def auth_login():
if request.method == "GET":
return render_template("auth/loginform.html", form=LoginForm())
form = LoginForm(request.form)
user = User.query.filter_by(username=form.username.data).first()
if not user:
return render_template("auth/loginform.html",
form=form,
error="No such username or password")
try:
if not bcrypt.check_password_hash(user.password, form.password.data):
return render_template("auth/loginform.html",
form=form,
error="No such username or password")
except:
return render_template(
"auth/loginform.html",
form=form,
error="You need to hash your password with bcrypt before inserting "
"if you create an user in SQL")
login_user(user)
return redirect(url_for("index"))
def account_edit_password():
"""Change user's password."""
form = PasswordForm(request.form)
if not form.validate():
return render_template("error.html", errors=form.errors.values())
new_password = form.new_password.data.strip()
current_password = form.current_password.data.strip()
account = Account.query.filter_by(email=current_user.email).first()
pass_okay = bcrypt.check_password_hash(account.password, current_password)
if not pass_okay:
return render_template("error.html",
errors=["Nykyinen salasana on väärin."])
hashed_password = bcrypt.generate_password_hash(new_password,
12).decode("utf-8")
account.password = hashed_password
db.session().commit()
return redirect(url_for("account_edit", _anchor="password_tab"))
def loginTest(name, inPassword): returnBool = False returnString = u'' #Først Tjek username user = User.query.filter_by(username=name).first() if user == None: returnBool = False returnString = u'Brugernavenet findes ikke' elif len(inPassword) <= 1: returnBool = False returnString = u'Kodeordet er tomt' elif bcrypt.check_password_hash(user.password, inPassword) != True: returnBool = False returnString = u'Kodeordet er forkert' else: user.lastLogin = datetime.now() db.session.commit() returnBool = True returnString = u'None' return [returnBool, returnString]
def tryCreateUser(userName, userPassword, remeberMe, authenticateCode):
'''
create User
'''
returnBool = False
returnString = u''
returnType = 'error'
u = userFromUserName(userName)
secret = bcrypt.check_password_hash(authenticateCode, app.config['SECRET_KEY'])
if u == False and secret == True and passwordCheck(userPassword) == True:
hashedpassword = bcrypt.generate_password_hash(userPassword, 7)
theUser = User(userName,hashedpassword)
db.session.add(theUser)
db.session.commit()
loginUser(theUser, remeberMe)
returnBool = True
returnString = '{} created!'.format(userName)
returnType = ''
else:
returnBool = False
returnString = 'Could not create user'
returnType = 'error'
return [returnBool, returnString, returnType]
def tryLogin(userName, userPassword, remeberMe, authenticateCode):
'''
Prøv at logge ind, og hvis den
'''
returnBool = False
returnString = u''
returnType = 'error'
u = userFromUserName(userName)
secret = bcrypt.check_password_hash(authenticateCode, app.config['SECRET_KEY'])
if u and authenticateUser(u, userPassword) and secret:
loginUser(u, remeberMe)
returnBool = True
returnString = 'Logged in as {}!'.format(u.username)
returnType = ''
else:
returnBool = False
returnString = 'Incorrect username or password.'
returnType = 'error'
return [returnBool, returnString, returnType]
def login():
form = LoginForm()
title = 'Login'
if form.validate_on_submit():
user = User(form.password.data, form.email.data)
user.select_user(form.email.data)
print(user.select_user(form.email.data))
print('user is None?', user == None)
print(user)
password = query('password', 'clients',
f"email='{form.email.data}'")[0]
if user is not None and bcrypt.check_password_hash(
password, form.password.data):
login_user(user, form.remember.data)
print("current user self.getname '{}'".format(login_fresh()))
flash("Login Sucessful!", 'success')
next = request.args.get('next')
print(next)
if next is None or not next.startswith('/'):
next = url_for('index')
return redirect(next)
else:
flash("Login Unsucessful, Please check email and password",
'danger')
return render_template('login.html', form=form, title=title)
def change_password():
user = User.query.get(current_user.id)
if request.method == "GET":
return render_template("auth/changepassform.html",
form=ChangePassForm())
form = ChangePassForm(request.form)
if bcrypt.check_password_hash(
user.password,
form.oldpass.data) and form.newpass.data == form.confirmpass.data:
user.password = bcrypt.generate_password_hash(
form.newpass.data).decode('utf-8')
db.session().commit()
flash('Password changed successfully')
return redirect(url_for("user_edit"))
else:
return render_template(
"auth/changepassform.html",
form=form,
error="Passwords did not match or the old password was wrong")
def auth_login():
if request.method == "GET":
return render_template("auth/loginform.html", form=LoginForm())
form = LoginForm(request.form)
username_error = ""
password_error = ""
user = User.query.filter_by(
username=form.username.data).first()
if (user == None):
username_error = "Kyseisellä nimellä ei ole käyttäjää!"
