Esempio n. 1
0
def calc_user_pw_hash(plaintxt_pw):
    """
    calc password hash
    """
    salt = current_app.rz_config.secret_key
    pw_hash = hash_pw(str(plaintxt_pw), salt)
    return pw_hash
Esempio n. 2
0
def calc_user_pw_hash(plaintxt_pw):
    """
    calc password hash
    """
    salt = current_app.rz_config.secret_key
    pw_hash = hash_pw(str(plaintxt_pw), salt)
    return pw_hash
Esempio n. 3
0
def add_user_login(user_db, salt, first_name, last_name,
                   rz_username, email_address, pw_plaintext):

    pw_hash = hash_pw(str(pw_plaintext), salt)
    u_account = User_Account(first_name=first_name,
                             last_name=last_name,
                             rz_username=rz_username,
                             email_address=email_address,
                             pw_hash=pw_hash,
                             role_set=['user'])
    user_db.user_add(u_account)
Esempio n. 4
0
def add_user_login(user_db, salt, first_name, last_name, rz_username,
                   email_address, pw_plaintext):

    pw_hash = hash_pw(str(pw_plaintext), salt)
    u_account = User_Account(first_name=first_name,
                             last_name=last_name,
                             rz_username=rz_username,
                             email_address=email_address,
                             pw_hash=pw_hash,
                             role_set=['user'])
    user_db.user_add(u_account)
Esempio n. 5
0
def rest__login():
    def sanitize_input(req):
        req_json = request.get_json()
        email_address = req_json['email_address']
        p = req_json['password']
        return email_address, p

    if request.method == 'POST':
        try:
            email_address, p = sanitize_input(request)
        except:
            log.warn('failed to sanitize inputs. request: %s' % request)
            return make_response__json(
                status=HTTP_STATUS__401_UNAUTORIZED)  # return empty response

        u_account = None
        try:
            _uid, u_account = current_app.user_db.lookup_user__by_email_address(
                email_address)
        except:
            log.warn(
                'login: login attempt to unknown account: email_address: \'%s\''
                % (email_address))
            return make_response__json(
                status=HTTP_STATUS__401_UNAUTORIZED)  # return empty response

        try:
            salt = current_app.rz_config.secret_key
            pw_hash = hash_pw(p, salt)
            current_app.user_db.validate_login(
                email_address=u_account.email_address, pw_hash=pw_hash)
        except Exception as e:
            # login failed
            log.warn('login: unauthorized: user: %s' % (email_address))
            return make_response__json(
                status=HTTP_STATUS__401_UNAUTORIZED)  # return empty response

        # login successful
        session['username'] = email_address
        log.debug('login: success: user: %s' % (email_address))
        return make_response__json(
            status=HTTP_STATUS__200_OK)  # return empty response

    if request.method == 'GET':
        return render_template(
            'login.html', signup_enabled=current_app.rz_config.signup_enabled)
Esempio n. 6
0
def rest__login():

    def sanitize_input(req):
        req_json = request.get_json()
        email_address = req_json['email_address']
        p = req_json['password']
        return email_address, p

    if request.method == 'POST':
        try:
            email_address, p = sanitize_input(request)
        except:
            log.warn('failed to sanitize inputs. request: %s' % request)
            return make_response__json(status=HTTP_STATUS__401_UNAUTORIZED)  # return empty response

        u_account = None
        try:
            _uid, u_account = current_app.user_db.lookup_user__by_email_address(email_address)
        except:
            log.warn('login: login attempt to unknown account: email_address: \'%s\'' % (email_address))
            return make_response__json(status=HTTP_STATUS__401_UNAUTORIZED)  # return empty response

        try:
            salt = current_app.rz_config.secret_key
            pw_hash = hash_pw(p, salt)
            current_app.user_db.validate_login(email_address=u_account.email_address, pw_hash=pw_hash)
        except Exception as e:
            # login failed
            log.warn('login: unauthorized: user: %s' % (email_address))
            return make_response__json(status=HTTP_STATUS__401_UNAUTORIZED)  # return empty response

        # login successful
        session['username'] = email_address
        log.debug('login: success: user: %s' % (email_address))
        return make_response__json(status=HTTP_STATUS__200_OK)  # return empty response

    if request.method == 'GET':
        return render_template('login.html', signup_enabled=current_app.rz_config.signup_enabled)