def request_loader(request):
auth = request.authorization
if auth:
user = User.query.filter_by(username=auth['username']).first()
if user and bcrypt.check_password_hash(user.password, auth['password']):
return user
return None
def validate_password(self, field):
user = User.query.filter(func.lower(User.username) ==
self.username.data.lower()).first()
if user:
if not bcrypt.check_password_hash(user.password,
self.password.data):
raise ValidationError('Password is incorrect')
def validate_login(form, field):
user = form.get_user()
if user is None:
raise validators.ValidationError('Usuario invalido')
if not bcrypt.check_password_hash(user.password, form.password.data):
raise validators.ValidationError('Contraseña invalida')
def login():
error = None
form = LoginForm()
next = get_redirect_target()
next = retain_before_auth_page(next)
print request.method
if request.method == 'POST':
if request.form['submit'] == 'cancel':
return redirect_back('index')
else:
if form.validate_on_submit():
session['remember_me'] = True
user = User.query.filter_by(username=form.username.data).first()
if user:
if bcrypt.check_password_hash(str(user.password), str(form.password.data)):
login_user(user)
flash('You were logged in. ', 'success')
return redirect_back('index')
else:
flash('Invalid email or password.', 'danger')
return render_template('login.html', form=form, error=error)
else:
flash('Invalid email or password.', 'danger')
return render_template('login.html', form=form, error=error, next=next)
else:
flash('Invalid email or password.', 'danger')
return render_template('login.html', form=form, error=error, next=next)
else:
return render_template('login.html', form=form, error=error, next=next)
def index():
login = LoginForm()
join = JoinForm()
contact = ContactForm()
mail = MailingForm()
if login.validate_on_submit():
user = User.query.filter_by(email=login.inputEmailIn.data).first_or_404()
if user and bcrypt.check_password_hash(user.password, login.inputPasswordIn.data):
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
print(current_user.email)
return redirect("/myAisleMate/rb")
else:
flash("Incorrect email or password")
return redirect("/index")
elif join.validate_on_submit():
user = User(
email=join.inputEmailUp.data,
password=join.inputPasswordUp1.data
)
db.session.add(user)
db.session.commit()
login_user(user)
return redirect("/myAisleMate/rb")
return render_template('index.html',
title ='Home',
login = login,
join = join,
contact = contact,
mail = mail)
def login():
"""
Logs the user into the application. Returns
a session ID which will be used to authenticate
future sessions
"""
try:
check_params(request, ["username", "password"])
except StandardError as e:
return respond(str(e), code=400), 400
username = str(request.form["username"])
password = str(request.form["password"])
user = User.query.filter(User.username == username).first()
if user == None or not bcrypt.check_password_hash(user.password, password):
return respond("Unknown or invalid username/password", code=400), 400
# Create a session
session = Session(hexlify(urandom(50)), user, request.remote_addr)
try:
db.session.add(session)
db.session.commit()
add_log(LOG_SESSION, "User %s logged in" % (username))
except:
db.session.rollback()
return respond("Internal server error has occured", code=101), 500
return respond("Welcome %s!" % (user.username), data={'session': session.session})
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('index'))
loginForm = LoginForm()
signupForm = SignupForm()
if loginForm.validate_on_submit():
username = loginForm.username.data
password = loginForm.password.data
if username is None or password is None:
#flash('Invalid login. Please try again.')
return render_template("error.html", error='Invalid login. Please try again.')
#return redirect(url_for('index'))
user = User.query.filter_by(username = username).first()
if user is None:
#flash('That username does not exist. Please try again.')
return render_template("error.html", error='That username does not exist. Please try again.')
#return redirect(url_for('index'))
if bcrypt.check_password_hash(user.password, password) is False:
#flash('Invalid login. Please try again.')
return render_template("error.html", error='Invalid login. Please try again.')
#return redirect(url_for('index'))
login_user(user, remember=True)
return redirect(request.args.get("next") or url_for("user", username=user.username, user=user))
#return redirect(url_for("user", username=user.username, user=user))
return render_template("index.html", title = 'Sign In', form1=loginForm, form2=signupForm)
def login():
# if the current user is already logged in send then to the homepage
if current_user.is_authenticated:
return redirect(url_for("dashboard.home"))
# otherwise load the login page
else:
# define an error variable to be passed through if any errors that need to be prompted to the user occur
error = None
# initailise the login form
login_form = LoginForm()
# checks for a post request from the form submit button
if request.method == 'POST':
# if the validation from the wtform class passes continue
if login_form.validate_on_submit():
# search for the first volunteer with the entered email
volunteer = Volunteer.query.filter_by(email=login_form.email.data).first()
# check that the volunteer record is in the table and that the password given passes the hash validation to the password stored in the database
if volunteer is not None and bcrypt.check_password_hash(volunteer.password, login_form.password.data):
# check that the volunteer has been activated by the admin
if volunteer.isActive:
# login volunteer
login_user(volunteer)
# alert the user to their successfull login
flash('You were successfully logged in')
# send the volunteer to the homepage
return redirect(url_for("dashboard.userDashboard"))
else:
# if the volunteer account has not been activated
error="Your account application has not been aproved by an administator."
else:
# prompt login error
error="Invalid Credentials, Please try again."
