def post(self): ret = {} ret_code = HTTP_OK try: pseudo = self.get_argument(PSEUDO_KEY) password = self.get_argument(PASSWORD_KEY) cached_usr = self.application.cache.get_user(pseudo) is_auth = False if cached_usr is not None: if sha512_crypt.verify(password, cached_usr[PASSWHASH_KEY]): is_auth = True else: us = self.ormdb.query(User).filter_by(pseudo=pseudo).first() if us is not None: self.application.cache.set_user(us) if sha512_crypt.verify(password, us.passwhash): is_auth = True else: ret_code = HTTP_NOT_FOUND ret = {ERROR_KEY: ENTITY_NOT_FOUND_MSG} ret = {RESSOURCE_KEY: is_auth} except tornado.web.MissingArgumentError as e: ret_code = HTTP_BAD_REQUEST ret = {ERROR_KEY: MISSING_ARGS_MSG} self.respond(ret, ret_code)
def post(self): logging.info("Initiating PasswordHandler post") data = json.loads(self.request.body) if "username" not in data: raise HTTPError(400, reason="Missing username in body request.") if "password" not in data: raise HTTPError(400, reason="Missing password in body request.") username = data["username"] password = data["password"] user = yield self.settings["database"].Users.find_one( {"username": username}) if not user: logging.debug("Username '%s' not found.", username) raise HTTPError(401, reason="Invalid username or password.") encoded_user_password = user["password"]["hash"].encode("utf-8") if sha512_crypt.verify( (password + user["password"]["salt"]).encode("utf-8"), encoded_user_password): token = yield self.authenticate_user(user) self.write(token) self.flush() else: logging.info("Invalid password for user '%s'.", username) raise HTTPError(401, reason="Invalid username or password.")
def dologout(): if (lenow >= 3): logout_char_name = msg_split[1] logout_password = msg_split[2] self.db = DBPool('mrpg.db') char_exists = yield self.db.does_char_name_exist(logout_char_name) self.db.shutdown("") if(char_exists[0][0] == 0): self.privateMessage(user, "There is not a character by that name.") else: self.db = DBPool('mrpg.db') is_online = yield self.db.is_char_online(logout_char_name) self.db.shutdown("") if(is_online[0][0]==1): self.db = DBPool('mrpg.db') passhash = yield self.db.get_password(logout_char_name) passhash = passhash[0][0] self.db.shutdown("") if (sc.verify(logout_password, passhash)): self.db = DBPool('mrpg.db') self.db.executeQuery("UPDATE users SET online = 0, hostname = ? WHERE char_name = ?",(hostname,logout_char_name)) self.db.shutdown("") self.privateMessage(user, "You are now logged out.") else: self.privateMessage(user, "Password incorrect.") else: self.privateMessage(user, "You are not logged in") else: self.privateMessage(user, "Not enough information was supplied.")
def handle_login(params, json_data): if (not _check_flood_protect(params['ip'][0])): return (False, '') if 'username' not in params or 'password' not in params: return (False, '') try: q = Query( 'SELECT gebr_id, gebr_wachtwoord FROM tblgebruiker WHERE gebr_naam = %s' ) q.run((params['username'][0], )) results = q.rows() except DatabaseError: raise InternalServerError if (len(results) != 1): _add_flood_protect(params['ip'][0]) return (False, '') if not sha512_crypt.verify(params['password'][0], results[0][1]): _add_flood_protect(params['ip'][0]) return (False, '') #Generate session key session_key = _create_session(params['ip'][0], results[0][0]) return (True, session_key)
def signin(): form = Signin(request.form) if request.method == 'GET': # make sure the method used is define above return render_template('signin.html', form=form), print( "you are under the signin page now, well done mrbacco") if request.method == 'POST' and form.validate(): # the following are the data from the init form username = form.username.data password_form = form.password.data print("these are the email and password inserted", username, password_form) user_db = mycol_u.find_one({'username': username}) #for key, value in user_db.items(): #print ("these are the fields in the db ", key, value) if user_db is None: flash("No USER FOUND!!, please try again or signup!", "danger") return render_template('signin.html', form=form), print( "user not found, flashed a message on the web page") if sha512_crypt.verify(password_form, user_db['password']): #setting the session on for this user till he/she signs out!! session["logged_in"] = True session["username"] = username flash("You are now logged in, start web scraping below", "success") return redirect(url_for("dashboard")), print( "Password match: flashing a message") else: flash("credential not correct, please try again", "danger") return render_template('signin.html', form=form)
def post(self): logging.info("Initiating PasswordHandler post") data = json.loads(self.request.body) if "username" not in data: raise HTTPError(400, reason="Missing username in body request.") if "password" not in data: raise HTTPError(400, reason="Missing password in body request.") username = data["username"] password = data["password"] user = yield self.settings["database"].Users.find_one({"username": username}) if not user: logging.debug("Username '%s' not found.", username) raise HTTPError(401, reason="Invalid username or password.") encoded_user_password = '******'.format(user["password"]["rounds"], user["password"]["hash"]) if sha512_crypt.verify((password + user["password"]["salt"]).encode("utf-8"), encoded_user_password): token = yield self.authenticate_user(user) self.write(token) self.flush() else: logging.info("Invalid password for user '%s'.", username) raise HTTPError(401, reason="Invalid username or password.")
