def test_check_hash(self): # check a correct password a = check_password_hash(self.pw_hash, 'secret') self.assertTrue(a) # check a wrong password b = check_password_hash(self.pw_hash, 'test') self.assertFalse(b)
def test_check_hash(self): # check a correct password a = check_password_hash(self.pw_hash, "secret") self.assertTrue(a) # check a wrong password b = check_password_hash(self.pw_hash, "test") self.assertFalse(b)
def test_check_hash_unicode(self): password = u'\u2603' x = generate_password_hash(password) # check a correct password a = check_password_hash(x, password) self.assertTrue(a) # check a wrong password b = check_password_hash(x, 'test') self.assertFalse(b)
def test_check_hash_unicode(self): password = u"\u2603" x = generate_password_hash(password) # check a correct password a = check_password_hash(x, password) self.assertTrue(a) # check a wrong password b = check_password_hash(x, "test") self.assertFalse(b)
def login(self, user, password=None): success = False # assuming that if password isn't given then we have a user object if password is None: session["user_id"] = user.id success = True # otherwise we have a username else: user = User.query.filter(User.nickname == user).first() if not user: return False if check_password_hash(user.pwdhash, password): session["user_id"] = user.id success = True if success: user.regenerate_auth_tokens() after_this_request( lambda resp: resp.set_cookie( COOKIE_USER_AUTH_TOKEN, user.auth_token, expires=datetime.utcnow() + timedelta(days=14), domain=urlparse(request.url_root).netloc.split(":")[0], httponly=True, ) or resp # using 'or' because set_cookie returns NoneType without it ) g.current_user = user return success
def hash_text(self, h): klass = RedisObject.klass(h) max_length = 2048 if not klass or klass not in [Album, File]: return {'error': 404}, 404 properties = ["title", "description"] if not any(prop in request.form for prop in properties): return {'error': 400}, 400 try: o = klass.from_hash(h) # We don't care about the object type if not check_password_hash(o.ip, get_ip()): return {'error': 401}, 401 except: return {'error': 401}, 401 if o.text_locked: return {'error': 408}, 408 for prop in properties: if prop in request.form: data = request.form[prop] if len(data) > max_length: return {'error': 414}, 414 setattr(o, prop, data) o.save() return {'status': 'success'}
def validate_password(self, field): if not self.user: raise ValidationError("Wrong password") else: if not check_password_hash(self.user.pwd_hash, field.data): self.user = None raise ValidationError("Wrong password")
def get(self, id): if ".." in id or id.startswith("/"): abort(403) if "." in id: if os.path.exists( os.path.join(_cfg("storage_folder"), id) ): # These requests are handled by nginx if it's set up path = os.path.join(_cfg("storage_folder"), id) return send_file(path, as_attachment=True) klass = RedisObject.klass(id) if klass is Album: album = klass.from_hash(id) items = [File.from_hash(h) for h in album.items] types = set([get_mimetype(f.original) for f in items]) can_delete = None try: if request.cookies.get("hist-opt-out", "0") == "1": can_delete = check_password_hash(f.ip, get_ip()) except: pass return render_template("album.html", items=items, types=types, filename=id, can_delete=can_delete) if klass is not File: abort(404) f = File.from_hash(id) return render_template("view.html", **_template_params(f))
def get(self, id): if ".." in id or id.startswith("/"): abort(403) if "." in id: if os.path.exists(os.path.join(_cfg("storage_folder"), id)): # These requests are handled by nginx if it's set up path = os.path.join(_cfg("storage_folder"), id) return send_file(path, as_attachment=True) f = File.from_hash(id) if not f.original: abort(404) if f.compression: compression = int(float(f.compression) * 100) can_delete = None if request.cookies.get('hist-opt-out', '0') == '1': can_delete = check_password_hash(f.ip, get_ip()) ext = extension(f.original) mimetype = get_mimetype(f.original) template_params = { 'filename': f.hash, 'original': f.original, 'video': ext in VIDEO_EXTENSIONS, 'controls': ext in CONTROLS_EXTENSIONS, 'compression': compression, 'mimetype': mimetype, 'can_delete': can_delete if can_delete is not None else 'check' } return render_template("view.html", **template_params)
