def register():
"""Register user."""
# forget any user_id
session.clear()
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# ensure username was submitted
if not request.form.get("username"):
return apology("must provide username")
# ensure password was submitted
elif not request.form.get("password"):
return apology("must provide password")
elif request.form.get("password")!=request.form.get("retype-password"):
return apology("passwords do not match")
hash1=pwd_context.hash(request.form.get("password"))
result=db.execute("INSERT INTO users (username,hash) VALUES(:username, :hash)",username=request.form.get("username"),hash=hash1)
if not result:
return apology("username already exists")
rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username"))
session["user_id"] = rows[0]["id"]
return redirect(url_for("index"))
else:
return render_template("register.html")
def settings_fail():
if request.method == "POST":
# check that password and confirmation match
if request.form.get("new_password") != request.form.get(
"confirmation"):
return render_template(
"settings_fail.html",
error="Passowrd and confirmation do not match")
rows = db.execute("SELECT * FROM users WHERE id = :user_id",
user_id=session['user_id'])
# check if old password is correct
if not pwd_context.verify(request.form.get('old_password'),
rows[0]['hash']):
return render_template("settings_fail.html",
error="Incorrect old password")
# encrypt new password
hash = pwd_context.hash(request.form.get("new_password"))
# update password
db.execute("UPDATE users SET hash=:hash", hash=hash)
return redirect(url_for("personal_profile"))
else:
return render_template("settings.html")
def register():
"""Register user."""
# forget any user_id
session.clear()
# if user submitted the register form
if request.method == "POST":
# check if fields aren't blank
if not request.form.get("username"):
return apology("missing username")
elif not request.form.get("username").isalpha(
) and not request.form.get("username").isdigit():
return apology("username must not contain punctuation")
if not request.form.get("password"):
return apology("missing password")
if not request.form.get("password_confirm"):
return apology("please, confirm password")
# compare passwords
if request.form.get("password") != request.form.get(
"password_confirm"):
apology("passwords don't match")
# check for unique username
unique_username = db.execute(
"SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
if not unique_username:
apology("username already exists")
# hash the password
hash_password = pwd_context.hash(request.form.get("password"))
print(request.form.get("username"))
print(hash_password)
usernameZZZ = request.form.get("username")
# save new username and password
db.execute("""INSERT INTO users (username, hash)
VALUES (:username, :hash_1)""",
username=usernameZZZ,
hash_1=hash_password)
# query for new user
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
print(rows)
# save user to session
session["user_id"] = rows[0]["id"]
# redirect user to home page
return redirect(url_for("index"))
# if user reaches the route via GET
else:
return render_template("register.html")
def register():
if request.method == 'GET':
return render_template('register.html')
else:
registered = False
alreadyUser = False
try:
username = request.form['username']
address = request.form['address']
fullname = request.form['fullname']
email = request.form['email']
password = passHash.hash(request.form['password'])
with sql.connect("database.db") as con:
con.row_factory = dict_factory
cur = con.cursor()
print("hello")
cur.execute("SELECT * FROM users WHERE username=? OR email=?",
(username, email))
users = cur.fetchall()
print("hello")
if users:
print("already exists")
registered = False
alreadyUser = True
else:
print("inserting")
cur.execute(
"INSERT INTO users (fullname,address,username,email,password) VALUES (?,?,?,?,?)",
(fullname, address, username, email, password))
print("inserted")
con.commit()
print("comitted")
msg = "Record successfully added"
print(msg)
uploads_dir = os.path.join(app.config['UPLOAD_FOLDER'],
username)
pickle_dir = os.path.join(app.config['PICKLE_FOLDER'],
username)
os.mkdir(uploads_dir)
os.mkdir(pickle_dir)
registered = True
alreadyUser = False
except:
print("Error")
con.rollback()
msg = "Error in insert operation"
finally:
con.close()
if registered:
session['username'] = username
session['user_type'] = "std"
return redirect(url_for('index'))
elif alreadyUser:
return redirect(url_for('index'))
def add_user(self):
user_id = uuid.uuid4().int
user = st.text_input('Type the name of the user. E.g., Mr. Smith')
password = st.text_input('Type the password for this user.')
