def change_password():
token = get_param_or_default("token")
userMail = db.get_email(token)
if userMail != None:
userMail = userMail[0]
oldPassword = get_param_or_default("oldPassword")
newPassword = get_param_or_default("newPassword")
user = db.find_user(userMail)
if user != None:
user = json.loads(user)
if user["password"] == oldPassword:
if len(newPassword) > 5:
db.change_password(userMail, newPassword)
success(SUC_PASSWORD_CHANGED)
else:
err(ERR_PASSWORD_TOO_SHORT)
else:
err(ERR_INVALID_PASSWORD)
else:
err(ERR_USER_NOT_FOUND)
else:
err(ERR_USER_NOT_CONNECTED)
return json.dumps(output)
def change_password(token, old_pwd, new_pwd):
email = dh.email_from_token(token)
old_password = dh.get_pwd(email)
if old_password[0] != old_pwd:
return json.dumps({"message": "Old Password incorrect"}), 501
dh.change_password(new_pwd, email[0])
return json.dumps({"message": "Password changed"}), 200
def change_password(token, old_password, new_password):
if request.method == 'POST':
m = hashlib.md5()
m2 = hashlib.md5()
m.update(old_password)
pwd1 = m.hexdigest()
m2.update(new_password)
pwd2 = m2.hexdigest()
database_helper.change_password(token, pwd1, pwd2)
jsonfile = json.dumps({"success": True, "Message": "Password changed"})
return jsonfile
def change_password():
token = request.form['token']
old_password = request.form['password']
new_password = request.form['new_password']
if token not in logged_in_users:
return jsonify({"success": False, "message": "Not logged in!"})
else:
if database_helper.checkPassword(logged_in_users[token], old_password):
database_helper.change_password(logged_in_users[token], new_password)
return jsonify({"success": True, "message": "Password changed"})
else:
return jsonify({"success": False, "message": "Wrong password, try again!"})
def change_password():
data = request.get_json()
token = request.headers.get("token")
if database_helper.get_loggedinuser(token) != None:
email = database_helper.get_loggedinuser(token)['email']
if database_helper.get_user(email)['password'] == data['oldpassword']:
database_helper.change_password(email, data['newpassword'])
return jsonify({"success": True, "msg": "Password changed"})
else:
return jsonify({"success": False, "msg": "Wrong password"})
else:
return jsonify({"success": False, "msg": "User is not signed in"})
def change_password():
input_data = request.get_json()
token = input_data['token']
email = database_helper.get_email_by_token(token)
if email:
# user logged in
user_data = database_helper.get_user_by_email(email)
if input_data['oldPassword'] == user_data['password']:
database_helper.change_password(email, input_data['newPassword'])
return json.dumps({"success": True, "message": "Password changed."})
else:
return json.dumps({"success": False, "message": "Wrong password."})
else:
return json.dumps({"success": False, "message": "You are not logged in."})
def change_password(token, old_password, new_password):
if (database_helper.logged_in_users(token)):
email = database_helper.token_to_email(token)
if (verify_password(old_password, database_helper.get_password_by_email(email))):
new_password = create_password(new_password)
database_helper.change_password(email, new_password)
#return {"success": "true", "message": "Password changed."}
return "Password changed"
else:
#return {"success": "false", "message": "Wrong password."}
return "Wrong password"
else:
#return {"success": "false", "message": "You are not logged in."}
return "You are not signed in"
def change_password():
data = request.get_json()
token = data['token']
old_password = data['old_password']
new_password = data['new_password']
if token != None:
email = database_helper.get_email_by_token(token)
email = email[0]
exists = database_helper.check_user_password(email, old_password)
if exists == False:
return jsonify({'success': False, 'message': "Wrong password"})
password_changed = database_helper.change_password(email, new_password)
if password_changed and exists:
return jsonify({
'success': True,