def login(self): facade = Facade() hash = self.gerar_hash() response.set_cookie("KIM", hash, path='/', secret=KEY_HASH) observador_logado = facade.search_observador_email_facade( email=self.email) if observador_logado != None: if sha512_crypt.verify(self.senha, observador_logado['senha']): response.set_cookie("BUMBA", observador_logado, path='/', secret=hash) now = datetime.now() facade.login_date_facade(observador_logado['id'], now) facade.create_estrutura_facade( tipo_estrutura=TIPO_ESTRUTURA['historico'], nome_usuario=observador_logado['nome'], tipo_usuario=observador_logado['tipo']) return PAGINA_INICIAL[TIPO_USUARIOS_ID[ observador_logado['tipo']].lower()] else: return PAGINA_INICIAL['error'] else: print("Usuario não encontrado !") return PAGINA_INICIAL['error']
def is_login_valid(email, password): """ This method verifies that an e-mail/password combo (as sent by the site forms) is valid or not. Checks that the e-mail exists, and that the password associated to that e-mail is correct. :param email: The user's email :param password: A sha512 hashed password :return: True if valid, False otherwise """ user_data = Database.find_one(UserConstants.COLLECTION, {"email": email}) admin_created_user = Database.find_one(UserConstants.COLLECTION, { "email": email, "admin_created": "Yes" }) if user_data is None: # Tell the user that their e-mail doesn't exist raise UserErrors.UserNotExistsError( "Email is not recognized. Please use link below to sign-up if you have not created an account." ) if admin_created_user is not None: # Tell the user to sign up raise UserErrors.AdminCreatedUserError( "Your account was created by an admin. Please register with HHT to enjoy the full functionality of the site." ) if not sha512_crypt.verify(password, user_data['password']): # Tell the user that their password is wrong raise UserErrors.IncorrectPasswordError( "Password does not match the one registered.") return True
def processLogin(form): username = sanitize(form.username.data) password = sanitize(form.password.data) persistent = form.persistent.data status = False try: cursor, dbconn = dbConnection() query = "SELECT user_id, username, password FROM users WHERE username = %s" query_result = cursor.execute(query, [username]) query_result = cursor.fetchone() user_id = query_result[0] query_result = query_result[2] except: status = "No Such User Exists..!!" else: if sha512_crypt.verify(password, query_result): session['logged_in'] = True session['username'] = username if persistent: session.permanent = True status = True else: status = "Invalid Credentials..!!" query = "SELECT reviewer_id, subject from reviewers where user_id = %s" query_result = cursor.execute(query, [user_id]) if int(query_result) > 0: query_result = cursor.fetchone() session['reviewer'] = query_result[0] session['subject'] = query_result[1] cursor.close() dbconn.close() return status
def verify_login(user, password): ### # Summary: # Diese Funktion überprüft die eingegebenen Login Parameter und checkt ob sie im passwd.json vorhanden sind # Args: # user(string) = Eingegebner Username # password(string) = Eingegebenes Passwort im cleartext # Return: # Boolscher Wert: True = Credentials sind korrekt; False = Credentials sind falsch ### # Wenn irgendetwas falsch ist soll False zurückgegeben werden. z.B wenn User nicht gefunden wird # deshalb wird ein try verwendet, damit wird der Fehler bei einem nicht existierenden Key im Dict abgefangen try: f_info = load_user() for k, v in f_info.items(): if k == user: s_user = k s_pass = v[0] # Wenn der Username und der Passworthash korrekt sind wird True zurückgegeben if s_user == user and sha512_crypt.verify(password, s_pass) is True: return True else: # Wenn die Daten falsch ist -> False return False # Falls im während der Überprüfung des User, Passwort ein Fehler passiert, gibt es kein erfolgreiches login except: return False