return render_template("auth/loginform.html", form=form, usernameError=username_error, passwordError = password_error)
else:
password = form.password.data
pw = user.password
if (bcrypt.check_password_hash(pw, password)):
login_user(user)
return redirect(url_for("votings_index"))
else :
password_error = "Salasana väärin!"
return render_template("auth/loginform.html", form=form, usernameError = username_error, passwordError=password_error)
def login():
'''Login route'''
if current_user.is_authenticated:
return redirect(url_for('auth.profile'))
form = LoginForm()
if form.validate_on_submit():
try:
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user)
# next_page = request.args.get('next')
# if next_page:
# return redirect(next_page)
flash('Login successful!', 'success')
return redirect(url_for('auth.profile'))
else:
flash('Login unsuccessful. Check email/password.',
'fail')
return redirect(url_for('auth.login'))
except Exception:
flash('An error has occurred', 'fail')
return redirect(url_for('auth.login'))
return render_template('auth/login.html', form=form)
def login_route():
'''Login registered users'''
if current_user.is_authenticated:
return redirect(url_for('forum.index_page'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
view_count = int(request.cookies.get('view-count', 0))
view_count += 1
# user_agent = request.headers.get('User-Agent')
# host = request.headers.get('Host')
# referer = request.headers.get('Referer')
login_user(user)
next_page = request.args.get('next')
if next_page:
pass
# return redirect(next_page)
return redirect(url_for('auth.profile', _external=True))
else:
logger.warn('Login failure!!!!', exc_info=True)
flash('Login failed. Check your email/password.', 'fail')
return render_template('auth/login.html', form=form)
def teacher_login():
# If the user is already logged in, redirect to the dashboard
if current_user.is_authenticated:
return redirect(url_for('teacher_dashboard'))
# Create form using Flask-WTF
form = LoginForm()
# If the form has been successfully submitted
if form.validate_on_submit():
# Check if the user exists and whether the bcrypt hash of the input and the user's hash match
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
# Log the user in and redirect to the dashboard if there is not "?next=" parameter in the URL
login_user(user, remember=form.remember.data)
return redirect(url_for('teacher_dashboard')
) if not request.args.get('next') else redirect(
request.args.get('next'))
# Flash that the login was unsuccessful (Flash is an in-built
# Flask tool that sends messages which can be retrieved on the HTML page)
else:
flash('Login Unsuccessful. Please check your email and password',
'danger')
return render_template('teacher/general/login.html',
form=form,
page_title='Login')
def login(credentials):
"""
Login
Login endpoint.
"""
post_data = request.get_json()
response_object = {
'status': 'fail',
'msg': 'Invalid request.',
'token': '',
}
email = post_data.get('email')
password = post_data.get('password')
try:
# fetch the user data
user = User.query.filter_by(email=email).first()
if user:
if bcrypt.check_password_hash(user.password,
password.encode('utf-8')):
auth_token = create_access_token(identity=email)
if auth_token:
response_object['status'] = 'success'
response_object['msg'] = 'Successfully logged in.'
response_object['token'] = auth_token
return response_object, 200
else:
response_object['msg'] = 'Incorrect password.'
else:
response_object['msg'] = 'User does not exist.'