'message': "Password succesfully changed"
})
else:
return jsonify({
'success':
False,
'message':
"Something went wrong changing the password"
})
else:
return jsonify({'success': False, 'message': "You are not signed in."})
def change_password():
token = request.values.get('token')
old_pw = request.values.get('old_password')
new_pw = request.values.get('new_password')
user = database_helper.get_user_by_token(token)
if len(user) <= 0:
return jsonify(success = False, message = "You are not logged in")
userpw = database_helper.get_user_by_email(user[0][0])
if old_pw == userpw[0][1]:
database_helper.change_password(user[0][0], new_pw)
return jsonify(success = True, message = "Password changed")
else:
return jsonify(success = False, message = "Wrong password")
def change_password():
token = request.json['token']
oldpassword = request.json['oldpassword']
newpassword = request.json['newpassword']
try:
email = database_helper.get_email_by_token(token)
except:
return json.dumps({
'success': False,
'message': "Token does not exist",
'data': ""
})
user = database_helper.get_user(email)
if user[0]['password'] == oldpassword:
result = database_helper.change_password(email, newpassword)
if result:
return json.dumps({
'success': result,
'message': "Password successfully changed",
'data': ""
})
else:
return json.dumps({
'success': result,
'message': "Password change failed",
'data': ""
})
else:
return json.dumps({
'success': False,
'message': "Old passwords do not match",
'data': ""
})
def change_password(token):
email = request.json["email"]
userToken = loggedInUsersE.get(email)
if userToken is None:
return jsonify({"success": False, "message": "No such user."})
newPassword = request.json['newPass']
oldPw = request.json['oldPass']
data = '/change-password/' + userToken
if checkToken(data, token):
return jsonify({"success": False, "message": "No such user."})
result = database_helper.fetch_account(email)
# Hash and salt new password
if result:
hash_pw = result[0][0]
salt = result[0][2]
if checkHash(hash_pw, oldPw + salt):
new_hash_pw = hashPassword(newPassword + salt)
result = database_helper.change_password(email, new_hash_pw)
if result:
return jsonify({"success": True, "message": "Password successfully changed"})
else:
return jsonify({"success": False, "message": "Could not change password"})
def change_password():
req = request.get_json(force=True)
token = req['token']
old_password = req['old_password']
new_password = req['new_password']
# First see if passwords differ
if old_password == new_password:
return jsonify(success=False, message="Can't use the same password!")
# Is the new password long enough?
if not validate(new_password):
return jsonify(success=False, message="Password has to be at least 5 characters!")
# Use token to get email (also makes sure token is valid and that they are logged in)
email = database_helper.get_email(token)
if email is None:
return jsonify(success=False, message="User is not logged in!")
# Make sure old password is correct
if not database_helper.find_user(email, old_password):
return jsonify(success=False, message="Incorrect password!")
# Try changing the password
if not database_helper.change_password(new_password, email):
return jsonify(success=False, message="Failed to change password!")
return jsonify(success=True, message="Password successfully changed!")
def change_password():
token = request.form["token"]
oldpass = request.form["oldpassword"]
newpass = request.form["newpassword"]
email = database_helper.get_active(token)
print email
if email == None:
return json.dumps({
"success": False,
"message": "You are not logged in."
})
userdata = database_helper.get_user_by_email(email)
if userdata[6] != oldpass:
return json.dumps({"success": False, "message": "Wrong password."})
success = database_helper.change_password(email, newpass)
if success == True:
return json.dumps({"success": True, "message": "Password changed."})
else:
return json.dumps({
"success": False,
"message": "Password change failed."
