Example #1
0
    def test_pbkdf2_upgrade(self):
        hasher = get_hasher("default")
        self.assertEqual("pbkdf2_sha256", hasher.algorithm)
        self.assertNotEqual(hasher.iterations, 1)

        old_iterations = hasher.iterations
        try:
            # Generate a password with 1 iteration.
            hasher.iterations = 1
            encoded = make_password("letmein")
            algo, iterations, salt, hash = encoded.split("$", 3)
            self.assertEqual(iterations, "1")

            state = {"upgraded": False}

            def setter(password):
                state["upgraded"] = True

            # Check that no upgrade is triggerd
            self.assertTrue(check_password("letmein", encoded, setter))
            self.assertFalse(state["upgraded"])

            # Revert to the old iteration count and ...
            hasher.iterations = old_iterations

            # ... check if the password would get updated to the new iteration count.
            self.assertTrue(check_password("letmein", encoded, setter))
            self.assertTrue(state["upgraded"])
        finally:
            hasher.iterations = old_iterations
Example #2
0
    def clean(self):

        try:
            
            # load user by username
            user = User.objects.get(username=self.cleaned_data.get('username'))
            
            # load requestor by username
            requestor = User.objects.get(username=self.cleaned_data.get('requestor'))
            
            # check OpenID was issued by this node
            if user.profile.localOpenid() is None:
                self._errors["username"] = self.error_class(["Non local user: password must be changed at the node "
                                                             "that issued the OpenID."])
    
            # normal user: check current password
            old_password = self.cleaned_data.get('old_password')
            if user.username == requestor.username:
                if not check_password(old_password, user.password):
                    self._errors["old_password"] = self.error_class(["Wrong user old password."])
            
            elif requestor.is_staff:
                if not check_password(old_password, requestor.password):
                    self._errors["old_password"] = self.error_class(["Wrong administrator password."])
                
            else:
                raise Exception("Unauthorized attempt to change the user password")
    
            # validate 'password', 'confirm_password' fields
            validate_password(self)
            
        except ObjectDoesNotExist:
            self._errors["username"] = self.error_class(["Username not found."])

        return self.cleaned_data
Example #3
0
 def test_unsalted_md5(self):
     encoded = make_password('letmein', 'seasalt', 'unsalted_md5')
     self.assertEqual(encoded, '0d107d09f5bbe40cade3de5c71e9e9b7')
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password(u'letmein', encoded))
     self.assertFalse(check_password('letmeinz', encoded))
     self.assertEqual(identify_hasher(encoded).algorithm, "unsalted_md5")
Example #4
0
 def test_crypt(self):
     encoded = make_password('letmein', 'ab', 'crypt')
     self.assertEqual(encoded, 'crypt$$abN/qM.L/H8EQ')
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password(u'letmein', encoded))
     self.assertFalse(check_password('letmeinz', encoded))
     self.assertEqual(identify_hasher(encoded).algorithm, "crypt")
 def test_crypt(self):
     encoded = make_password("lètmei", "ab", "crypt")
     self.assertEqual(encoded, "crypt$$ab1Hv2Lg7ltQo")
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password("lètmei", encoded))
     self.assertFalse(check_password("lètmeiz", encoded))
     self.assertEqual(identify_hasher(encoded).algorithm, "crypt")
Example #6
0
 def test_unsalted_md5(self):
     encoded = make_password('lètmein', 'seasalt', 'unsalted_md5')
     self.assertEqual(encoded, '88a434c88cca4e900f7874cd98123f43')
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password('lètmein', encoded))
     self.assertFalse(check_password('lètmeinz', encoded))
     self.assertEqual(identify_hasher(encoded).algorithm, "unsalted_md5")
 def test_md5(self):
     encoded = make_password("lètmein", "seasalt", "md5")
     self.assertEqual(encoded, "md5$seasalt$3f86d0d3d465b7b458c231bf3555c0e3")
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password("lètmein", encoded))
     self.assertFalse(check_password("lètmeinz", encoded))
     self.assertEqual(identify_hasher(encoded).algorithm, "md5")
 def test_sha1(self):
     encoded = make_password("lètmein", "seasalt", "sha1")
     self.assertEqual(encoded, "sha1$seasalt$cff36ea83f5706ce9aa7454e63e431fc726b2dc8")
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password("lètmein", encoded))
     self.assertFalse(check_password("lètmeinz", encoded))
     self.assertEqual(identify_hasher(encoded).algorithm, "sha1")
 def test_pkbdf2(self):
     encoded = make_password("lètmein", "seasalt", "pbkdf2_sha256")
     self.assertEqual(encoded, "pbkdf2_sha256$10000$seasalt$CWWFdHOWwPnki7HvkcqN9iA2T3KLW1cf2uZ5kvArtVY=")
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password("lètmein", encoded))
     self.assertFalse(check_password("lètmeinz", encoded))
     self.assertEqual(identify_hasher(encoded).algorithm, "pbkdf2_sha256")
Example #10
0
    def test_pkbdf2(self):
        encoded = make_password('letmein', 'seasalt', 'fastpbkdf2_sha256')
        self.assertEqual(encoded,
'fastpbkdf2_sha256$30000$seasalt$tI4kYeTLVrgdxTAIgLktSixYYIhAP6NsMaxCyxZ8hIk=')
        self.assertTrue(is_password_usable(encoded))
        self.assertTrue(check_password(u'letmein', encoded))
        self.assertFalse(check_password('letmeinz', encoded))
Example #11
0
    def _test_argon2_upgrade(self, attr, summary_key, new_value):
        hasher = get_hasher('argon2')
        self.assertEqual('argon2', hasher.algorithm)
        self.assertNotEqual(getattr(hasher, attr), new_value)

        old_value = getattr(hasher, attr)
        try:
            # Generate hash with attr set to 1
            setattr(hasher, attr, new_value)
            encoded = make_password('letmein', hasher='argon2')
            attr_value = hasher.safe_summary(encoded)[summary_key]
            self.assertEqual(attr_value, new_value)

            state = {'upgraded': False}

            def setter(password):
                state['upgraded'] = True

            # Check that no upgrade is triggered.
            self.assertTrue(check_password('letmein', encoded, setter, 'argon2'))
            self.assertFalse(state['upgraded'])

