def signup(username, password, password_verify, email): """ Signs up the user :param username: :param password: :param password_verify: :param email: :return: """ # username and password are filled if username and password: if password == password_verify: # username exists if User.by_username(username): raise Exception( "This username already exists," " please try a diferent one") else: hashed_password = bcrypt.hashpw(password, bcrypt.gensalt()) user = User(username=username, password=hashed_password, email=email) user.put() return str(user.key().id()) else: raise Exception("Both passwords must match.") else: raise Exception("Username and Password are required to Sign Up.")
def make_secure_cookie(cls, user_id): """ Makes a secure cookie hash based on user id :param user_id: :return: user_id|securehash """ return "%s|%s" % (user_id, bcrypt.hashpw(user_id, bcrypt.gensalt()))
def check_cookie(cookie_hash): """ Check if cookie hash is valid :param cookie_hash: :return: True or False """ if cookie_hash: hashed = cookie_hash.split("|")[1] uid = cookie_hash.split("|")[0] # if hashes match if bcrypt.hashpw(uid, hashed) == hashed: return True else: return False
def signup(): if request.method == 'GET': return send_from_directory('static', 'signup.html') elif request.method == 'POST': request_json = request.get_json() username = request_json['username'] password = request_json['password'] hashed_password = bcrypt.hashpw(password, bcrypt.gensalt()) user = fetch_user_by_username(username) if user: return {'data': 'user already exists!'}, 409 else: user_id = add_user(username, hashed_password) status_response = jsonify({'data': 'user signed up'}) response = make_response(status_response) session_id = str(random.randint(100000000000,999999999999)) store_session_id_for_user(user_id, session_id) response.set_cookie('session_id', session_id, max_age = 3600) #setting session cookie expiry in 1 hour return response
def login(): if request.method == 'GET': res = make_response(send_from_directory('static', 'login.html')) res.set_cookie('oidc_state', str(uuid.uuid4())) return res elif request.method == 'POST': request_json = request.get_json() username = request_json['username'] password = request_json['password'] user = fetch_user_by_username(username) if user: hashed_password = user['password'] input_hashed = bcrypt.hashpw(password, hashed_password) if input_hashed == hashed_password: response = make_response(redirect('/'), 302) session_id = str(random.randint(100000000000,999999999999)) store_session_id_for_user(user.key.id, session_id) response.set_cookie('session_id', session_id, max_age = 3600) #setting session cookie expiry in 1 hour return response else: return {'data': 'failure'}, 401 else: return {'data': 'user does not exist!!'}, 401
def login(username, password): """ Authenticate the user :param username: :param password: :return: """ # username and password are filled if username and password: # verify if user exists user = User.by_username(username) # exits if user: hashed_password = user.password # if password matches if bcrypt.hashpw(password, hashed_password) == hashed_password: return str(user.key().id()) else: # generalizes the message to prevent username tumpering raise Exception("Username or password invalid") else: raise Exception("Username or password invalid.") else: raise Exception("Username and Password are required to login")
def gen_hash_password(username, password, salt = None): if not salt: salt = gen_salt() h = hashpw(username + password, salt) return "%s, %s" % (salt, h)