})
def change_password():
data = request.get_json()
token = data['token']
old_password = data['old_password']
new_password = data['new_password']
if token != None and old_password != new_password and old_password != None and len(
new_password) >= 5:
email = database_helper.get_email_by_token(token)
email = email[0]
exists = database_helper.check_user_password(email, old_password)
password_changed = database_helper.change_password(email, new_password)
if password_changed and exists:
return jsonify({
'success': True,
'message': "Password succesfully changed"
})
else:
return jsonify({
'success':
False,
'message':
"Something went wrong changing the password"
})
else:
return jsonify({
'success':
False,
'message':
"Make sure that all fields are filled and new password has at least 5 letters"
})
def change_password():
token = request.headers.get('Token')
data = request.get_json()
if 'oldpassword' in data and 'newpassword' in data:
if 5 <= len(data['newpassword']) <= 30:
user_email = database_helper.get_user_data_by_token(
token)[0]['email']
user = find_user(user_email).get_json()[0]
new_pw_hashed = bcrypt.generate_password_hash(data['newpassword'])
if bcrypt.check_password_hash(user['password'],
data['oldpassword']):
result = database_helper.change_password(
token, user['password'], new_pw_hashed)
print(result)
if result:
return json.dumps({
"success": "true",
"message": "Password changed!"
}), 200
else:
return json.dumps({
"success": "false",
"message": "Something went wrong!"
}), 500
else:
return '', 400
else:
return '', 400
def change_password(token):
data = request.json
if len(data['newPassword']) <= 7:
return error_status(400, 'Password too short.')
if dh.change_password(token, data['oldPassword'], data['newPassword']):
return status('')
return error_status(401, 'Wrong password.')
def change_password():
token = request.form['token']
old_pw = request.form['old_pw']
new_pw = request.form['new_pw']
result = database_helper.change_password(token, old_pw, new_pw)
database_helper.close()
if result:
return jsonify({"status": 200})
else:
return jsonify({"status": 400})
def change_password():
if request.method == 'POST' :
token = request.form['token']
oldpwd = request.form['oldPassword']
newpwd = request.form['newPassword']
if database_helper.get_password(database_helper.get_username_from_token(token))==oldpwd:
if len(newpwd) >=10 :
database_helper.change_password(token,newpwd)
answer = {"success" : "True", "message" : "Sucessfully changed password !" , "data": "" }
return json.dumps(answer), 200
else:
answer = {"success" : "False", "message" : "New password is too short" , "data": "" }
return json.dumps(answer), 200
else:
answer = {"success" : "False", "message" : "Old passwords don't match" , "data": "" }
return json.dumps(answer), 200
else:
abort(404)
def change_password():
token1 = request.form.get('token')
oldPassword = request.form.get('oldPassword')
newPassword = request.form.get('newPassword')
oldPassword = create_hash(oldPassword)
newPassword = create_hash(newPassword)
err = dh.change_password(token1, oldPassword, newPassword)
if err == "passwchanged":
return json.dumps({"success": "true", "message": "Password changed."})
else:
return json.dumps({"success": "false", "message": "Wrong password."})
def change_password():
if request.method == 'POST':
token = request.form['token']
old_password = request.form['old_password']
new_password = request.form['new_password']
email = database_helper.get_email(token)
if email == False:
return json.dumps({'success': False, 'message': "Invalid token"})
if len(new_password) < 7:
return json.dumps({
'success': False,
'message': '''Password is too short'''
})
db_current_hashed_password = database_helper.get_password(email)
hashed_old_password = hashlib.sha256(old_password).hexdigest()
if hashed_old_password == db_current_hashed_password:
hashed_new_password = hashlib.sha256(new_password).hexdigest()