user_class = st.selectbox('Choose the role for the user',
['Student', 'Teacher', 'Admin'])
password_hash = pwd_context.hash(password)
user_list = ()
def hash_password(self, password):
"""Create a password hash and store it in the object
Args:
password (str):
"""
self.password_hash = pwd_context.hash(password)
def _do_setup_stub_user(args):
for group in args.stub_user.split(','):
username, password = group.split(':')
orig_pw = password
if not args.hash_stub:
password = pwd_context.hash(password)
print('-->%s:%s' % ({username: password}, orig_pw)) #FIXME
ox_herd_settings.STUB_USER_DB.update({username: password})
def new_user():
# add user to database and store password as hash
registered = db.execute("INSERT INTO users (username, hash) VALUES(:username, :hash)", \
username = request.form.get("username"), \
hash = pwd_context.hash(request.form.get("password")))
return registered
def add(self, username, mac, password, barcode, admin=False):
self.loadIfNewer()
self.users[username] = {}
self.users[username]['MAC'] = mac
self.users[username]['password'] = pwd_context.hash(password)
self.users[username]['admin'] = admin
self.users[username]['barcode'] = barcode
self.save()
def test_entry_session():
"""Create a list of Stocks to be added to the database."""
stock_sample = {
'username': '******',
'password': pwd_context.hash('chris'),
'stocks': 'GOOG'
}
return stock_sample
def set_auth_credentials():
"""Make a username/password combo for testing."""
import os
from passlib.apps import custom_app_context as pwd_context
os.environ["SESSION_SECRET"] = "hellothere"
os.environ["AUTH_USERNAME"] = "******"
os.environ["AUTH_PASSWORD"] = pwd_context.hash("testpw")
def register():
"""Register user."""
# if user is already logged in
if session.get("user_id"):
return redirect(url_for("index"))
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
confirm_password = request.form.get("confirm-password")
# ensure username was submitted
if not username:
flash("Please provide username.", "danger")
return render_template("register.html")
# ensure password was submitted
if not password:
flash("Please provide a password.", "danger")
return render_template("register.html")
# ensure password confirmation was submitted
if not confirm_password:
flash("Please confirm your password.", "danger")
return render_template("register.html")
# ensure passwords must match
if password != confirm_password:
flash("Passwords do not match.", "danger")
return render_template("register.html")
# check if user exists
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
if len(rows) > 0:
flash("Username already exists.", "danger")
return render_template("register.html")
# encrypt password
hashed_password = pwd_context.hash(password)
# create new user
try:
db.execute(
"INSERT INTO users(username, hash) VALUES(:username, :password)",
username=username,
password=hashed_password)
return render_template("register.html", registered=True)
except:
return apology("registration error")
# else if user reached route via GET (as by clicking a link or via redirect)
else:
return render_template("register.html")
def register():
"""Register user."""