return response_object, 404
except Exception as e:
response_object['msg'] = e
return response_object, 500
def auth_login():
if request.method == "GET":
return render_template("auth/loginform.html", form=LoginForm())
form = LoginForm(request.form)
if os.environ.get("HEROKU"):
user = User.query.filter_by(username=form.username.data,
password=form.password.data).first()
if not user:
return render_template("auth/loginform.html",
form=form,
error="No such username")
else:
user = User.query.filter_by(username=form.username.data).first()
if not user:
return render_template("auth/loginform.html",
form=form,
error="No such username")
if not bcrypt.check_password_hash(user.password, form.password.data):
return render_template("auth/loginform.html",
form=form,
error="Incorrect password")
login_user(user)
return redirect(url_for("index"))
def login():
global settings, data, devinfo, devdata
if current_user.is_authenticated:
return redirect(url_for('.index'))
if request.method == "GET":
return render_template('login.html')
elif request.method == "POST":
session['password'] = request.form['pswrd']
password = session['password']
global context_output
context_output[request.form['userid']] = {}
session.pop(request.form['userid'], None) # drop existing session
user = User.query.filter_by(username=request.form['userid']).first()
if not user:
flash(f'User {request.form["userid"]} does not exist', 'danger')
elif bcrypt.check_password_hash(user.password, password):
login_user(user, remember=False)
if type(settings) != dict:
settings = readsettings()
if type(settings) == str:
data = {'settings': {}, 'devices': {}}
flash(
f'Settings missing. General settings are required for system to work.\
Please setup the system', 'danger')
return render_template('home.html',
showTab={'mainTab': 'settings'},
data=data,
user_id=user.username)
if not data['devices']:
devices = Device(user.username,
password,
path=settings['general-database'])
devinfo = devices.database()
devdata = ip_to_name_as_key(devinfo)
data = {
'settings': settings,
'devices': devdata,
'device_refresh_time': device_refresh_time
}
print('\n====> Loaded devices | ip as key\n')
pprint.pprint(devinfo)
print('\n====> Loaded devices | hostname as key\n')
pprint.pprint(devdata)
print('\n====> data\n')
pprint.pprint(data)
next_page = request.args.get('next')
log(command='login: web', user_id=user.id)
return redirect(url_for('.index'))
else:
flash(f'Login failed. Please confirm the password', 'danger')
return redirect(url_for('.login'))
def post(self):
"""
Method to see if login was successful or not and returns a boolean.
:return: Boolean
"""
try:
data = api.payload
if User.objects(email=data['email']):
# Compares password with encrypted password in db
if bcrypt.check_password_hash(
User.objects(email=data['email'])[0].password,
data['password']):
# if the password matches a token will be created for user
token = create_access_token(identity=data['email'])
print(token)
return jsonify({
'response': 'Login Successful!',
'login': True,
'token': token
})
else:
# Returns error if passwords do not match
return jsonify({
'response': 'Login Unsuccessful!',
'login': False
}), 401
else:
return jsonify({
'response': 'Invalid! Please Try again',
'login': False
}), 401
except Exception as e:
print(e)
return jsonify({'response': "Backend Error", 'login': False}), 500
def test_hashed_password(self):
"""
Comparing hashed and non-hashed password
"""
password = "******"
hashed = bcrypt.generate_password_hash(password)
test = bcrypt.check_password_hash(hashed, password)
self.assertEqual(True, test)
def validate_password(self, password):
user = Users.query.filter_by(email=self.email.data).first()
if user:
if not bcrypt.check_password_hash(user.password,
self.password.data):
raise ValidationError('Incorrect Email or Password')
else:
raise ValidationError('Incorrect Email or Password')
def auth_login_post():
"""Login functionality (POST)."""
if current_user.is_authenticated:
return redirect(url_for("index"))
form = LoginForm(request.form)
if not form.validate():
return render_template("error.html", errors=form.errors.values())
login = Login(request.environ["REMOTE_ADDR"], request.user_agent.string)
account = Account.query.filter_by(email=form.email.data).first()
error_template = render_template(
"error.html", errors=["Virheellinen käyttäjätunnus tai salasana."])
if not account: # Login fails.
login.failure(form.email.data
) # If the login fails, we store the used email address.
db.session().add(login)
db.session().commit()
return error_template
password = form.password.data.strip()
pass_okay = bcrypt.check_password_hash(account.password, password)
if not pass_okay:
login.failure(form.email.data)
db.session().add(login)
db.session().commit()
return error_template
login_user(account)
login.success(
account.id) # If the login succeeds, we'll store the account's ID.