            # Revert to the old rounds count and ...
            setattr(hasher, attr, old_value)

            # ... check if the password would get updated to the new count.
            self.assertTrue(check_password('letmein', encoded, setter, 'argon2'))
            self.assertTrue(state['upgraded'])
        finally:
            setattr(hasher, attr, old_value)
Example #12
0
    def test_bcrypt_upgrade(self):
        hasher = get_hasher("bcrypt")
        self.assertEqual("bcrypt", hasher.algorithm)
        self.assertNotEqual(hasher.rounds, 4)

        old_rounds = hasher.rounds
        try:
            # Generate a password with 4 rounds.
            hasher.rounds = 4
            encoded = make_password("letmein", hasher="bcrypt")
            rounds = hasher.safe_summary(encoded)["work factor"]
            self.assertEqual(rounds, "04")

            state = {"upgraded": False}

            def setter(password):
                state["upgraded"] = True

            # Check that no upgrade is triggered.
            self.assertTrue(check_password("letmein", encoded, setter, "bcrypt"))
            self.assertFalse(state["upgraded"])

            # Revert to the old rounds count and ...
            hasher.rounds = old_rounds

            # ... check if the password would get updated to the new count.
            self.assertTrue(check_password("letmein", encoded, setter, "bcrypt"))
            self.assertTrue(state["upgraded"])
        finally:
            hasher.rounds = old_rounds
Example #13
0
    def test_pbkdf2_upgrade_new_hasher(self):
        hasher = get_hasher("default")
        self.assertEqual("pbkdf2_sha256", hasher.algorithm)
        self.assertNotEqual(hasher.iterations, 1)

        state = {"upgraded": False}

        def setter(password):
            state["upgraded"] = True

        with self.settings(PASSWORD_HASHERS=["auth_tests.test_hashers.PBKDF2SingleIterationHasher"]):
            encoded = make_password("letmein")
            algo, iterations, salt, hash = encoded.split("$", 3)
            self.assertEqual(iterations, "1")

            # Check that no upgrade is triggered
            self.assertTrue(check_password("letmein", encoded, setter))
            self.assertFalse(state["upgraded"])

        # Revert to the old iteration count and check if the password would get
        # updated to the new iteration count.
        with self.settings(
            PASSWORD_HASHERS=[
                "django.contrib.auth.hashers.PBKDF2PasswordHasher",
                "auth_tests.test_hashers.PBKDF2SingleIterationHasher",
            ]
        ):
            self.assertTrue(check_password("letmein", encoded, setter))
            self.assertTrue(state["upgraded"])
Example #14
0
 def test_bcrypt(self):
     encoded = make_password('lètmein', hasher='bcrypt')
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(encoded.startswith('bcrypt$'))
     self.assertTrue(check_password('lètmein', encoded))
     self.assertFalse(check_password('lètmeinz', encoded))
     self.assertEqual(identify_hasher(encoded).algorithm, "bcrypt")
Example #15
0
    def test_pbkdf2_upgrade(self):
        hasher = get_hasher('default')
        self.assertEqual('pbkdf2_sha256', hasher.algorithm)
        self.assertNotEqual(hasher.iterations, 1)

        old_iterations = hasher.iterations
        try:
            # Generate a password with 1 iteration.
            hasher.iterations = 1
            encoded = make_password('letmein')
            algo, iterations, salt, hash = encoded.split('$', 3)
            self.assertEqual(iterations, '1')

            state = {'upgraded': False}

            def setter(password):
                state['upgraded'] = True

            # Check that no upgrade is triggered
            self.assertTrue(check_password('letmein', encoded, setter))
            self.assertFalse(state['upgraded'])

            # Revert to the old iteration count and ...
            hasher.iterations = old_iterations

            # ... check if the password would get updated to the new iteration count.
            self.assertTrue(check_password('letmein', encoded, setter))
            self.assertTrue(state['upgraded'])
        finally:
            hasher.iterations = old_iterations
Example #16
0
    def test_bcrypt_upgrade(self):
        hasher = get_hasher('bcrypt')
        self.assertEqual('bcrypt', hasher.algorithm)
        self.assertNotEqual(hasher.rounds, 4)

        old_rounds = hasher.rounds
        try:
            # Generate a password with 4 rounds.
            hasher.rounds = 4
            encoded = make_password('letmein', hasher='bcrypt')
            rounds = hasher.safe_summary(encoded)['work factor']
            self.assertEqual(rounds, '04')

            state = {'upgraded': False}

            def setter(password):
                state['upgraded'] = True

            # Check that no upgrade is triggered.
            self.assertTrue(check_password('letmein', encoded, setter, 'bcrypt'))
            self.assertFalse(state['upgraded'])

            # Revert to the old rounds count and ...
            hasher.rounds = old_rounds

            # ... check if the password would get updated to the new count.
            self.assertTrue(check_password('letmein', encoded, setter, 'bcrypt'))
            self.assertTrue(state['upgraded'])
        finally:
            hasher.rounds = old_rounds
Example #17
0
    def test_pbkdf2_upgrade_new_hasher(self):
        hasher = get_hasher('default')
        self.assertEqual('pbkdf2_sha256', hasher.algorithm)
        self.assertNotEqual(hasher.iterations, 1)

        state = {'upgraded': False}

        def setter(password):
            state['upgraded'] = True

        with self.settings(PASSWORD_HASHERS=[
                'auth_tests.test_hashers.PBKDF2SingleIterationHasher']):
            encoded = make_password('letmein')
            algo, iterations, salt, hash = encoded.split('$', 3)
            self.assertEqual(iterations, '1')

            # Check that no upgrade is triggered
            self.assertTrue(check_password('letmein', encoded, setter))
            self.assertFalse(state['upgraded'])

        # Revert to the old iteration count and check if the password would get
        # updated to the new iteration count.
        with self.settings(PASSWORD_HASHERS=[
                'django.contrib.auth.hashers.PBKDF2PasswordHasher',
                'auth_tests.test_hashers.PBKDF2SingleIterationHasher']):
            self.assertTrue(check_password('letmein', encoded, setter))
            self.assertTrue(state['upgraded'])
Example #18
0
 def test_crypt(self):
     encoded = make_password('lètmei', 'ab', 'crypt')
     self.assertEqual(encoded, 'crypt$$ab1Hv2Lg7ltQo')
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password('lètmei', encoded))
     self.assertFalse(check_password('lètmeiz', encoded))
     self.assertEqual(identify_hasher(encoded).algorithm, "crypt")
Example #19
0
    def test_sha1(self):
        encoded = make_password('letmein', 'seasalt', 'sha1')
        self.assertEqual(encoded,
'sha1$seasalt$fec3530984afba6bade3347b7140d1a7da7da8c7')
        self.assertTrue(is_password_usable(encoded))
        self.assertTrue(check_password(u'letmein', encoded))
        self.assertFalse(check_password('letmeinz', encoded))
Example #20
0
 def test_md5(self):
     encoded = make_password('letmein', 'seasalt', 'md5')
     self.assertEqual(encoded,
                      'md5$seasalt$f5531bef9f3687d0ccf0f617f0e25573')
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password(u'letmein', encoded))
     self.assertFalse(check_password('letmeinz', encoded))
Example #21
0
    def check_password(self, raw_password, mobile=False):
        """
        Returns a boolean of whether the raw_password was correct. Handles
        hashing formats behind the scenes.
        """
        def setter(raw_password):
            self.set_password(raw_password)
            self.save()