database_helper.change_password(email, hashed_new_password)
return json.dumps({'success': True, 'message': "Password changed"})
return json.dumps({'success': False, 'message': "Wrong password"})
def change_password():
token1 = request.form.get('token')
oldPassword = request.form.get('oldPassword')
newPassword = request.form.get('newPassword')
oldPassword = create_hash(oldPassword)
newPassword = create_hash(newPassword)
err= dh.change_password(token1, oldPassword, newPassword)
if err == "passwchanged":
return json.dumps({"success": "true", "message":"Password changed."})
else:
return json.dumps({"success": "false", "message":"Wrong password."})
def change_password():
# check if the user is logged
token = request.json['token']
old = request.json['old']
new = request.json['new']
logged = database_helper.user_logged_by_token(token=token)
if logged:
return database_helper.change_password(token=token, old_password=old, new_password=new)
else:
return json.dumps({'success' : False, 'message': 'User not logged'})
def change_password():
token1 = request.args.get('token')
oldPassword = request.args.get('oldPassword')
newPassword = request.args.get('newPassword')
#oldPassword = create_hash(oldPassword)
#newPassword = create_hash(newPassword)
err= dh.change_password(token1, oldPassword, newPassword)
if err == "error":
return "You wrote wrong old password"
else:
return "You have now changed password"
def change_password(): token = request.form['token'] if list_token_id.has_key(token): password = request.form['password'] new_password = request.form['new_password'] result = database_helper.change_password(list_token_id.get(token),password,new_password,bcrypt) if result == True: return return_json(200,True,'password change') else: return return_json(401,False,'password incorrect') else: return return_json(403,False,'user not connected')
def change_password():
"""Change password
Changes password of currently logged in user given old and new password
"""
data = request.get_json()
hashed_token = request.headers.get('token')
oldPwd = data['oldPwd']
newPwd = data['newPwd']
email = data['email']
url = '/change_password'
token = database_helper.get_token_from_email(email)
hashed_old_password = bcrypt.generate_password_hash(oldPwd).decode('utf-8')
hashed_password = database_helper.get_hashed_password(email)
#print('hashed_password for this email is: ', hashed_password)
correct_password = bcrypt.check_password_hash(hashed_password, oldPwd)
hashed_new_password = bcrypt.generate_password_hash(newPwd).decode('utf-8')
#print('hashed_new_password: '******'correct_password: '******'utf-8')).hexdigest()
#print('CHANGEPWD: server_hash is:', server_hash, ' and hashed_token is: ', hashed_token)
if (len(newPwd) < 5):
res = jsonify({'success': False, 'message': 'Too short password'})
return res
if (oldPwd != newPwd) and correct_password and server_hash == hashed_token:
result = database_helper.change_password(token[0],
str(hashed_password),
str(hashed_new_password))
print('result in changepassword', result)
if (result == True):
res = jsonify({'success': True, 'message': 'Password changed'})
print('changed user password from: ', str(hashed_password),
' to: ', str(hashed_new_password))
return res
else:
res = jsonify({
'success': False,
'message': 'Something went wrong!'
})
return res
else:
res = jsonify({
'success': False,
'message': 'Old and new password are the same'
})
return res
return jsonify({'success': False, 'message': 'end'})
def change_password():
oldPassword = request.form["oldpass"]
newPassword = request.form["newpass"]
time_stamp = request.form["time"]
email = request.form["email"]
blob = oldPassword + newPassword + email
if check_hash(blob, email, request.form["hash"], time_stamp):
return json.dumps({
'success':
False,
'message':
'You are trying to hack a user. You should be ashamed of yourself!'
