def login_action():
form=LoginForm(request.form)
if request.method=='POST':
username=request.form['username']
password=request.form['password']
user=User.query.filter_by(username=username).one()
bcrypt=Bcrypt(app)
if bcrypt.check_password_hash(user.password,password):
session['user']=user.id
return redirect(url_for('add_article'))
return render_template('tachilab/login.html',form=form)
class BasicTestCase(unittest.TestCase):
def setUp(self):
app = flask.Flask(__name__)
app.config['BCRYPT_LOG_ROUNDS'] = 6
self.bcrypt = Bcrypt(app)
def test_is_string(self):
pw_hash = self.bcrypt.generate_password_hash('secret')
self.assertTrue(isinstance(pw_hash, str))
def test_not_string(self):
pw_hash = self.bcrypt.generate_password_hash(42)
self.assertTrue(isinstance(pw_hash, str))
def test_custom_rounds(self):
password = '******'
pw_hash1 = self.bcrypt.generate_password_hash(password, 5)
self.assertNotEqual(password, pw_hash1)
def test_check_hash(self):
pw_hash = self.bcrypt.generate_password_hash('secret')
# check a correct password
self.assertTrue(self.bcrypt.check_password_hash(pw_hash, 'secret'))
# check an incorrect password
self.assertFalse(self.bcrypt.check_password_hash(pw_hash, 'hunter2'))
# check unicode
pw_hash = self.bcrypt.generate_password_hash(u'\u2603')
self.assertTrue(self.bcrypt.check_password_hash(pw_hash, u'\u2603'))
# check helpers
pw_hash = generate_password_hash('hunter2')
self.assertTrue(check_password_hash(pw_hash, 'hunter2'))
def test_check_hash_unicode_is_utf8(self):
password = u'\u2603'
pw_hash = self.bcrypt.generate_password_hash(password)
# check a correct password
self.assertTrue(self.bcrypt.check_password_hash(pw_hash, '\xe2\x98\x83'))
def test_rounds_set(self):
self.assertEquals(self.bcrypt._log_rounds, 6)
def login():
form=LoginForm(request.form)
if request.method=='POST' and form.validate():
try:
admin=Admin.query.filter_by(username=request.form['username']).one()
bcrypt=Bcrypt(app)
if bcrypt.check_password_hash(admin.password,request.form['password']):
session['admin_id']=admin.id
return redirect('/')
else:
return render_template('admin_login.html',form=form,data='no password')
except:
return render_template('admin_login.html',form=form,data='no username')
return render_template('admin_login.html',form=form,data='')
def login_action():
username = request.form["username"]
password = request.form["password"]
token = request.form["token"]
usersService = UsersService()
if username:
usernameResult = usersService.first(username=username)
else:
usernameResult = False
if not username:
error = 'Please enter a username'
elif not password:
error = 'Please enter a password'
elif not usernameResult:
error = 'This user does not exist'
elif not isTokenValid(token):
error = 'The request did not come from Pycamp'
else:
error = False
if not error and usernameResult:
bcrypt = Bcrypt(app)
if not bcrypt.check_password_hash(usernameResult.password, password):
error = 'Invalid password entered'
else:
print 'logged in again'
user = load_user(usernameResult.id)
login_user(user)
return redirect("/projects/list-projects")
"""session = request.environ['beaker.session']
if not session.has_key('username'):
session['username'] = username
session.save()
return "Session value set."
else:
return session['username'] """
return render_custom_template('login/login.html', error=error, username=username)
def login(email, password):
"""Tries to log in a user
Args:
email_or_username: obvi.
password: plaintext plaintext password
Returns:
User object if login succeeded
False if login failed
"""
ret = False
bcrypt = Bcrypt()
user = User.find_by_email(email)
if user and bcrypt.check_password_hash(user.password, password):
ret = user
return ret
class UserApi(Resource):
def __init__(self):
self.db = current_app.config['DB']
self.bcrypt = Bcrypt(current_app)
def abort(self, response=None):
if response is None:
abort(400)
return (response, 400)
def prettify(self, user):
return {
'login': user['login'],
'role': 'Admin' if user['admin'] else 'User'
}
def find_user(self, login=None):
if login is None:
login = request.json['login']
return self.db.User.find_one({'login': login})
def get(self, login=None):
if login:
user = self.find_user(login)
if user:
return self.prettify(user)
else:
return [
self.prettify(r) for r in self.db.User.find()
]
def post(self):
if request.json is None:
return self.abort({'message': "Data required"})
if self.find_user():
return {'message': "User already exists"}
user = self.db.User()
user['login'] = request.json['login']
user['password'] = self.bcrypt.generate_password_hash(
request.json['password']
)
user.save()
return ({'message': 'User created successfully!'}, 201)
def put(self, login):
user = self.find_user(login)
if user is None:
return self.abort({'message': "User not found"})
curr_pass = request.json.get('current_password', '')
if not self.bcrypt.check_password_hash(
user['password'], curr_pass):
return self.abort({'message': "Invalid password"})
new_pass = request.json.get('new_password', '')
if new_pass == curr_pass:
return self.abort({'message': "New password should be different than the old one"})
confirm_pass = request.json.get('confirm_password')
if not new_pass:
return self.abort({'message': "Please provide new password"})
if new_pass != confirm_pass:
return self.abort({'message': "New password confirmed incorrectly"})
user = self.db.User(user)
user['password'] = self.bcrypt.generate_password_hash(
request.json['new_password']
)
user.save()
return {'message': "Password changed"}
def delete(self, login):
user = self.find_user(login)
if user:
self.db.User(user).delete()
else:
return self.abort({'message': "User was not found"})
if self.find_user(login) is not None:
return self.abort({'message': "User still exists"})
return {'message': "User deleted successfully"}