Ejemplo n.º 1
0
    def post(self):
        email = request.get_json().get('email', None)

        if not email:
            return {'status': 'error'}

        # User exists, login
        user = User.query.filter_by(email=email).first()
        if user and user.type != '':
            token = create_token(user.id)

            return {
                'status': 'success',
                'token': token,
                'user_type': user.type,
            }
        # User doesn't exist or user hasn't filled out their profile
        else:
            if not user:
                # First name, last name and user type are set in the profile
                # creation page
                user = User(email=email, firstname='', lastname='', type='')

            db.session.add(user)
            db.session.commit()

            token = create_token(user.id)

            return {'status': 'success', 'token': token, 'msg': 'new_user'}
Ejemplo n.º 2
0
	def post(self):
		username = self.get_argument("username", default=None, strip=False)
		password = self.get_argument("password", default=None, strip=False)

		cursor = conf.DB_CONN.execute("""
			SELECT 
				id,
				hash_scheme, 
				passhash 
			FROM 
				Users 
			WHERE 
				username=?
		""", (username,))

		r = cursor.fetchone()
		if not r:
			# To simplify code path
			user_id, hash_scheme, passhash = (0, conf.DEFAULT_SCHEME, '')
		else:
			user_id, hash_scheme, passhash = r

		if conf.HASH_SCHEMES[hash_scheme].verify(password, passhash):
			token = create_token(user_id)
			self.write(token)
		else:
			self.set_status(401)
Ejemplo n.º 3
0
def register(email, password):
    """
    generates a random salt, salts the password and saves
    """
    if not email:
        return (False, "Empty email") 

    if not password:
        return (False, "Empty password") 

    if not EMAIL_CHECK.match(email):
        return (False, "Invalid email") 

    password = password.strip()
    if len(password) < 6:
        return (False, "Invalid password") 

    salt = get_salt()
    token = create_token().lower()
    
    m = sha1()
    m.update(salt + password)
    res = DB().create_user(email, salt, m.hexdigest(), token)
    if res[0]:
        send_new_user_notification(email, token)
    return res
Ejemplo n.º 4
0
def login():
    if request.method == 'POST':
        # { k:v[0] for k, v in dict(request.form).items() }
        username = request.form.get('username')
        password = request.form.get('password')
        if not username or not password:
            print 2
            return json.dumps({'code' : 1, 'errmsg' : 'your must input login username and password.'})

        query_result = app.config['mysqlconn'].get_one_result(table_name='user', fields=['password', 'role'], where={'name':username})
        if not query_result:
            return json.dumps({'code' : 1, 'errmsg' : 'user not exists.'})

        if query_result.get('password') != hashlib.md5(password).hexdigest():
            return json.dumps({'code' : 1, 'errmsg' : 'password error.'})
        else:
            data = {'last_login_time' : time.strftime('%Y-%m-%d %H:%M:%S')}
            app.config['mysqlconn'].execute_update_sql(table_name='user', data=data, where={'name' : username})

            role = query_result.get('role')
            token = create_token(username, role, app.config['passport'])

            decode_token_result = valid_token(token, app.config['passport'])
            session['token'] = token
            session['username'] = username
            return json.dumps({'code' : 0, 'result' : 'login sucessful.'})
    return render_template('login.html')
Ejemplo n.º 5
0
 def successful_login(self, email):
     conn = self.get_connection()
     auth_token = create_token()
     cur = conn.cursor()
     cur.execute('update users set tries = 0, auth_token=? where email = ? ', (auth_token,email,))
     conn.commit() 
     return auth_token
Ejemplo n.º 6
0
def login():
    data = json.loads(request.get_data())
    user = database.user.find_one({
        'username':
        re.compile('^%s$' % data['username'], re.IGNORECASE),
        'password':
        data['password']
    })
    return jsonify({'data': {'token': create_token(str(user['_id'])), 'username': user['username']}, 'message': 'success', 'code': 20000}) \
        if user != None else jsonify({'message': 'You entered an incorrect username or password', 'code': 20000})
Ejemplo n.º 7
0
 def get(self, request, format=None):
     email = request.GET.get('email', '').lower()
     password = request.GET.get('password', '')
     user = authenticate(username=email, password=password)
     data = {}
     if user:
         data['result'] = 'success'
         data['uid'] = user.id
         data['token'] = create_token(user)
     else:
         data['result'] = 'failed'
     return Response(data)
Ejemplo n.º 8
0
async def badge(msg: Message) -> None:
    admin_rank = msg.user.rank(msg.conn.main_room)

    rooms: Dict[str, str] = {}

    for room in msg.user.rooms:
        rooms[room.roomid] = msg.user.rank(room) or " "

    token_id = utils.create_token(rooms, 1, admin_rank)
    userid = utils.to_user_id(msg.arg or msg.user.userid)

