Esempio n. 1
0
def login(request: _Parsed):
    json = request.json
    get = json.get
    user = get("user", "").strip().lower()
    password = get("password", "")
    invalids = []
    if not user:
        invalids.append("username")
    if not password:
        invalids.append("password")
    if invalids:
        raise AppException(f"Invalid {' and '.join(invalids)}", code=401)
    user_data = get_user_by_id(user)
    password_hash = user_data.password_hash
    if not check_password_hash(password_hash, password):
        raise AppException("Incorrect Password", code=401)
    username = user_data.user
    access_token = create_token(issue_access_token(username))
    refresh_token = create_token(issue_refresh_token(username, password_hash))

    return json_response(
        {"data": {
            "success": True,
            "user_data": user_data.as_json
        }},
        headers={
            "x-access-token": access_token,
            "x-refresh-token": refresh_token
        },
    )
Esempio n. 2
0
    def _is_same_value(self, key: str, val) -> bool:
        if hasattr(self, key):
            previous_value = super().__getattribute__(key)

            return (
                (previous_value and check_password_hash(previous_value, val))
                if key == "password_hash"
                else previous_value == val
            )
Esempio n. 3
0
def verify_password(token: str, new_password: str):
    token = decode_token(token)
    assert_token_is_valid(token)

    user = token["u"]
    user_data = get_user_by_id(user)
    if not check_password_hash(token["ch"],
                               user_data.user + user_data.password_hash):
        raise AppException("Password already changed!")

    user_data.password_hash = new_password
    save_to_db()
Esempio n. 4
0
def reset_password(request: _Parsed, creds=CredManager):
    user = creds.user
    js = request.json
    current_password = js["current_password"]
    new_password = js["new_password"]
    u_data = get_user_by_id(user)
    hashed_pw = u_data.password_hash
    if not check_password_hash(hashed_pw, current_password):
        raise AppException("Incorrect Password", 401)
    u_data.password_hash = new_password
    save_to_db()
    return {
        "user_data":
        u_data.as_json,
        "message":
        "Please do not close the window while CollegeWarden re encrypts your files with the new password",
    }