# forget any user_id
session.clear()
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# ensure user enters a Username
if not request.form.get("username"):
return apology("must provide username")
# ensure user enters a new username
if db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username")):
return apology("username already exists")
# ensure password is entered
elif not request.form.get("password"):
return apology("must provide password")
# ensure password is confirmed correctly
elif not request.form.get("confirm_password") or request.form.get(
"confirm_password") != request.form.get("password"):
return apology("please confirm correct password")
hash1 = pwd_context.hash(request.form.get("password"))
#insert values into database
username = request.form.get("username")
rows = db.execute(
"INSERT INTO users (username,hash) VALUES(:username,:hash)",
username=username,
hash=hash1)
#create table for user portfolio upon registration
db.execute(
"CREATE TABLE :username (Symbol VARCHAR(5),Name VARCHAR(20),Shares INT,Price DECIMAL(15,3),TOTAL DECIMAL(15,3), PRIMARY KEY(Symbol))",
username=username)
#insert record with cash 10000
db.execute(
"INSERT INTO :username (Symbol,Price,TOTAL) VALUES('CASH',10000,10000)",
username=username)
tablename = username + '_history'
#create table for user history upon registration
db.execute(
"CREATE TABLE :table (Symbol VARCHAR(5), Shares INT, Price DECIMAL(15,3),TIME VARCHAR(21), PRIMARY KEY(TIME))",
table=tablename)
# redirect user to home page
return redirect(url_for("index"))
# else if user reached route via GET (as by clicking a link or via redirect)
else:
return render_template("register.html")
def change():
"""change password"""
# show webpage if method is GET
if request.method == "GET":
return render_template("change.html")
# proceed to change password if method id POST
if request.method == "POST":
# ensure old password was submitted
if not request.form.get("opassword"):
flash("Must provide old password")
return render_template("change.html")
# ensure new password was submitted
if not request.form.get("password"):
flash("Must provide new password")
return render_template("change.html")
# ensure password was retyped
if not request.form.get("cpassword"):
flash("Must confirm new password")
return render_template("change.html")
# ensure passwords match
if request.form.get("password") != request.form.get("cpassword"):
flash("New passwords do not match")
return render_template("change.html")
try:
# retrieve user info
rows = db.execute("SELECT * FROM users WHERE id = :userid",
userid=session["user_id"])
except:
# show error if retrieve fails
return apology("Could not retrieve User Details")
# verify old password
if not pwd_context.verify(request.form.get("opassword"),
rows[0]["hash"]):
return apology("Invalid old password")
try:
# save new hash
db.execute("UPDATE users SET hash = :password WHERE id = :userid",
password=pwd_context.hash(request.form.get("password")),
userid=session["user_id"])
except:
# show error if update fails
return apology("SORRY!!\nPassword not changed")
# log out current user
session.clear()
# redirect to login page
return redirect(url_for('login'))
def register():
"""Register user."""
# forget any user_id
session.clear()
# if user reached route via POST (as by submitting a form via POST)
if request.method == "GET":
return render_template("register.html")
# if user reached route via GET (as by clicking a link or via redirect)
else:
# ensure username was submitted
if not request.form.get("username"):
return apology("Missing Username and/or Password")
# ensure password was submitted
elif not request.form.get("password"):
return apology("Missing Username and/or Password")
elif not request.form.get("repassword"):
return apology("Re-enter Password")
elif request.form.get("password") != request.form.get("repassword"):
return apology("Passwords do not match.")
elif not request.form.get("email"):
return apology("Missing Email")
elif not request.form.get("remail"):
return apology("Please re-enter Email ID")
elif (('@' not in request.form.get("email"))
or ('@' not in request.form.get("email"))):
return apology("Invalid Email")
elif request.form.get("email") != request.form.get("remail"):
return apology("Email IDs do not match")
elif len(
db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))) != 0:
return apology("Username Already exists")
else:
hash1 = pwd_context.hash(secret=request.form.get("password"))
db.execute(
"INSERT INTO users (username, hash, email) VALUES (:username, :hash1, :email)",
username=request.form.get("username"),
hash1=hash1,
email=request.form.get("email"))
# remember which user has logged in
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
session["user_id"] = rows[0]["id"]
# redirect user to home page
return redirect(url_for("index"))
def register():
"""Register user."""
