def login():
''' auth endpoint '''
header_data = parse_qs(request)
print(request)
data = validate_user(header_data)
if data['ok']:
data = data['data']
user = db.users.find_one({'email': data['email']}, {"_id": 0})
if user and flask_bcrypt.check_password_hash(user['password'],
data['password']):
del user['password']
access_token = create_access_token(identity=data)
refresh_token = create_refresh_token(identity=data)
user['token'] = access_token
user['refresh'] = refresh_token
return jsonify({'ok': True, 'data': user}), 200
else:
return jsonify({
'ok': False,
'message': 'invalid username or password'
}), 401
else:
return jsonify({
'ok':
False,
'message':
'Bad request parameters: {}'.format(data['message'])
}), 400
def post(self):
args = self.parser.parse_args()
user = User.query.filter_by(username=args['username']).first()
if user and flask_bcrypt.check_password_hash(user.password, args['password']):
token = user.generate_auth_token()
return jsonify({'username':user.username, 'id':user.id, 'token':base64.b64encode(token+':x')})
return '', 401
def auth_user():
'''auth endpoint '''
data = validate_user(request.get_json())
if data['ok']:
data = data['data']
user = mongo.db.users.find_one({'email': data['email']}, {"_id": 0})
LOG.debug(user)
if user and flask_bcrypt.check_password_hash(user['password'],
data['password']):
del user['password']
access_token = create_access_token(identity=data)
refresh_token = create_refresh_token(identity=data)
user['token'] = access_token
user['refresh'] = refresh_token
return jsonify({'ok': True, 'data': user}), 200
else:
return jsonify({
'ok': False,
'message': 'Invalid username or password'
}), 401
else:
return jsonify({
'ok':
False,
'message':
'Bad request parameters: {}'.format(data['message'])
}), 400
def authenticate_user(email, password):
"""
Create an user in the database
:param email: String, user email. Ie, "*****@*****.**"
:param password: String, user's password. Ie, "my-password"
"""
try:
user = UserManager.get_user_by_email(email)
if not user:
raise GeneralException(message="User does not exists",
status_code=400)
password_hash = flask_bcrypt.check_password_hash(
user.password, password)
if user and password_hash:
return create_access_token(
identity={
'user_id': str(user.id),
'first_name': user.first_name,
'last_name': user.last_name,
'email': email
})
else:
raise GeneralException(
message="User and password didn't match", status_code=400)
except Exception:
raise
def signin():
form = SigninForm(request.form)
if form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user is None:
# form.email.errors.append('Email or password did not match')
return redirect(url_for('authentication.signin'))
elif flask_bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user, form.remember_me.data)
session['signed'] = True
session['username'] = user.email
g.user = user
if session.get('next'):
next_page = session.get('next')
session.pop('next')
return redirect(url_for('portfolio.user_home'))
else:
return redirect(url_for('portfolio.user_home'))
else:
# form.password.errors.append('Email or password did not match')
return render_template('login.html',
login_form=SigninForm(),
register_form=SignupForm())
return render_template('login.html',
login_form=SigninForm(),
register_form=SignupForm())
def login():
error_message = ''
if request.method == 'POST':
#if not recaptchaCheck(request.form['g-recaptcha-response']):
#return '请点击人机身份验证!'
# check form keys
if 'email' in request.form and 'password' in request.form:
user = User.from_email(request.form['email'])
if user is None:
error_message = '此邮箱可能并未注册'
current_app.logger.debug('此邮箱可能并未注册!')
elif not flask_bcrypt.check_password_hash(
user.password,
request.form['password'],
):
error_message = '登录密码不正确'
current_app.logger.debug('登录密码不正确!')
elif (user.expire_t.date() - datetime.date.today()).days < 0:
error_message = '账户已过期'
current_app.logger.debug('账户已过期!')
else:
if login_user(user, remember=True):
current_app.logger.debug('登录成功!')
return redirect('/userGameStatuses')
else:
error_message = '登录失败'
current_app.logger.debug('登录失败!')