        # Is standard password allright?
        if check_password(raw_password, self.password, setter):
            return True

        # Check mobile password?
        if mobile:
            raw_password = raw_password[:1].lower() + raw_password[1:]
        else:
            password_reversed = u''
            for c in raw_password:
                r = c.upper()
                if r == c:
                    r = c.lower()
                password_reversed += r
            raw_password = password_reversed
        return check_password(raw_password, self.password, setter)
 def test_bcrypt(self):
     encoded = make_password("lètmein", hasher="bcrypt")
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(encoded.startswith("bcrypt$"))
     self.assertTrue(check_password("lètmein", encoded))
     self.assertFalse(check_password("lètmeinz", encoded))
     self.assertEqual(identify_hasher(encoded).algorithm, "bcrypt")
Example #23
0
    def test_pkbdf2(self):
        encoded = make_password('letmein', 'seasalt', 'pbkdf2_sha256')
        self.assertEqual(encoded,
'pbkdf2_sha256$10000$seasalt$FQCNpiZpTb0zub+HBsH6TOwyRxJ19FwvjbweatNmK/Y=')
        self.assertTrue(is_password_usable(encoded))
        self.assertTrue(check_password(u'letmein', encoded))
        self.assertFalse(check_password('letmeinz', encoded))
Example #24
0
 def test_md5(self):
     encoded = make_password("letmein", "seasalt", "md5")
     self.assertEqual(encoded, "md5$seasalt$f5531bef9f3687d0ccf0f617f0e25573")
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password(u"letmein", encoded))
     self.assertFalse(check_password("letmeinz", encoded))
     # Long password
     self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1), "seasalt", "md5")
Example #25
0
 def test_pkbdf2(self):
     encoded = make_password("letmein", "seasalt", "pbkdf2_sha256")
     self.assertEqual(encoded, "pbkdf2_sha256$10000$seasalt$FQCNpiZpTb0zub+HBsH6TOwyRxJ19FwvjbweatNmK/Y=")
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password(u"letmein", encoded))
     self.assertFalse(check_password("letmeinz", encoded))
     # Long password
     self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1), "seasalt", "pbkdf2_sha256")
Example #26
0
 def test_unusable(self):
     encoded = make_password(None)
     self.assertFalse(is_password_usable(encoded))
     self.assertFalse(check_password(None, encoded))
     self.assertFalse(check_password(UNUSABLE_PASSWORD, encoded))
     self.assertFalse(check_password('', encoded))
     self.assertFalse(check_password(u'letmein', encoded))
     self.assertFalse(check_password('letmeinz', encoded))
Example #27
0
 def test_sha1(self):
     encoded = make_password("letmein", "seasalt", "sha1")
     self.assertEqual(encoded, "sha1$seasalt$fec3530984afba6bade3347b7140d1a7da7da8c7")
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password(u"letmein", encoded))
     self.assertFalse(check_password("letmeinz", encoded))
     # Long password
     self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1), "seasalt", "sha1")
Example #28
0
 def test_bcrypt(self):
     encoded = make_password("letmein", hasher="bcrypt")
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(encoded.startswith("bcrypt$"))
     self.assertTrue(check_password(u"letmein", encoded))
     self.assertFalse(check_password("letmeinz", encoded))
     # Long password
     self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1), hasher="bcrypt")
Example #29
0
 def test_simple(self):
     encoded = make_password("letmein")
     self.assertTrue(encoded.startswith("pbkdf2_sha256$"))
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password(u"letmein", encoded))
     self.assertFalse(check_password("letmeinz", encoded))
     # Long password
     self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1))
Example #30
0
 def test_crypt(self):
     encoded = make_password("letmein", "ab", "crypt")
     self.assertEqual(encoded, "crypt$$abN/qM.L/H8EQ")
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password(u"letmein", encoded))
     self.assertFalse(check_password("letmeinz", encoded))
     # Long password
     self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1), "seasalt", "crypt")
Example #31
0
    def create(self, request, *args, **kwargs):
        transaction_type = self.request.data.get('type')

        if transaction_type == 'Depot':
            serializer = DepositSerializer(data=request.data)

            if serializer.is_valid():
                amount = self.request.data.get('amount')
                merchantPoint = self.request.data.get('merchantpoint')
                number = self.request.data.get('customernumber').replace(
                    " ", "")
                expectie = datetime.strptime(
                    self.request.data.get('expectedvalidationdate'),
                    "%Y-%m-%d %H:%M:%S")
                beneficiaryNumber = self.request.data.get(
                    'beneficiarynumber').replace(" ", "")

                try:
                    merchantPoint = MerchantPoint.objects.get(id=merchantPoint)
                except MerchantPoint.DoesNotExist:
                    return Response(
                        {"error": "Ce point marchand n'existe pas"},
                        status=status.HTTP_404_NOT_FOUND)

                # Calculating expiration date of the otp (expected validation date + 1 hour)
                expirie = expectie + timedelta(hours=1)
                try:
                    beneficiary = Customer.objects.get(
                        phonenumber=beneficiaryNumber)
                except Customer.DoesNotExist:
                    return Response(
                        {
                            "error":
                            "Le numéro du bénéficiaire entré est introuvable"
                        },
                        status=status.HTTP_404_NOT_FOUND)

                # Saving OTP
                while True:
                    # Generating OTP
                    code = self.generateOtp()
                    try:
                        otpie = Otp.objects.get(code=code)
                        if otpie.wasverified == True or (
                                otpie.wasverified == False
                                and otpie.expirationdate < timezone.now()):
                            otpie.expirationdate = expirie
                            otpie.wasverified = False
                            otpie.save()
                            break
                        elif otpie.wasverified == False and otpie.expirationdate >= timezone.now(
                        ):
                            continue
                    except Otp.DoesNotExist:
                        otpie = Otp(code=code, expirationdate=expirie)
                        print(otpie.expirationdate)
                        otpie.save()
                        break