# load the login template
return render_template('accounts/login.html',login_form=login_form,error=error)
def auth():
data=request.get_json(force=True)
try:
if len(data['email_id'])!=0 and len(data['password'])!=0:
print "inside if"
user= User.query.get(data['email_id'])
password= data['password'].encode()
if user is not None:
if bcrypt.check_password_hash(user._password.encode('utf-8'),password):
authtoken=bcrypt.generate_password_hash(user.email_id+str(datetime.datetime.now()))
if start_session(user.email_id,authtoken):
return jsonify(success="Successfully Logged in !",authtoken=authtoken)
else:
raise Exception
else:
return jsonify(error="Incorrect username and password"),403
else:
return jsonify(error="User does not exist"),403
else:
return jsonify(error="Incomplete Details Provided"),500
except Exception as e:
if isinstance(e,KeyError):
return jsonify(error="Key error, send all required fields"),400
else:
print e
log(e)
return jsonify(error="Something Went wrong the event has been recorded and will soon be fixed."),500
def check_password_hash(self, password):
from app import bcrypt
if bcrypt.check_password_hash(pw_hash=self.password,
password=password):
return True
else:
return False
def login():
''' For GET Requests, display login form
For POSTs, login user by processing form
'''
# If user is logged in, redirect to home immediately
if(current_user.is_active):
return redirect(url_for('home'))
# Otherwise, handle GET and POST normally
if (request.method == 'GET'):
return render_template('login.html', page='login')
elif (request.method == 'POST'):
user = User.query.filter_by(username=request.form['username']).first()
if(user is None):
flash("Username and password combination not found", 'error')
return redirect(url_for("login"))
elif(bcrypt.check_password_hash(user.pwd, request.form['password'])):
user.authenticated = True
db.session.add(user)
db.session.commit()
remember_login=False
if('remember' in request.form):
remember_login=True
login_user(user, remember=remember_login)
# Re-establish OAuth for reddit object if it exists
reddit_oauth = r_h.establish_oauth(reddit,
current_user.reddit_user)
return redirect(url_for('home'))
def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
print 'Logging in to ' + str(db)
user = User.query.filter_by(nickname=form.nickname.data).first()
if user:
if bcrypt.check_password_hash(user.password, form.password.data):
user.authenticated = True
db.session.add(user)
db.session.commit()
login_user(user, remember=form.remember_me.data)
flash('Welcome %s' % (g.user.nickname))
# create users data directory if it doesn't exist
datadir = app.config['DATA']
usersavedir = os.path.join(datadir,g.user.nickname)
print 'Verifying save directory'
if not os.path.exists(usersavedir):
print 'Creating '+str(g.user.nickname)+'\'s save directory'
os.mkdir(usersavedir)
else:
print str(g.user.nickname)+'\'s directory exists'
return redirect(request.args.get('next') or url_for('home'))
else:
flash('Invalid login. Please try again')
else:
flash('Invalid login. Please try again')
return redirect(url_for('login'))
return render_template('login.html', title='Sign In', form=form)
def validate_login(self, field):
user = self.get_user()
if user is None:
raise validators.ValidationError('Invalid email or password')
if not bcrypt.check_password_hash(user.password, self.password.data):
raise validators.ValidationError('Invalid email or password')
def validate_username(self, field):
user = self.get_user()
if user:
#if self.password.data != user.password:
if not bcrypt.check_password_hash(user.password, self.password.data):
raise validators.ValidationError("Username or Password Error!")
else:
raise validators.ValidationError("Username or Password Error!")
