def get_credentials(self, client, login, passwd): import argon2 from argon2 import PasswordHasher # returncode, data = self.get_user_phash(login) # if returncode != 0: # raise ValueError(data) # ph = PasswordHasher() # # print("DATA iS ", data[0]) # if ph.verify(data[0], passwd): # self.verified_connections.add((id(client), client.getpeername())) # return [0, "=>Verification successfull."] # else: # raise ValueError("Verification faild") response = self.get_user_phash(login) if response['returncode'] != 0: return self.prepare_response(1, response['data'], "err") ph = PasswordHasher() try: ph.verify(response['data'], passwd) self.verified_connections.add((id(client), client.getpeername())) answer = "=>Verification successfull." return self.prepare_response(0, answer, "answer") except argon2.exceptions.VerifyMismatchError as e: print("!=> ", traceback.format_exc()) return self.prepare_response(1, str(e), "err")
def _verify_password(self, stored, password): ph = PasswordHasher() try: ph.verify(stored, password) return True except (exceptions.VerifyMismatchError, exceptions.VerificationError): return False
def check_argon(uid, user_lst_3, password_1): ph = PasswordHasher() try: ph.verify(user_lst_3[uid], password_1) return True except argon2.exceptions.VerifyMismatchError: return False
def login(): """Retrieve a token""" data = request.get_json() user = User.query.filter_by(username=data["username"]).first() if not user: return jsonify({"message": "Invalid credentials"}), 401 try: hasher = PasswordHasher() hasher.verify(user.password, data["password"]) except (VerifyMismatchError, VerificationError, InvalidHash, AttributeError): # This must also return 401 or else the user may learn # private information return jsonify({"message": "Invalid credentials"}), 401 # Rehash password if the parameters of the PasswordHasher change. # https://argon2-cffi.readthedocs.io/en/stable/api.html if hasher.check_needs_rehash(user.password): user.password = hasher.hash(data["password"]) db.session.add(user) db.session.commit() access_token = create_access_token(identity=user.username, fresh=True) refresh_token = create_refresh_token(user.username) return (jsonify({ "access_token": access_token, "refresh_token": refresh_token }), 200)
def login(): message = "" site_login = request.form.get("site_login") password = request.form.get("password") result = db.execute( "SELECT password,visible_name,user_id FROM users WHERE login=:login", { "login": site_login }).fetchone() ### users table schema ### user_id | login | password | visible_name if result is None: message = "Login or password is incorrect. Please try again." return render_template("index.html", message=message) password_hash = result[0] message = password_hash visible_name = result[1] user_id = result[2] try: pwd_hasher = PasswordHasher() pwd_hasher.verify(password_hash, password) except argon2.exceptions.VerifyMismatchError: message = "Login or password is incorrect. Please try again." return render_template("index.html", message=message) except: message = "An error has occured during authentication. Please try again." return render_template("index.html", message=message) session['site_login'] = site_login session['visible_name'] = visible_name session['user_id'] = user_id return redirect(url_for('homepage'))
def verify_password(self, password): hasher = PasswordHasher() try: hasher.verify(self.password_hash, password) return True except Exception: return False
def verificar_senha(self, password): ph = PasswordHasher() try: ph.verify(self.password, password) return {'status': True, 'msg': 'senha correta'} except Exception: return {'status': False, 'msg': 'senha incorreta'}
def main(): """Testing 'argon2-cffi' package""" parser = argparse.ArgumentParser() parser.add_argument( "-v", "--verbosity", dest="verbosity", action="count", default=0, help="set verbosity level", ) args = parser.parse_args() if args.verbosity == 1: logging.basicConfig(level=logging.INFO) elif args.verbosity > 1: logging.basicConfig(level=logging.DEBUG) else: logging.basicConfig(level=logging.ERROR) logging.debug(f"{argon2.__name__} {argon2.__version__}") ph = PasswordHasher() dummy_hash = ph.hash("s3kr3tp4ssw0rd") ph.verify(dummy_hash, "s3kr3tp4ssw0rd") ph.check_needs_rehash(dummy_hash)
def verify_password(password: str, hashed_password: str) -> bool: ph = PasswordHasher() try: ph.verify(hashed_password, password) return True except VerifyMismatchError: return False