# retrieve information from form
full_name = request.form.get("full_name")
username = request.form.get("username")
password = request.form.get("password")
password_control = request.form.get("password_control")
# forget any user_id
session.clear()
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# ensure password was submitted
if not full_name:
return apology("must provide full name")
# ensure username was submitted
elif not username:
return apology("must provide username")
# ensure password was submitted
elif not password:
return apology("must provide password")
# ensure password control was submitted
elif not password_control:
return apology("must provide password control")
# ensures password is the same as password control
elif not password == password_control:
return apology("Password control must be the same as password")
# hashing the password
hash = pwd_context.hash(password)
# inserts the new user in to the users together with the hash of the password
insert_username = db.execute("INSERT INTO users (username, hash, full_name) VALUES (:username, :hash, :full_name)",\
username = username, hash = hash, full_name = full_name )
# if username is already taken in users
if not insert_username:
return apology("Username has been taken")
# query database for username
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=username)
# remember which user has logged in
session["user_id"] = rows[0]["id"]
# redirect user to home page
return redirect(url_for("profile_picture"))
# else if user reached route via GET (as by clicking a link or via redirect)
else:
return render_template("register.html")
def add_user(self, added_user): # Abstraction to add user
if self.ses.query(User).filter(
User.Username == added_user.Username).one_or_none(
) is not None: # Check if there already exists a username
return False
added_user.Password = pwd_context.hash(added_user.Password)
self.ses.add(added_user)
self.ses.commit()
return True
def registrar():
"""Register user"""
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
if not request.form.get("email"):
return render_template("registrar.html", message="Não há email")
#ensure username was submitted
elif not request.form.get("username"):
return render_template("registrar.html", message="Não há nome de usuário")
# ensure password was submitted
elif not request.form.get("password"):
return render_template("registrar.html", message="Não há senha")
elif len(request.form.get("password"))<6:
return render_template("registrar.html", message="Senha muito curta")
elif request.form.get("password")!=request.form.get("password2"):
return render_template("registrar.html", message="Senhas diferentes")
#query database for username
userrows = Auth.query.filter_by(username=request.form.get("username")).all()
# ensure username exists and password is correct
if len(userrows) != 0:
return render_template("registrar.html", message="Usuário já em uso")
#query database for username
emailrows = User.query.filter_by(email=request.form.get("email")).all()
# ensure username exists and password is correct
if len(emailrows) != 0:
return render_template("registrar.html", message="Email já em uso")
new_user = User(
email=request.form.get("email"),
)
db.session.add(new_user)
db.session.flush()
user_id=new_user.id
new_auth = Auth(
user_id=new_user.id,
username=request.form.get("username"),
passwordhsh=pwd_context.hash(request.form.get("password")),
method="Common"
)
db.session.add(new_auth)
db.session.commit()
# redirect user to home page
return redirect(url_for("entrar"))
else:
return render_template("registrar.html")
def from_request(user: r.User) -> "User":
passhash = pwd.hash(user.password)
try:
return User.create(
name=user.name,
passhash=passhash,
)
except peewee.IntegrityError:
raise e.UserExists(name=user.name)
def register():
"""Register user."""
if request.method == "POST":
# ensure first_name was submitted
if not request.form.get("first_name"):
return apology("Must provide first_name")
# ensure last_name was submitted
elif not request.form.get("last_name"):
return apology("Must provide last_name")
# ensure email was submitted
elif not request.form.get("email"):
return apology("Must provide email")
# ensure username was submitted
elif not request.form.get("username"):
return apology("Must provide username")
#ensure username is unique
rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username"))
# ensure password was submitted
if not request.form.get("password"):
return apology("Must provide password")
#ensure username exists and password is correct
if len(rows) != 0:
return apology("this username already exists")
# ensure password and verified password is the same
elif request.form.get("password") != request.form.get("password2"):
return apology("password doesn't match")
Hash=pwd_context.hash(request.form.get("password"))
# insert the new user into users, storing the hash of the user's password
result = db.execute("INSERT INTO users (first_name, last_name, email, username, hash) \
VALUES(:first_name, :last_name, :email, :username, :hash)", \
first_name=request.form.get("first_name"), \
last_name=request.form.get("last_name"), \
email=request.form.get("email"), \
username=request.form.get("username"), \
hash= Hash)
# remember which user has logged in
session["user_id"] = result
# redirect user to home page
return redirect(url_for("index"))
else:
return render_template("register.html")
def register():
"""Register user."""