def _album_params(album): items = album.items if not items: abort(404) files = objects[Album](album)["files"] types = set([f.processor for f in items]) filename = album.hash subtitles = False for f in items: metadata = {} if f.metadata and f.metadata != "null": try: metadata = json.loads(f.metadata) except: pass if "has_subtitles" in metadata: subtitles = metadata["has_subtitles"] can_delete = None try: if request.cookies.get("hist-opt-out", "0") == "1": can_delete = check_password_hash(f.ip, get_ip()) except: pass return vars()
def _album_params(album): items = album.items if not items: abort(404) files = objects[Album](album)['files'] types = set([f.processor for f in items]) filename = album.hash subtitles = False for f in items: metadata = {} if f.metadata and f.metadata != 'null': try: metadata = json.loads(f.metadata) except: pass if 'has_subtitles' in metadata: subtitles = metadata['has_subtitles'] can_delete = None try: if request.cookies.get('hist-opt-out', '0') == '1': can_delete = check_password_hash(f.ip, get_ip()) except: pass return vars()
def login(): if flask.request.method == 'GET': if 'logged_in' in flask.session and flask.session['logged_in']: return flask.redirect(flask.url_for('show_home')) return flask.render_template('login.html') else: error = None user = mongo.retrieve_users(userName = flask.request.form['userName']) if user: user = user[0] else: # userName not found error = 'That\'s a bad username/password combination' return flask.render_template('login.html', error=error) if not check_password_hash(user['passwordHash'], flask.request.form['password'] + user['salt']): error = 'That\'s a bad username/password combination' return flask.render_template('login.html', error=error) mongo.update_last_login(user['emailAddress']) # updates last-login timestamp flask.session['logged_in'] = True flask.session['emailAddress'] = user['emailAddress'] flask.session['userName'] = user['userName'] flask.session['adminRights'] = user['adminRights'] flask.session['verified'] = user['verified'] return flask.redirect(flask.url_for('show_new_cases'))
def login_user(username, password): """Login user. Returns user database row. If fails, returns None. """ user = g.db.users(username=username) if user and check_password_hash(user.password, password): session[SESSION_USERID] = user.id return user return None
def login(cls, email, password): u = cls.query.filter_by(email=email).first() if u is None: return None if check_password_hash(u.pwdhash, password): return u return None
def validate_password(self,password): access_user = User.query.filter_by(email = self.username.data).first() if access_user is None: raise ValidationError, "Invalid Username" else: condition = check_password_hash(access_user.password, password.data) if not condition: raise ValidationError, "Invalid Password"
def _template_params(f): if f.compression: compression = int(float(f.compression) * 100) if compression == 100 or f.status != "done": compression = None can_delete = None try: if request.cookies.get('hist-opt-out', '0') == '1': can_delete = check_password_hash(f.ip, get_ip()) except: pass mimetype = f.mimetype processor = get_processor(f.processor) types = [mimetype] for f_ext in processor.outputs: types.append(get_mimetype(f_ext)) if 'do-not-send' in request.cookies: try: blacklist = json.loads(request.cookies['do-not-send']) for t in blacklist: if t in types: types.remove(t) except: pass metadata = {} if f.metadata and f.metadata != 'null': metadata = json.loads(f.metadata) subtitles = None if 'subtitles' in metadata and 'streams' in metadata['subtitles']: for stream in metadata['subtitles']['streams']: if stream['type'] == 'subtitle': subtitles = stream if subtitles['info']['codec_name'] == 'ssa': subtitles['info']['codec_name'] = 'ass' subtitles['url'] = '/' + f.hash + '.' + subtitles['info']['codec_name'] break return { 'filename': f.hash, 'original': f.original, 'video': normalise_processor(f.processor) == 'video', 'flags': f.flags.as_dict(), 'metadata': metadata, 'subtitles': subtitles, 'has_subtitles': subtitles != None, 'compression': compression, 'mimetype': mimetype, 'can_delete': can_delete if can_delete is not None else 'check', 'fragment': 'fragments/' + fragment(f.processor) + '.html', 'types': types, 'processor': f.processor, 'protocol': _cfg("protocol"), 'domain': _cfg("domain"), }