db.session().add(login)
db.session().commit()
# TODO: Handle Flask's "next" URL parameter, if present.
if account.role != 'N':
return redirect(url_for("index"))
else:
profile = Profile.query.filter_by(id=current_user.id).first()
if not profile:
return redirect(
url_for("profile_create")) # User doesn't have a profile yet.
return redirect(
url_for("profile_view_with_handle", handle=account.handle))
def authenticate():
data = request.args
email = data['email']
password = data['password']
try:
admin = Admin.find_admin_by_email(email)
if admin and bcrypt.check_password_hash(admin.password, password):
identity = {
'email': admin.email,
'name': admin.username,
'id': admin.id,
'isAdmin': True
}
access_token = create_access_token(identity=identity)
if access_token:
response_object = {
'status': 'success',
'message': 'Successfully logged in',
'auth_token': access_token
}
return make_response(jsonify(response_object)), 200
elif admin and not bcrypt.check_password_hash(admin.password,
password):
response_object = {
'status': 'fail',
'message': 'Invalid password.'
}
return make_response(jsonify(response_object)), 403
else:
response_object = {
'status': 'fail',
'message': 'Admin does not exist.'
}
return make_response(jsonify(response_object)), 404
except Exception as e:
response_object = {
'status': 'fail',
'message': 'Could not sign in',
'error': ','.join(e.args)
}
return make_response(jsonify(response_object)), 401
def authenticateUser(userObj, inPassword): ''' Tjek om bruger obj's kodeord = input koden. ''' if bcrypt.check_password_hash(userObj.password, inPassword): return True else: return False
def account():
form = UpdateAccountForm()
user_info = User_info.query.filter_by(id=current_user.id).first()
password = User.query.filter_by(password=current_user.password).first()
attended_events = event_id = AttendingEvent.query.join(Event).filter(
AttendingEvent.user_id == current_user.id,
Event.event_date < datetime.today()).order_by(Event.event_date).all()
#User does not change password
if form.validate_on_submit() and form.new_password.data == "":
flash(f'Ditt konto är nu uppdaterat!', 'success')
if form.picture.data:
picture_file = save_picture(form.picture.data)
current_user.image_file = picture_file
current_user.email = form.email.data
user_info.food_preference = form.food_preference.data
user_info.semester = form.semester.data
db.session.commit()
#User change password
elif form.validate_on_submit() and form.old_password.data != "":
if bcrypt.check_password_hash(current_user.password,
form.old_password.data):
flash(f'Ditt konto och lösenord är nu uppdaterat!', 'success')
if form.picture.data:
picture_file = save_picture(form.picture.data)
current_user.image_file = picture_file
hashed_password = bcrypt.generate_password_hash(
form.confirm_password.data).decode('utf-8')
current_user.email = form.email.data
user_info.food_preference = form.food_preference.data
user_info.semester = form.semester.data
current_user.password = hashed_password
db.session.commit()
elif form.validate_on_submit():
flash(f'Någonting gick snett, försök igen!', 'danger')
elif request.method == 'GET':
form.email.data = current_user.email
form.food_preference.data = user_info.food_preference
form.semester.data = user_info.semester
image_file = url_for('static',
filename='profile_pics/' + current_user.image_file)
get_warnings = AttendingEvent.query.filter(
AttendingEvent.warning == 'warning').filter(
AttendingEvent.user_id == current_user.id).all()
user_warning = []
for warning in get_warnings:
event = Post.query.filter(Post.event_id == warning.event_id).first()
user_warning.append(event)
return render_template('account.html',
image_file=image_file,
form=form,
user_info=user_info,
attended_events=attended_events,
user_warning=user_warning)
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password, form.password.data):
login_user(user, remember=form.remember.data)
return redirect(url_for('home'))
else:
flash('Login Unsuccessful. Please check email and password', 'danger')
return render_template('login.html', title='Login', form=form)
def login():
username = request.get_json()['username']
password = request.get_json()['password']
user = User.query.filter_by(username=username).first()
if not bcrypt.check_password_hash(user.password, password):
return 'Wrong password'
return jsonify({'id': user.id, 'username': user.username})
def login():
if session.get('USER_ID'):
return redirect(url_for('main.home'))
else:
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(user_id=form.username.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
flash("Successfully logged in!!!", category="success")
session['USER_ID'] = user.user_id
session['ROLE'] = user.role
return redirect(url_for('main.dashboard'))
elif user and not bcrypt.check_password_hash(
user.password, form.password.data):
flash("Wrong password entered!!!", category="danger")
else:
flash("Wrong username entered!!!", category="danger")
return render_template("main/login.html", title="Login", form=form)
def login():
# Halutessaan voi käyttää etuliitettä (prefix)
prefix = "login-"
# Renderöidään GET-pyynnössä lomake ilman dataa
if request.method == "GET":
return render_template("auth/loginform.html",
form=LoginForm(prefix=prefix))
# Lomakkeen data
data = request.form
form = LoginForm(data, prefix=prefix)
# Tallennetaan lähetetyt tiedot lyhyempiin muuttujiin kästtelyä varten
email = data[prefix + "email"].strip()
passwd = data[prefix + "password"].strip()