def authenticate_by_id(user_id, password):
if (user_id and password):
user = models.User.query.get(int(user_id))
if (user):
correct_pw = bcrypt.check_password_hash(user.password, password)
if correct_pw:
return user
return None
def authenticate_by_email(email, password):
if (email and password):
user = models.User.query.filter_by(email=email).first()
if (user):
correct_pw = bcrypt.check_password_hash(user.password, password)
if correct_pw:
return user
return None
def test_user_model(self):
"""Is the User model working as expected"""
with app.app_context():
self.create_user()
user = User.query.first()
# Test encrypted password
self.assertTrue(bcrypt.check_password_hash(user.pwd,
'password'))
return True
def validate(self):
if not Form.validate(self):
return False
user = app_users.query.filter_by(email = current_user.email).first()
if user and bcrypt.check_password_hash(user.pw, self.password.data):
return True
else:
self.password.errors.append("Invalid password")
return False
def login():
json_data = request.json
user = User.query.filter_by(username=json_data['username']).first()
if user and bcrypt.check_password_hash(user.password, json_data['password']):
login_user(user)
status = True
else:
status = False
return jsonify({'name': user.username, 'result': status, 'businessId': user.businessId, 'role': user.role})
def check_password(self, password: str) -> bool:
"""
Check if the given password matches the user's password.
:param password: The plaintext password to verify.
:return: ``True`` if the ``password`` matches the user's password.
"""
if not self.password_hash:
return False
return bcrypt.check_password_hash(self.password_hash, password)
def login():
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
user = User.query.filter_by(email=email).first()
if user and bcrypt.check_password_hash(user.password, password):
login_user(User.query.filter_by(email=email).first())
return redirect(url_for('index'))
else:
return redirect(url_for('login'))
return render_template('login.html')
def validate_login(form): req_email = form.email.data req_password = form.password.data user = User.query.filter_by(email=req_email).first() if user is None: print "Fake email" return "Email is incorrect" elif not bcrypt.check_password_hash(user.password, req_password): return "Password is incorrect" else: return None
def verify_password(username, password):
user = User.query.filter_by(username=username, active = True).first()
if not user:
return False
if bcrypt.check_password_hash(user.password.encode('utf-8'), password) == False:
return False
action = Action(action="API Log In", timestamp=datetime.utcnow(), user=user)
db.session.add(action)
db.session.commit()
g.user = user
return True
def login():
if g.user is not None and g.user.is_authenticated:
return redirect(url_for('index'))
form = LoginForm()
if form.validate_on_submit():
user = Client.query.filter_by(email = form.email.data).first()
if user and bcrypt.check_password_hash(user.passwd, form.password.data):
login_user(user)
return redirect(url_for('index'))
flash('Wrong email or password')
return render_template('login.html', form=form)
def post(self):
args = self.req_parser.parse_args()
user = db.session.query(AppUser).filter(AppUser.email==args['email']).first()
if user and bcrypt.check_password_hash(user.password, args['password']):
return {
'id': user.id,
'token': generate_token(user)
}
return BAD_CREDENTIALS
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.get(form.email.data)
if user:
if bcrypt.check_password_hash(user.password, form.password.data):
user.authenticated = True
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
return redirect("admin")
return render_template("login.html", form=form)
def post(self):
args = parser.parse_args()
user = User.query.filter_by(email=args['email']).first()
if user and bcrypt.check_password_hash(
user.password, args['password']):
session['logged_in'] = True
userDict = user.__dict__
token = user.generate_auth_token()
return jsonify({'id': userDict['id'], 'email': userDict['email'], 'favteam': userDict['favteam'], 'token': token});
else:
status = False
return jsonify(status)
def baselogin():
if g.login_form.validate_on_submit():
user = User.query.filter_by(username=g.login_form.username.data).first()
session['remember_me'] = True
if user is not None:
if bcrypt.check_password_hash(str(user.password), str(g.login_form.password.data)):
login_user(user)
flash('Welcome ' + user.username + '! You are now logged in. ', 'success')
else:
flash('Oops! Sorry invalid username or password.', 'danger')
else:
flash('Oops! Sorry invalid username or password.', 'danger')
return redirect(url_for('index'))
def login():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password, form.password.data):
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(url_for('main.home'))
else:
flash('Login Unsuccessful. please check email and password', 'danger')
return render_template('login.html', title='Login', form=form)
def login():
if current_user is not None and current_user.is_authenticated():
return "already_logged_in"
email = request.args.get('email')
password = request.args.get('password')
remember_me = request.args.get('remember_me')
user = tryConnection(lambda: models.User.query.filter_by(email=email).first())
if user is None:
return "ERROR"
if not bcrypt.check_password_hash(user.password, password):
return "ERROR"
login_user(user, remember=remember_me)
return "SUCCESS"
def post(self, args):
data = request.json
if not validate_email(strip_clean(data['email'])):
response = {"messages": {"email": ["Invalid email format!"]}}
return make_response(jsonify(response), 400)
user = User.query.filter_by(email=strip_clean(data['email'])).first()
if user:
if bcrypt.check_password_hash(user.password,
strip_clean(data['password'])):
token = create_auth_token(user.id, user.email, user.first_name,
user.last_name)
response = {
"messages": {
"message": ["Successfully logged in"],
"token": [token]
}
}
return make_response(jsonify(response), 200)
else:
response = {
"messages": {
"errors": {
"password": ["Wrong password, try again!"]