def get_transactions(self, user_hash: str = ''): user_transactions = [] ph = PasswordHasher() if user_hash != '': for block in self.chain: for transaction in block['transactions']: try: if ph.verify(transaction['sender'], user_hash): temp_transaction = deepcopy(transaction) temp_transaction['sender'] = 'self' user_transactions.append(temp_transaction) except Exception: try: if ph.verify(transaction['reciever'], user_hash): temp_transaction = deepcopy(transaction) temp_transaction['recipient'] = 'self' user_transactions.append(temp_transaction) except Exception: continue return user_transactions for block in self.chain: for transaction in block['transactions']: user_transactions.append(transaction) return user_transactions
def authenticate(self, email: str, password: str) -> Any: """Authenticate password for the given user email""" with self.tracer.start_as_current_span( "AuthenticateUseCase.authenticate", kind=SERVER) as span: ph = PasswordHasher() user = self.user.retrieve_user_by_email(email) ph.verify(user.password, password) span.set_attribute("authenticated?", str(True)) key = jwk.JWK.from_pem( str( settings.RSA_PRIVATE_KEY.encode("utf8").decode( "unicode-escape")).encode("utf8")) expiration_time = datetime.utcnow() + timedelta( seconds=settings.ID_TOKEN_EXPIRE_SECONDS) # Required ID Token claims claims = { "iss": settings.ISS_ENDPOINT, "sub": str(user.email), "aud": user.email, "exp": int(calendar.timegm(expiration_time.utctimetuple())), "iat": int(calendar.timegm(datetime.utcnow().utctimetuple())), "auth_time": int(calendar.timegm(expiration_time.utctimetuple())), } jwt_token = jwt.JWT( header=json.dumps({"alg": "RS256"}, default=str), claims=json.dumps(claims, default=str), ) jwt_token.make_signed_token(key) return jwt_token.serialize()
def signin(user): __password = user['password'] try: __id = user['id'] users = User.objects.filter(id=__id) except: try: __email = user['email'] users = User.objects.filter(email=__email) except: pass ph = PasswordHasher() for u in users: if (u.active == 'false'): return None try: ph.verify(u.password, __password) __logged_user = { 'id': u.id, 'name': u.name, 'email': u.email, 'level': u.level } return __logged_user except: return None
def login(self, username, password): success = False msg = '' userID = 'N/A' key = 'N/A' self.cursor.execute( """select password, id from users where username = %s""", (username, )) if self.cursor.rowcount == 0: success = False msg += '\n\tUsername does not exists' elif self.cursor.rowcount != 1: success = False msg += '\n\tUnknown Error' else: row = self.cursor.fetchone() hashed = row[0] userID = row[1] verifier = PasswordHasher() try: verifier.verify(hashed, password) success = True except: success = False if success: msg += 'Authenticated' if verifier.check_needs_rehash(hashed): hashed = verifier.hash(password) count = self.cursor.execute( """update users set password = %s where username = %s""", (hashed, username)) if count != 1: msg += 'Failed to rehash password, contact support' logging.error('Failed to rehash password') self.db.rollback() else: self.db.commit() self.cursor.execute( """select activationKey from productKey where userID = %s""", (userID, )) row = self.cursor.fetchone() key = row[0] else: success = False msg += 'Incorrect Password' return success, msg, userID, key
def auth_failure_lab2(request): if request.method == "GET": return render(request, "Lab_2021/A7_auth_failure/lab2.html") elif request.method == "POST": username = request.POST["username"] password = request.POST["password"] try: user = AF_admin.objects.get(username=username) print(type(user.lockout_cooldown)) if user.is_locked == True and user.lockout_cooldown > datetime.datetime.now( ): return render(request, "Lab_2021/A7_auth_failure/lab2.html", {"is_locked": True}) try: ph = PasswordHasher() ph.verify(user.password, password) if user.is_locked == True and user.lockout_cooldown < datetime.datetime.now( ): user.is_locked = False user.last_login = datetime.datetime.now() user.failattempt = 0 user.save() return render(request, "Lab_2021/A7_auth_failure/lab2.html", { "user": user, "success": True, "failure": False }) except: # fail attempt print("wrong password") fail_attempt = user.failattempt + 1 if fail_attempt == 5: user.is_active = False user.failattempt = 0 user.is_locked = True user.lockout_cooldown = datetime.datetime.now( ) + datetime.timedelta(minutes=1440) user.save() return render( request, "Lab_2021/A7_auth_failure/lab2.html", { "user": user, "success": False, "failure": True, "is_locked": True }) user.failattempt = fail_attempt user.save() return render(request, "Lab_2021/A7_auth_failure/lab2.html", { "success": False, "failure": True }) except Exception as e: print(e) return render(request, "Lab_2021/A7_auth_failure/lab2.html", { "success": False, "failure": True })
def auth_user(self, email, senha): user = self.select_users(email=email, max_results=1) ph = PasswordHasher() try: ph.verify(user.senha, senha) return True except Exception: return False
