args.text) elif args.encrypt == 'cisco_pix': return cisco_pix.hash(args.text) elif args.encrypt == 'cisco_type7': return cisco_type7.hash(args.text) elif args.encrypt == 'bigcrypt': return bigcrypt.hash(args.text) elif args.encrypt == 'bsdi_crypt': return bsdi_crypt.hash(args.text) elif args.encrypt == 'des_crypt': return des_crypt.hash(args.text) elif args.encrypt == 'hex_md4': return hex_md4.hash(args.text) elif args.encrypt == 'hex_md5': return hex_md5.hash(args.text) elif args.encrypt == 'hex_sha1': return hex_sha1.hash(args.text) elif args.encrypt == 'hex_sha256': return hex_sha256.hash(args.text) elif args.encrypt == 'hex_sha512': return hex_sha512.hash(args.text) elif args.encrypt == 'django_bcrypt': return django_bcrypt.hash(args.text) elif args.encrypt == 'django_disabled': return django_disabled.hash(args.text) elif args.encrypt == 'django_bcrypt_sha256': return django_bcrypt_sha256.hash(args.text) elif args.encrypt == 'django_des_crypt': return django_des_crypt.hash(args.text) elif args.encrypt == 'django_pbkdf2_sha1': return django_pbkdf2_sha1.hash(args.text) elif args.encrypt == 'django_pbkdf2_sha256': return django_pbkdf2_sha256.hash(args.text) elif args.encrypt == 'django_salted_md5': return django_salted_md5.hash(args.text) elif args.encrypt == 'django_salted_sha1': return django_salted_sha1.hash(args.text) elif args.encrypt == 'fshp': return fshp.hash(args.text) elif args.encrypt == 'ldap_bcrypt': return ldap_bcrypt.hash(args.text) elif args.encrypt == 'ldap_md5': return ldap_md5.hash(args.text) elif args.encrypt == 'ldap_plaintext': return ldap_plaintext.hash(args.text) elif args.encrypt == 'ldap_sha1': return ldap_sha1.hash(args.text) elif args.encrypt == 'ldap_bsdi_crypt': return ldap_bsdi_crypt.hash(args.text) elif args.encrypt == 'ldap_hex_md5': return ldap_hex_md5.hash(args.text) elif args.encrypt == 'ldap_hex_sha1': return ldap_hex_sha1.hash(args.text) elif args.encrypt == 'ldap_md5_crypt': return ldap_md5_crypt.hash(args.text) elif args.encrypt == 'ldap_pbkdf2_sha1': return ldap_pbkdf2_sha1.hash(args.text) elif args.encrypt == 'ldap_pbkdf2_sha256': return ldap_pbkdf2_sha256.hash(args.text) elif args.encrypt == 'ldap_pbkdf2_sha512': return ldap_pbkdf2_sha512.hash(args.text) elif args.encrypt == 'ldap_salted_md5': return ldap_salted_md5.hash(args.text) elif args.encrypt == 'ldap_salted_sha1': return ldap_salted_sha1.hash(args.text) elif args.encrypt == 'ldap_sha1_crypt': return ldap_sha1_crypt.hash(args.text) elif args.encrypt == 'ldap_sha256_crypt': return ldap_sha256_crypt.hash(args.text) elif args.encrypt == 'ldap_sha512_crypt': return ldap_sha512_crypt.hash(args.text) elif args.encrypt == 'apr_md5_crypt': return apr_md5_crypt.hash(args.text) elif args.encrypt == 'md5_crypt': return md5_crypt.hash(args.text) elif args.encrypt == 'plaintext': return plaintext.hash(args.text) elif args.encrypt == 'unix_disabled': return unix_disabled.hash(args.text) elif args.encrypt == 'unix_fallback': return unix_fallback.hash(args.text) elif args.encrypt == 'mssql2000': return mssql2000.hash(args.text) elif args.encrypt == 'mssql2005': return mssql2005.hash(args.text) elif args.encrypt == 'mysql323': return mysql323.hash(args.text) elif args.encrypt == 'mysql41': return mysql41.hash(args.text) elif args.encrypt == 'atlassian_pbkdf2_sha1': return atlassian_pbkdf2_sha1.hash(args.text) elif args.encrypt == 'cta_pbkdf2_sha1': return cta_pbkdf2_sha1.hash(args.text) elif args.encrypt == 'dlitz_pbkdf2_sha1': return dlitz_pbkdf2_sha1.hash(args.text) elif args.encrypt == 'grub_pbkdf2_sha512': return grub_pbkdf2_sha512.hash(args.text) elif args.encrypt == 'pbkdf2_sha1': return pbkdf2_sha1.hash(args.text) elif args.encrypt == 'pbkdf2_sha512': return pbkdf2_sha512.hash(args.text) elif args.encrypt == 'phpass': return phpass.hash(args.text) elif args.encrypt == 'roundup_plaintext': return roundup_plaintext.hash(args.text) elif args.encrypt == 'sun_md5_crypt': return sun_md5_crypt.hash(args.text) elif args.encrypt == 'scram': return scram.hash(args.text) elif args.encrypt == 'scrypt': return scrypt.hash(args.text) elif args.encrypt == 'sha1_crypt': return sha1_crypt.hash(args.text) elif args.encrypt == 'sha256_crypt': return sha256_crypt.hash(args.text) elif args.encrypt == 'sha512_crypt': return sha512_crypt.hash(args.text) elif args.encrypt == 'bsd_nthash': return bsd_nthash.hash(args.text) elif args.encrypt == 'lmhash': return lmhash.hash(args.text) elif args.encrypt == 'nthash': return nthash.hash(args.text)
def generate_hash(password): return sha256.hash(password)
def process_bind_param(self, value: str, dialect) -> str: return bcrypt_sha256.hash(value)
def password(self, value): self._password = bcrypt_sha256.hash(value)
def hash_password(cls, password: str) -> str: """Returns a hashed and salted password.""" return bcrypt_sha256.hash(password)
def hash_password(password: str) -> str: return bcrypt_sha256.hash(password)
def my_bcrypt_sha256(self, password): return bcrypt_sha256.hash(password)