}
},
}
return make_response(jsonify(response), 401)
else:
response = {
"messages": {
"errors": {
"user": ["User does not exist, please register!"]
}
},
}
return make_response(jsonify(response), 401)
def register():
form = RegistrationForm()
if form.validate_on_submit():
hashed_password = generate_password_hash(form.password.data, method='sha256')
new_user = User(username=form.username.data, password=hashed_password, 2fa=form.2fa.data)
db.sesson.add(new_user)
db.session.commit()
return '<h1>New user has been created</h1>'
# return '<h1>' + form.username.data + '' + form.password.data + '' + form.2fa.data + </h1 >
return render_template('register.html', form=form)
print db
form = LoginForm()
if form.validate_on_submit():
user = User.query.get(form.2fa.data)
if user:
if bcrypt.check_password_hash(user.password, form.password.data):
user.authenticated = True
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
# return redirect(url_for("history"))
return render_template("login.html", form=form)
def login():
result_str = " "
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if not user or not bcrypt.check_password_hash(user.password,
form.password.data):
result_str = "Incorrect Two-factor failure"
flash('Two-factor failure - Login Unsuccessfull', 'danger')
elif user.phone != form.phone.data:
result_str = "Incorrect Two-factor failure"
flash('Two-factor failure - Login Unsuccessfull', 'danger')
else:
result_str = "success."
login_user(user, remember=form.remember.data)
login_record = UserLoginHistory(user_id=user.id,
time_login=datetime.now(),
time_logout=None)
db.session.add(login_record)
db.session.commit()
return render_template('login.html',
title='Login',
form=form,
result_str=result_str)
def change(resp: int = None) -> Tuple[object, int]:
user: User = User.query.get(resp)
new_email: str = request.json['new_email']
old_password: str = request.json['old_password']
new_password: str = request.json['new_password']
if bcrypt.check_password_hash(user.password, old_password):
user.password = bcrypt.generate_password_hash(
new_password, os.environ.get('BCRYPT_LOG_ROUNDS', 4)
).decode()
if new_email != user.email:
user.email = new_email
db.session.commit()
return jsonify({
'status': 'success',
'message': 'successfully changed login information'
}), 200
else:
return jsonify({
'status': 'failure',
'message': 'old password is incorrect'
}), 400
def post(self):
"""
Login a user if the supplied credentials are correct.
:return: Http Json response
"""
if request.content_type == 'application/json':
post_data = request.get_json()
username = post_data.get('username')
password = post_data.get('password')
if len(password) > 4:
user = User.get_by_username(username=username)
if user and bcrypt.check_password_hash(user.password,
password):
return response_auth('success', 'Successfully logged In',
user.encode_auth_token(user.username),
200)
return response(
'failed', 'User does not exist or password is incorrect',
401)
return response(
'failed',
'Missing or wrong username format or password is less than four characters',
401)
return response('failed', 'Content-type must be json', 400)
def check_password(self, plaintext):
try:
return bcrypt.check_password_hash(self.password, plaintext)
except ValueError:
return "Invalid password"
def check_password(self, password):
if self.password is None:
return False
return bcrypt.check_password_hash(self.password, password)
def test_harshing(self): """this method checks instantiation of password hashes""" self.assertTrue(bcrypt.check_password_hash(self.blog_derrick.password_hash, 'secrets'))
def check_password(hashed_password, password):
return bcrypt.check_password_hash(hashed_password, password)
def login(a):
affiliate_id = a
print(a)
if affiliate_id != None:
try:
aff_user = User.query.filter_by(id=affiliate_id).first()
print(aff_user.username)
except:
affiliate_id = None
if current_user.is_authenticated:
return redirect(url_for('mgb'))
register_form = RegistrationForm()
if register_form.validate_on_submit():
# Affiliate Einladung verwalten
aff_user_info_json = json.loads(aff_user.user_info)
if "affiliate_invites" in aff_user_info_json:
aff_user_info_json["affiliate_invites"] += 1
else:
aff_user_info_json["affiliate_invites"] = 1
aff_user.user_info = json.dumps(aff_user_info_json)
db.session.commit()
print(aff_user.user_info)
print(aff_user.username)
hashed_password = bcrypt.generate_password_hash(
register_form.password.data.strip()).decode('utf-8')
user = User(username=register_form.username.data.strip(),
