async def authenticate(request): reject_json = { 'status': 'failed authentication', 'errors': 'Wrong email or password' } user_email = request.json.get('email') user_password = request.json.get('password') user = await User.query.where(User.email == user_email).gino.first() if not user or not check_password_hash(user.password, user_password): return json(reject_json) return user
def test_check_hash(self): pw_hash = self.eve_bcrypt.generate_password_hash('secret') # check a correct password self.assertTrue(self.eve_bcrypt.check_password_hash(pw_hash, 'secret')) # check an incorrect password self.assertFalse( self.eve_bcrypt.check_password_hash(pw_hash, 'hunter2')) # check unicode pw_hash = self.eve_bcrypt.generate_password_hash('\u2603') self.assertTrue(self.eve_bcrypt.check_password_hash(pw_hash, '\u2603')) # check helpers pw_hash = generate_password_hash('hunter2') self.assertTrue(check_password_hash(pw_hash, 'hunter2'))
async def token_get(request, user): if not check_password_hash(user.password, request.json["password"]): return response.json({"zrada": "password incorrect"}, status=401) token = getattr(user, "token") if not token: token = random_object_id() #TODO make token expire await User.update_one({'name': request.json["username"]}, {'$set': { 'token': token }}) return response.json({'token': token})
async def token_get(request): user = await User.find_one( dict(name=request.json["username"].lower().lstrip('@'))) if not user: raise exceptions.NotFound("User not found") if not check_password_hash(user.password, request.json["password"]): return response.json({"error": "password incorrect"}, status=401) token = getattr(user, "token") if not token: token = random_object_id() #TODO make token expire await User.update_one({'name': request.json["username"]}, {'$set': { 'token': token }}) return response.json({'access_token': token})
def test_unicode_hash(self): password = '******' h = generate_password_hash(password).decode('utf-8') self.assertTrue(check_password_hash(h, password))