def test_check_password(self): """ Ensure given password is correct after unhashing """ data = {"password" : "admin", "email" : "*****@*****.**"} with self.client: user = User.query.filter_by(email='*****@*****.**').first() self.assertTrue(bcrypt.check_password_hash(user.password, "admin")) self.assertFalse(bcrypt.check_password_hash(user.password, 'foobar'))
def post(self): # get the post data post_data = request.get_json() try: # fetch the user data user = User.query.filter_by(email=post_data.get('email')).first() if user and bcrypt.check_password_hash(user.password, post_data.get('password')): auth_token = user.encode_auth_token(user.id) if auth_token: responseObject = { 'status': 'success', 'message': 'Successfully logged in.', 'auth_token': auth_token.decode() } return make_response(jsonify(responseObject)), 200 else: responseObject = { 'status': 'fail', 'message': 'User does not exist.' } return make_response(jsonify(responseObject)), 404 except Exception as e: print(e) responseObject = {'status': 'fail', 'message': 'Try again'} return make_response(jsonify(responseObject)), 500
def login_user() -> APIResponse: post_data = request.get_json() if not post_data: return jsonify({ 'status': 'error', 'message': 'Invalid payload.' }), http_response.BAD_REQUEST try: user = User.query.filter_by(email=post_data.get('email')).first() if user and bcrypt.check_password_hash(user.password, post_data.get('password')): return jsonify({ 'status': 'success', 'message': 'Successfully logged in.', 'auth_token': encode_auth_token(user.id).decode() }), http_response.OK else: return jsonify({ 'status': 'error', 'message': 'User does not exist.' }), http_response.NOT_FOUND except Exception as e: print(e) return jsonify({ 'status': 'error', 'message': 'Try again.' }), http_response.INTERNAL_SERVER_ERROR
def post(self): if not request.is_json: return jsonResponse({"err": "TypeError: Not JSON Type Request."}, 400) user_id = request.json.get('userId', None) password = request.json.get('password', None) user = User.query.filter_by(user_id=user_id).first() match = bcrypt.check_password_hash(user.password, password) res = { 'title': 'AjouNICE!', 'message': '빤스런 프로젝트 아주나이스 - 아주대 차세대 학부 커뮤니티 서비스', 'APIName': '/auth/login', 'APIDescription': '로그인 토큰처리', } if match: # 사용자 마지막 로그인 IP 및 일시 업데이트 user.log_ip = request.remote_addr user.log_dt = datetime.now(tz=timezone(timedelta(hours=9))) db.session.commit() tokenizer = Tokenizer(secret=SECRET_KEY) tokenizer.create_payload(user, request.remote_addr) access_token = tokenizer.create_access_token() res['result'] = { 'code': '201', 'access_token': access_token, 'auth_email_yn': user.auth_email_yn } return jsonResponse(res, 201) res['result'] = {'code': '401', 'message': '로그인 정보가 올바르지 않습니다.'} return jsonResponse(res, 401)
def post(self): try: users = mongo_db.db.users login_user = users.find_one({'email': request.json['email']}) if login_user: if bcrypt.check_password_hash(login_user['password'], request.json['password']): auth_token = models.encode_auth_token( str(login_user['_id'])) if auth_token: response_object = { 'status': 'success', 'message': 'Successfully logged in.', 'auth_token': auth_token.decode() } return make_response(jsonify(response_object)), 200 else: response_object = { 'status': 'fail', 'message': 'Please enter valid email or password.' } return make_response(jsonify(response_object)), 401 else: response_object = { 'status': 'fail', 'message': 'User does not exist.' } return make_response(jsonify(response_object)), 404 except Exception as e: print(e) response_object = {'status': 'fail', 'message': 'Try again'} return make_response(jsonify(response_object)), 500
def login(): ''' login 1. check validity of email such as [email protected] etc... 2. via digest to compare user input password and password in the DB ''' if current_user.is_authenticated: return redirect(url_for('home')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if not user: flash('Login Failed,Please Check Your Email', 'danger') return render_template('login.html', title='Login', form=form) ''' To compare hashpassword (backend and user-input) ''' hashed_password = bcrypt.generate_password_hash(user.password) if bcrypt.check_password_hash(hashed_password, form.password.data): login_user(user, remember=form.remember.data) next_page = request.args.get('next') return redirect(next_page) if next_page else redirect( url_for('home')) #return '<p>White Test two Digests are The Same</p>' else: #return 'White Test two Digests are not The Same' flash('Login Failed,Please check your Password', 'danger') return render_template('login.html', title='Login', form=form)
def verify_user(username, password): # lookup user by user name user = session.query(User).filter(User.username == username).one() #return false if user does not exist if not user: return False # compare (hashed) input password to hashed value stored in table # return true or false for the passwords matching return bcrypt.check_password_hash(user.pw_hash, password)