return render_template('/auth/login.html', error_message=error_message)
def auth_user():
data = validate_user_login(request.get_json())
if data['ok']:
data = data['data']
user = None
user = Users.query.filter_by(login=data['login']).first()
if user and flask_bcrypt.check_password_hash(user.password,
data['password']):
del user.password
access_token = create_access_token(identity=user.json())
refresh_token = create_refresh_token(
identity=user.json()) # Why it set
return jsonify({
'ok': True,
'access_token': access_token,
'refresh_token': refresh_token,
'user': user.json()
}), 200
else:
return jsonify({
'ok': False,
'message': 'Invalid credentials'
}), 401
else:
return jsonify({
'ok':
False,
'message':
'Bad request parameters: {}'.format(data['message'])
}), 400
def auth_user():
data = validate_user(request.get_json())
if data['ok']:
data = data['data']
user = User.query.filter_by(name=data['name']).first()
if user and flask_bcrypt.check_password_hash(user.password,
data['password']):
del user.password
access_token = create_access_token(identity=data)
refresh_token = create_refresh_token(identity=data)
user.token = access_token
user.refresh = refresh_token
return jsonify({
'ok': True,
'access_token': access_token,
'refresh_token': refresh_token
}), 200
else:
return jsonify({
'ok': False,
'message': 'Invalid credentials'
}), 401
else:
return jsonify({
'ok':
False,
'message':
'Bad request parameters: {}'.format(data['message'])
}), 400
def check_password(id, password):
from app import flask_bcrypt
user = User.get_by_id(id)
try:
result = flask_bcrypt.check_password_hash(user.password, password)
except ValueError:
return False
return result
def post(self):
form = SessionCreateForm()
if not form.validate_on_submit():
return form.errors, 422
user = User.query.filter_by(email=form.email.data).first()
if user and flask_bcrypt.check_password_hash(user.password, form.password.data):
return UserSerializer(user).data, 201
return '', 401
def post(self):
form = SessionCreateForm()
if not form.validate_on_submit():
return form.errors, 422
user = User.query.filter_by(email=form.email.data).first()
if user and flask_bcrypt.check_password_hash(user.password, form.password.data):
return UserSerializer(user).data, 201
return '', 401
def login():
if request.method == "GET":
return render_template("/user-login.html")
email = request.form["email"]
password = request.form["password"]
user = User.query.filter_by(email=email).first()
if user and flask_bcrypt.check_password_hash(user.password, password):
if login_user(user):
return redirect(url_for(".root"))
else:
flash("Invalid email or password")
return render_template("/user-login.html")
def login_user_page():
username = request.values.get('username').lower()
password = request.values.get('password')
#print("name: {} pass: {}".format(username, password))
try:
user = User.query.filter_by(username=username).one()
except:
return ('This username doesn\'t exist')
pass_check = flask_bcrypt.check_password_hash(user.password_hash, password)
if (pass_check):
login_user(user)
return ('success')
else:
return ('Incorrect Password')
def login():
form = LoginForm()
if form.validate_on_submit():
email = request.form['email']
password = request.form['password']
user = Users.query.filter_by(email=email).first()
if user and flask_bcrypt.check_password_hash(user.password, password):
login_user(user)
flash('Logged In')
return redirect('/')
return render_template('auth/login.html', form=form)
def login():
if request.method == "POST" and "email" in request.form:
email = request.form["email"]
userObj = User()
user = userObj.get_by_email_w_password(email)
if user and flask_bcrypt.check_password_hash(
user.password, request.form["password"]) and user.is_active:
remember = request.form.get("remember", "no") == "yes"
if login_user(user, remember=remember):
flash("Logged in!")