def login(): form = LoginForm() context = { 'copyright': COPYRIGHT, 'form': form } if request.method == 'POST': if context['form'].validate(): # Get user info from database: user = db.session.query(User).filter_by( email = context['form'].email.data).first() pw = context['form'].password.data # Check that user exists in database: if user is not None: # verify input password matches stored hash: if sha512_crypt.verify(pw, user.pwhash): # Log user in: session['logged_in'] = True return redirect(url_for('index')) else: flash('Incorrect password.') return render_template('login.html', **context) else: flash('Email address not found.') return render_template('login.html', **context) else: return render_template('login.html', **context) elif request.method == 'GET': return render_template('login.html', **context)
def login(): error = None #declaration for this variable if request.method == 'POST': username = request.form.get('username') password_req = request.form.get('password') newuser = username if request.form.get('username') is not "" and request.form.get( 'password') is not "": newuser = mycol.find_one({'username': username}) if newuser is not None: password = newuser[ "password"] #return PasswordField for that username print("inserted username is: ", newuser) else: error = 'Invalid credentials again 2' print("user not present therefore moving on") return render_template('login.html', error=error) if sha512_crypt.verify(password_req, password): print("password matched", password_req, password) #creating a session for the user just logged in session["logged_in"] = True session["username"] = username return redirect(url_for("dashboard")) print("under the dashboard page now") else: error = 'Invalid credentials again 1' print("password DON'T match", password_req, password) return render_template('login.html', error=error) else: error = 'Empty credentials, try again please.' print(error, "inserted username is: ", newuser) return render_template('login.html', error=error)
def main(): try: form = cgi.FieldStorage() email= form.getvalue('email') password = form.getvalue('password') cur = con.cursor() command = "SELECT password FROM Users WHERE email = %s"; cur.execute(command, (email)) row = cur.fetchone() if (row != None): enc_password = row[0] verify = sha512_crypt.verify(password, enc_password) if (verify): sess = session.Session(expires=365*24*60*60, cookie_path='/') sess.data['lastvisit'] = repr(time.time()) sess.data['user'] = email print "Location: home.py?\r\n" else: print "Location: login.py?redirect=0\r\n" else: print "Location: login.py?redirect=0\r\n" except KeyError: print "Location: login.py\r\n"
def update_password(username: str, password: str, new_password: str, salt: str) -> User: """ Update a user's password. :param username: The user's username. :type username: str :param password: The user's current password. :type password: str :param new_password: The user's new password. :type new_password: str :param salt: The user's salt. :type salt: str :return: User """ user = User.query.filter(User.username == username).one() if sha512_crypt.verify(salt_password(password, salt), user.password): user.password = sha512_crypt.hash(salt_password(new_password, salt)) db.session.add(user) db.session.commit() return user else: raise PasswordException(message='Current password is not correct.')
