def login():
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('books'))
signinform = SignInForm()
signupform = SignUpForm()
if signinform.validate_on_submit():
user = User.query.filter_by(username=signinform.username.data).first()
password = make_secure_token(signinform.password.data)
if user is not None and password == user.password:
login_user(user)
return redirect(url_for('books'))
else:
flash('Invalid login. Please try again.')
if signupform.validate_on_submit():
username = signupform.username.data
email = signupform.email.data
password = make_secure_token(signupform.password.data)
user = User(username=username, email=email, password=password)
db.session.add(user)
db.session.commit()
login_user(user)
return redirect(url_for('books'))
return render_template('auth.html',
title='Sign In',
signinform=signinform,
signupform=signupform, )
def decorated(*args, **kwargs):
params = {}
# Check sig
if 'state' in request.args:
params.update(**self.parse_state(request.args.get('state')))
if params.pop('sig', None) != make_secure_token(**params):
return self.login_manager.unauthorized()
code = request.args.get('code')
# Web server flow
if code:
token = self.exchange_code(
code,
url_for(
request.endpoint,
_external=True,
_scheme=self.redirect_scheme,
),
)
userinfo = self.get_userinfo(token['access_token'])
params.update(token=token, userinfo=userinfo)
# Browser flow
else:
if params:
params.update(dict(request.args.items()))
else:
params.update(token=None, userinfo=dict(request.args.items()))
return view_func(**params)
def decorated(*args, **kwargs):
params = {}
# Check sig
if "state" in request.args:
params.update(**self.parse_state(request.args.get("state")))
if params.pop("sig", None) != make_secure_token(**params):
return self.login_manager.unauthorized()
code = request.args.get("code")
# Web server flow
if code:
token = self.exchange_code(
code, url_for(request.endpoint, _external=True, _scheme=self.redirect_scheme)
)
userinfo = self.get_userinfo(token["access_token"])
params.update(token=token, userinfo=userinfo)
# Browser flow
else:
if params:
params.update(dict(request.args.items()))
else:
return """
<script>
window.onload = function() {
location.href = '?' + window.location.hash.substr(1);
};
</script>
"""
return view_func(**params)
def test_make_secure_token_default_key(self):
# Old test: 0f05743a2b617b2625362ab667c0dbdf4c9ec13a
# New test with sha512:
h1 = "47bec94a46a5d3939ca0671b01bafd5d7d5353941791734ec1e4734de40e5ce0"
h2 = "a45c05c17cd33b8a18840991bb1cc154fa4ee8ef2f80a572b5a6a24b3a3afc20"
with self.app.test_request_context():
self.assertEqual(make_secure_token('foo'), h1 + h2)
def __init__(self, email, password):
self.email = email
self.password = password
self.locale = app.config['BABEL_DEFAULT_LOCALE']
self.timezone = app.config['BABEL_DEFAULT_TIMEZONE']
self.is_auth = app.config['DEFAULT_USER_AUTH']
self.token = make_secure_token(email+password+str(uuid.uuid4()))
def test_make_secure_token_default_key(self):
# Old test: 0f05743a2b617b2625362ab667c0dbdf4c9ec13a
# New test with sha512:
h1 = "47bec94a46a5d3939ca0671b01bafd5d7d5353941791734ec1e4734de40e5ce0"
h2 = "a45c05c17cd33b8a18840991bb1cc154fa4ee8ef2f80a572b5a6a24b3a3afc20"
with self.app.test_request_context():
self.assertEqual(make_secure_token('foo'), h1 + h2)
def __init__(self, username, password, email):
"""Initializes a new user, using bcrypt to hash their password"""
self.username = username
self.password = bcrypt.generate_password_hash(password)
self.email = email
self.registration_date = datetime.utcnow()
self.authentication_token = make_secure_token(self.email, self.password)
def findUserOrCreateKey(cls, auth_type, email):
qry = User.query(User.auth_type == auth_type, User.email == email)
user = qry.get()
if user is not None:
return (user, False)
prefix, domain = email.split('@')
timestr = datetime.utcnow().isoformat()
token = make_secure_token(email, timestr)[8:32]
new_id = '@'.join([prefix, token])
return (ndb.Key('User', new_id), True)
def test_get_auth_token(self):
"""
Authentication tokens are created using Flask-Login's
``make_secure_token`` function and the email address and password of
the user.
"""
user = User(email='email', password_hash='password_hash')
with app.app_context():
self.assertEqual(user.get_auth_token(),
make_secure_token('email', 'password_hash'))
def apiAuthorize():
username = request.values.get("username", "")
password = make_secure_token(request.values.get("password", ""))
user = user = User.query.filter_by(username=username).first()
if username == "":
return json.dumps(dict(error=1))
elif user.password==password:
return json.dumps(dict(token=password))
else:
return json.dumps(dict(error=1))
def test_custom_token_loader(self):
@self.login_manager.token_loader
def load_token(token):
return USER_TOKENS.get(token)
with self.app.test_client() as c:
c.get('/login-notch-remember')
self._delete_session(c)
# Test that remember me functionality still works
self.assertEqual(u'Notch', c.get('/username').data.decode('utf-8'))
# Test that we used the custom authentication token
remember_cookie = self._get_remember_cookie(c)
expected_value = make_secure_token(u'Notch', key='deterministic')
self.assertEqual(expected_value, remember_cookie.value)
def test_custom_token_loader(self):
@self.login_manager.token_loader
def load_token(token):
return USER_TOKENS.get(token)
with self.app.test_client() as c:
c.get('/login-notch-remember')
self._delete_session(c)
# Test that remember me functionality still works
self.assertEqual(u'Notch', c.get('/username').data.decode('utf-8'))
# Test that we used the custom authentication token
remember_cookie = self._get_remember_cookie(c)
expected_value = make_secure_token(u'Notch', key='deterministic')
self.assertEqual(expected_value, remember_cookie.value)
def decorated(*args, **kwargs):
params = {}
if 'error' in request.args: # Access denied!