def check_password(input_password, hashed_password): # パスワードチェック ph = PasswordHasher() try: ph.verify(hashed_password, input_password) except Exception as e: return False return True
def check_tuple(h_tuple: Iterator[str], a_tuple: Iterator[str]) -> bool: ph = PasswordHasher() for hash, text in zip(h_tuple, a_tuple): try: ph.verify(hash, text) except argon2.exceptions.VerifyMismatchError: return False return True
def verify(self, password): hasher = PasswordHasher() try: hasher.verify(self.pwd, password) #Verify the password return True except VerifyMismatchError: #Incorrect password return False
class KosekiAuth: def __init__(self, storage: Storage): self.storage = storage self.__ph = PasswordHasher() def current_user(self) -> int: return session["uid"] def member_of(self, group: Union[int, str, Group, None], person: Optional[Person] = None) -> bool: if group is None: raise ValueError("group cannot be None when checking member_of") if person is None: person = self.storage.query(Person).filter_by( uid=self.current_user()).scalar() if isinstance(group, int): group = self.storage.query(Group).filter_by(gid=group).scalar() elif isinstance(group, str): group = self.storage.query(Group).filter_by(name=group).scalar() if group is None: return False group = cast(Group, group) return sum(1 for x in person.groups if x.gid == group.gid) > 0 def require_session(self, func: Callable, groups: list[str] = None) -> Callable: def wrap(*args, **kwargs) -> Union[str, Response]: # type: ignore if "uid" not in session: return redirect(url_for("login", redir=request.url)) else: if (groups is None or sum(1 for group in groups if self.member_of(group)) > 0): return func(*args, **kwargs) else: abort(403) wrap.__name__ = func.__name__ return wrap def hash_password(self, password: str) -> str: return self.__ph.hash(password) def verify_password(self, password: Union[str, None], password2: str) -> bool: if password is None: return False try: self.__ph.verify(password, password2) return True except VerifyMismatchError: return False
def login(): """Handle login requests On successfull login a session with a length of an hour should be generated. On failure an error should be thrown. """ hasher = PasswordHasher() payload = request.json username = payload['user'] password = payload['pass'] DBSessionMaker = sessionmaker(bind=engine) db_session = DBSessionMaker() try: user = db_session.query(Users).get(username) hasher.verify(user.password, password) # If the hash parameters are out of date or the user update the hash # One example of an out of date parameter is a insufficient time cost if hasher.check_needs_rehash(user.password): user.password = hasher.hash(password) # calculate an expiration time one our from now expire = datetime.utcnow() + timedelta(hours=1) session_id = uuid.uuid4().hex user_session = Sessions( # This must be a uuid4 or large cryptographically secure random number # A other formats of UUID can have several bytes perdicted presenting # a potential brute forcing risk # This implimentation choice assumes CPython is being used. id=session_id, username=username, session_expire=expire ) db_session.add(user_session) db_session.commit() auth_resp = Response(status=200) auth_resp.set_cookie('session', session_id) db_session.commit() return auth_resp # For security reasons only two responses may be provided # Thus errors do not need to be handled individually except Exception: db_session.rollback() # If we get to the end of this funtion something went wrong. # Thus make sure the user does not think they are logged in err_resp = Response(status=401) err_resp.delete_cookie('session') return err_resp
def password_verify(id, password, hash): """Verify password hash (Argon2), use this function if you want to authorize logins""" hasher = PasswordHasher() cleartext = '%s:%s' % (id, password) try: hasher.verify(hash, cleartext) return True except Exception: return False
def compare_passwords(password, stored_password): """compares a plaintext password with the stored, encrypted password""" ph = PasswordHasher() try: ph.verify(stored_password, password) if ph.check_needs_rehash(stored_password): return (True, True) return (True, False) except VerifyMismatchError: return (False, False)
def verify_password(self, password): """Verify the provided password against the stored hash.""" ph = PasswordHasher() try: # Note: The ph.verify doesn't return a False value, it's either # True or it raises a VerifyMismatchError exception. ph.verify(self.password, password) return True except argon2_exceptions.VerifyMismatchError: raise Exception("Unvalid credentials.")