                # Sending Otp
                message = sendOtp(otpie.code, number,
                                  expirie.strftime("%d-%b-%Y %H:%M:%S"))
                if message != "queued":
                    otpie.delete()
                    return Response(
                        {
                            "error":
                            "Une erreur est survenue. Veuillez réessayer"
                        },
                        status=status.HTTP_500_INTERNAL_SERVER_ERROR)
                else:
                    # Saving transaction
                    serializer.save(type='Depot',
                                    beneficiarynumber=beneficiary,
                                    merchantpoint=merchantPoint,
                                    amount=amount,
                                    expectedvalidationdate=expectie,
                                    otp=otpie,
                                    customernumber=number,
                                    wasvalidatedbycustomer=True)
                    return Response(
                        {
                            "message":
                            "Transaction initiée avec succès. Le code de confirmation sera envoyé"
                            " par SMS au " + number
                        },
                        status=status.HTTP_201_CREATED)

            else:
                return Response(serializer.errors,
                                status=status.HTTP_400_BAD_REQUEST)

        elif transaction_type == 'Retrait':
            serializer = WithdrawalSerializer(data=request.data)

            if serializer.is_valid():
                amount = self.request.data.get('amount')
                merchantPoint = self.request.data.get('merchantpoint')
                number = self.request.data.get('customernumber').replace(
                    " ", "")
                expectie = datetime.strptime(
                    self.request.data.get('expectedvalidationdate'),
                    "%Y-%m-%d %H:%M:%S")

                try:
                    merchantPoint = MerchantPoint.objects.get(id=merchantPoint)
                except MerchantPoint.DoesNotExist:
                    return Response(
                        {"error": "Ce point marchand n'existe pas"},
                        status=status.HTTP_404_NOT_FOUND)

                # Calculating expiration date of the otp (expected validation date + 1 hour)
                expirie = expectie + timedelta(hours=1)
                secret = self.request.data.get('secret').replace(" ", "")

                try:
                    customer = Customer.objects.get(phonenumber=number)
                except Customer.DoesNotExist:
                    return Response(
                        {"error": "Le numéro de client entré est introuvable"},
                        status=status.HTTP_404_NOT_FOUND)

                if check_password(secret, customer.secret):

                    if customer.balance > float(amount):
                        # Saving OTP
                        while True:
                            # Generating OTP
                            code = self.generateOtp()
                            try:
                                otpie = Otp.objects.get(code=code)
                                if otpie.wasverified == True:
                                    otpie.expirationdate = expirie
                                    otpie.wasverified = False
                                    otpie.save()
                                    break
                                elif otpie.wasverified == False:
                                    continue
                            except Otp.DoesNotExist:
                                otpie = Otp(code=code, expirationdate=expirie)
                                otpie.save()
                                break

                        # Sending Otp
                        message = sendOtp(
                            otpie.code, number,
                            expirie.strftime("%d-%b-%Y %H:%M:%S"))
                        if message != "queued":
                            otpie.delete()
                            return Response(
                                {
                                    "error":
                                    "Une erreur est survenue. Veuillez réessayer"
                                },
                                status=status.HTTP_500_INTERNAL_SERVER_ERROR)
                        else:
                            # Saving transaction
                            serializer.save(
                                type='Retrait',
                                merchantpoint=merchantPoint,
                                amount=amount,
                                customernumber=customer.phonenumber,
                                expectedvalidationdate=expectie,
                                otp=otpie)

                            return Response(
                                {
                                    "message":
                                    "Transaction initiée avec succès. Le code de confirmation sera envoyé par SMS au "
                                    + number
                                },
                                status=status.HTTP_201_CREATED)
                    else:
                        return Response(
                            {
                                "error":
                                "Solde insuffisant. Cette transaction ne peut être initiée"
                            },
                            status=status.HTTP_406_NOT_ACCEPTABLE)
                else:
                    return Response(
                        {"error": "Le code secret entré est erroné"},
                        status=status.HTTP_404_NOT_FOUND)

            else:
                return Response(serializer.errors,
                                status=status.HTTP_400_BAD_REQUEST)

        elif transaction_type == 'Paiement':
            serializer = PaymentSerializer(data=request.data)

            if (serializer.is_valid()):
                amount = self.request.data.get('amount')
                merchantPoint = self.request.data.get('merchantpoint')
                number = self.request.data.get('customernumber').replace(
                    " ", "")

                try:
                    merchantPoint = MerchantPoint.objects.get(id=merchantPoint)
                except MerchantPoint.DoesNotExist:
                    return Response(
                        {"error": "Ce point marchand n'existe pas"},
                        status=status.HTTP_404_NOT_FOUND)

                expirie = timezone.now() + timedelta(minutes=3)
                secret = self.request.data.get('secret').replace(" ", "")

                try:
                    customer = Customer.objects.get(phonenumber=number)
                except Customer.DoesNotExist:
                    return Response(
                        {"error": "Le numéro de client entré est introuvable"},
                        status=status.HTTP_404_NOT_FOUND)

                if check_password(secret, customer.secret):
                    if customer.balance > float(amount):
                        # Saving OTP
                        while True:
                            # Generating OTP
                            code = self.generateOtp()
                            try:
                                otpie = Otp.objects.get(code=code)
                                if otpie.wasverified == True:
                                    otpie.expirationdate = expirie
                                    otpie.wasverified = False
                                    otpie.save()
                                    break
                                elif otpie.wasverified == False:
                                    continue
                            except Otp.DoesNotExist:
                                otpie = Otp(code=code, expirationdate=expirie)
                                otpie.save()
                                break

                        # Sending Otp
                        message = sendOtp(
                            otpie.code, number,
                            expirie.strftime("%d-%b-%Y %H:%M:%S"))
                        if message != "queued":
                            otpie.delete()
                            return Response(
                                {
                                    "error":
                                    "Une erreur est survenue. Veuillez réessayer"
                                },
                                status=status.HTTP_500_INTERNAL_SERVER_ERROR)
                        else:
                            # Saving transaction
                            serializer.save(
                                type='Paiement',
                                merchantpoint=merchantPoint,
                                amount=amount,
                                customernumber=customer.phonenumber,
                                expectedvalidationdate=expirie,
                                otp=otpie,
                                wasvalidatedbycustomer=True)
                            return Response(
                                {
                                    "message":
                                    "Transaction initiée avec succès. Le code de confirmation sera envoyé par SMS au "
                                    + number,
                                    "montant":
                                    amount,
                                    "code":
                                    otpie.code
                                },
                                status=status.HTTP_201_CREATED)
                    else:
                        return Response(
                            {
                                "error":
                                "Solde insuffisant. Cette transaction ne peut être initiée"
                            },
                            status=status.HTTP_406_NOT_ACCEPTABLE)

                else:
                    return Response(
                        {"error": "Le code secret entré est erroné"},
                        status=status.HTTP_404_NOT_FOUND)
            else:
                return Response(serializer.errors,
                                status=status.HTTP_400_BAD_REQUEST)

        else:
            return Response({"error": "Type de transaction inconnu"},
                            status=status.HTTP_404_NOT_FOUND)
Example #32
0
 def check_password(self, raw_password):
     return check_password(raw_password, self.password)
Example #33
0
 def verify(self, password):
     return check_password(password, self.hash_password)
Example #34
0
from django.test import TestCase