def _template_params(f): if f.compression: compression = int(float(f.compression) * 100) if compression == 100 or f.status != "done": compression = None can_delete = None try: if request.cookies.get("hist-opt-out", "0") == "1": can_delete = check_password_hash(f.ip, get_ip()) except: pass mimetype = f.mimetype processor = get_processor(f.processor) types = [mimetype] for f_ext in processor.outputs: types.append(get_mimetype(f_ext)) if "do-not-send" in request.cookies: try: blacklist = json.loads(request.cookies["do-not-send"]) for t in blacklist: if t in types: types.remove(t) except: pass metadata = {} if f.metadata and f.metadata != "null": metadata = json.loads(f.metadata) subtitles = None if "subtitles" in metadata and "streams" in metadata["subtitles"]: for stream in metadata["subtitles"]["streams"]: if stream["type"] == "subtitle": subtitles = stream if subtitles["info"]["codec_name"] == "ssa": subtitles["info"]["codec_name"] = "ass" subtitles["url"] = "/" + f.hash + "." + subtitles["info"]["codec_name"] break return { "filename": f.hash, "original": f.original, "video": normalise_processor(f.processor) == "video", "flags": f.flags.as_dict(), "metadata": metadata, "subtitles": subtitles, "has_subtitles": subtitles != None, "compression": compression, "mimetype": mimetype, "can_delete": can_delete if can_delete is not None else "check", "fragment": "fragments/" + fragment(f.processor) + ".html", "types": types, "processor": f.processor, "protocol": _cfg("protocol"), "domain": _cfg("domain"), }
def delete(self, h): f = File.from_hash(h) if not f.original: return {'error': 404}, 404 if not check_password_hash(f.ip, get_ip()): return {'error': 401}, 401 delete_file(f) return {'status': 'success'}
def delete(self, h): f = File.from_hash(h) if not f.original: abort(404) if not check_password_hash(f.ip, get_ip()): abort(401) delete_file(f) return "ok"
def test_check_hash(self): pw_hash = self.bcrypt.generate_password_hash('secret') # check a correct password self.assertTrue(self.bcrypt.check_password_hash(pw_hash, 'secret')) # check an incorrect password self.assertFalse(self.bcrypt.check_password_hash(pw_hash, 'hunter2')) # check unicode pw_hash = self.bcrypt.generate_password_hash(u'\u2603') self.assertTrue(self.bcrypt.check_password_hash(pw_hash, u'\u2603')) # check helpers pw_hash = generate_password_hash('hunter2') self.assertTrue(check_password_hash(pw_hash, 'hunter2'))
def delete(self, h): klass = RedisObject.klass(h) if not klass: return {"error": 404}, 404 try: o = klass.from_hash(h) if not check_password_hash(o.ip, get_ip()): return {"error": 401}, 401 except: return {"error": 401}, 401 deletion_procedures[klass](o) return {"status": "success"}
def delete(self, h): klass = RedisObject.klass(h) if not klass: return {'error': 404}, 404 try: o = klass.from_hash(h) if not check_password_hash(o.ip, get_ip()): return {'error': 401}, 401 except: return {'error': 401}, 401 deletion_procedures[klass](o) return {'status': 'success'}
def _album_params(album): items = album.items if not items: abort(404) types = set([f.processor for f in items]) can_delete = None try: if request.cookies.get('hist-opt-out', '0') == '1': can_delete = check_password_hash(f.ip, get_ip()) except: pass return vars()
def _template_params(f): if f.compression: compression = int(float(f.compression) * 100) if compression == 100 or f.status != "done": compression = None can_delete = None try: if request.cookies.get('hist-opt-out', '0') == '1': can_delete = check_password_hash(f.ip, get_ip()) except: pass mimetype = f.mimetype processor = get_processor(f.processor) types = [mimetype] for f_ext in processor.outputs: types.append(get_mimetype(f_ext)) if 'do-not-send' in request.cookies: try: blacklist = json.loads(request.cookies['do-not-send']) for t in blacklist: if t in types: types.remove(t) except: pass metadata = {} if f.metadata and f.metadata != 'None': metadata = json.loads(f.metadata) return { 'filename': f.hash, 'original': f.original, 'video': normalise_processor(f.processor) == 'video', 'flags': f.flags.as_dict(), 'metadata': metadata, 'compression': compression, 'mimetype': mimetype, 'can_delete': can_delete if can_delete is not None else 'check', 'fragment': 'fragments/' + fragment(f.processor) + '.html', 'types': types, 'processor': f.processor, 'protocol': _cfg("protocol"), 'domain': _cfg("domain"), }