def authUser(self, name, password): c = self._conn.cursor() c.execute("SELECT password FROM user WHERE name = ? LIMIT 1", (name, )) r = c.fetchone() if r is None: return False return sha512_crypt.verify(password, r[0])
def check_password(passw, hash): """ Tests if a password is the same as the hash. Instance vars: - ``passw`` - ``str``, The password in it's original form - ``hash`` - ``str``, The hashed version of the password to check against """ if hash.startswith('{SHA}'): try: import warnings warnings.warn( 'SHA1 as a password hash may be removed in a future release.') passw_hash = '{SHA}' + b64encode(sha1(passw).digest()) if passw_hash == hash: return True except: import traceback traceback.print_exc() elif hash.startswith('$2a$') and len(hash) == 60: return bcrypt.verify(passw, hash) elif sha512_crypt.identify(hash): return sha512_crypt.verify(passw, hash) return False
def authenticate(session, Account, **kwargs): login = kwargs.get('login') password = kwargs.get('password') user = session.query(Account).filter(Account.login == login).one() if not sha512_crypt.verify(password, user.password): raise Exception("No user with this password") return user
def dologin(): if (lenow >= 3): login_char_name = msg_split[1] login_password = msg_split[2] self.db = DBPool('mrpg.db') char_exists = yield self.db.does_char_name_exist(login_char_name) self.db.shutdown("") if(char_exists[0][0] == 0): self.privateMessage(user, "There is not a character by that name.") else: self.db = DBPool('mrpg.db') is_online = yield self.db.is_char_online(login_char_name) self.db = DBPool('mrpg.db') if (is_online[0][0] == 0): self.db = DBPool('mrpg.db') temppass = yield self.db.get_password(login_char_name) passhash = temppass[0][0] self.db.shutdown("") if (sc.verify(login_password, passhash)): self.db = DBPool('mrpg.db') self.db.executeQuery("UPDATE users SET online = 1, hostname = ? WHERE char_name = ?",(hostname,login_char_name)) self.db.shutdown("") self.mode(self.factory.channel, True, 'v', user=user) self.privateMessage(user, "You are now logged in.") else: self.privateMessage(user, "Password incorrect.") else: self.privateMessage(user, "You are already logged in") else: self.privateMessage(user, "Not enough information was supplied.")
def login(): if session: return redirect(url_for('index')) if request.method == 'POST': tasks = mongo.db.Credentials.find({}) username = request.form.get("name") pswd = request.form.get("password") for element in tasks: if element["User"] == username: x = (element["Pass"]) if (sha512_crypt.verify(str(pswd), str(x))): session['username'] = username session['admin'] = element["Admin"] session.permanent = True app.permanent_session_lifetime = timedelta(minutes=10) return redirect(url_for('index')) else: pass #return("Wrong username or password") return render_template("Error.html", message="Wrong username or password") else: return render_template("login.html")
def login(): if fl.request.method == 'GET': current = datetime.datetime.now() if 'logged_in' in fl.session: return fl.redirect(fl.url_for('index')) return fl.render_template('/login.html', current=current) else: username = fl.request.form['username'] pw = fl.request.form['pw'] # now check this against the database user_list = ml.User.query.filter(ml.User.email == username).all() if len(user_list) == 1: user = user_list[0] # check that the password is correct if sha512_crypt.verify(pw, user.pw_hashed): flog.login_user(user) fl.session['logged_in'] = user.id if user.admin: fl.session['admin'] = True next = fl.request.args.get('next') return fl.redirect(fl.url_for('index')) else: fl.flash("Password incorrect!", "error") return fl.render_template('/login.html') else: fl.flash("Login failed!", "error") return fl.render_template('/login.html')
def get_password_verification(passwordhash, password): """ used when the user is loging in or when the user is attemping to change the password. this function should be used by any function that wants to verify a user password given a user password hash """ return sha512_crypt.verify(password, passwordhash)
async def login(request): try: username = payload['username'] password = payload['password'] except KeyError: raise web.HTTPBadRequest() async with request.app['pool'].acquire() as conn: async with conn.cursor() as cur: await cur.execute( "SELECT password_hash FROM users WHERE username = %s;", (username)) res = await cursor.fetchone() # TODO: Check if res has any data and check against password_hash try: (res, ) = res except ValueError: raise web.HTTPBadRequest() # sha512_crypt.verify(password, hash) if 'is_hash' in payload and payload['is_hash']: valid = (res == password) else: valid = sha512_crypt.verify(password, res) if not valid: raise web.HTTPBadRequest() session = await get_session(request) session['last_visit'] = time.time() session['user'] = username return web.Response(status=204)
def verify_password(self, password): """ :param password: :return: """ return sha512_crypt.verify(password, self.password_hash)
def donewpass(): if (lenow >= 4): newpass_char_name = msg_split[1] newpass_password = msg_split[2] newpass_new_password = msg_split[3] self.db = DBPool('mrpg.db') char_exists = yield self.db.does_char_name_exist(newpass_char_name) self.db.shutdown("") if(char_exists[0][0] == 0): self.privateMessage(user, "There is not a character by that name.") else: self.db = DBPool('mrpg.db') passhash = yield self.db.get_password(newpass_char_name) passhash = passhash[0][0] self.db.shutdown("") if(sc.verify(newpass_password, passhash)): hash = sc.encrypt(newpass_new_password) hash '$6$rounds=36122$kzMjVFTjgSVuPoS.$zx2RoZ2TYRHoKn71Y60MFmyqNPxbNnTZdwYD8y2atgoRIp923WJSbcbQc6Af3osdW96MRfwb5Hk7FymOM6D7J1' self.db = DBPool('mrpg.db') self.db.executeQuery("UPDATE users SET password = ? WHERE char_name = ?",(hash, newpass_char_name)) self.db.shutdown("") self.privateMessage(user, "You have changed your password.") else: self.privateMessage(user, "Password incorrect.") else: self.privateMessage(user, "Not enough information was supplied.")
