def get(self):
# Check for correct user fields
authheader = request.headers.get("Authorization")
if authheader == None:
return {"Unauthorized": "No Authorization header found"}, 401
# Get user credentials
credentials = authheader.split(' ')
decode_creds = b64decode(credentials[1]).decode()
user = decode_creds.split(':')
username = user[0]
password = user[1]
# Find user in database
document = collection.users.find_one({"username": username})
if document == None:
return {"Unauthorized": "user not found"}, 401
# Check password
if not verify_password(password, document['password']):
return {"Unauthorized": "wrong password"}, 401
# Generate token
token = generate_auth_token(expiration=1000)
return {"token": token.decode(), "duration": 1000}, 200
def check_auth(username, my_pass):
cur_user = username
cur_pass = my_pass
exists = False
_items = db.user_db.find()
for item in _items:
if cur_user == item['username']:
exists = True
temp_pass = item['password']
break
if not exists:
return {
'message': "There is no user by this name, please try again.",
'auth': False
}
if password.verify_password(cur_pass, temp_pass):
app.logger.debug("Matched Password!")
return {'message': 'Hello, ' + str(cur_user) + '!', 'auth': True}
else:
return {
'message': 'Incorrect password, please try again.',
'auth': False
}
def login():
form = LoginForm()
username = form.username.data
password = form.password.data
remember = form.remember.data
# Logging in
if request.method == 'POST' and form.validate_on_submit():
# Find user in db
user = collection.users.find_one({"username": username})
if user == None:
flask.flash("Unauthorized, user not found")
return render_template('login.html', form=form)
# Check password
if not verify_password(password, user['password']):
flask.flash("Unauthorized, wrong password")
return render_template('login.html', form=form)
userID = str(user['_id'])
user_obj = User(userID)
login_user(user_obj, remember=remember)
# Generate token
token = generate_auth_token(expiration=1000)
return flask.jsonify({"token": token.decode(), "duration": 1000}), 200
return render_template('login.html', form=form)
def log_in(email, password):
user = getUserByEmail(email)
result = verify_password(user["password_hash"], password)
if not result:
raise Exception("Wrong email/password combination")
return True
def verifyPassword(username, passwordRAW):
pwHASH = None
data = usersCollection.find()
for datum in data:
if datum['username'] == username:
pwHASH = datum['password']
if pwHASH == None:
return False
if password.verify_password(passwordRAW, pwHASH):
return True
else:
return False
def verifyPassword(username, passwordRAW):
if len(usersList) > 0 and session['token'] != None: # Using token auth
verify_auth_token(session['token'])
pwHASH = None
data = usersCollection.find()
for datum in data:
if datum['username'] == username:
pwHASH = datum['password']
if pwHASH == None:
return False
if password.verify_password(passwordRAW, pwHASH):
return True
else:
return False
def get(self):
username = request.args.get("username")
passw = request.args.get("password")
data = db_user.user.find_one({"user": username})
if username == None or passw == None:
return "username or password wrong", 400
elif data is None:
return "no such username.", 401
else:
user_correct = password.verify_password(passw, data["password"])
if (user_correct):
result = testToken.generate_auth_token(
data["location"]).decode()
return {"token": result, "duration": 600}, 201
else:
return "bad password.", 401
def web_check_auth():
cur_user = request.form['username']
cur_pass = request.form['password']
exists = False
temp_pass = None
_items = db.user_db.find()
for item in _items:
if cur_user == item['username']:
exists = True
temp_pass = item['password']
break
if not exists:
app.logger.debug("There is no user by this name, try again.")
return render_template("supaLogin.html")
if password.verify_password(cur_pass, temp_pass):
if request.form.get('rem') and request.form['rem']:
app.logger.debug(
"Matched Password && Infinite Token Authentication!")
t = testToken.generate_auth_token(math.inf)
if session.get('token'):
session.pop('token')
session['token'] = t
return redirect(url_for('setup'))
else:
app.logger.debug("Matched Password!")
session['token'] = 'bad_token'
t = testToken.generate_auth_token(600)
if session.get('token'):
session.pop('token')
session['token'] = t
return redirect(url_for('setup'))
else:
session['token'] = 'bad_token'
app.logger.debug("Authentication Failure, try again.")
return render_template("supaLogin.html")
def login():
if request.method == 'POST':
user_name = request.form['logUserName']
user_password = request.form['logPass']
# checking username in database
isUserName = queries.check_username(user_name)
if isUserName == []:
return render_template('login.html', wrongpass=False)
# checking password
hashed_pass = queries.get_hashed_pass(user_name)
check_password = password.verify_password(user_password,
hashed_pass[0]['password'])
if check_password:
user_id = queries.get_userid_by_name(user_name)
session['user_name'] = user_name
session['userId'] = user_id
return redirect(url_for('index'))
else:
return render_template('login.html', wrongpass=False)
elif request.method == 'GET':
return render_template('login.html')
def login():
form = LoginForm()
if form.validate_on_submit():
# Login and validate the user.
# user should be an instance of your `User` class
username = form.username.data
if Userdb.todouserdb.find({"username": username}).count() == 1:
dbuser = Userdb.todouserdb.find_one({"username": username})
if verify_password(form.password.data, dbuser['password']):
user = User(username, dbuser['id'])
login_user(user, form.remember_me.data)
token = generate_auth_token()
Userdb.todouserdb.update_one(dbuser,
{'$set': {
'token': token
}})
flash('Logged in successfully.')
return redirect('/')
else:
flash('incorrect Password.')
else:
flash('unregistered user')
return render_template('login.html', title='Sign In', form=form)
def login():
form = LoginForm()
username = request.form.get('username')
password = request.form.get('password')
#remember showed y or none, bool forces it to be true or false
remember = bool(request.form.get('remember'))
app.logger.debug(remember)
if (request.method == 'POST'
or request.method == 'GET') and form.validate():
user = usersdb.users.find_one({'username': form.username.data})
if user != None and verify_password(password, user['password']):
login_user(User(user), remember=remember)
token = generate_auth_token()
decoded = token.decode()
return jsonify({'token': decoded, 'duration': 600}), 201
else:
flash("username or password is invalid"), 400
return render_template('login.html', form=form)
def is_password_valid(plain_text_password, hashed_password):
return verify_password(plain_text_password, hashed_password)
def validate_password(FlaskForm, field):
if FlaskForm.val.data == '1':
for x in db.userdb.find({'username': FlaskForm.username.data}):
hsval = x['password']
if not verify_password(field.data, hsval):
raise ValidationError('Password is incorrect.')
