def post(self):
username = self.request.get('username')
fir_password = self.request.get('fir_password')
sec_password = self.request.get('sec_password')
email = self.request.get('email')
disclaimer = self.request.get('disclaimer')
# As I choose to work with indexes (had a problem with
# dict), value is build symatrically to errors, the
# following list. The '' "fake" the structure
values = [username,
'',
'',
email,
'']
# Run the checks and append the results to the list
errors = [check_user(username),
check_fir_pass(fir_password),
check_sec_pass(fir_password, sec_password),
check_email(email),
check_disclaimer(disclaimer)]
# Check for errors: if yes, at least one error won't be ''
mover = True
for error in errors:
if error != '':
mover = False
# implement the input
if mover:
# create the password
hPassword = make_pw_hash(username, fir_password)
# create the database entry
a = UserData(Username=username, hPassword=hPassword, Email=email)
a.put()
# encode the cookie
key = str(a.key().id())
new_cookie = encode_cookie(key)
self.response.headers.add_header(
'Set-Cookie', 'id=%s; Path=/' % new_cookie)
self.redirect('/blog')
else:
self.render("12_register.html", errors=errors, values=values)
def post(self):
username = self.request.get('username')
fir_password = self.request.get('fir_password')
sec_password = self.request.get('sec_password')
email = self.request.get('email')
disclaimer = self.request.get('disclaimer')
# As I choose to work with indexes (had a problem with
# dict), value is build symatrically to errors, the
# following list. The '' "fake" the structure
values = [username, '', '', email, '']
# Run the checks and append the results to the list
errors = [
check_user(username),
check_fir_pass(fir_password),
check_sec_pass(fir_password, sec_password),
check_email(email),
check_disclaimer(disclaimer)
]
# Check for errors: if yes, at least one error won't be ''
mover = True
for error in errors:
if error != '':
mover = False
# implement the input
if mover:
# create the password
hPassword = make_pw_hash(username, fir_password)
# create the database entry
a = UserData(Username=username, hPassword=hPassword, Email=email)
a.put()
# encode the cookie
key = str(a.key().id())
new_cookie = encode_cookie(key)
self.response.headers.add_header('Set-Cookie',
'id=%s; Path=/' % new_cookie)
self.redirect('/blog')
else:
self.render("12_register.html", errors=errors, values=values)
def post(self):
# Get the data from the form
username = self.request.get("username")
password = self.request.get("password")
# Get the database entry
check_name = UserData.by_name(username)
# Run the security test:
# 1. there must be a registered user
# 2. the password must be verified
if check_name and check_pw(username, password, check_name[0].hPassword):
# creates a secure cookie in case the tests succeed
key = str(check_name[0].key().id())
new_cookie = encode_cookie(key)
self.response.headers.add_header(
'Set-Cookie', 'id=%s; Path=/' % new_cookie)
self.redirect('/blog')
else:
# redirect to the login page with an error message
# I clearly deviate from the original assignment as I don't
# specify which element is wrong.
# So a hacker can't know which part is right.
self.render("11_login.html", error='no valid username or password')
def post(self):
# Get the data from the form
username = self.request.get("username")
password = self.request.get("password")
# Get the database entry
check_name = UserData.by_name(username)
# Run the security test:
# 1. there must be a registered user
# 2. the password must be verified
if check_name and check_pw(username, password,
check_name[0].hPassword):
# creates a secure cookie in case the tests succeed
key = str(check_name[0].key().id())
new_cookie = encode_cookie(key)
self.response.headers.add_header('Set-Cookie',
'id=%s; Path=/' % new_cookie)
self.redirect('/blog')
else:
# redirect to the login page with an error message
# I clearly deviate from the original assignment as I don't
# specify which element is wrong.
# So a hacker can't know which part is right.
self.render("11_login.html", error='no valid username or password')
def get(self):
cookie = self.request.cookies.get('id')
if check_cookie(cookie):
cookie = int(cookie.split('|')[0])
username = UserData.get_by_id(cookie)
self.write('<h1> Hello, ' + username.Username + '</h1>')
else:
self.write('<h1>Bug</h1>')
def get(self):
cookie = self.request.cookies.get('id')
if check_cookie(cookie):
cookie = int(cookie.split('|')[0])
username = UserData.get_by_id(cookie)
self.write('<h1> Hello, ' + username.Username + '</h1>')
else:
self.write('<h1>Bug</h1>')
def get_user(self):
"""
Important methods
- checking the authentication
- returning the username in case of sucess
"""
cookie = self.request.cookies.get('id')
if cookie and check_cookie(cookie):
cookie = int(cookie.split('|')[0])
username = UserData.get_by_id(cookie).Username
return username
def get_user(self):
"""
Important methods
- checking the authentication
- returning the username in case of sucess
"""
cookie = self.request.cookies.get('id')
if cookie and check_cookie(cookie):
cookie = int(cookie.split('|')[0])
username = UserData.get_by_id(cookie).Username
return username
def check_user(username, error_message=''):
""""
Check n1: matching principles
- only digits or letter
- min 6 digits
"""
user_re = re.compile(r"^[a-zA-Z0-9_-]{6,20}$")
if not user_re.match(username):
error_message = 'The username does not fit the requirements'
# Check n2: absence of identical entry
k = UserData.by_name(username)
if k:
error_message = 'This username is already used'
return error_message
def check_user(username, error_message=''):
""""
Check n1: matching principles
- only digits or letter
- min 6 digits
"""
user_re = re.compile(r"^[a-zA-Z0-9_-]{6,20}$")
if not user_re.match(username):
error_message = 'The username does not fit the requirements'
# Check n2: absence of identical entry
k = UserData.by_name(username)
if k:
error_message = 'This username is already used'
return error_message
def get(self):
# first checkS
name = 'Werther'
k1 = UserData.all().filter('Username ='******'solved'
# Comments
k4 = PostComments.all().fetch(10)
# check liker
k5 = Blogentries.all()
self.render('99_debug.html', k1=k1, k2=k2, k3=k3, k4=k4, k5=k5)
def get(self):
# first checkS
name = 'Werther'
k1 = UserData.all().filter('Username ='******'solved'
# Comments
k4 = PostComments.all().fetch(10)
# check liker
k5 = Blogentries.all()
self.render('99_debug.html', k1=k1, k2=k2, k3=k3, k4=k4, k5=k5)
def cleanupDb(key):
k = UserData.delete(UserData.get_by_id(key))
def cleanupDb(key):
k = UserData.delete(UserData.get_by_id(key))