def signupuser(request):
if request.method == 'POST':
try:
user = User.objects.get(email=request.data["email"])
except User.DoesNotExist:
encryptpassword = pbkdf2_sha256.using(
rounds=1000, salt_size=20).hash(request.data["password"])
newUser = User(email=request.data["email"],
nickname=request.data["nickname"],
password=encryptpassword,
state=True,
typeuser=False)
newUser.save()
return Response({
"message": "USER CREATED",
"user": {
"email": request.data["email"],
"nickname": request.data["nickname"]
},
"isLogged": True,
"signupCorrect": True
})
return Response({
"message": "USER ALREADY EXISTS",
"user": {},
"isLogged": False,
"signupCorrect": False
})
def _generate_hash(cls, secret_key, master_key):
pair = pbkdf2_sha256.using(rounds=250_000,
salt_size=32).hash(master_key)
salt = pair.split("$")[3]
hashed = pair.split("$")[4]
key = cls._combine_keys(secret_key, hashed)
return key, salt
def register():
form = RegistrationForm(request.form)
if request.method == 'POST' and form.validate(
) and not query.user.get_userLogin(
form.username.data) and not query.user.get_userLogin(
form.email.data):
username = html_escape(form.username.data)
email = html_escape(form.email.data)
password = pbkdf2_sha256.using(rounds=10000, salt_size=16).hash(
html_escape(form.password.data))
query.user.register_user(username, email, password)
return redirect(url_for('Page.login'))
return render_template("register.html", form=form)
def reset():
form = PassResetForm(request.form)
if request.method == 'POST' and form.validate():
username = getSessionUsername()
user = query.user.get_userLogin(username)
try:
if user and pbkdf2_sha256.verify(
form.password.data,
user["password"]) and user["is_active"] == 1:
new_password = pbkdf2_sha256.using(
rounds=10000,
salt_size=16).hash(html_escape(form.new_password.data))
query.user.Updatepassword(username, new_password)
flash('Your password has been change.')
else:
flash('Please check your password and try again.')
except:
flash('Please check your password and try again.')
return render_template("password_reset.html", form=form)
def create_user(user):
#user = body
user["api_key"] = uuid.uuid4()
user["pwd"] = pbkdf2_sha256.using(rounds=200000,
salt_size=16).hash(user["pwd"])
if ("username" in user and len(user["username"])
== 0) or not "username" in user and "email" in user:
user["username"] = user["email"].split("@")[0]
print(user)
created_user, code = model.post(Model, user)
if 'X-Api-Key' in request.headers and request.headers[
'X-Api-Key'] is not None:
from_anon = request.headers['X-Api-Key']
anon_user = db_session.query(User).filter(
User.api_key == from_anon).one_or_none()
if anon_user:
print('deleting user')
db_session.execute(
"update submissions set user_id='{1}' where user_id='{0}'".
format(anon_user.id, created_user.id))
db_session.query(User).filter(User.id == anon_user.id).delete()
db_session.commit()
if code == 201:
if (created_user.info is not None
and created_user.info['anonymous'] is False):
user_project = {
'name': created_user.username,
'description':
'Default space for {}'.format(created_user.username),
'active': True,
'owned_by': created_user.id
}
p = Project(**user_project)
created_user.member_of.append(p)
db_session.add(created_user)
db_session.commit()
db_session.refresh(created_user)
return created_user.dump(), code
else:
return created_user, 409
def register_post():
username = request.form.get('username')
password = request.form.get('password')
firstname = request.form.get('firstname')
lastname = request.form.get('lastname')
company = request.form.get('company')
# constraints on usernames and other inputs would go here
# check if username is taken
with oursql.connect(**config.get('mysql')) as c:
c.execute("SELECT username FROM users WHERE username = ?", (username,))
r = c.fetchall()
if r:
return render_template('registerusername.html', error="Username is taken", username=username, lastname=lastname, firstname=firstname, company=company)
# passed checks - hash password and insert user into database
pw_crypt = pbkdf2_sha256.using(rounds=8000, salt_size=10).hash(password)
with oursql.connect(**config.get('mysql')) as c:
c.execute("INSERT INTO users VALUES (NULL, ?, ?, ?, ?, ?)", (username, pw_crypt, firstname, lastname, company,))
return redirect('/')
def get_password(cls, password):
return pbkdf2_sha256.using(rounds=config.password_iterations).hash(password)