return redirect('/notes/create')
else:
flash("unable to log you in")
return render_template("/auth/login.html")
def login():
if request.method == 'GET':
return render_template("/user-login.html")
email = request.form["email"]
password = request.form["password"]
user = User.query.filter_by(email=email).first()
if user and flask_bcrypt.check_password_hash(user.password, password):
if login_user(user):
return redirect(url_for('.root'))
else:
flash("Invalid email or password")
return render_template("/user-login.html")
def login():
if request.method == "POST" and "email" in request.form:
email = request.form["email"]
u = User()
user = u.get_by_email_w_password(email)
if user and flask_bcrypt.check_password_hash(user.password, request.form["password"]) and user.is_active():
remember = request.form.get("remember", "no") == "no"
if login_user(user, remember=remember):
return redirect('/events/create')
else:
pass
return render_template("/auth/login.html")
def login():
if request.method == "POST" and "email" in request.form:
email = request.form["email"]
userObj = User()
user = userObj.get_by_email_w_password(email)
if user and flask_bcrypt.check_password_hash(user.password,request.form["password"]) and user.is_active():
# remember = request.form.get("remember", "no") == "yes"
if login_user(user, remember=True):
flash("Logged in!")
return redirect('/home')
else:
flash("unable to log you in")
return render_template("/auth/login.html")
def login():
if request.method == "POST" and "username" in request.form:
username = request.form["username"]
userObj = User()
user = userObj.get_by_username_w_password(username)
if user and flask_bcrypt.check_password_hash(user.password,request.form["password"]) and user.is_active:
print(user.is_active)
remember = request.form.get("remember","no") == "yes"
if login_user(user,remember=remember):
flash("Logged in!")
return render_template("logined.html")
else:
flash("unable to log you in")
return render_template("login.html")
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and flask_bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user)
flash('Welcome %s %s. You have logged in successfully.'
% (user.firstname, user.lastname))
return redirect(url_for('main.index'))
else:
flash('User not found.')
form.email.data = ''
form.password.data = ''
return render_template('auth/login.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and flask_bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user)
flash('Welcome %s %s. You have logged in successfully.'
% (user.en_firstname, user.en_lastname))
return redirect(url_for('main.index'))
else:
flash('User not found.')
form.email.data = ''
form.password.data = ''
return render_template('auth/login.html', form=form)
def login():
if request.method == "POST" and "username" in request.form:
username = request.form["username"]
u = User()
user = u.get_by_username_w_password(username)
if user and flask_bcrypt.check_password_hash(
user.password, request.form["password"]) and user.is_active():
remember = request.form.get("remember", "no") == "no"
if login_user(user, remember=remember):
return redirect('/events/create')
else:
pass
return render_template("auth/login.html")
def change_password():
error = None
old_password = request.form['oldPassword']
new_password = flask_bcrypt.generate_password_hash(request.form['newPassword'], rounds=12)
#Retrieve logged-in doctor document, to populate his profile page
doctor_doc = Users.objects.get(id=current_user.get_id())
if not flask_bcrypt.check_password_hash(doctor_doc["password"], old_password):
error = 'Fjalekalimi gabim! Kerkesa juaj per ndryshim te fjalekalimit nuk u ekzekutua.'
return render_template('doc_profile/doc_profile.html', message=error,type="error", doctor_doc=doctor_doc)
elif request.form['newPassword'] != request.form['passwordConfirm']:
error = 'Fjalekalimet nuk jane te njejta! Kerkesa juaj per ndryshim te fjalekalimit nuk u ekzekutua.'
return render_template('doc_profile/doc_profile.html', message=error, type="error", doctor_doc=doctor_doc)
else:
doctor_doc.update(password=new_password)
success = "Ndryshimi fjalekalimit u krye me sukses!"
return render_template('doc_profile/doc_profile.html', message=success, type="success", doctor_doc=doctor_doc)
def auth_user():
''' auth endpoint '''
data = request.get_json()
user = db.get_by_query({'email': data['email']})
if user and flask_bcrypt.check_password_hash(user['password'],
data['password']):
del user['password']
access_token = create_access_token(identity=data)
refresh_token = create_refresh_token(identity=data)
user['token'] = access_token
user['refresh'] = refresh_token
return jsonify({'ok': True, 'data': user}), 200
else:
return jsonify({
'ok': False,
'message': 'invalid username or password'
}), 401
def post(cls):
from app import flask_bcrypt
data = _parser.parse_args()
user = UserModel.find_by_username(data['username'])
if user and flask_bcrypt.check_password_hash(user.password_hash,
data['password']):
access_token = create_access_token(identity=user.id, fresh=True)
refresh_token = create_refresh_token(user.id)
return {
'access_token': access_token,
'refresh_token': refresh_token
}, 200
return {'message': 'Invalid credentials'}, 401
def login():
'''
Login request.