def index(self): if current_user.is_authenticated: return redirect(url_for('home')) form = LoginForm() if form.validate_on_submit(): admin = AdminModel.query.filter_by(name=form.name.data).first() if admin and bcrypt.check_password_hash(admin.password, form.password.data): login_user(admin, remember=form.remember.data) return redirect(url_for('home')) return self.render('admin/login.html', form=form)
def login_for_teacher(): r = get_request() if r.is_json and 'password' in r.json and bcrypt.check_password_hash(get_teacher_password_hash(), r.json['password']): # Cherche si un token existe t: Token = get_or_create_token_for(None, True) return flask.jsonify({'token': t.token}) else: return ERRORS.INVALID_PASSWORD
def get_user(username_or_email, password): """ query for the user from the database. can bu found via username or email, needs to input the corresponding password :param username_or_email: username or email of the user (str) :param password: users password (str) :return: user object from the db """ user = TeacherModel.query.filter_by(email=username_or_email).first() or \ TeacherModel.query.filter_by(username=username_or_email).first() # User can be validated with both username and email if user and bcrypt.check_password_hash(user.password, password): return user
def get(self): parser = reqparse.RequestParser() parser.add_argument('username', type=str) parser.add_argument('password_hash', type=str) user = models.User.objects.get( username=parser.parse_args()['username']) print( bcrypt.check_password_hash(user.password, parser.parse_args()['password'])) if user and bcrypt.check_password_hash( user.password, parser.parse_args()['password']): return jsonify({ 'username': user.username, 'address': user.address, 'authenticated': True, 'registered_on': user.registered_on }) else: return 'AUTHENTICATION ERROR'
def login(): form = LoginForm(request.form) if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash( user.password, request.form['password']): login_user(user) flash('You are logged in. Welcome!', 'success') return redirect(url_for('user.members')) else: flash('Invalid email and/or password.', 'danger') return render_template('user/login.html', form=form) return render_template('user/login.html', title='Please Login', form=form)
def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user, remember=form.remember.data) flash("You have been logged in successfully", 'success') return redirect(url_for('main')) else: flash("Login Unsuccessful,Please check your email and password", 'danger') return render_template('login.html', title="Login", form=form)
def login(): form = LoginForm(request.form) if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, request.form['password']): login_user(user) flash('You are logged in. Welcome!', 'success') return redirect(url_for('user.members')) else: flash('Invalid email and/or password.', 'danger') return render_template('user/login.html', form=form) return render_template('user/login.html', title='Please Login', form=form)
def account(): form = UpdateAccountForm() db = current_app.config["db"] user_id = db.get_user_id(current_user.username) pp = url_for('static', filename='profile_pics/' + current_user.profile_pic) #image_file = url_for('static', filename='profile_pics/' + current_user.profile_pic) if form.validate_on_submit(): tmp = get_user(current_user.username) password = form.password.data if bcrypt.check_password_hash(tmp.password, password): temp = User(username=form.username.data,password=tmp.password,email=form.email.data, phone=form.password.data, profile_pic=current_user.profile_pic) if form.picture.data: picture_file = save_picture(form.picture.data) temp.profile_pic = picture_file if form.phone.data: temp.phone = form.phone.data db.update_user(temp,user_id) #flash('Your account has been update!', 'success') return redirect(url_for('account')) else: return ("Please enter correct password") elif request.method == 'GET': form.username.data = current_user.username form.password.data = current_user.password form.phone.data = current_user.phone form.email.data = current_user.email #######yukarısı update kısmı post_list = db.bring_users_post(current_user.username) posts = [] for item in post_list: #user,item,date #user = db.get_username_from_id(item[1]) user = current_user.username item_name = db.get_item_info(item[2])[2] item_description = db.get_item_info(item[2])[3] item_image = db.get_item_info(item[2])[4] image_file = url_for('static', filename='profile_pics/' + item_image) tempItem = Item(title=item_name,description=item_description,category="") tempItem.image = image_file date = item[3] temp = Post(tempItem,user,date) temp.key = item[0] #init key posts.append(temp) return render_template('account.html', posts=posts, form=form, img = pp)
def login() -> Response: res = CustomResponse() if current_user.is_authenticated: res.set_data(current_user.get_relaxed_view()) return res.get_response() librarian = db.session.query(Librarian).filter( Librarian.email == request.json.get('email')).first() if librarian and bcrypt.check_password_hash(librarian.password, request.json.get('password')): login_user(librarian) session['login_type'] = 'librarian' res.set_data(librarian.get_relaxed_view()) else: res.set_error('Wrong email or password!') return res.get_response()