def login(): if session.get("logged_in"): return redirect(url_for("user", id=session.get("username"))) error = None form = Login(request.form) if request.method == "POST" and form.validate(): user = User.query.filter_by(username=form.username.data).first() if not user or not user.is_active: error = "Invalid username" elif check_password_hash(user.pwhash, form.password.data): auth_user(user) return redirect(url_for("index")) else: error = "Invalid password" return render_template("login.html", form=form, error=error)
def login(): if check_if_database_up(): if check_size() == 0: return render_template('oops.html') else: form = LoginForm(request.form) if request.method=='POST': check_user = Operators.query.filter_by(email=form.email.data).first() if check_user: pass_check = check_password_hash(check_user.password,form.password.data) if pass_check: session['logged_in'] = True return redirect(url_for('index')) else: flash('Incorrect Password') else: flash('Incorrect Username') return render_template('login.html', form=form)
def _template_params(f): if f.compression: compression = int(float(f.compression) * 100) if compression == 100 or f.status != "done": compression = None can_delete = None try: if request.cookies.get('hist-opt-out', '0') == '1': can_delete = check_password_hash(f.ip, get_ip()) except: pass mimetype = f.mimetype processor = get_processor(f.processor) types = [mimetype] for f_ext in processor.outputs: types.append(get_mimetype(f_ext)) if 'do-not-send' in request.cookies: try: blacklist = json.loads(request.cookies['do-not-send']) for t in blacklist: if t in types: types.remove(t) except: pass return { 'filename': f.hash, 'original': f.original, 'video': mimetype in VIDEO_FORMATS, 'loop': mimetype in LOOP_FORMATS, 'autoplay': mimetype in AUTOPLAY_FORMATS, 'compression': compression, 'mimetype': mimetype, 'can_delete': can_delete if can_delete is not None else 'check', 'fragment': 'fragments/' + fragment(f.processor) + '.html', 'types': types, 'processor': f.processor, 'protocol': _cfg("protocol"), 'domain': _cfg("domain"), }
def _template_params(self, id): f = File.from_hash(id) if not f.original: abort(404) if f.compression: compression = int(float(f.compression) * 100) if compression == 100 or processing_status(f.hash) != "done": compression = None can_delete = None if request.cookies.get('hist-opt-out', '0') == '1': can_delete = check_password_hash(f.ip, get_ip()) ext = extension(f.original) mimetype = get_mimetype(f.original) fragments = ['video', 'mobilevideo', 'image', 'audio'] fragment_check = [ (mimetype == 'image/gif' and not g.mobile) or mimetype.startswith('video'), mimetype.startswith('video') and g.mobile, (mimetype.startswith('image') and mimetype != 'image/gif') or (mimetype == 'image/gif' and g.mobile), mimetype.startswith('audio'), ] for i, truth in enumerate(fragment_check): if truth: fragment = fragments[i] return { 'filename': f.hash, 'original': f.original, 'video': ext in VIDEO_EXTENSIONS, 'loop': ext in LOOP_EXTENSIONS, 'autoplay': ext in AUTOPLAY_EXTENSIONS, 'compression': compression, 'mimetype': mimetype, 'can_delete': can_delete if can_delete is not None else 'check', 'fragment': 'fragments/' + fragment + '.html' }
def _template_params(f): if f.compression: compression = int(float(f.compression) * 100) if compression == 100 or processing_status(f.hash) != "done": compression = None can_delete = None try: if request.cookies.get('hist-opt-out', '0') == '1': can_delete = check_password_hash(f.ip, get_ip()) except: pass ext = extension(f.original) mimetype = get_mimetype(f.original) types = [mimetype] for f_ext in processing_needed[ext]['formats']: types.append(mimetypes.guess_type('foo.' + f_ext)[0]) if 'do-not-send' in request.cookies: try: blacklist = json.loads(request.cookies['do-not-send']) for t in blacklist: if t in types: types.remove(t) except: pass return { 'filename': f.hash, 'original': f.original, 'video': ext in VIDEO_EXTENSIONS, 'loop': ext in LOOP_EXTENSIONS, 'autoplay': ext in AUTOPLAY_EXTENSIONS, 'compression': compression, 'mimetype': mimetype, 'can_delete': can_delete if can_delete is not None else 'check', 'fragment': 'fragments/' + fragment(mimetype) + '.html', 'types': types, 'protocol': _cfg("protocol"), 'domain': _cfg("domain"), }
def login(): ''' Login controller when logging in. 'Success' is returned when accepted and frontend JS will redirect accordingly if 'Success' is returned. ''' form = LoginForm(request.form) if request.method == 'POST' and form.validate(): # Check if user exists, then check if password hash matches. try: user = User.objects.get(username__iexact=form.username.data) except: return 'You shall not pass.' if check_password_hash(user.password, form.password.data) == True: session['username'] = user.username else: return 'You shall not pass.' return 'Success' # Go home if called via GET request directly. return redirect(url_for('home'))