def validate_password(self, password: str) -> bool: """ Check that given password is valid for given account :param password: password to be checked :return: True if password is valid equal, False otherwise """ return sha512_crypt.verify(password, self.password)
def authenticate_user(username, password): user = database.User.objects(username__iexact=username).first() if user is None: return None if (sha512_crypt.verify(password, user.hash)): return user else: return None
def check(self, username, password): """ Verifies a user supplied password against the stored hash for a user """ dbp_hashed = self.get(username) if dbp_hashed is None: return False return sha512_crypt.verify(password, dbp_hashed)
def compute_uhash(count): """Generate linux system user couple of clear/hashes passwords (SHA512)""" result = dict() for i in _compute_clear_passwordlist(count): hashed = sha512_crypt.hash(i) if sha512_crypt.verify(i, hashed): result[sha512_crypt.hash(i)] = i return compute_markdown_rendering(1, result)
def verify(session, username, password): """Return True if and only if username is in the users DB and has correct password.""" entity = get_user(session, username) if entity: return Hasher.verify(password, entity.password) else: return False
def login(req): if req.POST: user = req.db.users.find_one({'email': req.POST['email']}) if user: print(sha512_crypt.verify(req.POST['password'], user['password'])) else: req.flash('Login failed, please try again or use the reset password feature.', 'error') return {}
def authenticate(session, username, password): u = User.get(session, username) if u is not None: h = u.passwd return h is not None and sha512_crypt.verify(password, h) return False
def button_handler(self, event): label = event.GetEventObject().GetLabel() self.selected_pictures.append(label) parentCustomTitleBar = self.GetParent().customTitleBar children = parentCustomTitleBar.sizerTitleBar.GetChildren() dotsWidget = children[1].GetWindow() if len(self.selected_pictures) == 4: dotsWidget.SetLabel("⚫ ⚫ ⚫ ⚫") pswd_file = open(curdir + "/9gridpassword.txt", "r+") file_pswd = pswd_file.read() print(self.selected_pictures) if (sha512_crypt.verify(''.join(self.selected_pictures), file_pswd)): print('Authentication successful') self.GetParent().eye_track_thread.join() sys.exit(0) else: self.selected_pictures = [] dotsWidget.SetLabel("⚪ ⚪ ⚪ ⚪") wx.MessageBox("Authentication failed", " ", wx.OK | wx.ICON_INFORMATION) # go back to first set of pictures for i in range(9): picture_label = self.labels[len(self.selected_pictures)][i] pictures = os.listdir(self.curdir + '/images/9_grid/' + picture_label) picture_number = pictures.pop( r.randint(0, len(pictures) - 1)) self.buttons[i].SetBitmapLabel( wx.Bitmap(self.curdir + "/images/9_grid/{0}/{1}".format( picture_label, picture_number))) self.buttons[i].SetLabel(picture_label) else: if (len(self.selected_pictures) == 1): dotsWidget.SetLabel("⚫ ⚪ ⚪ ⚪") if (len(self.selected_pictures) == 2): dotsWidget.SetLabel("⚫ ⚫ ⚪ ⚪") if (len(self.selected_pictures) == 3): dotsWidget.SetLabel("⚫ ⚫ ⚫ ⚪") # set next set of buttons for i in range(9): picture_label = self.labels[len(self.selected_pictures)][i] pictures = os.listdir(self.curdir + '/images/9_grid/' + picture_label) picture_number = pictures.pop(r.randint(0, len(pictures) - 1)) self.buttons[i].SetBitmapLabel( wx.Bitmap(self.curdir + "/images/9_grid/{0}/{1}".format( picture_label, picture_number))) self.buttons[i].SetLabel(picture_label)