# Haetaan sähköpostiin liittyvän käyttäjän tiedot. Tarvitsemme aluksi salasanan hashin.
cursor = db.engine.execute(
"SELECT salasana FROM kayttaja WHERE sahkopostiosoite = ? LIMIT 1",
email)
# Haetaan tulos
result = cursor.fetchone()
cursor.close()
# Jos salasana hashia ei löytynyt, tarkoittaa se samalla sitä ettei käyttäjää ole olemassa
if not result:
return render_template("auth/loginform.html",
form=form,
error="Käyttäjää ei löytynyt")
# Halutessaan tämän voisi jättää pois mutta säilytetään selkeyden vuoksi
passwd_hash = result.salasana
# Tarkistataan hash
if not bcrypt.check_password_hash(passwd_hash, passwd):
return render_template("auth/loginform.html",
form=form,
error="Käyttäjää ei löytynyt")
# Käyttäjä sisäänkirjaus
user = Kayttaja.query.filter_by(sahkopostiosoite=email).first()
# Kenties turha tarkistus...
if not user:
return render_template("auth/loginform.html",
form=form,
error="Käyttäjää ei löytynyt")
login_user(user)
# Kaikki kunnossa -> palautetaan käyttäjä etusivulle
return redirect(url_for("index"))
def login():
if current_user.is_authenticated:
return redirect(url_for('mytimeline'))
else:
form = StudentLoginForm()
if form.validate_on_submit():
user = StudentUsers.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user, remember=form.remember.data)
return redirect(url_for('mytimeline'))
return render_template('login.html', title='Login', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('posts.home'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user)
return redirect(url_for('posts.home'))
return render_template('login.html', form=form)
def login():
login_form = LoginForm()
if login_form.validate_on_submit():
user = User.query.filter_by(email=login_form.email.data).first()
if user and bcrypt.check_password_hash(user.password, login_form.password.data):
login_user(user)
next_page = request.args.get('next')
if next_page:
return redirect(next_page)
else:
return redirect(url_for('home'))
return render_template('login.html', title='Login', form=login_form)
def auth():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
user = Users.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password, form.password.data):
login_user(user, form.remember.data)
return redirect(url_for('home'))
else:
print(form.errors)
return render_template('auth.html', form = form)
def login():
form = UserLoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
# show Austin how to debug (form.data.password)
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user)
# put in layout template that the flash messages show
flash(f'Logged in {user.firstName} {user.lastName}!', 'success')
return redirect(url_for('home'))
return render_template('login.html', title='Login', form=form)
def check_hashed_passwords(password_hash, password):
try:
# Initial boolean, set to false
same_password = False
# Using the bcrypt function to check if passwords are similar
same_password = bcrypt.check_password_hash(password_hash, password)
# Returning it
return same_password
except Exception as error:
print("Error! %s" % error)
def loginUserFromDict(returnURL, userDict):
'''
Log brueren ind fra Dict
'''
user = User.query.filter(User.email.ilike(userDict['email'])).first() #find brugern hvor email er den samme som input email
if user and bcrypt.check_password_hash(user.password, userDict['password']): #Er bruger ikke None & passer brugern's hashed det den samme som input email
#Log brugen ind
loginUser(user)
#send til "returnURL" normalt Forsiden
return redirect(returnURL)
else:
return render_login_user('Email eller kodeord er forkert')
def validate_password(self, password):
return bcrypt.check_password_hash(bytes(self.password), password)
