def login():
if request.method == 'GET':
return render_template('login.html')
if request.method == 'POST':
form_username = request.form.get('username', "")
form_password = request.form.get('password', "")
if form_username == "" or form_password == "":
return "Error! You have to pass username and password! \n"
result, success = database.get_user(form_username)
if not success:
return "Login failed! \n"
if result is None:
return "Login failed! \n"
password = Password(form_password, form_username, result[2])
if not password.validate_password(result[0]):
return "Login failed! \n"
cookie_dic = {"permissao": result[1], "username": form_username}
cookie = json.dumps(cookie_dic)
hash_cookie = hashlib.sha256(cookie.encode('utf-8')).hexdigest()
cookie_done = '.'.join([cookie, hash_cookie])
cookie_done = base64.b64encode(str(cookie_done).encode("utf-8"))
resp = make_response("Logged in!")
resp.set_cookie("sessionId", cookie_done)
return resp
def newuser():
if request.method == 'POST':
username = request.form.get('username')
psw1 = request.form.get('password1')
psw2 = request.form.get('password2')
if username == '' or psw1 == '' or psw2 == '':
flash('All fields are required', 'danger')
return redirect('/register')
# username = username.encode('utf-8')
psw1 = psw1.encode('utf-8')
psw2 = psw2.encode('utf-8')
if psw1 == psw2:
psw = Password(psw1)
hashed_psw = psw.get_hashed_password()
message, success = database.insert_user(username, hashed_psw)
if success == 1:
flash('New user added!', 'primary')
return redirect('/login')
else:
error('newuser', message, session.get('username'))
flash('Internal error!', 'danger')
return redirect('/register')
flash('Passwords must be the same!', 'danger')
return redirect('/register')
else:
return render_template('register.html')
def post(handler): # pragma: no cover
password = handler.request.get('password')
if not password:
handler.response.write('"password" field missing.')
return
Password.get_or_insert(CQ_BOT_PASSWORD_KEY,
sha1=utils.password_sha1(password)).put()
handler.response.write('Bot password successfully updated.')
def post(handler): # pragma: no cover
password = handler.request.get('password')
if not password:
handler.response.write('"password" field missing.')
return
Password.get_or_insert(
CQ_BOT_PASSWORD_KEY,
sha1=utils.password_sha1(password)
).put()
handler.response.write('Bot password successfully updated.')
def login():
if request.method == 'POST':
username = request.form.get('username').encode('utf-8')
psw = Password(request.form.get('password').encode('utf-8'))
user_password, success = database.get_user_password(username)
if not success or user_password == None or not psw.validate_password(str(user_password[0])):
flash("Usuario ou senha incorretos", "danger")
return render_template('login.html')
session['username'] = username
return redirect('/home')
else:
return render_template('login.html')
def register():
if request.method == 'POST':
form_username = request.form.get('username')
form_password = request.form.get('password')
guid = str(uuid.uuid4())
password = Password(form_password, form_username, guid)
hashed_password = password.get_hashed_password()
message, success = database.insert_user(guid, form_username,
hashed_password)
# return render_template('login.html')
if success:
return "Registrado com sucesso"
return "Registro falhou!"
else:
return "register"
def login():
if request.method == 'POST':
username = request.form.get('username')
psw = Password(request.form.get('password').encode('utf-8'))
user_password, success = database.get_user_password(username)
if not success or user_password == None or not psw.validate_password(
user_password[0]):
error('gossip', 'User not found or wrong password',
session.get('username'))
flash('User not found or wrong password', 'danger')
return render_template('login.html')
session['username'] = username
return redirect('/gossip')
else:
return render_template('login.html')
def newuser():
if request.method == 'POST':
username = request.form.get('username')
psw1 = request.form.get('password1')
psw2 = request.form.get('password2')
if psw1 == psw2:
psw = Password(str(psw1))
hashed_psw = psw.get_hashed_password()
message, success = database.insert_user(str(username), hashed_psw)
if success == 1:
flash("Novo usuario adicionado!", "primary")
return redirect('/login')
else:
return redirect('/register')
flash("Passwords must be the same!", "danger")
return redirect('/register')
else:
return render_template('register.html')
def register():
if request.method == 'GET':
return render_template('register.html')
if request.method == 'POST':
form_username = request.form.get('username', "")
form_password = request.form.get('password', "")
form_password2 = request.form.get('password2', "")
if form_username == "" or form_password == "":
return "Error! You have to pass username and password! \n"
elif form_password != form_password2:
return "Error! Passwords must be the same! \n"
guid = str(uuid.uuid4())
password = Password(form_password, form_username, guid)
hashed_password = password.get_hashed_password()
message, success = database.insert_user(guid, form_username,
hashed_password)
if success:
return render_template('login.html')
return "Error: account creation failed \n"
def login():
if request.method == 'POST':
form_username = request.form.get('username')
form_password = request.form.get('password')
result, success = database.get_user(form_username)
if not success:
return "Login falhou!"
if result == None:
return "Login falhou!"
password = Password(form_password, form_username, result[2])
if not password.validate_password(result[0]):
return "Login falhou!"
cookie_dic = {"permissao": result[1], "username": form_username}
cookie = json.dumps(cookie_dic)
hash_cookie = hashlib.sha256(cookie.encode('utf-8')).hexdigest()
cookie_done = '.'.join([cookie, hash_cookie])
cookie_done = base64.b64encode(str(cookie_done).encode("utf-8"))
resp = make_response(redirect("/user"))
resp.set_cookie("sessionId", cookie_done)
return resp
def test_post_multiple_empty(self):
self.mock_current_user(is_admin=False)
password = '******'
Password(id=CQ_BOT_PASSWORD_KEY,
sha1=utils.password_sha1(password)).put()
old_count = Record.query().count()
response = self.test_app.post('/post', params={'password': password})
self.assertEquals('', response.body)
self.assertEquals(old_count, Record.query().count())
response = self.test_app.post('/post',
params={
'p': '{}',
'password': password
})
self.assertEquals('Empty record entries disallowed', response.body)
self.assertEquals(old_count, Record.query().count())
def _is_cq_bot(self):
password = self.request.get('password')
if not password:
return False
sha1 = utils.password_sha1(password)
return sha1 == Password.get_by_id(CQ_BOT_PASSWORD_KEY).sha1
def _is_cq_bot(self):
password = self.request.get('password')
if not password:
return False
sha1 = utils.password_sha1(password)
return sha1 == Password.get_by_id(CQ_BOT_PASSWORD_KEY).sha1