def verify_password(hashed_password, password): ph = PasswordHasher() peppers = get_peppers_list() for pepper in peppers: try: ph.verify(hashed_password, password + pepper) return True except VerifyMismatchError as e: print(e) return False
def tokens_create(user_data: TokenSchema = Body(...)): data = user_data.dict() user = UserModel.get_or_none(UserModel.username == data.get("username")) if not user: raise HTTPException(status_code=status.HTTP_404_NOT_FOUND) pw = PasswordHasher() try: pw.verify(user.password, data.get("password")) except argon_exc.VerifyMismatchError or argon_exc.VerificationError: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED) token = jwt.encode( {"username": user.username}, key=SECRET, algorithm="HS256" ) return {"access": token}
def check_password(hashed_password, raw_password) -> bool: ph = PasswordHasher( time_cost=settings.argon2_time_cost, memory_cost=settings.argon2_memory_cost, parallelism=settings.argon2_parallelism, hash_len=settings.argon2_hash_len, salt_len=settings.argon2_salt_len, encoding="utf-8", type=Type.ID, ) try: ph.verify(hashed_password, raw_password) return True except VerifyMismatchError: return False
def test_hash_password(self): kdf = PasswordHasher() password = '******' hash = kdf.hash(password) self.assertTrue(kdf.verify(hash, password))
def mutate(self, info, email=None, name=None, role=None, get_alerts=None, old_password=None, new_password=None): if get_jwt_claims()['role'] == 'Admin' and email and email != get_jwt_identity(): user = User.query.filter_by(email=email).first() if name: user.name = name if role: user.role = role if get_alerts is not None: user.get_alerts = get_alerts if new_password: ph = PasswordHasher() user.password = ph.hash(new_password) db.session.commit() else: user = User.query.filter_by(email=get_jwt_identity()).first() ph = PasswordHasher() if name: user.name = name if get_alerts is not None: user.get_alerts = get_alerts if old_password and new_password and ph.verify(user.password, old_password): user.password = ph.hash(new_password) db.session.commit() return UpdateUserMutation(user=user)
def check_password_hash(hash: str, password: str) -> bool: ph = PasswordHasher() try: if ph.verify(hash, password): return True except argon2.exceptions.VerifyMismatchError: return False
def passwordChecker(self,user_pass,server_pass,server_hash): protected = True # print("Password detected") if server_pass is not False and server_hash is False: if user_pass == server_pass: protected = False if server_hash is not False and server_pass is False: try: ph = PasswordHasher() ph.verify(server_hash, user_pass) protected = False except exceptions.VerifyMismatchError: protected = True return protected
def _console_test(argv): pw = argv[1] salt_length = int(argv[2]) hash_length = int(argv[3]) print('Password: %s' % pw) print('Salt Length: %s' % salt_length) print('Hash Length: %s' % hash_length) print('------------------------------') print('Calculating hash...') ph = PasswordHasher(hash_len=hash_length, salt_len=salt_length, encoding='utf-8', time_cost=1000, memory_cost=1024) pwhash = ph.hash(pw) print('Verifying hash...') ph2 = PasswordHasher() verified = ph2.verify(pwhash, pw) parsed = parse_argon_hash(pwhash) print('Results:') print('Hash : %s' % pwhash) print('Verified: %s' % verified) print('Parsed : %s' % parsed) """
def test_verify(self, password): """ Verification works with unicode and bytes. """ ph = PasswordHasher(1, 8, 1, 16, 16, "latin1") hash = ( # handrolled artisanal test vector u"$argon2i$m=8,t=1,p=1$" u"bL/lLsegFKTuR+5vVyA8tA$VKz5CHavCtFOL1N5TIXWSA" ) assert ph.verify(hash, password)
def login(): userid = request.form.get('userid') userpw = request.form.get('userpw') if userid and userpw: user = get_user(userid) if user: ph = PasswordHasher() try: ph.verify(user.password, userpw) except VerifyMismatchError: flash('check account or password') else: session['username'] = user.account flash('welcome back!') return redirect(url_for('home')) else: flash('check account or password') else: flash('account id or password is blank.') return redirect(url_for('login'))
def verify_password(self, password): ph = PasswordHasher() return ph.verify(self.password_hash, password)