'''
form = LoginForm(request.form)
if request.method == 'POST':
try:
user = Users.objects.get(email=form.email.data)
if user['email'] == form.email.data and flask_bcrypt.check_password_hash(user['password'], form.password.data):
login_user(user)
current_app.logger.info("User '%s' logged in." % form.email.data)
return redirect(url_for('patient_directory.patients'))
else:
return render_template('mod_auth/login.html', message="ErrorData" ,form=form)
except DoesNotExist:
return render_template('mod_auth/login.html', message="ErrorData", form=form)
return render_template('mod_auth/login.html', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('listing'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if not user:
flash('No such User exists')
return render_template('login.html', form=form)
if (not flask_bcrypt.check_password_hash(user.password,
form.password.data)):
flash("Invalid Password.")
return render_template('login.html', form=form)
login_user(user, remember=True)
flash("you have logged in successfully.")
return redirect(url_for('listing'))
return render_template('login.html', form=form)
def auth_user():
"""Auth endpoint."""
data = validate_user(request.get_json())
if data.get('ok'):
data = data.get('data')
user_data = mongo.db.users.find_one({'email': data.get('email')}, {'_id': 0})
LOG.debug(user_data)
if user_data and flask_bcrypt.check_password_hash(user_data.get('password'), data.get('password')):
del user_data['password']
access_token = create_access_token(identity=data)
refresh_token = create_refresh_token(identity=data)
user_data['token'] = access_token
user_data['refresh'] = refresh_token
return jsonify({'ok': True, 'data': user_data}), 200
else:
return jsonify({'ok': False, 'message': 'Invalid username or password'}), 401
else:
return jsonify({'ok': False, 'message': 'Bad request parameters: {}'.format(data.get('message'))}), 400
def login():
if not current_user.is_anonymous:
flash("You have login before, return to homepage!")
return redirect('/')
form = LoginForm(request.form)
if request.method == 'POST':
user_obj = User()
email = form.email.data
password = form.password.data
remember = form.remember.data
user_obj.get_by_email(email, password_acquirement=True)
if flask_bcrypt.check_password_hash(user_obj.password, password):
login_user(user_obj, remember=remember)
flash("Logged in!")
else:
logging.debug('login-- user {} has input wrong password'.format(email))
return redirect('/')
return render_template('login.html', form=form)
def login():
if request.method == 'POST' and 'email' in request.form:
email = request.form['email']
user_obj = User()
user = user_obj.get_by_email_w_password(email)
if (
user and # user exists in db
flask_bcrypt.check_password_hash(
user.password,
request.form['password'],
) and # user pw stored matched
user.is_active # user is active now
):
remember = request.form.get('remember', 'no') == 'yes'
if login_user(user, remember=remember):
flash('登录成功!')
return redirect('/game')
else:
flash('登录失败!')
return render_template('/auth/login.html')
def post(self):
user_info = request.get_json(force=True)
exact_user = UserModel.query.filter_by(
email=user_info['email']).first()
if not exact_user:
return error_response(message="No associated account " +
"with this email. 😩",
status=404)
is_valid_password = BCrypt.check_password_hash(exact_user.password,
user_info['password'])
if not is_valid_password:
return error_response(message="Email or Password " +
"is not correct 😕",
status=401)
user_schema = UserSchema(exclude=['password', 'push_sub'])
user_info = user_schema.dump(exact_user)
token = create_access_token(identity={"id": exact_user.id})
return success_response(message='Logged in successfuly',
data=dict(token=token, user=user_info),
status=200)
def login():
"""User login functionality."""