# Create your tests here.
#coding=utf-8
__author__ = 'shifeixiang'

from django.contrib.auth.hashers import make_password, check_password
from django.contrib.auth.hashers import make_password, check_password
password = '******'
sha_pwd = make_password(password, None, 'pbkdf2_sha256')
print sha_pwd
result = check_password(password, sha_pwd)
print result
Example #35
0
 def matches(self, key):
     return check_password(key, self.key)
Example #36
0
    def test(self):

        # instantiate client
        client = Client()

        # retrieve password hash without being logged in
        username = '******'
        response = client.get('/api/user/{}/password/'.format(username),
                              follow=True)
        result = JSONParser().parse(BytesIO(response.content))
        self.assertEqual(response.status_code, 403)
        self.assertEqual(
            result,
            {'detail': 'Authentication credentials were not provided.'})

        # login as admin
        username = settings.MQTT['USERNAME']
        client.login(username=settings.MQTT['USERNAME'],
                     password=settings.MQTT['PASSWORD'])

        # retrieve password hash
        response = client.get('/api/user/{}/password/'.format(username),
                              follow=True)
        self.assertEqual(response.status_code, 200)
        encoded = JSONParser().parse(BytesIO(response.content))

        # retrieve temporary password
        password = TemporaryPassword.objects.get(
            user__username=username).password

        self.assertEqual(check_password(password, encoded), True)

        # logout
        response = self.client.get('/auth/logout/', follow=True)
        self.assertEqual(response.status_code, 200)
        self.client.logout()

        # mqtt login with correct temporary password
        response = self.client.post('/auth/mqtt/login/', {
            'username': '******',
            'password': encoded
        },
                                    follow=True)
        self.assertEqual(response.status_code, 200)

        # mqtt login with incorrect username
        response = self.client.post('/auth/mqtt/login/', {
            'username': '******',
            'password': encoded
        },
                                    follow=True)
        self.assertEqual(response.status_code, 403)

        # mqtt login with incorrect encoded password
        response = self.client.post('/auth/mqtt/login/', {
            'username': '******',
            'password': encoded + 'r'
        },
                                    follow=True)
        self.assertEqual(response.status_code, 403)

        # login as testuser1
        username = '******'
        client.login(username=username, password='******')

        # retrieve password hash
        response = client.get('/api/user/{}/password/'.format(username),
                              follow=True)
        self.assertEqual(response.status_code, 200)
        encoded = JSONParser().parse(BytesIO(response.content))

        # retrieve temporary password
        password = TemporaryPassword.objects.get(
            user__username=username).password

        self.assertEqual(check_password(password, encoded), True)

        # logout
        response = self.client.get('/auth/logout/', follow=True)
        self.assertEqual(response.status_code, 200)
        self.client.logout()

        # mqtt login with correct temporary password
        response = self.client.post('/auth/mqtt/login/', {
            'username': username,
            'password': encoded
        },
                                    follow=True)
        self.assertEqual(response.status_code, 200)

        # mqtt login with incorrect username
        response = self.client.post('/auth/mqtt/login/', {
            'username': username + 'o',
            'password': encoded
        },
                                    follow=True)
        self.assertEqual(response.status_code, 403)

        # mqtt login with incorrect encoded password
        response = self.client.post('/auth/mqtt/login/', {
            'username': username,
            'password': encoded + 'r'
        },
                                    follow=True)
        self.assertEqual(response.status_code, 403)

        # login as testuser2
        username = '******'
        client.login(username=username, password='******')

        # retrieve password hash
        response = client.get('/api/user/{}/password/'.format(username),
                              follow=True)
        self.assertEqual(response.status_code, 200)
        encoded = JSONParser().parse(BytesIO(response.content))

        # retrieve temporary password
        password = TemporaryPassword.objects.get(
            user__username=username).password

        self.assertEqual(check_password(password, encoded), True)

        # logout
        response = self.client.get('/auth/logout/', follow=True)
        self.assertEqual(response.status_code, 200)
        self.client.logout()

        # mqtt login with correct temporary password
        response = self.client.post('/auth/mqtt/login/', {
            'username': username,
            'password': encoded
        },
                                    follow=True)
        self.assertEqual(response.status_code, 200)

        # mqtt login with incorrect username
        response = self.client.post('/auth/mqtt/login/', {
            'username': username + 'o',
            'password': encoded
        },
                                    follow=True)
        self.assertEqual(response.status_code, 403)

        # mqtt login with incorrect encoded password
        response = self.client.post('/auth/mqtt/login/', {
            'username': username,
            'password': encoded + 'r'
        },
                                    follow=True)
        self.assertEqual(response.status_code, 403)
Example #37
0
    def check_password(self, raw_password):
        def setter(raw_password):
            self.set_password(raw_password)
            self.save(update_fields=['password'])

        return check_password(raw_password, self.password, setter)
Example #38
0
from django.test import TestCase

# Create your tests here.
import os

os.environ.setdefault("DJANGO_SETTINGS_MODULE", "django_shop.settings")
import django

django.setup()
from django.contrib.auth.hashers import make_password, check_password

r = make_password("1234", None, "pbkdf2_sha256")
print(r)
print(check_password("1234", r))
Example #39
0
def Settings(request):
    user = request.user
    user_id = user.id
    user_object = User.objects.get(id=user_id)
    print(user_object.password)
    user_profile = u_models.UserProfile.objects.get(user=user)
    if request.method == 'POST':
        data = request.POST

        if 'change_username' in data.keys():
            new_username = data['username']
            try:
                new_user = u_models.UserProfile.objects.get(
                    username=new_username)
                if new_user is not None:
                    return render(
                        request, 'settings.html',
                        {"username_error": "Username already exists."})
            except:
                user_object.username = new_username
                user_object.save()

                return redirect('settings')
        if 'change_pp' in data.keys():

