class AdminUserResources(Resource):
def options(self, id=None):
return {'status':'ok'},200
policy = PasswordPolicy.from_names(
length=8,
uppercase=1,
numbers=1,
special=1
)
@jwt_required
@admin_required
def get(self, id=None): #method untuk request data user,filter by id, input: (user_id di url)
qry = Users.query.get(id)
if qry is None:
return {"message":"NOT FOUND"}, 404
return [marshal(qry, Users.response_fields)], 200, {"Content-Type": "application/json"}
@jwt_required
@admin_required
def put(self, id=None): #method untuk mengubah status aktif user,filter by id,input: (user_id di url, status di body)
parser = reqparse.RequestParser()
parser.add_argument("status", type=inputs.boolean, location="json", required=True)
args = parser.parse_args()
user = Users.query.get(id)
user.status = args["status"]
user.updated_at = datetime.now()
db.session.commit()
return marshal(user, Users.response_fields), 200, {"Content-Type": "application/json"}
def post(self):
policy = PasswordPolicy.from_names(length=7)
parser = reqparse.RequestParser()
parser.add_argument('username', location='json', required=True)
parser.add_argument('fullname', location='json', required=True)
parser.add_argument('email', location='json', required=True)
parser.add_argument('password', location='json', required=True)
parser.add_argument('address', location='json', required=True)
parser.add_argument('phone', location='json', required=True)
parser.add_argument('image', location='json', required=True)
args = parser.parse_args()
validation = policy.test(args['password'])
if validation == []:
password_digest = hashlib.md5(
args['password'].encode()).hexdigest()
# Creating object
user = Users(args['username'], args['fullname'], args['email'],
password_digest, args['address'], args['phone'],
args['image'])
db.session.add(user)
db.session.commit()
app.logger.debug('DEBUG : %s', user)
return marshal(user, Users.response_fields), 200, {
'Content-Type': 'application/json'
}
def test(self):
policy = PasswordPolicy.from_names(
length=8,
uppercase=2,
numbers=2,
special=2,
nonletters=2,
nonletterslc=2,
entropybits=30,
strength=(0.333, 30)
)
passwords = {
'qazwsx': {'length', 'uppercase', 'numbers', 'special', 'nonletters', 'nonletterslc', 'entropybits', 'strength'},
'qazwsxrfv': { 'uppercase', 'numbers', 'special', 'nonletters', 'nonletterslc', 'entropybits', 'strength'},
'qazwsxrfvTG': { 'numbers', 'special', 'nonletters', },
'qazwsxrfvTG94': { 'special', },
'qazwsxrfvTG94@$': set(),
}
for password, expects in list(passwords.items()):
self.assertEqual(
{t.name() for t in policy.test(password)},
expects,
'Testing {}'.format(password)
)
def put(self):
claims = get_jwt_claims()
parser = reqparse.RequestParser()
parser.add_argument('password', location='json', required=True)
parser.add_argument('first_name', location='json', required=True)
parser.add_argument('last_name', location='json', required=True)
parser.add_argument('email', location='json', required=True)
args = parser.parse_args()
policy = PasswordPolicy.from_names(
length=8
)
# Validating the password policy
validation = policy.test(args['password'])
if validation == []:
password_digest = hashlib.md5(
args['password'].encode()).hexdigest()
# search selected cust
qry = Customer.query
selected_cust = qry.filter_by(id=claims['id']).first()
# edit each elemen
selected_cust.password = password_digest
selected_cust.email = args['email']
selected_cust.first_name = args['first_name']
selected_cust.last_name = args['last_name']
db.session.commit()
app.logger.debug('DEBUG : %s', selected_cust)
return {'message': 'Your profile UPDATED!', 'Detail': marshal(selected_cust, Customer.customer_fields)}, 200, {'Content-Type': 'application/json'}
# password format doesnt match to policy
return {'status': 'FAILED', 'message': 'PLEASE ENTER PASSWORD WITH SPECIFIC FORMAT'}, 400
def put(self):
policy = PasswordPolicy.from_names(
length=6
)
parser = reqparse.RequestParser()
parser.add_argument('client_secret', location='json', required=True)
parser.add_argument('id', location='args', required=True)
args = parser.parse_args()
validation = policy.test(args['client_secret'])
qry = Clients.query.get(args["id"])
if qry is None:
return {'status':'failed',"result":"ID Not Found"}, 404, {'Content-Type':'application/json'}
if validation == []:
client_secret_digest = hashlib.md5(args['client_secret'].encode()).hexdigest()
qry.client_secret = client_secret_digest
db.session.commit()
return {"status":"success", "result":marshal(qry, Clients.response_field)}, 200, {'Content-Type':'application/json'}
return {"status":"failed", "result": "Wrong Password Length"}, 400, {'Content-Type':'application/json'}
def signup_post():
first_name= request.form.get('first name')
last_name = request.form.get('last name')
email = request.form.get('email').lower()
password = request.form.get('password')
repassword = request.form.get('repassword')
empty_fields = ef5count(first_name, last_name, email, password, repassword) #returns number of empty fields
if empty_fields > 0:
flash("Please enter a value for each field.")