def userLogin(args): user = args[USERNAME] # Yubikey OTP is 44-characters so if there's not at least 45 chars then # we assume there's only a single factor and fail them out of spite # also fail out of spite if the user does not have a yubikey in their password entry if user not in p.users: print(FAILED) logit("User not in table") return if (len(args['password']) < 45): print(FAILED) logit("Password too short to have yubi token") return if p.users[user]['yubikeyid'] is None: print(FAILED) logit("User has no yubi token in the passwd file") return # Otherwise split the first and second factors apart password = args['password'][0:-44] yubiotp = args['password'][-44:] userobject = p.users[user] # Check the first factor against the hash if not sha512_crypt.verify(password, userobject['hash']): print(FAILED) logit("First factor failed") return # does the yubikey belong to this user? # We should have pretty good assurance at this point that the userobject has a yubikeyid # value. Our check above should have promised that if yubiotp[0:12] != userobject['yubikeyid']: print(FAILED) logit( "Yubi token presented %s does not match what is on file %s" % (yubiotp[0:12], userobject['yubikeyid'])) return try: # Now FINALLY we go to yubicloud and ask yubi = Yubico(yubicloud_client_id, yubicloud_secret_key) if yubi.verify(yubiotp): print(SUCCESS) return except Exception as e: logging.error("Exception in yubi verify", e) print(FAILED) return # If we fall all the way out logit("Fell out the bottom") print(FAILED)
def check_hashed_password(password, hashed_password): """ Checks that the password the user sent matches that of the database. The database password is encrypted more than the user's password at this stage. :param password: sha512-hashed password :param hashed_password: pbkdf2_sha512 encrypted password :return: True if passwords match, False otherwise """ return sha512_crypt.verify(password, hashed_password)
def compareHash(self, string): if (self.type == "md5"): return md5_crypt.verify(string, self.pwd_hash) elif (self.type == "bcrypt"): return bcrypt.verify(string, self.pwd_hash) elif (self.type == "sha256"): return sha256_crypt.verify(string, self.pwd_hash) elif (self.type == "sha512"): return sha512_crypt.verify(string, self.pwd_hash)
def check_password(cls, username, password): user = cls.get_by_username(username) if not user: return False try: is_valid = crypt.verify(password, user.password) return is_valid except ValueError: return False
async def authorize(self, username, password): curr_user = await self.objects(username=username).first() if curr_user is not None: if sha512_crypt.verify(password, curr_user.password): userid = curr_user.userid else: userid = None return userid else: return None
def check_password(self, pwd_to_check: str) -> bool: """Checks if the provided password is correct. :param pwd_to_check: The password to check :type pwd_to_check: str :return: True if the password is correct, False otherwise :rtype: bool """ return sha512_crypt.verify(pwd_to_check, self.password)
def check_password(raw_password, enc_password): """ Compares raw password and encoded password. """ if not raw_password: return False if backends.SHOULD_HASH_PASSWORD: return sc.verify(raw_password, enc_password) else: return enc_password == raw_password
def valid_login(username,password): try: c = mysql.connect().cursor() c.execute("SELECT * FROM USER WHERE username ='******'" %(username)) data = c.fetchone()[2] if data and sha512_crypt.verify(password, data): return True else: return False except: return False
def check_password(passw, hash): if hash.startswith('{SHA}'): try: passw_hash = '{SHA}' + b64encode(sha1(passw).digest()) if passw_hash == hash: return True except: import traceback traceback.print_exc() elif sha512_crypt.identify(hash): return sha512_crypt.verify(passw, hash) return False
def check_password(self, username, password): if not username in ajenti.config.tree.users: return False type = 'plain' saved = ajenti.config.tree.users[username].password if '|' in saved: type, saved = saved.split('|') if type == 'plain': hash = password return hash == saved elif sha512_crypt.identify(saved): return sha512_crypt.verify(password, saved)