    await msg.user.send(f"{msg.conn.domain}badges/{userid}?token={token_id}")
Ejemplo n.º 9
0
def create(request):
  values = {}
  if request.META["REQUEST_METHOD"] == "POST":
    valid, error = utils.check_auth_token(request.POST['username'])
    if valid:
      utils.create_user(request.POST['username'], request.POST['password'], request.POST['google_wave_address'])
      values['user_created'] = True
    else:
      values['token_failed'] = True
      values['error'] = error
  if 'user_created' not in values:
    values['token'] = utils.create_token()
  return render_to_response('create.html', values)
Ejemplo n.º 10
0
    def post_connect(self, request, user, action):
        next_redirect = request.GET.get('ref', '')
        if next_redirect:
            if user:
                token = create_token(user)
                next_redirect += '#?token=' + token
                next_redirect += '&uid=' + str(user.id)
                next_redirect += '&res=1'
            else:
                next_redirect += '#?res=0'
            return redirect(next_redirect)

        return super(RegistrationBackend, self).post_connect(
            request, user, action)
Ejemplo n.º 11
0
def login():

    if request.method == 'POST':
        # Extract request data
        username = request.form['username']
        password = request.form['pass']
        remember_me = request.form.get('remember-me') == 'on'

        next_page = request.args.get('next')
        if next_page is not None and not request.host in next_page:
            # Redirect is not on same domain (or any subdomain of) our current domain. Abort!
            abort(404)

        # Query database for username
        query = USER.select().where(USER.username == username)

        if not query.exists():
            # Send back to login page
            return redirect(url_for('login'))
        else:
            user = query.dicts().get()

        # Validate password
        hashed_pass = user.pop('password')    # Removing password from dict
        if not bcrypt.checkpw(password.encode(), hashed_pass.encode()):
            return redirect(url_for('login', next=next_page))      

        # Construct token
        expire_in = datetime.timedelta(seconds=TOKEN_EXPIRATION_TIME)

        auth_token = utils.create_token(
            {
                'id': user['id']
            },
            expire_in,
            TOKEN_SECRET
        )

        # Return and set token inside cookie
        resp = redirect(next_page) if next_page is not None else make_response(jsonify(success=True))
        resp.set_cookie(COOKIE_NAME, 
                        auth_token.decode(), 
                        domain=COOKIE_DOMAIN, 
                        max_age=expire_in.total_seconds() if remember_me else None) # Set as a session cookie if remember_me is not checked

        return resp

    # Fetch next parameter from query
    action = url_for('login', next=request.args.get('next'))
    return render_template('login.html', APP_NAME=APP_NAME, ACTION=action)
Ejemplo n.º 12
0
def handleLogin(code: schemas.Authcode, db: Session = Depends(get_db)):
    # 获取用户信息
    res_dic = utils.getUserinfo(code.dict()['code'])
    # 数据库中查询用户身份,如果是管理员则授权码为1并生成有效token,否则为0,token为空
    user = db.query(models.User).filter(
        res_dic['user_info']['openid'] == models.User.Openid).first()
    if user:
        if user.Authorized:
            authcode = 1
        else:
            authcode = 0
        token = utils.create_token(res_dic['user_info']['openid'])
    else:
        # 如果用户不在数据库内,则在其token内加入department属性
        authcode = 0
        department = utils.getDepartment(res_dic['user_info']['unionid'])
        token = utils.create_token(res_dic['user_info']['openid'], department,
                                   res_dic['user_info']['nick'])
    return {
        'access_token': token,
        'token_type': 'bearer',
        'nick': res_dic['user_info']['nick'],
        'authcode': authcode
    }
Ejemplo n.º 13
0
async def quotelist(conn: Connection, room: Optional[str], user: str,
                    arg: str) -> None:
    quoteroom = arg.split(",")[0]

    db = Database()
    quotes_n = db.execute("SELECT COUNT(*) FROM quotes WHERE roomid = ?",
                          [quoteroom]).fetchone()
    if not quotes_n[0]:
        await conn.send_reply(room, user, "Nessuna quote da visualizzare.")
        return

    message = f"{conn.domain}quotes/{quoteroom}"
    if utils.is_private(conn, quoteroom):
        token_id = utils.create_token(" ", [quoteroom])
        message += f"?token={token_id}"
    await conn.send_reply(room, user, message)
Ejemplo n.º 14
0
def login(request):
    user, password = request.data["user"], request.data["password"]
    user_id = check_user_login(user, password)
    if user_id:
        token = create_token(user_id)
        login_response = {'message': token, 'status_code': 200}
        login_response = ResponseSerializer(login_response).data
        return Response(login_response)
    elif user_id is None:
        login_response = {
            'message': "The user was not found",
            'status_code': 404
        }
        return Response(ResponseSerializer(login_response).data)
    else:
        login_response = {'message': "User login failed", 'status_code': 403}
        return Response(ResponseSerializer(login_response).data)
Ejemplo n.º 15
0
async def dashboard(conn: Connection, room: Optional[str], user: str, arg: str) -> None:
    userid = utils.to_user_id(user)
    for r in conn.rooms:
        users = Room.get(r).users
        if userid in users and utils.is_driver(users[userid]["rank"]):
            rank = users[userid]["rank"]
            break
    else:
        return