if current_user.is_authenticated:
return redirect(url_for('snaps.listing'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(
username=form.username.data).first()
if not user:
flash("No such user exists")
return render_template('users/login.html', form=form)
if not flask_bcrypt.check_password_hash(
user.password, form.password.data):
flash("invalid password")
return render_template('users/login.html', form=form)
login_user(user, remember=True)
flash("Success! You are logged in.")
return redirect(url_for("snaps.listing"))
return render_template('users/login.html', form=form)
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('index'))
if request.method == "POST" and "email" in request.form:
email = request.form["email"]
userObj = User()
user = userObj.get_by_email_w_password(email)
if user and user.is_active() and flask_bcrypt.check_password_hash(user.password, request.form["password"]):
remember = request.form.get("remember", "no") == "yes"
if login_user(user, remember=remember):
flash("Logged In!")
identity_changed.send(current_app._get_current_object(),
identity = Identity(user.id))
return redirect(request.args.get('next') or '/jobs')
else:
flash("Unable to log you in")
form = LoginForm(request.form)
return render_template('forms/login.html', form=form)
def auth_user():
try:
data = validate_user(request.get_json())
if not data['ok']:
return jsonify({'ok': False, 'message': 'Bad request parameters: {}'.format(data['message'])}), 400
data = data['data']
user = mongo.db.users.find_one({'user': data['user'].upper()}, {'_id': False, 'role': False})
if not user or not flask_bcrypt.check_password_hash(user['password'], data['password']):
return jsonify({'ok': False, 'message': 'Usuario o contraseña incorrectos'}), 401
del user['password']
del data['password']
if not user['active']:
return jsonify({'ok': False, 'message': 'Usuario o contraseña incorrectos'}), 401
del user['active']
access_token = create_access_token(identity=data)
refresh_token = create_refresh_token(identity=data)
user['token'] = access_token
user['refresh'] = refresh_token
return jsonify({'ok': True, 'data': user}), 200
except:
return jsonify({'ok': False, 'message': 'Usuario o contraseña incorrectos'}), 401
def auth_user():
# auth endpoint
data = validate_user(request.get_json())
if data['ok']:
data = data['data']
found_user = mongo.db.users.find_one({'email': data['email']})
if found_user and flask_bcrypt.check_password_hash(
found_user['password'], data['password']):
del found_user['password']
found_user['token'] = create_access_token(identity=data)
found_user['refresh'] = create_refresh_token(identity=data)
return jsonify({'ok': True, 'data': found_user}), 200
else:
return jsonify({
'ok': False,
'message': 'invalid username or password'
}), 401
else:
return jsonify({
'ok':
False,
'message':
'Bad request parameters: {}'.format(data['message'])
}), 400
def login():
"""For GET requests, display the login form.
For POSTS, login the current user by processing the form.