def do_login(): # bottle.request.environ.get('beaker.session') username = request.forms.get('username') password = request.forms.get('password') if tablefunctions.retrieve_password(username) == None: return "<p>Username or password is not correct.</p>" elif sha512_crypt.verify(password, tablefunctions.retrieve_password(username)): # s['user_id'] = True # response.set_cookie("account", username, secret='some-secret-key') # s.save() return serve_home() else: return "<p>Username or password is not correct.</p>"
def check_password(self): password = self.password userid = self.userid logging.debug('username/password to check is %s/%s' % (userid, password)) dbpassword = passwd.get_password(self) if dbpassword is not None: if sha512_crypt.verify(password,dbpassword): logging.debug('password correct') return True else: logging.debug('password incorrect') return False else: return False
def auth(self, data): #Needs 1 array with two elements: 0 = username 1 = password con = mdb.connect(host='localhost', user='******', passwd='12adam12', db='IT490') query = "select password from users where user_name = \"%s\"" % data[0] try: cur = con.cursor() cur.execute(query) pwd = cur.fetchall() result = sha512_crypt.verify(data[1],pwd[0][0]) except: print "Error: unable to fetch data" return False con.close(); return result
def login(): form = LoginForm() login_failed = False if form.validate_on_submit(): # Find the user. user = db.session.query(User).filter_by(name=request.form["username"]).first() # No user by that name. if user is None or not sha512_crypt.verify(sha384(request.form["password"]).hexdigest(), user.password): login_failed = True else: # Login succeeded. Set up the user's session. session["user"] = user.id session["username"] = user.name return redirect(url_for("index")) return render_template("login.j2", form=form, login_failed=login_failed)
def do_login(): username = request.form['username'] password = request.form['password'] next = request.form['next'] userdetails = None with get_connection() as conn: cur = conn.cursor(cursor_factory=psycopg2.extras.RealDictCursor) cur.execute('SELECT id, password FROM users WHERE username = %s', [username]) userdetails = cur.fetchone() if userdetails is not None and sha512_crypt.verify(password, userdetails['password']): login_user(User(userdetails['id']), remember=True) return redirect(next) return render_template('login.html', next=next, username=username)
def do_login(): # This post function will check if the user log-in credentials are correct. # Get the user details from the login form. username = request.forms.get('username') password = request.forms.get('password') try: # Connect to the database. conn = sqlite3.connect(config["paths"]["file_auth_database"]) c = conn.cursor() c.execute("SELECT Password FROM secure_login WHERE Username = ?", (str(username),)) rows = c.fetchall() c.close() except OperationalError: # If the user is not found in the database and we don't know the password, exit authentication. abort(403, "Authentication failed.") if len(rows) == 0: abort(403, "Authentication failed.") # Check if the password from the user matches the passwored stored in the database. for row in rows: for col in row: check = sha512_crypt.verify(password, col) if check == True: # Password and username checks passed. Now proceeding for setting authenticated session cookie. # Generate unique session ID. session_start_time = str(datetime.datetime.now()) secret = sha512_crypt.encrypt(session_start_time) # Save cookie secret and session start time to the db. conn = sqlite3.connect(config["paths"]["file_auth_database"]) c = conn.cursor() c.execute("UPDATE secure_login SET SessionID = (?) WHERE Username = (?)", (secret, username)) c.execute("UPDATE secure_login SET SessionStartTime = (?) WHERE Username = (?)", (session_start_time, username)) conn.commit() c.close() response.set_cookie("username", username, secret=secret) response.status = 303 response.set_header('Location', '/dashboard') else: abort(403, "Authentication failed.")
