def validate_password(self, field): """Checks if both password entered matches the one stored in the database, and if the username entered exists.""" if Runner.query.filter_by(username=self.username.data).count() == 0: # If username doesnt exist, raise an error. raise validators.ValidationError("Incorrect Username or Password") salt = Runner.query.filter_by(username=self.username.data).first().salt hashed_password = Runner.query.filter_by(username=self.username.data).first().hashed_password if password.check_password(field.data, salt, hashed_password) is not True: # If the hash generated from the provided password and stored salt for the username # doesnt match, raise an error. raise validators.ValidationError("Incorrect Username or Password")
def login_user(username, password): """Logs in user. Return True if successful, False otherwise""" # stop if user doesn't exist # TODO: merge user doesn't exist and read user data -> one sql statement if not user_exists(username): return False # read user data db, c = get_dbc() c.execute('SELECT password, salt FROM user WHERE username = ?', (username, )) result = c.fetchone() # check if password matches if check_password(password, result['salt'], result['password']): # TODO: Consider saving logged in unser on server instead of clientside session['username'] = username print("%s successful login" % username) return True else: print("%s attempted login" % username) return False
def validate_oldpassword(self, field): """Checks if the users current password is correct.""" if check_password(field.data, current_user.salt, current_user.hashed_password) is not True: raise validators.ValidationError("Incorrect Password")