email=register_form.email.data.strip().lower(),
password=hashed_password)
db.session.add(user)
db.session.commit()
login_user(user)
flash(
f'Account für {register_form.username.data} erfolgreich erstellt!',
'success')
user = current_user
send_confirm_email(user)
flash(
f'Wir haben dir eine Email an {user.email} gesendet. Bitte klicke auf den Link in der Email, um deinen Account zu bestätigen',
'info')
return redirect(url_for('new_registered'))
login_form = LoginForm()
if login_form.validate_on_submit():
user_by_email = User.query.filter_by(
email=login_form.email_username.data.strip().lower()).first()
user_by_name = User.query.filter_by(
username=login_form.email_username.data.strip()).first()
next_page = request.args.get('next')
print("success")
if user_by_email and bcrypt.check_password_hash(
user_by_email.password, login_form.password.data.strip()):
login_user(user_by_email, remember=login_form.remember.data)
flash('Du hast dich erfolgreich eingeloggt!', 'success')
# Weiterleiten auf die Seite vor dem login
return redirect(next_page) if next_page else redirect(
url_for('mgb'))
elif user_by_name and bcrypt.check_password_hash(
user_by_name.password, login_form.password.data.strip()):
login_user(user_by_name, remember=login_form.remember.data)
flash('Du hast dich erfolgreich eingeloggt!', 'success')
return redirect(next_page) if next_page else redirect(
url_for('mgb'))
else:
flash('Falsches Passwort oder falsche Email-Adresse.',
'no-success')
return render_template('pages/login.html',
title="Einloggen",
register_form=register_form,
login_form=login_form,
nosidebar=True,
nav_links_category='no-links')
def validate_password(self, password):
user = User.query.filter_by(username=self.username.data).first()
if user and not bcrypt.check_password_hash(user.password,
password.data):
raise ValidationError("Password does not match. Please try again.")
def validate_old_password(self, old_password):
if self.old_password.data:
if not bcrypt.check_password_hash(current_user.password_hash,
self.old_password.data):
raise ValidationError('Wrong old password')
def check_password(self, raw_password):
return bcrypt.check_password_hash(self.password_hash, raw_password)
def test_check_hashed_password(self):
user = User(name="Staff", email="*****@*****.**", password="******")
user.save()
self.assertTrue(bcrypt.check_password_hash(user.password, 'staff'))
def check_password(self, password):
"""Takes a password and checks its bcrypt hash against the db."""
return bcrypt.check_password_hash(self.pwdhash, password)
def validate_old_password(form, oldPassword):
if bcrypt.check_password_hash(current_user.password, oldPassword.data) == False:
raise ValidationError('密碼錯誤')
def is_correct_password(self, plaintext):
if not self._password:
raise RestException(RestException.LOGIN_FAILURE)
return bcrypt.check_password_hash(self._password, plaintext)
def login(self, password, remember):
check_password = bcrypt.check_password_hash(self.password, password)
return check_password and login_user(self, remember)
def validate_password(self, password_plaintext):
return bcrypt.check_password_hash(self.password_hash,
password_plaintext)
def validate_password(self, password_plaintext):
# returns True/False
return bcrypt.check_password_hash(self.password_hash,
password_plaintext)
def check_password(self, plaintext):
return bcrypt.check_password_hash(self.password, plaintext)
def check_password(self, password):
return bcrypt.check_password_hash(self.user_password, password)
def check_current_password(form, field):
user = Users.query.filter_by(user_email=current_user.user_email).first()
if bcrypt.check_password_hash(user.user_password, field.data) == False:
raise ValidationError('Password does not match current password')
def is_correct_password(self, plaintext):
if bcrypt.check_password_hash(self._password, plaintext):
return True
return False
def verify_password(self, password):
return bcrypt.check_password_hash(self.password_hash, password)
def is_correct_password(self, plaintext_password):
return bcrypt.check_password_hash(self.password, plaintext_password)
def check_password(self, password: str):
return bcrypt.check_password_hash(self.password, password)
def authenticate(username, password):
user = UserModel.find_by_username(username)
if bcrypt.check_password_hash(user.password, password):
return user
def validate_pass(self, password):
return bcrypt.check_password_hash(self.password, password)
def check_password(self, password):
if bcrypt.check_password_hash(self.password, password):
return True