            new_image = request.FILES.get('image', False)
            user_profile.picture = new_image
            user_profile.save()
            return redirect('settings')

        if 'change_password' in data.keys():
            new_password = data['newpwd']
            new_password1 = data['newpwd1']
            if new_password == new_password1:
                old_password = data['oldpwd']
                if check_password(old_password, user_object.password):
                    new_password_hashed = make_password(new_password)
                    user_object.password = new_password_hashed
                    user_object.save()
                    return redirect('login')

                else:
                    return render(request, 'settings.html', {
                        'password_error':
                        'Current password entered is wrong.'
                    })
            else:
                return render(request, 'settings.html',
                              {'password_error': 'Passwords dont match.'})
        if "deactivate_account" in data.keys():
            old_passworddeactiv = data['deactivate_password']
            if check_password(old_passworddeactiv, user_object.password):
                user_profile.is_active = False
                user_profile.save()
                return redirect('logout')
            else:
                return render(
                    request, 'settings.html',
                    {'password_error': 'Current password entered is wrong.'})
        if "delete_account" in data.keys():
            old_passworddelete = data['delete_password']
            if check_password(old_passworddelete, user_object.password):
                user_object.delete()
            return redirect('login')

    else:
        user = request.user
        user_profile = u_models.UserProfile.objects.get(user=user)
        user_profile_picture = user_profile.picture
        user_profile_picture_url = user_profile_picture.url
        user_pp_clean = user_profile_picture_url[7:]
        return render(
            request, 'settings.html', {
                'User': user,
                'UserProfile': user_profile,
                'UserProfilePictureurl': user_pp_clean
            })
Example #40
0
 def pwd_check(self):
     if check_password(self.passWord, self.userObj.password):
         return True
     else:
         return False
Example #41
0
 def clean(self):
     cleaned_data = super(ConfirmPasswordForm, self).clean()
     confirm_password = cleaned_data.get('confirm_password')
     if not check_password(confirm_password, self.instance.password):
         self.add_error('confirm_password', 'Password does not match.')
Example #42
0
def test_collective_password_not_saved_as_plain_text(db):
    collective = mommy.make("purchases.Collective")
    collective.password = "******"
    collective.save()
    assert collective.password != "foobar"
    assert check_password("foobar", collective.password)
Example #43
0
 def get_object(self):
     obj = super().get_object()
     password = self.request.query_params.get('password')
     if not check_password(password, obj.password):
         raise Http404
     return obj
Example #44
0
 def check_token(self, token, salt):
     return salt in self.token and check_password(token, self.token)
#!/usr/bin/env python

from django.contrib.auth.models import User
from django.contrib.auth.hashers import check_password

users = User.objects.all()
for user in users:
    guess = user.username[::-1]
    if check_password(guess, user.password):
        print "%s (%s, %s)" % (user.get_name(), user.username, user.email)
Example #46
0
def customerValidation(request):
    codie = request.data.get('code')
    secret = request.data.get('secret').replace(" ", "")

    try:
        otpie = Otp.objects.get(code=codie)
        if otpie.wasverified == True:
            return Response({"message": "Ce code a déjà été vérifié"},
                            status=status.HTTP_406_NOT_ACCEPTABLE)
        elif otpie.expirationdate < timezone.now():
            return Response({"error": "Ce code a expiré"},
                            status=status.HTTP_406_NOT_ACCEPTABLE)
        else:
            try:
                transaction = Transaction.objects.get(otp=otpie,
                                                      type="Retrait")

                if transaction.wasvalidatedbymerchant == False:
                    return Response(
                        {
                            "error":
                            "La transaction n'a pas encore été validée par le marchand."
                        },
                        status=status.HTTP_406_NOT_ACCEPTABLE)

                try:
                    customer = Customer.objects.get(
                        phonenumber=transaction.customernumber)
                    if check_password(secret, customer.secret):
                        try:
                            merchantpoint = MerchantPoint.objects.get(
                                id=transaction.merchantpoint_id)
                            amount = transaction.amount
                            oldStoreBalance = merchantpoint.balance
                            oldCustomerBalance = customer.balance

                            if oldCustomerBalance < amount:
                                return Response(
                                    {
                                        "error":
                                        "Transaction échouée. Solde du client insuffisant"
                                    },
                                    status=status.HTTP_406_NOT_ACCEPTABLE)
                            elif oldStoreBalance < amount:
                                return Response(
                                    {
                                        "error":
                                        "Transaction échouée. Solde du point marchand insuffisant"
                                    },
                                    status=status.HTTP_406_NOT_ACCEPTABLE)
                            else:
                                customer.balance = oldCustomerBalance - amount
                                merchantpoint.balance = oldStoreBalance - amount
                                customer.save()
                                merchantpoint.save()

                                transaction.wasvalidatedbycustomer = True
                                transaction.validationdate = timezone.now()
                                transaction.save()

                                otpie.wasverified = True
                                otpie.save()

                                sendTransactionSMS(
                                    customer.phonenumber, "retrait",
                                    transaction.date.strftime(
                                        "%d-%b-%Y %H:%M:%S"),
                                    transaction.expectedvalidationdate.
                                    strftime("%d-%b-%Y %H:%M:%S"),
                                    transaction.validationdate.strftime(
                                        "%d-%b-%Y %H:%M:%S"),
                                    str(customer.balance))

                                return Response(
                                    {
                                        "message":
                                        "La transaction a bien été validée."
                                    },
                                    status=status.HTTP_200_OK)