return redirect(url_for('auth.signup'))
policy = PasswordPolicy.from_names(strength=0.30)
err = policy.test(password)
if len(err) > 0:
flash('Password is not strong enough.')
return redirect(url_for('auth.signup'))
if password != repassword:
flash("Passwords do not match.")
return redirect(url_for('auth.signup'))
user = User.query.filter_by(email=email).first()
if user:
flash('Email address already exists.')
return redirect(url_for('auth.signup'))
new_user = User(first_name=first_name, last_name=last_name, email=email, password=generate_password_hash(password, method='sha256'))
db.session.add(new_user)
db.session.commit()
send_mail("Welcome to Tony's Stocks!", email, 'mail/welcome.html', name=first_name)
flash("Account Successfully Created!")
return redirect(url_for('auth.login'))
def createAdminUser(username, pw, fn, ln, cursor, cnx):
if (mySQL_userDB.isUsernameTaken(username, cursor, cnx)):
return "taken error"
policy = PasswordPolicy.from_names(
length=8, # min length: 8
uppercase=1, # need min. 2 uppercase letters
numbers=1 # need min. 2 digits
)
isEnough = policy.test(pw)
if len(isEnough) != 0:
return "weak password"
pwd_context = CryptContext(schemes=["pbkdf2_sha256"],
default="pbkdf2_sha256",
pbkdf2_sha256__default_rounds=30000)
formatInsert = ("INSERT INTO adminTable "
"(username, password,fname,"
"lname,creationDate) "
"VALUES (%s, %s,%s, %s,%s)"
) #NOTE: use %s even with numbers
#their care team is not assigned at creation, so N/A
insertContent = (username, pwd_context.hash(pw), fn, ln,
str(date.today().strftime("%B %d, %Y")))
cursor.execute(formatInsert, insertContent)
cnx.commit()
return "success"
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('username', location='json', required=True)
parser.add_argument('password', location='json', required=True)
parser.add_argument('first_name', location='json', required=True)
parser.add_argument('last_name', location='json', required=True)
parser.add_argument('email', location='json', required=True)
args = parser.parse_args()
# Setup the policy
policy = PasswordPolicy.from_names(
length=8
)
# Validating the password policy
validation = policy.test(args['password'])
if validation == []:
password_digest = hashlib.md5(
args['password'].encode()).hexdigest()
# Creating object
new_cust = Customer(username=args['username'], password=password_digest,
first_name=args['first_name'], last_name=args['last_name'], email=args['email'])
db.session.add(new_cust)
db.session.commit()
app.logger.debug('DEBUG : %s', new_cust)
return {'message': 'New Customer Created!!!', 'Detail': marshal(new_cust, Customer.customer_fields)}, 200, {'Content-Type': 'application/json'}
return {'status': 'FAILED', 'message': 'PLEASE ENTER PASSWORD WITH SPECIFIC FORMAT'}, 400
def validate_password(password: str) -> bool:
""" Validates the password again a password policy.
Args:
password ( str, required ):
password to verify.
Returns:
valid ( bool ):
True if the password meets validity requirements.