"""
form = LoginForm(formdata=request.form)
if request.method == 'POST' and form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user:
if flask_bcrypt.check_password_hash(user.password,
form.password.data):
user.authenticated = True
db.session.add(user)
save_changes(db.session)
login_user(user, remember=True)
next_page = flask.request.args.get('next')
if not is_safe_url(next_page):
return flask.abort(400)
return redirect(next_page or url_for('home.home'))
if current_user and current_user.is_authenticated:
return redirect(url_for('home.home'))
return render_template('forms/login.html', form=form)
def verify_password(self, password):
return flask_bcrypt.check_password_hash(self.password, password)
def check_password(self, password):
return flask_bcrypt.check_password_hash(self.password_hash, password)
def check_password(self, password):
if not self.password_hash or not password:
return False
return flask_bcrypt.check_password_hash(self.password_hash, password)
def check_password(self, password):
if self.password and flask_bcrypt.check_password_hash(self.password, password):
return True
else:
return False
def verify_password(email, password):
user = User.query.filter_by(email=email).first()
if not user:
return False
g.user = user
return flask_bcrypt.check_password_hash(user.password, password)
def test_password_hashing(self):
user = User(email='*****@*****.**', first_name='susan', last_name='daniel', password='******')
self.assertFalse(user.password == 'mum')
self.assertTrue(flask_bcrypt.check_password_hash(user.password, 'mum'))
def login():
tid, ip = setup_log_vars()
lggr = setup_local_logger(tid, ip)
MAM = MainModel(tid=tid, ip=ip)
lggr.debug('current_user:'******'id'):
#return redirect(absolute_url('/'+current_user.id+'/_home'))
return redirect(
url_for('avispa_rest.home',
handle=current_user.id,
_external=True,
_scheme=URL_SCHEME))
else:
return redirect(
url_for('avispa_auth.login',
_external=True,
_scheme=URL_SCHEME))
if request.method == "POST" and "email" in request.form:
lggr.info('Login attempt for:' + request.form.get('email'))
email = request.form.get('email')
if email.strip() != '':
userObj = User(email=email, tid=tid, ip=ip)
user = userObj.get_user()
#print("user:"******"remember", "no") == "yes"
if login_user(userObj, remember=remember):
lggr.info('Login attempt successful for:' +
request.form.get('email'))
#next = request.args.get('next')
#if not next_is_valid(next):
# return flask.abort(400)
mpp = {'status': 'OK'}
flash({'f': 'track', 'v': '_login', 'p': mpp}, 'MP')
#flash({'track':'_login OK'},'MP')
flash({'f': 'identify', 'v': current_user.id}, 'MP')
#flash({'identify':current_user.id},'MP')
mpp = {'$name': current_user.id}
flash({'f': 'people.set', 'p': mpp}, 'MP')
#msg = {"$name":current_user.id}
#flash({'people.set': msg },'MP')
flash("Logged in!", 'UI')
if 'r' in request.form:
# Custom redirect sent in the form
# Not using url_for as we don't know what URL they are going to request
o = urlparse.urlparse(request.url)
path = request.form.get('r')
rr = urlparse.urlunparse(
(URL_SCHEME, o.netloc, path, '', '', ''))
return redirect(rr)
elif (user.onlogin != '') and (user.onlogin
is not None):
# Custom redirect from user onlogin hook
# Not using url_for as we don't know what URL they are going to request
o = urlparse.urlparse(request.url)
path = user.onlogin
rr = urlparse.urlunparse(
(URL_SCHEME, o.netloc, path, '', '', ''))
return redirect(rr)
else:
# Default redirect to user's home
return redirect(
url_for('avispa_rest.home',
handle=user.id,
_external=True,
_scheme=URL_SCHEME))
else:
lggr.info('Something went wrong in the user object:' +
request.form.get('email'))
flash("unable to log you in", 'UI')
mpp = {'status': 'KO', 'msg': 'Unable to log in'}
flash({'f': 'track', 'v': '_login', 'p': mpp}, 'MP')
#flash({'track':'_login KO, Try again'},'MP')
else:
lggr.info('User/Password is not correct for:' +
request.form.get('email'))
flash("User/Password is not correct", 'UI')
mpp = {'status': 'KO', 'msg': 'User/Password incorrect'}
flash({'f': 'track', 'v': '_login', 'p': mpp}, 'MP')
#flash({'track':'_login KO, User/Password incorrect'},'MP')
else:
lggr.info('User is not active:' + request.form.get('email'))
flash("User not active", 'UI')
mpp = {'status': 'KO', 'msg': 'User not active'}
flash({'f': 'track', 'v': '_login', 'p': mpp}, 'MP')
#flash("_login KO, User not active",'MP')
else:
lggr.info('Enter a valid email:')
flash("Enter a valid email", 'UI')
data = {}
data['method'] = '_login'
#t = time.time()
#data['today']= time.strftime("%A %b %d, %Y ",time.gmtime(t))
return render_template("/auth/login.html", data=data)