                        except MerchantPoint.DoesNotExist:
                            return Response(
                                {"error": "Le point marchand n'existe pas"},
                                status=status.HTTP_404_NOT_FOUND)
                    else:
                        return Response(
                            {"error": "Le code secret est incorrect"},
                            status=status.HTTP_404_NOT_FOUND)
                except Customer.DoesNotExist:
                    return Response({"error": "Ce client n'existe pas"},
                                    status=status.HTTP_404_NOT_FOUND)
            except Transaction.DoesNotExist:
                return Response({"error": "Cette transaction n'existe pas"},
                                status=status.HTTP_404_NOT_FOUND)
    except Otp.DoesNotExist:
        return Response({"error": "Le code fourni n'existe pas"},
                        status=status.HTTP_404_NOT_FOUND)
Example #47
0
 def test_views(self):
     # Check Register
     payload = {
             'username': self.user.username,
             'password': self.user.password,
             'first_name': self.user.first_name,
             'last_name': self.user.last_name
         }
     response = self.client.post(reverse('area:api_register'),
         payload, format='json')
     self.assertEqual(response.status_code, 200)
     self.assertEqual(response.data['last_name'], self.user.last_name)
     self.assertEqual(response.data['first_name'], self.user.first_name)
     self.assertEqual(response.data['username'], self.user.username)
     self.token = response.data['token']
     self.assertEqual(Token.objects.get(key=self.token).user.username,
         self.user.username)
     # Check Login
     payload = {
             'username': self.user.username,
             'password': '******',
         }
     response = self.client.post(
         reverse('area:api_login'),
         format='json')
     self.assertEqual(response.status_code, 400)
     payload = {
             'username': self.user.username,
             'password': self.user.password,
         }
     response = self.client.post(reverse('area:api_login'),
         payload, format='json')
     self.assertEqual(response.status_code, 200)
     # Check Person retreiving
     # set AUTH
     self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token)
     response = self.client.get(reverse('area:api_person'),
         payload, format='json')
     # Check Person updating
     updated_user = RandomUserFactory.build()
     # check if the new info does not exist
     with self.assertRaises(get_user_model().DoesNotExist):
         get_user_model().objects.get(username=updated_user.username)
     payload = {
         'user': {
             'password': updated_user.password,
             'first_name': updated_user.first_name,
             'last_name': updated_user.last_name
         },
         'birthday': updated_user.person.birthday
     }
     response = self.client.put(reverse('area:api_person'),
         payload, format='json')
     self.assertEqual(response.status_code, 200)
     user = Token.objects.get(key=self.token).user
     self.assertEqual(updated_user.first_name, user.first_name)
     self.assertEqual(updated_user.last_name, user.last_name)
     self.assertTrue(check_password(updated_user.password, user.password))
     # Check if the password is blank
     payload['user']['password'] = ''
     response = self.client.put(reverse('area:api_person'),
         payload, format='json')
     # the password may not be blank
     self.assertEqual(response.status_code, 400)
     self.assertTrue(check_password(updated_user.password, user.password))
     # Check empty password
     del payload['user']['password']
     response = self.client.put(reverse('area:api_person'),
         payload, format='json')
     self.assertEqual(response.status_code, 200)
     #import ipdb;ipdb.set_trace()
     user = Token.objects.get(key=self.token).user
     self.assertTrue(check_password(updated_user.password, user.password))
Example #48
0
from django.test import TestCase

# Create your tests here.
from django.contrib.auth.hashers import make_password, check_password

p1 = "ceshi1"
p2 = make_password(p1)
print(p2)
leg = check_password(p1, p2)
print(leg)
Example #49
0
 def test_user(self):
     self.assertEqual(self.user.email, "*****@*****.**")
     self.assertEqual(self.user.get_short_name(), "First")
     self.assertEqual(self.user.get_full_name(), "First Last")
     self.assertEqual(self.user.last_name, "Last")
     self.assertTrue(check_password("testclub123", self.user.password))
Example #50
0
 def clean(self):
     cleaned_data = super(AccountChangeForm, self).clean()
     current_password = cleaned_data.get('current_password')
     if not check_password(current_password, self.instance.password):
         self.add_error('current_password', 'Password does not match.')
def updatenodalpassword(request, userid):

    user = User.objects.get(pk=userid)

    # print(user.role)

    if request.method == 'POST':

        user = User.objects.get(pk=userid)

        # print(user.role)

        if user.role == User.nodal_officer:

            nodal = User.objects.get(pk=userid)

            cur_password = request.POST.get('currentPassword')

            password = request.POST.get('password')

            # print(check_password(cur_password,nodal.password))

            if check_password(cur_password, nodal.password):

                nodal.set_password(password)

                nodal.save()

                return render(request, 'Dashboard/nodal_officer/Profile.html',
                              {
                                  'user': userid,
                                  'nodal': nodal
                              })
            else:

                messages.info(request, 'Your Current Password Is Wrong')

                return render(request,
                              'Dashboard/nodal_officer/changePassword.html',
                              {'user': userid})
        elif user.role == User.head:

            print("head")

            head = User.objects.get(pk=userid)

            cur_password = request.POST.get('currentPassword')

            password = request.POST.get('password')

            # print(check_password(cur_password,head.password))

            if check_password(cur_password, head.password):

                head.set_password(password)

                head.save()

                return render(request, 'HeadDashboard/Profile.html', {
                    'user': userid,
                    'head': head
                })
            else:

                messages.info(request, 'Your Current Password Is Wrong')

                return render(request, 'HeadDashboard/changePassword.html',
                              {'user': userid})

        elif user.role == User.superadmin:
            sadmin = User.objects.get(pk=userid)

            cur_password = request.POST.get('currentPassword')

            password = request.POST.get('password')

            # print(check_password(cur_password,head.password))

            if check_password(cur_password, sadmin.password):

                sadmin.set_password(password)

                sadmin.save()

                return render(request, 'SuperAdmin/Profile.html', {
                    'user': userid,
                    'sadmin': sadmin
                })
            else:

                messages.info(request, 'Your Current Password Is Wrong')

                return render(request, 'SuperAdmin/changePassword.html',
                              {'user': userid})

    else:

        if user.role == User.nodal_officer:

            return render(request,
                          'Dashboard/nodal_officer/changePassword.html',
                          {'user': userid})
        elif user.role == User.head:

            return render(request, 'HeadDashboard/changePassword.html',
                          {'user': userid})
        elif user.role == User.superadmin:

            return render(request, 'SuperAdmin/changePassword.html',
                          {'user': userid})
Example #52
0
 def test_create_user_hashes_password(self):
     user = self.create_regular_user()
     self.assertTrue(
         check_password(self.user.get("password"), user.password))
Example #53
0
 def check_password(self, password):
     return check_password(password, self.password)
def login(request):
	logged_on = is_logged_on(request)

	# If the authenticator cookie wasn't set...
	if logged_on:
		# Handle user not logged in while trying to create a listing
		return HttpResponseRedirect(reverse('home'))

	form = LoginForm
	if request.method == "GET":
		return render(request, "app/login.html", {
			"form": form,
			"website_url": WEBSITE_URL,
		})

	elif request.method == "POST":
		f = LoginForm(request.POST)

		# Check if the form instance is invalid
		if not f.is_valid():
			# Form was bad -- send them back to login page and show them an error
			return render(request, 'app/login.html', {
				"form": form,
				"logged_on": logged_on,
				"errorMessage": "Form input invalid",
				"website_url": WEBSITE_URL,
			})