# forget any user_id
session.clear()
# show page if method is get
if request.method == "GET":
return render_template("register.html")
# proceed registration when method is post
elif request.method == "POST":
# ensure username was submitted
if not request.form.get("username"):
flash("Must provide username!")
return render_template("register.html")
# ensure password was submitted
if not request.form.get("password"):
flash("Must provide password!")
return render_template("register.html")
# ensure passwords match
if not request.form.get("cpassword"):
flash("Must confirm password!")
return render_template("register.html")
row = ""
try:
# confirm uniqueness of username
rows = db.execute(
"SELECT * FROM users WHERE username LIKE :username",
username=request.form.get("username"))
except:
return apology("Could not retrieve User Details")
if len(rows) != 0:
flash("username already exists!")
return render_template("register.html")
# register only if username is available
else:
# register only if passwords match
if request.form.get("password") == request.form.get("cpassword"):
db.execute(
"INSERT INTO users (username, hash) VALUES(:username, :password)",
username=request.form.get("username"),
password=pwd_context.hash(request.form.get("password")))
flash("Register Success!")
return redirect(url_for("login"))
else:
flash("Passwords do not match")
return render_template("register.html")
else:
return render_template("login.html")
def __init__(self, username, password, email, name, rollno, user_access_level=1):
self.username = username
self.password_hash = pwd_context.hash(password)
self.email = email
if user_access_level > 5 or user_access_level < 1:
user_access_level = 1
self.user_access_level = user_access_level
self.name = name
self.roll_number = rollno
def hash_password(self, password):
"""Generates hash of plain password before storing into database
:param password: Plain password
:type password: str
:return: Hashed password
:rtype: str
"""
return pwd_context.hash(password)
def signup():
if request.method == "GET":
return render_template("index.html")
elif request.method == "POST" and "signupform" and "signupbtn":
"""Register user."""
# ensure email was submitted
if not request.form.get("email"):
return apology("must provide email")
# query database for email
emails = db.execute("SELECT * FROM users WHERE email = :email",
email=request.form.get("email"))
# ensure email not taken
if len(emails) != 0:
return apology("Sorry, this email already taken.")
# ensure username was submitted
if not request.form.get("username"):
return apology("must provide username")
# query database for username
users = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
# ensure username not taken
if len(users) != 0:
return apology("Sorry, this username already taken.")
# ensure password was submitted
elif not request.form.get("password"):
return apology("must provide password")
# ensure passwords match
elif request.form.get("password") != request.form.get("confirmation"):
return apology("password doesn't match")
username = request.form.get("username")
password = request.form.get("password")
confirmation = request.form.get("confirmation")
email = request.form.get("email")
generate_password_hash = pwd_context.hash(password)
# add new user info in sql database
adduser = db.execute(
"INSERT INTO users (username, hash, email) VALUES (:username, :hash, :email)",
username=username,
hash=generate_password_hash,
email=email)
users = db.execute("SELECT * FROM users WHERE username = :username",
username=username)
session["user_id"] = users[0]["id"]
return redirect(url_for("index"))
def register():
"""Register user."""
# forget any user_id
session.clear()
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# ensure username was submitted
if not request.form.get("username"):
return apology("must provide username")
# ensure username doesn't exist yet
if len(
db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))) > 0:
return apology("username already exists")
# ensure password was submitted
elif not request.form.get("password"):
return apology("must provide password")
# ensure password was repeated
elif not request.form.get("password_repeat"):
return apology("must repeat password")
# ensure password was repeated correctly
elif request.form.get("password") != request.form.get(
"password_repeat"):
return apology("must repeat password correctly")
# insert new user into users
db.execute(
"INSERT INTO users (username, hash) VALUES (:username_val, :hash_val)",
username_val=request.form.get("username"),
hash_val=pwd_context.hash(request.form.get("password")))
# query database for username
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
# ensure username exists and password is correct
if len(rows) != 1 or not pwd_context.verify(
request.form.get("password"), rows[0]["hash"]):
return apology("invalid username and/or password")
# remember which user has logged in
session["user_id"] = rows[0]["id"]
# redirect user to home page
return redirect(url_for("index"))
# else if user reached route via GET (as by clicking a link or via redirect)
else:
return render_template("register.html")
def password():
if request.method == "POST":
# Tests if password is correct and valid
password = request.form.get("newpassword")
if len(password) < 8:
flash("Make sure your password is at least 8 letters")
return render_template("password.html")
if re.search('[0-9]', password) is None:
flash("Make sure your password has a number in it")
return render_template("password.html")
if re.search('[A-Z]', password) is None:
flash("Make sure your password has a capital letter in it")
return render_template("password.html")
if request.form.get("newpassword") != request.form.get(
"newconfirmation"):
flash("Password and confirmation password were not the same!")