params.update(token={}, userinfo={},
error=request.args['error'])
return view_func(**params)
# Check sig
if 'state' in request.args:
params.update(**self.parse_state(request.args.get('state')))
if params.pop('sig', None) != make_secure_token(**params):
return self.login_manager.unauthorized()
code = request.args.get('code')
# Web server flow
if code:
token = self.exchange_code(
code,
url_for(
request.endpoint,
_external=True,
_scheme=self.redirect_scheme,
),
)
userinfo = self.get_userinfo(token['access_token'])
params.update(token=token, userinfo=userinfo)
# Browser flow
else:
if params:
params.update(dict(request.args.items()))
else:
return '''
<script>
window.onload = function() {
location.href = '?' + window.location.hash.substr(1);
};
</script>
'''
return view_func(**params)
def decorated(*args, **kwargs):
# Check for error in authorization
if 'error' in request.args:
return self.login_manager.unauthorized()
# Check sig
params = self.parse_state(request.args.get('state'))
if params.pop('sig', None) != make_secure_token(**params):
return self.login_manager.unauthorized()
# Get token
token = self.exchange_code(
request.args['code'],
url_for(
request.endpoint,
_external=True,
_scheme=self.redirect_scheme,
),
)
if token:
params.update(token=token)
else:
return self.login_manager.unauthorized()
# Get user info
me = self.get_me(token['access_token'])
if me:
params.update(me=me)
else:
return self.login_manager.unauthorized()
# Get user instance
user = self.user_callback(**me)
if user:
login_user(user)
else:
return self.login_manager.unauthorized()
return view_func(**params)
def decorated(*args, **kwargs):
# Check for error in authorization
if 'error' in request.args:
return self.login_manager.unauthorized()
# Check sig
params = self.parse_state(request.args.get('state'))
if params.pop('sig', None) != make_secure_token(**params):
return self.login_manager.unauthorized()
# Get token
token = self.exchange_code(
request.args['code'],
url_for(
request.endpoint,
_external=True,
_scheme=self.redirect_scheme,
),
)
if token:
params.update(token=token)
else:
return self.login_manager.unauthorized()
# Get user info
me = self.get_me(token['access_token'])
if me:
params.update(me=me)
else:
return self.login_manager.unauthorized()
# Get user instance
user = self.user_callback(**me)
if user:
login_user(user)
else:
return self.login_manager.unauthorized()
return view_func(**params)
def decorated(*args, **kwargs):
params = {}
# Check sig
if 'state' in request.args:
params.update(**self.parse_state(request.args.get('state')))
if params.pop('sig', None) != make_secure_token(**params):
return self.login_manager.unauthorized()
code = request.args.get('code')
# Web server flow
if code:
token = self.exchange_code(
code,
url_for(
request.endpoint,
_external=True,
_scheme=self.redirect_scheme,
),
)
userinfo = self.get_userinfo(token['access_token'])
params.update(token=token, userinfo=userinfo)
# Browser flow
else:
if params:
params.update(dict(request.args.items()))
else:
return '''
<script>
window.onload = function() {
location.href = '?' + window.location.hash.substr(1);
};
</script>
'''
return view_func(**params)
def decorated(*args, **kwargs):
error = request.args.get('error', None)
if error:
return view_func(None, None, error=True, error_msg=error)
params = {}
# Check sig
if 'state' in request.args:
params.update(**self.parse_state(request.args.get('state')))
if params.pop('sig', None) != make_secure_token(**params):
return self.login_manager.unauthorized()
code = request.args.get('code')
# Web server flow
if code:
token = self.exchange_code(
code,
url_for(
request.endpoint,
_external=True,
_scheme=self.redirect_scheme,
),
)
userinfo = self.get_userinfo(token['access_token'])
params.update(token=token, userinfo=userinfo)
# Browser flow
else:
if params:
params.update(dict(request.args.items()))
else:
return view_func(None, None, error=True, error_msg='')
return view_func(**params)
def sign_params(self, params):
return b64encode(
urlencode(dict(sig=make_secure_token(**params), **params)))
def get_auth_token(self):
return make_secure_token(self.name, key='deterministic')
def auth_token(user):
return codecs.encode(os.urandom(12), 'hex').decode() + make_secure_token(
user['email'], os.urandom(32))
def get_auth_token(self): return make_secure_token(self.username, self.salt, self.password)
def get_api_token(self):
self.api_key = make_secure_token(self.username)
db.session.commit()
return self.api_key
def get_auth_token(self):
return make_secure_token(self.name, key='deterministic')
def sign_params(self, params):
return b64encode(urlencode(dict(sig=make_secure_token(**params),
**params)))
def auth_token(user):
return os.urandom(12).encode('hex') + make_secure_token(user['email'] +
user['pwd_hash'])