"""
policy = PasswordPolicy.from_names(
strength=0.20,
entropybits=10,
length=6,
)
if not password:
return False
tested_pass = policy.password(password)
result = tested_pass.test()
if len(result) > 0:
print(
colored(
'Password not strong enough. Try increasing the length of the password or the password complexity'
))
return False
password_verification = getpass.getpass("Retype your password: "******"Passwords do not match")
return False
return True
def test(self):
policy = PasswordPolicy.from_names(
length=8,
uppercase=2,
numbers=2,
special=2,
nonletters=2,
nonletterslc=2,
entropybits=30,
strength=(0.333, 30)
)
passwords = {
'qazwsx': {'length', 'uppercase', 'numbers', 'special', 'nonletters', 'nonletterslc', 'entropybits', 'strength'},
'qazwsxrfv': { 'uppercase', 'numbers', 'special', 'nonletters', 'nonletterslc', 'entropybits', 'strength'},
'qazwsxrfvTG': { 'numbers', 'special', 'nonletters', },
'qazwsxrfvTG94': { 'special', },
'qazwsxrfvTG94@$': set(),
}
for password, expects in passwords.items():
self.assertEqual(
{t.name() for t in policy.test(password)},
expects,
'Testing {}'.format(password)
)
def post(self):
policy = PasswordPolicy.from_names(
length=6
)
parser = reqparse.RequestParser()
parser.add_argument('client_id', location='json', required=True)
parser.add_argument('client_secret', location='json', required=True)
args = parser.parse_args()
validation = policy.test(args['client_secret'])
if validation == []:
client_secret_digest = hashlib.md5(args['client_secret'].encode()).hexdigest()
client = Clients(datetime.datetime.now(), args['client_id'], client_secret_digest, 0)
try:
db.session.add(client)
db.session.commit()
except Exception as e:
return {"status":"failed", "result": "Client Already Exist"}, 400, {'Content-Type':'application/json'}
app.logger.debug('DEBUG : %s ', client )
return {"status":"success", "result":marshal(client, Clients.response_field)}, 200, {'Content-Type':'application/json'}
return {"status":"failed", "result": "Wrong Password Length"}, 400, {'Content-Type':'application/json'}
class CreateUserResources(Resource):
def options(self, id=None):
return {'status':'ok'}, 200
policy = PasswordPolicy.from_names(
length=6,
uppercase=1,
numbers=1,
special=1
)
def post(self):
parser = reqparse.RequestParser()
parser.add_argument("username", location="json", required=True)
parser.add_argument("password", location="json", required=True)
parser.add_argument("nama_lengkap", location="json", required=True)
parser.add_argument("email", location="json", required=True)
parser.add_argument("no_hp", location="json", required=True)
args = parser.parse_args()
validation = self.policy.test(args["password"])
if validation == []:
pwd_digest = hashlib.md5(args["password"].encode()).hexdigest()
if Users.query.filter_by(username=args["username"]).all() != []:
return {"status": "FAILED", "message": "Username already exists"}, 400, {"Content-Type": "application/json"}
if Users.query.filter_by(email=args["email"]).all() != []:
return {"status": "FAILED", "message": "Email already exists"}, 400, {"Content-Type": "application/json"}
user = Users(args["username"], pwd_digest, args["nama_lengkap"], args["email"], args["no_hp"])
db.session.add(user)
db.session.commit()
return marshal(user, Users.response_fields), 200, {"Content-Type": "application/json"}
return {"status": "FAILED", "message": "Password is not accepted"}, 400, {"Content-Type": "application/json"}
class PasswordResources(Resource):
policy = PasswordPolicy.from_names(
length = 6,
numbers = 1
)
# lupa password
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('email', location = 'json', required = True)
args = parser.parse_args()
qry = Users.query.filter_by(email = args['email'])
userData = qry.first()
if userData is not None:
return {'message' : 'Cek email untuk mengubah password anda'}, 200
return{'message' : 'email tidak terdaftar'}, 401
# ubah password
@jwt_required
def put(self):
parser = reqparse.RequestParser()
parser.add_argument('password_lama', location = 'json', required = True)
parser.add_argument('password_baru', location = 'json', required = True)
parser.add_argument('konfirmasi_password', location = 'json', required = True)
args = parser.parse_args()
claims = get_jwt_claims()
encrypted_password = hashlib.md5(args['password_lama'].encode()).hexdigest()
qry = Users.query.filter_by(username = claims['username']).filter_by(password = encrypted_password)
userData = qry.first()
if userData is not None:
validation = self.policy.test(args['password_baru'])
if validation:
errorList = []
for item in validation:
split = str(item).split('(')
error, num = split[0], split[1][0]
errorList.append("{err}(minimum {num})".format(err=error, num=num))
message = "Mohon cek password baru anda: " + ', '.join(x for x in errorList)
return {'message': message}, 422, {'Content-Type': 'application/json'}
elif args['password_baru'] != args['konfirmasi_password']:
return {'message': 'Konfirmasi password tidak sesuai'}, 401
encrypted = hashlib.md5(args['password_baru'].encode()).hexdigest()
userData.password = encrypted
db.session.commit()
return {'message' : 'ubah password berhasil'}, 200
else:
return {'message' : 'password salah'}, 404
def options(self, id=None):
return {'status':'ok'},200
async def enforce_policy(password: str, policy: object):
"""
validates that the given password matches the provided password policy.