})
if len(newPassword) < 8:
return json.dumps({
'success': False,
'message': 'The password is too short'
})
token = database_helper.get_token(email)
if token is None:
return json.dumps({
'success': False,
'message': 'User is not logged in'
})
else:
if bcrypt.check_password_hash(database_helper.get_password(email),
oldPassword):
database_helper.change_password(
email, bcrypt.generate_password_hash(newPassword))
return json.dumps({
'success': True,
'message': 'Password was changed successfully'
})
else:
return json.dumps({'success': False, 'message': 'Wrong password'})
def change_password(token, oldpass, newpass):
email = database_helper.get_active(token)
print email
if email == None :
return json.dumps({"success": False, "message": "You are not logged in."})
userdata = database_helper.get_user_by_email(email)
if userdata[6] != oldpass :
return json.dumps({"success": False, "message": "Wrong password."})
success = database_helper.change_password(email, newpass)
if success == True :
return json.dumps({"success": True, "message": "Password changed."})
else :
return json.dumps({"success": False, "message": "Password change failed."})
def change_password():
data = request.get_json()
token = request.headers.get('token')
try:
#token = data['token']
old_password = data['old_password']
new_password = data['new_password']
except:
return jsonify({"success":False, "message":"Could not get JSON-input"})
status = database_helper.change_password(token, old_password, new_password)
if(status["success"]):
return jsonify({"success":True, "message":status["message"]})
else:
return jsonify({"success":False, "message":status["message"]})
def change_password():
content = request.get_json()
try:
header = request.headers
token = header["token"]
old_password = content["old_password"]
new_password = content["new_password"]
content["username"] = loggedInUsers[token]
except KeyError as e:
response = jsonify({"success": False, "message": "Missing data."})
return response
if (len(new_password) < 5):
return jsonify({"success": False, "message": "To short password."})
return database_helper.change_password(content )
def change_password():
"""Change password
Changes password of currently logged in user given old and new password
"""
token = request.headers.get('token')
data = request.get_json()
oldPwd = data['oldPwd']
newPwd = data['newPwd']
if(len(newPwd) < 5):
res = jsonify({'success': False, 'message': 'Too short password'})
return res
result = database_helper.change_password(token, oldPwd, newPwd)
print(result)
if(result == True):
res = jsonify({'success': True, 'message': 'Password changed!'})
return res
res = jsonify({'success': False, 'message': 'Something went wrong!'})
return res
def change_password(token):
email = loggedInUsers.get(token)
if email is None:
return jsonify({"success": False, "message": "No such token."})
newPassword = request.form['Password']
oldPw = request.form['oldPassword']
result = database_helper.change_password(email, newPassword, oldPw)
print(result)
if result:
return jsonify({
"success": True,
"message": "Password successfully changed",
"data": ""
})
else:
return jsonify({
"success": False,
"message": "Could not change password",
"data": ""
}) #TODO: better output
def change_password():
params = request.json
return json.dumps(database_helper.change_password(params))
def change_password():
# Get data from form
token = request.json['token']
hashvalue = request.json['hashvalue']
old_password = request.json['oldPassword']
new_password = request.json['newPassword']
repeatNewPsw = request.json['repeatNewPsw']
# Create empty dictionary for storing return data
data = {}
# Validation: Check if password is long enough
if (len(new_password) < password_length):
# Pass error data to dictionary
data['success'] = False
data['message'] = 'Password must have at least ' + str(password_length) + ' characters.'
# return the dataset as json data
return json.dumps(data)
# Check if user is logged in
if (is_logged_in(token) == True):
# Get user
logged_in_user = get_user_by_token(token)
email = logged_in_user['email']
privatekey = logged_in_user['privatekey']
# Compare hash values
if (hashvalue != hash_data(privatekey + token + old_password + new_password + repeatNewPsw)):
data['success'] = False
data['message'] = 'Error in hash value'
return json.dumps(data)
# Get current password and salt from database
result = database_helper.get_user(email)
db_password = result[2]
salt = result[8]
# Hash old password
old_password = hash_password(salt + old_password)
# Validate user input with database data
if (db_password != old_password):
# Pass error data to dictionary
data['success'] = False
data['message'] = 'Old password is not correct'
# return the dataset as json data
return json.dumps(data)
# Change password
new_password = hash_password(salt + new_password)
database_helper.change_password(email, new_password)
# Pass success data to dictionary
data['success'] = True
data['message'] = 'Successfully updated password'
else:
# Pass error data to dictionary
data['success'] = False
data['message'] = 'Not able to update password'
# return the dataset as json data
return json.dumps(data)
def change_password():
data = request.get_json()
token = data['token']
old_password = data['old_password']
new_password = data['new_password']
if token != None:
public_key = data['publicKey']
loggedUserData = database_helper.get_email_logged_user_new(public_key)
email = loggedUserData['email']
stored_token = loggedUserData['token']
equal_hashed_token = False
########################## Token verification ##########################
# 1. Recreate the blob using the stored token
blob = ""
i = 0
while i < len(old_password):
blob = blob + old_password[i]
i = i + 3
print("blob oldPswd: " + blob)
i = 0
while i < len(new_password):
blob = blob + new_password[i]
i = i + 3
print("blob newPswd: " + blob)
blob = stored_token + blob
print("blob: " + blob)
# 2. Hash it
hash = hashlib.sha256(blob.encode()).hexdigest()
print(hash)
# 3. Compare the two hashes
if token == hash:
equal_hashed_token = True
print("Equal hashes change_password")
print(equal_hashed_token)
########################################################################
if equal_hashed_token:
inputed_password = old_password
####################### Old password validation ########################
# 1. Retrive user's salt from the database
authentication_data = database_helper.get_users_salt(email)
# 2. Append salt to the inputed password
inputed_password = inputed_password + authentication_data['salt']
# 3. Compare the hash generated from the inputed password with the one in
# the database
exists = False
if (bcrypt.check_password_hash(authentication_data['password'],
inputed_password)):
exists = True
########################################################################
if exists == False:
return jsonify({'success': False, 'message': "Wrong password"})
######################## New password hashing ##########################
# 1. Generate salt
salt = os.urandom(32)
salt = (binascii.hexlify(salt)).decode('utf-8')
# 2. Append salt to the password
password = new_password
password = password + salt
# 3. Hash the password and storing
password = bcrypt.generate_password_hash(password).decode('utf-8')
password_changed = database_helper.change_password(
email, password, salt)
########################################################################
if password_changed and exists:
return jsonify({
'success': True,
'message': "Password succesfully changed"
})
else:
return jsonify({
'success':
False,
'message':
"Something went wrong changing the password"
})
else:
print("hashes are not the same")
return jsonify({
'success': False,
'message': "The hashes is not the same"
})
else:
return jsonify({'success': False, 'message': "You are not signed in."})
def resetPswd():
form = EmailForm()
if form.validate_on_submit():
emailDest = form.email.data
if database_helper.check_if_email_exists(emailDest):
#create a new secure password#
stringSource = string.ascii_letters + string.digits + string.punctuation
password = secrets.choice(string.ascii_lowercase)
password += secrets.choice(string.ascii_uppercase)
password += secrets.choice(string.digits)
for i in range(6):
password += secrets.choice(stringSource)
char_list = list(password)
secrets.SystemRandom().shuffle(char_list)
password = ''.join(char_list)
######################## New password hashing ##########################
# 1. Find the salt
resultSalt = database_helper.get_users_salt(emailDest)
salt = resultSalt['salt']
# 2. Append salt to the password
passwordSecure = password + salt
# 3. Hash the password and storing
passwordSecure = bcrypt.generate_password_hash(
passwordSecure).decode('utf-8')
password_changed = database_helper.change_password(
emailDest, passwordSecure, salt)
########################################################################
if password_changed:
message = """\
Dear user,
Your new password is : """ + password + """
The Twidder team"""
msg = MIMEText(message)
msg['To'] = email.utils.formataddr((emailDest, emailDest))
msg['From'] = email.utils.formataddr(
('Twidder team', '*****@*****.**'))
msg['Subject'] = 'New Twidder password'
try:
# --- send the email ---
server = smtplib.SMTP('smtp.gmail.com', 587)
server.starttls() #enable security
server.login(
'*****@*****.**',
'liuTDDD97!') #login and pswd of the email account
server.set_debuglevel(
True
) # Dump communication with the receiving server straight to the console.
server.sendmail('*****@*****.**',
[emailDest], msg.as_string())
flash("An email has been sending to you.", 'success')
#return redirect(url_for('root'))
except smtplib.SMTPException:
flash("Error: unable to send email", 'error')
finally:
server.quit()
else:
flash("Something went wrong changing the password", 'error')
else:
flash("Your email does not exist in our database.", 'error')
return render_template('reset_pswd.html', form=form)
def change_password():
params = request.json
return json.dumps(database_helper.change_password(params))