def login(): form = UserForm() site_title = 'Login' error = None if request.method == 'POST': if form.validate_on_submit: user = models.User.query.filter_by(email=request.form['email']).first() if user is not None and sha512_crypt.verify(request.form['password'], user.passwordhash): session['logged_in'] = True session['nickname'] = user.nickname session['uid'] = user.id return redirect(url_for('dashboard')) else: error = 'Invalid username or password.' return render_template('login.html', form=form, site_title = site_title, error = error )
def check_auth(username, password): """This function is called to check if a username / password combination is valid. """ def any_(l): """Check if any element in the list is true, in constant time. """ ret = False for e in l: if e: ret = True return ret user_ok = False pass_sha1_ok = pbkdf2_sha256_ok = pass_sha512_ok = pass_sha512_crypt_ok = pass_bcrypt_crypt_ok = False user_ok = app.conf['wapt_user'] == username pass_sha1_ok = app.conf['wapt_password'] == hashlib.sha1( password.encode('utf8')).hexdigest() pass_sha512_ok = app.conf['wapt_password'] == hashlib.sha512( password.encode('utf8')).hexdigest() if '$pbkdf2-sha256$' in app.conf['wapt_password']: pbkdf2_sha256_ok = pbkdf2_sha256.verify(password, app.conf['wapt_password']) elif sha512_crypt.identify(app.conf['wapt_password']): pass_sha512_crypt_ok = sha512_crypt.verify( password, app.conf['wapt_password']) else: try: if bcrypt.identify(app.conf['wapt_password']): pass_bcrypt_crypt_ok = bcrypt.verify( password, app.conf['wapt_password']) except Exception: pass basic_auth = any_([pbkdf2_sha256_ok, pass_sha1_ok, pass_sha512_ok, pass_sha512_crypt_ok, pass_bcrypt_crypt_ok]) and user_ok return basic_auth or (auth_module_ad is not None and auth_module_ad.check_credentials_ad(app.conf, username, password))
def local_authenticate(login, password): """ Checks the validity of a username/password against what is stored in the database. """ try: q = DBSession.query(User) q = q.filter(User.user_name == login) db_user = q.one() except Exception as e: log.debug("%s (%s)" % (Exception, e)) # Should return invalid username here somehow return None try: if sha512_crypt.verify(password, db_user.password): return [login] except Exception as e: log.error("%s (%s)" % (Exception, e)) pass return None
def authenticate(username=None, password=None, http_abort=True): if not username: username = request.values['username'] if not password: password = request.values['password'] # Refuse the login if there has been 3 previous failed attempts fails = cache.get(request.remote_addr+'-'+username+'-authfails') or 0 # Minimal protection against passwords guess attempts if fails > 2: cache.set(request.remote_addr+'-'+username+'-authfails', fails, 120) abort(401, '3 previous attempts failed, please wait 2 minutes') # The following line is there only for the translation in OSPFM-web # self.forbidden('3 previous attempts failed, please wait 2 minutes') user = core.User.query.filter( core.User.username == username ).first() if not user: if http_abort: cache.set(request.remote_addr+'-'+username+'-authfails', fails+1, 120) abort(401, 'Wrong username or password') # The following line is there only for the translation in OSPFM-web # self.forbidden('Wrong username or password') else: return False if sha512_crypt.verify(password, user.passhash): # Last login was not a fail, remove the fail info in the cache cache.delete(request.remote_addr+'-'+username+'-authfails') key = str(uuid.uuid4()) cache.set(request.remote_addr+'---'+key, username, 3600) return jsonify(status=200, response={'key': key}) elif http_abort: # Minimal protection against passwords guess attempts: each login # failure increments this counter cache.set(request.remote_addr+'-'+username+'-authfails', fails+1, 120) abort(401, 'Wrong username or password') else: return False
def handle_login(params, json_data): if (not _check_flood_protect(params['ip'][0])): return (False, '') if 'username' not in params or 'password' not in params: return (False,'') try: q = Query('SELECT gebr_id, gebr_wachtwoord FROM tblgebruiker WHERE gebr_naam = %s') q.run((params['username'][0],)) results = q.rows() except DatabaseError: raise InternalServerError if (len(results) != 1): _add_flood_protect(params['ip'][0]) return (False,'') if not sha512_crypt.verify(params['password'][0], results[0][1]): _add_flood_protect(params['ip'][0]) return (False,'') #Generate session key session_key = _create_session(params['ip'][0], results[0][0]) return (True, session_key)
def dodelete(): if (lenow >= 3): delete_char_name = msg_split[1] delete_password = msg_split[2] self.db = DBPool('mrpg.db') char_exists = yield self.db.does_char_name_exist(delete_char_name) self.db.shutdown("") if(char_exists[0][0] == 0): self.privateMessage(user, "There is not a character by that name.") else: self.db = DBPool('mrpg.db') passhash = yield self.db.get_password(delete_char_name) passhash = passhash[0][0] self.db.shutdown("") if (sc.verify(delete_password, passhash)): self.db = DBPool('mrpg.db') self.db.executeQuery("DELETE FROM users WHERE char_name = ?",delete_char_name) self.db.shutdown("") self.privateMessage(user, delete_char_name + " has been deleted.") else: self.privateMessage(user, "Password incorrect.") else: self.privateMessage(user, "Not enough information was supplied.")
def verify(self, clearvalue, hashed_value): return sha512_crypt.verify(clearvalue, hashed_value)