def login(): if session.get('logged_in'): return redirect(url_for('user', id=session.get('username'))) error = None form = Login(request.form) if request.method == 'POST' and form.validate(): user = User.query.filter_by(username=form.username.data).first() if not user or not user.is_active: error = 'Invalid username' else: if check_password_hash(user.pw_hash, form.password.data): auth_user(user) next_url = request.args.get('next') if next_url: return redirect(url_for(next_url)) else: return redirect(url_for('index')) else: error = 'Invalid password' return render_template('login.html', form=form, error=error)
def _template_params(f): if f.compression: compression = int(float(f.compression) * 100) if compression == 100 or processing_status(f.hash) != "done": compression = None can_delete = None try: if request.cookies.get("hist-opt-out", "0") == "1": can_delete = check_password_hash(f.ip, get_ip()) except: pass ext = extension(f.original) mimetype = get_mimetype(f.original) types = [mimetype] for f_ext in processing_needed[ext]["formats"]: types.append(mimetypes.guess_type("foo." + f_ext)[0]) if "do-not-send" in request.cookies: try: blacklist = json.loads(request.cookies["do-not-send"]) for t in blacklist: if t in types: types.remove(t) except: pass return { "filename": f.hash, "original": f.original, "video": ext in VIDEO_EXTENSIONS, "loop": ext in LOOP_EXTENSIONS, "autoplay": ext in AUTOPLAY_EXTENSIONS, "compression": compression, "mimetype": mimetype, "can_delete": can_delete if can_delete is not None else "check", "fragment": "fragments/" + fragment(mimetype) + ".html", "types": types, }
def flags_post(self, h): klass = RedisObject.klass(h) if not klass: return {'error': 404}, 404 try: o = klass.from_hash(h) if not check_password_hash(o.ip, get_ip()): return {'error': 401}, 401 except: return {'error': 401}, 401 # At this point, we're authenticated and o is the object. for flag, value in request.form.items(): v = True if value == 'true' else False try: setattr(o.flags, flag, v) except AttributeError: return {'error': 415}, 415 o.save() return {"flags": o.flags.as_dict()}
def validate_password(self, password): valid = check_password_hash(self.pw_hash, password) return valid
def is_hashed(form, field): if not check_password_hash(g.user.pwhash, field.data): raise ValidationError('Invalid password')
def _template_params(f): if f.compression: compression = int(float(f.compression) * 100) if compression == 100 or f.status != "done": compression = None can_delete = None try: if request.cookies.get('hist-opt-out', '0') == '1': can_delete = check_password_hash(f.ip, get_ip()) except: pass mimetype = f.mimetype processor = get_processor(f.processor) types = [mimetype] for f_ext in processor.outputs: types.append(get_mimetype(f_ext)) if 'do-not-send' in request.cookies: try: blacklist = json.loads(request.cookies['do-not-send']) for t in blacklist: if t in types: types.remove(t) except: pass metadata = {} if f.metadata and f.metadata != 'null': try: metadata = json.loads(f.metadata) except: pass subtitles = None if 'subtitles' in metadata and 'streams' in metadata['subtitles']: for stream in metadata['subtitles']['streams']: if stream['type'] == 'subtitle': subtitles = stream if subtitles['info']['codec_name'] == 'ssa': subtitles['info']['codec_name'] = 'ass' subtitles['url'] = '/' + f.hash + '.' + subtitles['info']['codec_name'] break if f.description: f.description = slimdown.convert(f.description) return { 'filename': f.hash, 'original': f.original, 'video': normalise_processor(f.processor) == 'video', 'flags': f.flags.as_dict(), 'metadata': metadata, 'subtitles': subtitles, 'has_subtitles': subtitles != None, 'compression': compression, 'mimetype': mimetype, 'can_delete': can_delete if can_delete is not None else 'check', 'fragment': 'fragments/' + fragment(f.processor) + '.html', 'types': types, 'processor': f.processor, 'protocol': _cfg("protocol"), 'domain': _cfg("domain"), 'file': f }
def test_check_hash_unicode_is_utf8(self): password = u'\u2603' x = generate_password_hash(password) # check a correct password a = check_password_hash(x, '\xe2\x98\x83') self.assertTrue(a)