def login_view(self): form = SessionCreateForm(request.form) if helpers.validate_form_on_submit(form): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): # User is auth with falsk-login login_user(user, remember=True) if current_user.is_authenticated(): return redirect(url_for('.index')) link = '<p>Don\'t have an account? <a href="' + url_for('.register_view') + '">Click here to register.</a></p>' self._template_args['form'] = form self._template_args['link'] = link return super(MyAdminIndexView, self).index()
def login() -> Response: res = CustomResponse() if current_user.is_authenticated: res.set_data(current_user.get_relaxed_view()) return res.get_response() user = db.session.query(Customer).filter( Customer.email == request.json.get('email')).first() if user and bcrypt.check_password_hash(user.password, request.json.get('password')): login_user(user) session['login_type'] = 'customer' res.set_data(user.get_relaxed_view()) else: res.set_error('Wrong email or password!') return res.get_response()
def login(): if current_user.is_authenticated: return redirect(url_for('blog')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): flash(f'Welcome {user.username}!', 'success') login_user(user, remember=form.remember.data) next_page = request.args.get('next') return redirect(next_page) if next_page else redirect( url_for('blog')) else: flash('Login failed, check email or password', 'danger') return render_template('login.html', title="Login", form=form)
def login(): if current_user.is_authenticated: return redirect(url_for('home')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user, remember=form.remember.data) next_page = request.args.get('next') return redirect(next_page) if next_page else redirect( url_for('home')) else: flash('Login Unsuccessful. Please check username and password', 'danger') return render_template('login.html', title='Login', form=form)
def index(self): if current_user.is_authenticated: return redirect(url_for("admin.index")) form = AdminLoginForm() if form.validate_on_submit(): username = request.form['username'] password = request.form['password'] user = User.query.filter_by(username=username).first() if user and bcrypt.check_password_hash(user.password, password): login_user(user) flash("Logged in", "success") return redirect(url_for("admin.index")) else: flash("Invalid Credentials, please try again", "danger") return redirect(url_for("admin.index")) return render_template("admin.html", form=form)
def login() -> str: if CurrentUser().authenticated(): return PageRedirect(PageUrlFor('home')).link() form: FlaskForm = LoginForm() if form.validate_on_submit(): user: User = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): CurrentUser().login(user, form) next_page: Request = PageRequest('next').get() return PageRedirect( PageUrlFor(next_page if next_page else 'home')).link() else: PageFlash('Login Unsuccessful. Please check email and password', 'danger').display() return BlogTemplate('login.html').render(title='Login', form=form)
def login(): if request.method == 'POST': # Check if the user is already logged in. if current_user.is_authenticated: return "You're already logged in" username = request.form.get('username') password = request.form.get('password') user = models.User.query.filter_by(username=username).first() # If a user exists with the given credentials and if the password # matches with the one stored in the application database. if user and bcrypt.check_password_hash(user.password, password): login_user(user) return f"Successful Login as {username}" else: return abort(403, "Invalid Credentials") return abort(403, "Method not allowed for this endpoint")
def login(): if request.method == 'POST': init_data = request.get_json(silent=True) data = {'username': init_data.get( 'username'), 'password': init_data.get('password'), 'email': init_data.get('email')} if data['email']: user = User.query.filter_by(email=data['username']).first() else: user = User.query.filter_by(username=data['username']).first() if user and bcrypt.check_password_hash(user.password, data['password']): token = jwt.encode({'username': user.username, 'exp': datetime.datetime.utcnow( ) + datetime.timedelta(hours=24)}, current_app.config['SECRET_KEY']) return jsonify({'token': token.decode('UTF-8')}) else: return jsonify({'token': 'invalid'}) return jsonify({'token': 'invalid'})
def login(): email = request.form.get("email") password = request.form.get("password") if any(x is None for x in [email, password]): return jsonify({"error": "Parameter is missing"}), 400 pw_hash = bcrypt.generate_password_hash(password) account = PostAccount.query.filter(PostAccount.email == email and bcrypt.check_password_hash(pw_hash, password)).first() if account: account.sign_in_count = account.sign_in_count + 1 account.last_sign_in_at = datetime.now() sqldb.session.commit() return jsonify({'account_id': account.id}) else: return jsonify({'error': 'Unable to authenticate'}), 400
def login(): form = LoginForm(request.form) if form.validate_on_submit(): try: user = models.User.objects.get(username=form.username.data) except: user = None if user and bcrypt.check_password_hash( user.password, request.form['password']): login_user(user) flash('You are logged in. Welcome!', 'success') return redirect(url_for('main.landing')) else: flash('Invalid email and/or password.', 'danger') return render_template('user/login.html', form=form) return render_template('user/login.html', form = form)