return render_template("password.html")
if request.form.get("newpassword") == "":
flash("Please fill in your password!")
return render_template("password.html")
if request.form.get("newconfirmation") == "":
flash("Please fill in your password!")
return render_template("password.html")
elif not request.form.get("newpassword"):
flash("Please fill in your password!")
return render_template("password.html")
elif not request.form.get("newconfirmation"):
flash("Please fill in your password!")
return render_template("password.html")
# Update password
wwupdate = db.execute(
"UPDATE users SET hash = :password WHERE id = :ide",
ide=session["user_id"],
password=pwd_context.hash(request.form.get("newpassword")))
# If not possible, try again
if not wwupdate:
flash("The password change could not happen")
return render_template("password.html")
# Remember user
session["user_id"] = wwupdate
# If everything succeeded, return to settings
return redirect(url_for("settings"))
if request.method == "GET":
return render_template("index.html")
def register():
"""Register user."""
# forget any user_id
session.clear()
# if user reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# ensure username was submitted
if not request.form.get("username"):
return apology("must provide username")
# ensure password was submitted
elif not request.form.get("password"):
return apology("must provide password")
elif not request.form.get("passwordConfirmation"):
return apology("must confirm the password")
elif request.form.get("password") != request.form.get(
"passwordConfirmation"):
return apology("invalid password confirmation")
# query database for username
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
# ensure username exists and password is correct
if len(rows) > 0:
return apology("user already exists")
# insert username and password in database
db.execute(
"INSERT INTO users (username, hash) VALUES (:username, :hash)",
username=request.form.get("username"),
hash=pwd_context.hash(request.form.get("password")))
# query database for username
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
# ensure username exists and password is correct
if len(rows) == 1 or pwd_context.verify(request.form.get("password"),
rows[0]["hash"]):
# remember which user has logged in
session["user_id"] = rows[0]["id"]
# redirect user to home page
return redirect(url_for("index"))
else:
return apology("error, the user is not added to the database")
# else if user reached route via GET (as by clicking a link or via redirect)
else:
return render_template("register.html")
def dbAdd(args):
db = TinyDB((args.userdb), **db_format)
table = db.table('api_users')
name = args.name
userid = args.userid
email = args.email
# Validate user input...
errors = list()
badchars = set()
# Check username:
for char in userid:
if char not in (string.ascii_letters + string.digits + '-_.'):
badchars.add(char)
if badchars:
errors.append("These characters are not allowed in the user ID: "
f'''"{''.join(badchars)}"''')
# Check email:
if not re.match('[^@\\s]+@[^@\\s\\.]+\\.[^@\\s]+', email):
errors.append('That email address does not look quite right.')
# Were there errors?
if errors:
print('\n'.join(errors))
sys.exit(1)
# Generate pseudo-random string
try:
rng = random.SystemRandom()
except NotImplementedError:
rng = random
password = ''.join(
rng.choice(string.ascii_letters + string.digits) for _ in range(12))
# Update user record
table.insert({
'name': name,
'email': email,
'userid': userid,
'password_hash': pwd_context.hash(password)
})
# Add file to Git index
try:
repo = Repo(os.path.dirname(args.userdb))
except NotGitRepository:
repo = Repo.init(os.path.dirname(args.userdb))
git.add(repo=repo, paths=[args.userdb])
# Prepare commit information
committer = f"MSCWG <{mscwg_email}>".encode('utf8')
author = committer
message = (f"Add API user {name}\n\nChanged by userctl".encode('utf8'))
# Execute commit
git.commit(repo, message=message, author=author, committer=committer)
print(f"User successfully added with password {password}")
def register_user(username, password, email):
"""Register user into database"""
db.execute(
"INSERT INTO users (username, hash, email) VALUES(:username, :password, :email)",
username=username,
password=pwd_context.hash(password),
email=email)
return "Success"
async def init_superuser(app):
su_credentials = app["config"]["superuser"]
if await User.exists(login=su_credentials["login"]):
return
await User.create(
login=su_credentials["login"],
password_hash=pwd_context.hash(su_credentials["password"]),
is_admin=True,
)
def changepass():
if request.method == "POST":
passwords = db.execute("UPDATE users SET hash=:password WHERE id=:id",
password=pwd_context.hash(
request.form.get("changepass")),
id=session["user_id"])
return redirect(url_for("index"))
else:
return render_template("changepass.html")
def register():
"""Register user."""
