def calc_user_pw_hash(plaintxt_pw):
"""
calc password hash
"""
salt = current_app.rz_config.secret_key
pw_hash = hash_pw(str(plaintxt_pw), salt)
return pw_hash
def calc_user_pw_hash(plaintxt_pw):
"""
calc password hash
"""
salt = current_app.rz_config.secret_key
pw_hash = hash_pw(str(plaintxt_pw), salt)
return pw_hash
def add_user_login(user_db, salt, first_name, last_name,
rz_username, email_address, pw_plaintext):
pw_hash = hash_pw(str(pw_plaintext), salt)
u_account = User_Account(first_name=first_name,
last_name=last_name,
rz_username=rz_username,
email_address=email_address,
pw_hash=pw_hash,
role_set=['user'])
user_db.user_add(u_account)
def add_user_login(user_db, salt, first_name, last_name, rz_username,
email_address, pw_plaintext):
pw_hash = hash_pw(str(pw_plaintext), salt)
u_account = User_Account(first_name=first_name,
last_name=last_name,
rz_username=rz_username,
email_address=email_address,
pw_hash=pw_hash,
role_set=['user'])
user_db.user_add(u_account)
def rest__login():
def sanitize_input(req):
req_json = request.get_json()
email_address = req_json['email_address']
p = req_json['password']
return email_address, p
if request.method == 'POST':
try:
email_address, p = sanitize_input(request)
except:
log.warn('failed to sanitize inputs. request: %s' % request)
return make_response__json(
status=HTTP_STATUS__401_UNAUTORIZED) # return empty response
u_account = None
try:
_uid, u_account = current_app.user_db.lookup_user__by_email_address(
email_address)
except:
log.warn(
'login: login attempt to unknown account: email_address: \'%s\''
% (email_address))
return make_response__json(
status=HTTP_STATUS__401_UNAUTORIZED) # return empty response
try:
salt = current_app.rz_config.secret_key
pw_hash = hash_pw(p, salt)
current_app.user_db.validate_login(
email_address=u_account.email_address, pw_hash=pw_hash)
except Exception as e:
# login failed
log.warn('login: unauthorized: user: %s' % (email_address))
return make_response__json(
status=HTTP_STATUS__401_UNAUTORIZED) # return empty response
# login successful
session['username'] = email_address
log.debug('login: success: user: %s' % (email_address))
return make_response__json(
status=HTTP_STATUS__200_OK) # return empty response
if request.method == 'GET':
return render_template(
'login.html', signup_enabled=current_app.rz_config.signup_enabled)
def rest__login():
def sanitize_input(req):
req_json = request.get_json()
email_address = req_json['email_address']
p = req_json['password']
return email_address, p
if request.method == 'POST':
try:
email_address, p = sanitize_input(request)
except:
log.warn('failed to sanitize inputs. request: %s' % request)
return make_response__json(status=HTTP_STATUS__401_UNAUTORIZED) # return empty response
u_account = None
try:
_uid, u_account = current_app.user_db.lookup_user__by_email_address(email_address)
except:
log.warn('login: login attempt to unknown account: email_address: \'%s\'' % (email_address))
return make_response__json(status=HTTP_STATUS__401_UNAUTORIZED) # return empty response
try:
salt = current_app.rz_config.secret_key
pw_hash = hash_pw(p, salt)
current_app.user_db.validate_login(email_address=u_account.email_address, pw_hash=pw_hash)
except Exception as e:
# login failed
log.warn('login: unauthorized: user: %s' % (email_address))
return make_response__json(status=HTTP_STATUS__401_UNAUTORIZED) # return empty response
# login successful
session['username'] = email_address
log.debug('login: success: user: %s' % (email_address))
return make_response__json(status=HTTP_STATUS__200_OK) # return empty response
if request.method == 'GET':
return render_template('login.html', signup_enabled=current_app.rz_config.signup_enabled)