def login_view(self): form = SessionCreateForm(request.form) if helpers.validate_form_on_submit(form): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): # User is auth with falsk-login login_user(user, remember=True) if current_user.is_authenticated(): return redirect(url_for('.index')) link = '<p>Don\'t have an account? <a href="' + url_for( '.register_view') + '">Click here to register.</a></p>' self._template_args['form'] = form self._template_args['link'] = link return super(MyAdminIndexView, self).index()
def login(): form = LoginForm(request.form) user = User(email=form.email.data) try: if request.method == 'POST' and form.validate(): user.get() if user.exists() and user.is_active() \ and bcrypt.check_password_hash(user.password, form.password.data): if login_user(user): return redirect(request.args.get('next') or url_for('nest.home')) message = 'Login failed.' except ValidationError as e: message = str(e) except DoesNotExist: message = 'Login failed.' return render('login.html', mod='auth', **locals())
def login(): if current_user.is_authenticated: return redirect(url_for('home')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user and bcrypt.check_password_hash(user.password, form.password.data): login_user(user, remember=form.remember.data) next_page = request.args.get('next') return redirect(next_page) if next_page else redirect( url_for('home')) else: flash( 'Авторизация не прошла успешно. Пожалуйста, проверьте свой логин и пароль', 'danger') return render_template('login.html', title='Вход', form=form)
def user(username): # POST will be to update user information # GET will be to retrieve information about said user. user = models.User.query.filter_by(username=username).first() if not user: return abort(404, "User Doesn't Exist") if request.method == "GET": return jsonify(username=user.username, money=user.money, date_registered=user.date_registered, dice_game_stats=[{ 'dice_game_wins': user.diceGameStats.diceGameWins, 'dice_game_plays': user.diceGameStats.diceGamePlays, 'total_money_earned': user.diceGameStats.totalMoneyEarned, 'total_moeny_lost': user.diceGameStats.totalMoneyLost }]) elif request.method == "POST": if current_user == user: oldUserInstance = user returnMessage = "" # request.form.get returns None if no parameter is found, rather than raising an error. if not request.form.get("oldPassword") or\ not bcrypt.check_password_hash(oldUserInstance.password, str(request.form.get("oldPassword"))): return abort( 500, "Parameter 'oldpassword' was incorrect or missing") if request.form.get("username"): # After requst.form.get() I know the username exists, so i can use request.form["username"] if len(request.form["username"] ) > 4 and request.form["username"] != user.username: user.username = request.form["username"] db.session.commit() returnMessage += f"Credentials Updated for {oldUserInstance.username}. Username changed to {request.form['username']}\n" if request.form.get("newPassword"): if len(request.form["newPassword"]) > 6: user.password = bcrypt.generate_password_hash( request.form["newPassword"]).decode("UTF-8") db.session.commit() returnMessage += f"Credentials Updated for {oldUserInstance.username}. Password Changed" return returnMessage else: return abort(403, "You must log in to change your credentials")
def post(self): args = parser.parse_args() email = args['email'] password = args['password'] user = User().where([['email', '=', email]]).first() if user.exists() and bcrypt.check_password_hash( user.HIDDEN['password'], password): return response({ 'user': user.plus('token', user.generateToken()['jwt']).plus( 'admin', user.hasRole('admin')).data() }) return response( {'errors': ['Credentials do not match with our records.']}, 401)
def post(self): """ Create session using Flask-Login and Flask-Principal for roles""" form = SessionCreateForm() if not form.validate_on_submit(): return form.errors, 422 user = User.query.filter_by(email=form.email.data).first() if user is None: return "User does not exist.", 422 if not bcrypt.check_password_hash(user.password, form.password.data): return "Invalid password.", 422 # User is auth with flask-login login_user(user, remember=True) # Tell Flask-Principal the identity changed identity_changed.send(app, identity=Identity(user.id)) return 'You were logged in.', 201
def login_page(): form = LoginForm() if form.validate_on_submit(): username = form.username.data temp = get_user(username) if temp is not None: #realpassword = temp.password user = User(username, temp.password,temp.email,temp.phone,temp.profile_pic) password = form.password.data if bcrypt.check_password_hash(temp.password,password): login_user(user) #flash("You have logged in.") next_page = request.args.get("next", url_for("home_page")) return redirect(next_page) else: return ("Wrong Password") else: return ("User can not be found") return render_template("login.html", form=form)
def check_password(self, password): return bcrypt.check_password_hash(self.password, password)