def validate_password(self, field):
"""Checks if both password entered matches the one stored in the database,
and if the username entered exists."""
if Runner.query.filter_by(username=self.username.data).count() == 0:
# If username doesnt exist, raise an error.
raise validators.ValidationError("Incorrect Username or Password")
salt = Runner.query.filter_by(username=self.username.data).first().salt
hashed_password = Runner.query.filter_by(username=self.username.data).first().hashed_password
if password.check_password(field.data, salt, hashed_password) is not True:
# If the hash generated from the provided password and stored salt for the username
# doesnt match, raise an error.
raise validators.ValidationError("Incorrect Username or Password")
def login_user(username, password):
"""Logs in user. Return True if successful, False otherwise"""
# stop if user doesn't exist
# TODO: merge user doesn't exist and read user data -> one sql statement
if not user_exists(username):
return False
# read user data
db, c = get_dbc()
c.execute('SELECT password, salt FROM user WHERE username = ?',
(username, ))
result = c.fetchone()
# check if password matches
if check_password(password, result['salt'], result['password']):
# TODO: Consider saving logged in unser on server instead of clientside
session['username'] = username
print("%s successful login" % username)
return True
else:
print("%s attempted login" % username)
return False
def validate_oldpassword(self, field):
"""Checks if the users current password is correct."""
if check_password(field.data, current_user.salt, current_user.hashed_password) is not True:
raise validators.ValidationError("Incorrect Password")