# if user submitted form (registration page)
if request.method == "POST":
# retrieve form fields info
username = request.form.get("username")
password = request.form.get("password")
checkPass = request.form.get("passwordCheck")
# ensure username was submitted
if not username:
return apology("Username is blank")
# ensure password fields were submitted
elif not password or not checkPass:
return apology("Password field left blank")
# ensure both password fields are same
elif (password != checkPass):
return apology("Passwords do not match")
# create password hash
hashpwd = pwd_context.hash(password)
# Add new user to database
result = db.execute("INSERT INTO users (username, hash) VALUES (:name, :hashpwd)", name=username, hashpwd=hashpwd)
# Check if username exists
if not result:
return apology("Username already exists")
# Get user ID and store session
rows = db.execute("SELECT * FROM users WHERE username = :username", username=request.form.get("username"))
session["user_id"] = rows[0]["id"]
# Redirect user to index page instantly logging them in and flash message
flash("Registered!")
return redirect(url_for("index"))
# Return registration page if accessed via GET
else:
return render_template("register.html")
def register():
"""Register user."""
if request.method == "POST":
if not request.form.get("username"):
return apology("You must provide a username")
elif not request.form.get("password"):
return apology("You must provide a password")
elif not request.form.get("password2"):
return apology("You must confirm your password")
else:
if request.form.get("password") != request.form.get("password2"):
return apology("Password don\'t match")
else:
db.execute("INSERT INTO users (hash, username) Values(:hash_obj, :username)",
hash_obj = pwd_context.hash(request.form.get("password")),
username = request.form.get("username"))
return render_template("login.html")
else:
return render_template("register.html")
def account():
# Return settings page if accessed via GET
if request.method == "GET":
return render_template("account.html")
# Form submitted
elif request.method == "POST":
# Store form fields
oldPass = request.form.get("oldpass")
newPass = request.form.get("newpass")
checkPass = request.form.get("newpassCheck")
# Get original password
rows = db.execute("SELECT hash FROM users WHERE id=:uid", uid=session['user_id'])
# Verify if any fields are blank
if not (oldPass and newPass and checkPass):
return apology("Field left blank")
# Verify if old passwords match
elif not pwd_context.verify(oldPass, rows[0]['hash']):
return apology("Old Password doesn't match")
# Verify new passwords match
elif (newPass != checkPass):
return apology("New password's don't match!")
# Verify new password isn't same as old password
elif (oldPass == newPass and oldPass == checkPass):
return apology("New password must be different")
# Hash new password and update database for sure
hashpwd = pwd_context.hash(newPass)
result = db.execute("UPDATE users SET hash=:hashpwd WHERE id=:uid",
hashpwd=hashpwd, uid=session['user_id'])
# Redirect to homepage and flash message
flash("Settings Saved!")
return redirect(url_for("index"))
def hash_password(self, password):
self.password = pwd_context.hash(password)
def __init__(self, username, password):
self.username = username
self.hash = pwd_context.hash(password)
def password():
"""Change Password."""
if request.method == "POST":
if not request.form.get("password"):
return apology("You must provide a password")
elif not request.form.get("password2"):
return apology("You must confirm your password")
else:
if request.form.get("password") != request.form.get("password2"):
return apology("Password don\'t match")
else:
db.execute("UPDATE users SET hash=:hash_obj WHERE id=:id", id=session["user_id"], hash_obj = pwd_context.hash(request.form.get("password")))
return redirect(url_for("login"))
else:
return render_template("password.html")