		# Sanitize username and password fields
		username = f.cleaned_data['username']
		password = f.cleaned_data['password']

		user_results = User.objects.filter(username=username)

		if len(user_results) != 1:
			return render(request, 'app/login.html', {
				"form": form,
				"logged_on": logged_on,
				"errorMessage": "Username or Password Incorrect",
				"website_url": WEBSITE_URL,
			})

		user = user_results[0]

		# check password
		if not check_password(password, user.password):
			return render(request, 'app/login.html', {
				"form": form,
				"logged_on": logged_on,
				"errorMessage": "Password Incorrect",
				"website_url": WEBSITE_URL,
			})

		""" If we made it here, we can log them in. """
		# Set their login cookie and redirect to back to wherever they came from
		authenticator = gen_alphanumeric(30)

		auth = Authenticator(
			token=authenticator,
			user_id=user.pk
		)
		auth.save()

		message = "okie dokie"
		response = HttpResponseRedirect(reverse('home'))
		response.set_cookie("auth", authenticator)
		response.set_cookie("responseMessage", message)

		return response
Example #55
0
 def test_unspecified_password(self):
     """
     Makes sure specifying no plain password with a valid encoded password
     returns `False`.
     """
     self.assertFalse(check_password(None, make_password('lètmein')))
Example #56
0
 def clean(self):
     for keycard in Keycard.objects.all():
         if check_password(self.secret, keycard.secret):
             raise ValidationError("Secret already added")
     return super().clean()
Example #57
0
    def test_create_account(self):
        """
        Ensure we can create a new account object.
        """
        url = reverse('authentication_register')

        email = ''.join(
            random.choice(string.ascii_lowercase)
            for _ in range(10)) + '@example.com'
        username = ''.join(
            random.choice(string.ascii_lowercase)
            for _ in range(10)) + '@' + settings.ALLOWED_DOMAINS[0]
        authkey = binascii.hexlify(os.urandom(
            settings.AUTH_KEY_LENGTH_BYTES)).decode()
        public_key = binascii.hexlify(
            os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode()
        private_key = binascii.hexlify(
            os.urandom(settings.USER_PRIVATE_KEY_LENGTH_BYTES)).decode()
        private_key_nonce = binascii.hexlify(
            os.urandom(settings.NONCE_LENGTH_BYTES)).decode()
        secret_key = binascii.hexlify(
            os.urandom(settings.USER_SECRET_KEY_LENGTH_BYTES)).decode()
        secret_key_nonce = binascii.hexlify(
            os.urandom(settings.NONCE_LENGTH_BYTES)).decode()
        user_sauce = 'd25e29d812386431ec8f75ce4dce44464b57a9b742e7caeea78c9d984297c8f1'

        data = {
            'username': username,
            'email': email,
            'authkey': authkey,
            'public_key': public_key,
            'private_key': private_key,
            'private_key_nonce': private_key_nonce,
            'secret_key': secret_key,
            'secret_key_nonce': secret_key_nonce,
            'user_sauce': user_sauce,
        }

        response = self.client.post(url, data)

        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
        self.assertEqual(models.User.objects.count(), 1)

        user = models.User.objects.get()

        email_bcrypt = bcrypt.hashpw(
            email.encode(),
            settings.EMAIL_SECRET_SALT.encode()).decode().replace(
                settings.EMAIL_SECRET_SALT, '', 1)

        self.assertEqual(decrypt_with_db_secret(user.email), email)
        self.assertEqual(user.email_bcrypt, email_bcrypt)
        self.assertTrue(check_password(authkey, user.authkey))
        self.assertEqual(user.public_key, public_key)
        self.assertEqual(user.private_key, private_key)
        self.assertEqual(user.private_key_nonce, private_key_nonce)
        self.assertEqual(user.secret_key, secret_key)
        self.assertEqual(user.secret_key_nonce, secret_key_nonce)
        self.assertEqual(user.user_sauce, user_sauce)
        self.assertTrue(user.is_active)
        self.assertFalse(user.is_email_active)
Example #58
0
def movies(request):

    #VALIDATE METHOD
    response_data = {}
    response_data['movies'] = {}
    if request.method == 'POST':
        #CHECK JSON STRUCTURE
        #DECLARE RESPONSE
        if checkJson().isJson(request.body) == True:
            datitosj = json.loads(request.body)  #Leer json
            errorsito = ""

            #CHECK JSON CONTENT

            try:
                usersql = ApiUsers.objects.get(user=datitosj['user'])
            except Exception as e:
                response_data['result'] = 'error'
                response_data['message'] = 'User incorrect'
                return JsonResponse(response_data, status=401)  #Error Json
            psw = datitosj['password']  #COntraseña que se envia
            Hachiko = usersql.password

            #CHECK IF PASSWORD IS CORRECT
            if (check_password(psw, Hachiko) == False):
                errorsito = "User or password incorrect"

            if (errorsito != ""):
                response_data['result'] = 'error'
                response_data['message'] = errorsito
                return JsonResponse(response_data, status=402)

            if ApiKey().check(request):
                if request.headers["user-api-key"] == usersql.api_key:
                    j = 0
                    for i in Movie.objects.all():
                        response_data['movies'][j] = {}
                        response_data['movies'][j]['id'] = i.movieid
                        response_data['movies'][j]['title'] = i.movietitle
                        response_data['movies'][j][
                            'releaseDate'] = i.releasedate
                        response_data['movies'][j]['imageUrl'] = i.imageurl
                        response_data['movies'][j][
                            'description'] = i.description
                        j = j + 1
                    response_data['result'] = 'success'
                    return JsonResponse(response_data, status=200)

                else:
                    response_data['result'] = 'ERROR'
                    response_data['message'] = 'Api Key Invalido'
                    return JsonResponse(response_data, status=401)

            else:
                response_data['result'] = 'EXITO'
                response_data['message'] = 'Valido'
                response_data['ApiKey'] = usersql.api_key
                return JsonResponse(response_data, status=200)
        else:
            response_data['result'] = 'error'
            response_data['message'] = 'Esta mal el JSON'
        return JsonResponse(response_data, status=100)

    else:
        response_data['result'] = 'error'
        response_data['message'] = 'NO es post'
        return JsonResponse(response_data, status=402)
Example #59
0
 def validate(self, password, user=None):
     if user.previous_password:
         if check_password(password, user.previous_password):
             raise ValidationError("A nova senha não pode ser igual a antiga.")
     return None
Example #60
0
 def test_simple(self):
     encoded = make_password('letmein')
     self.assertTrue(encoded.startswith('pbkdf2_sha256$'))
     self.assertTrue(is_password_usable(encoded))
     self.assertTrue(check_password(u'letmein', encoded))
     self.assertFalse(check_password('letmeinz', encoded))