    private_rooms = [r for r in conn.private_rooms if userid in Room.get(r).users]

    token_id = utils.create_token(rank, private_rooms, 1)

    await conn.send_pm(
        user, "{url}?token={token}".format(url=conn.domain, token=token_id)
    )
Ejemplo n.º 16
0
def test_create_token(
    rooms: Dict[str, str], expire_minutes: int, admin: Optional[str]
) -> None:
    token_id = utils.create_token(rooms, expire_minutes, admin)
    db = Database.open()
    with db.get_session() as session:
        tokens = session.query(d.Tokens).filter_by(token=token_id).all()
        room_tokens = {i.room: i.rank for i in tokens if i.room is not None}
        global_tokens = [i.rank for i in tokens if i.room is None]
        assert room_tokens == rooms
        if admin is not None:
            assert global_tokens == [admin]
        else:
            assert global_tokens == []
        for token in tokens:
            delta = datetime.utcnow() - datetime.fromisoformat(token.expiry)
            # 5 seconds should be more than enough
            assert abs(delta.total_seconds()) - expire_minutes * 60 < 5
Ejemplo n.º 17
0
def send_deletion_email(poll_id):
    """View function for send poll deletion email page."""
    # Query database for poll details.
    row = db_funcs.get_poll(poll_id)
    if row is None:
        abort(404)
    if row["email"] is None:
        flash("No email recorded for this poll")
        return redirect(url_for("polls.get_poll", poll_id=poll_id))
    form = CaptchaOnlyForm()
    if request.method == "GET":
        # Send user the captcha.
        return render_template("send_deletion_email.html", form=form)
    # It's a POST.
    # Check for captcha completion or ignore if debug
    if not form.validate_on_submit() and not current_app.config["DEBUG"]:
        for error in form.errors:
            flash(error)
            return render_template("send_deletion_email.html", form=form)
    # Create expiring single-use token recording poll id and deletion op.
    token = utils.create_token("delete_poll", poll_id)
    # Render the template to put in an email.
    email_html = render_template("EMAIL_deletion_link.html",
                                 poll_id=poll_id, title=row["title"],
                                 token=token)
    try:
        send_mail("Confirm poll deletion",
                  email_html,
                  "*****@*****.**",
                  row["email"])
        flash("Email sent")
        # Success, redirect back to poll.
        return redirect(url_for("polls.get_poll", poll_id=poll_id))
    except Exception as e:
        flash("Problem sending email, administrator notified")
        current_app.logger.error("Problem sending email: {0}".format(e))
        # Failure, redirect back to deletion page.
        return redirect(url_for("polls.delete_poll", poll_id=poll_id))
Ejemplo n.º 18
0
	def post(self):
		super_token = self.get_argument("super_token", default=None, strip=False)
		username    = self.get_argument("username"   , default=None, strip=False)
		email       = self.get_argument("email"      , default=None, strip=False)
		password    = self.get_argument("password"   , default=None, strip=False)

		# Only allow root to create users.
		if not (get_user(super_token) and get_user(super_token)[1] == 'root'):
			self.set_status(401)
			return

		cursor = conf.DB_CONN.execute("""
			INSERT INTO Users
				(username, email, hash_scheme, passhash)
			VALUES
				(?, ?, ?, ?)
			""", (username, email, conf.DEFAULT_SCHEME, conf.DEFAULT_HASHER(password))
		)
		conf.DB_CONN.commit()

		# TODO potential race condition if tornado is multithreaded
		token = create_token(cursor.lastrowid)
		self.write(token)
Ejemplo n.º 19
0
def login():
    if request.method == 'POST':
        # { k:v[0] for k, v in dict(request.form).items() }
        username = request.form.get('username')
        password = request.form.get('password')
        if not username or not password:
            print 2
            return json.dumps({
                'code':
                1,
                'errmsg':
                'your must input login username and password.'
            })

        query_result = app.config['mysqlconn'].get_one_result(
            table_name='user',
            fields=['password', 'role'],
            where={'name': username})
        if not query_result:
            return json.dumps({'code': 1, 'errmsg': 'user not exists.'})

        if query_result.get('password') != hashlib.md5(password).hexdigest():
            return json.dumps({'code': 1, 'errmsg': 'password error.'})
        else:
            data = {'last_login_time': time.strftime('%Y-%m-%d %H:%M:%S')}
            app.config['mysqlconn'].execute_update_sql(
                table_name='user', data=data, where={'name': username})

            role = query_result.get('role')
            token = create_token(username, role, app.config['passport'])

            decode_token_result = valid_token(token, app.config['passport'])
            session['token'] = token
            session['username'] = username
            return json.dumps({'code': 0, 'result': 'login sucessful.'})
    return render_template('login.html')
Ejemplo n.º 20
0
 def test_expired_token(self):
     token = create_token('*****@*****.**', expiration_time=-1)
     assert is_token_valid(token) == False
Ejemplo n.º 21
0
def get_salt():
    return create_token()