@param password: (string) password to be validated
@param policy: (object) password requirements
"""
ctx = {}
kwargs_mapping = {
'length': 'length',
'upper_case_count': 'uppercase',
'numbers_count': 'numbers',
'specials_count': 'special',
'non_letters_count': 'nonletters',
}
for key in kwargs_mapping.keys():
if key in policy:
ctx[kwargs_mapping[key]] = policy[key]
password_policy = PasswordPolicy.from_names(**ctx)
res = password_policy.test(password)
if res != []:
raise Exception({
'message':
'Password provided does not match policy configured',
'status_code': 400
})
def post(self): #for pebisnis to register
policy = PasswordPolicy.from_names(
length=6,
uppercase=1,
numbers=1,
special=1,
)
parser = reqparse.RequestParser()
parser.add_argument('username', location='json')
parser.add_argument('password', location='json')
parser.add_argument('name', location='json')
parser.add_argument('nama_tempat', location='json')
parser.add_argument('email', location='json')
parser.add_argument('phone_no', location='json')
parser.add_argument('address', location='json')
parser.add_argument('deskripsi', location='json')
parser.add_argument('url_image', location='json')
args = parser.parse_args()
validation = policy.test(args['password'])
if validation == [] :
user_type = 'pebisnis'
password = hashlib.md5(args['password'].encode()).hexdigest()
user_new = Pebisnis('pebisnis', args['username'], password, args['name'], args['nama_tempat'], args['email'], args['phone_no'], args['address'], args['deskripsi'], args['url_image'])
db.session.add(user_new) #insert the input data into the database
db.session.commit()
return {"code": 200, "message": "OK, your user profile has been created", "data":marshal(user_new, Pebisnis.response_field)}, 200, {'Content-Type': 'application/json'}
return {'status' : 'Password Invalid'}, 400, {'Content_type' : 'application/json'}
def put(self):
policy = PasswordPolicy.from_names(length=6)
parser = reqparse.RequestParser()
parser.add_argument('old_password', location='json', required=True)
parser.add_argument('new_password', location='json', required=True)
args = parser.parse_args()
claims = get_jwt_claims()
user_id = claims['id']
user = User.query.get(user_id)
hashed_pass_old = hashlib.md5(
args['old_password'].encode()).hexdigest()
validation = policy.test(args['new_password'])
if hashed_pass_old == user.password:
if validation == []:
hashed_pass_new = hashlib.md5(
args['new_password'].encode()).hexdigest()
user.password = hashed_pass_new
db.session.add(user)
db.session.commit()
return {
"status": "password berhasil diubah"
}, 200, {
'Content-Type': 'application/json'
}
else:
return {
"status": "gagal",
"message": "password tidak valid"
}, 400, {
"Content-type": "application/json"
}
else:
return {"status": "gagal", "message": "password salah"}, 401
async def check_password_stength(
password,
) -> Optional[Union[Dict[str, str], Dict[str, List[str]]]]:
password_policy_args = {
"strength": config.get("auth.password_policy.strength", 0.5),
"entropy_bits": config.get("auth.password_policy.entry_bits"),
"length": config.get("auth.password_policy.length"),
"uppercase": config.get("auth.password_policy.uppercase"),
"numbers": config.get("auth.password_policy.numbers"),
"special": config.get("auth.password_policy.special"),
"nonletters": config.get("auth.password_policy.nonletters"),
}
# We remove entries with null values since password_strength doesn't like them.
password_policy_args = {k: v for k, v in password_policy_args.items() if v}
policy = PasswordPolicy.from_names(**password_policy_args)
tested_pass = policy.password(password)
errors = tested_pass.test()
# Convert errors to string so they can be json encoded later
errors: List[str] = [str(e) for e in errors]
if errors:
return {"message": "Password doesn't have enough entropy.", "errors": errors}
def register():
"""Register user"""
session.clear()
if request.method == "POST":
if not request.form.get("username"):
return apology("must provide username", 403)
elif not request.form.get("password"):
return apology("must provide password", 403)
elif not request.form.get("confirmation"):
return apology("type password confirmation", 403)
elif not request.form.get("password") == request.form.get(
"confirmation"):
return apology("passwords do not match", 403)
# check password strength
policy = PasswordPolicy.from_names(
length=5, # min length: 8
uppercase=1, # need min. 2 uppercase letters
numbers=1, # need min. 2 digits
special=1, # need min. 2 special characters
)
pass_test = policy.test(request.form.get("password"))
if len(pass_test) != 0:
return apology(
"Password must be minimum 5 characters long, must contain at least 1 uppecase letter, "
"1 number and 1 special character")
# Add user to database
passHash = generate_password_hash(request.form.get("password"))
username = request.form.get("username")
currUser = db.execute(
"INSERT INTO users (username, hash) VALUES (:username,:passHash)",
username=username,
passHash=passHash)
if not currUser:
return render_template("register.html")
# Query database for username
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
# Log user in
session["user_id"] = rows[0]["id"]
# Redirect user to home page
return redirect("/")
else:
return render_template("register.html")
def validator_password(value):
policy = PasswordPolicy.from_names(
length=8, # min length: 8
uppercase=1, # need min. 2 uppercase letters
numbers=1, # need min. 2 digits
special=1, # need min. 2 special characters
)
if len(policy.test(value)) == 0:
return True
def register():
form = RegisterForm(request.form)
if request.method == 'POST' and form.validate():
name = form.name.data
lastname = form.lastname.data
email = form.email.data
username = form.username.data
password = sha256_crypt.encrypt(str(form.password.data))
policy = PasswordPolicy.from_names(
length=8, # min length: 8
uppercase=1, # need min. 2 uppercase letters
numbers=2, # need min. 2 digits
special=0, # need min. 2 special characters
nonletters=
0, # need min. 2 non-letter characters (digits, specials, anything)
)
validate_password = policy.test(form.password.data)
# Create cursor
cur = mysql.connection.cursor()
user_validator = cur.execute(
"SELECT username FROM users WHERE username = %s", [username])
if user_validator == 0 and len(validate_password) == 0:
# Execute query
cur.execute(
"INSERT INTO users(name, lastname, email, username, password) VALUES(%s, %s, %s, %s, %s)",
(name, lastname, email, username, password))
# Commit to DB
mysql.connection.commit()
# Close connection
cur.close()
flash('¡Ahora que estás registrado puedes ingresar!', 'success')
return redirect(url_for('login'))
else:
if len(validate_password) != 0:
error_password = "******"
else:
error_password = "******"
if user_validator != 0:
error_user = "******"
else:
error_user = "******"
return render_template('register.html',
form=form,
error_user=error_user,
error_password=error_password)
# Close connection
cur.close()
return render_template('register.html', form=form)
def forgotPassword():
disegno()
print("| FORGOT PASSWORD |")
print("+-----------------------------------------------+")
while True:
username = input("Username: "******"Email: ")
controllo = 0
if "." in email and "@" in email:
reader = csv.reader(open("userDB.csv"), delimiter='|')
lines = list(reader)
for i in range(len(lines)):
if lines[i][1] == username and lines[i][3] == email:
controllo = 1
# Criteri della password
policy = PasswordPolicy.from_names(
length=8, # min length: 8
uppercase=1, # need min. 1 uppercase letters
numbers=1, # need min. 1 digits
special=1, # need min. 1 special characters
nonletters=
1, # need min. 1 non-letter characters (digits, specials, anything)
)
while True:
password1 = getpass.getpass(
"Password must contain:\n- 8 Character\n- Number\n- Uppercase character\n- Special character\nPassword: "******"Confirm password: "******"Invalid email!")
else:
print("Invalid code!")
else:
print("Password doesn't match!")
print("")
if controllo == 1:
print("Password was change successful!\n")
x = input("Press any key to go to login menu ")
login()
else:
print("Invalid credential...\n")
else:
print("Invalid email!\n")
def validate_password(password, *args):
policy = PasswordPolicy.from_names(
length=8,
uppercase=2,
numbers=2,
special=2,
nonletters=2,
)
return not bool(policy.test(password))
class CreateEmployeeResource(Resource):
# Enable CORS
def options(self, id=None):
return {'status': 'ok'}, 200
# To keep the password secret
policy = PasswordPolicy.from_names(length=6, uppercase=1, numbers=1)
# Create user account
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('id_outlet', location='json', required=True)
parser.add_argument('full_name', location='json', required=True)
parser.add_argument('username', location='json', required=True)
parser.add_argument('password', location='json', required=True)
parser.add_argument('position', location='json', required=True)
args = parser.parse_args()
# Check emptyness
if args['full_name'] == '' or args['username'] == '' or args[
'password'] == '':
return {'message': 'tidak boleh ada kolom yang dikosongkan'}, 400
qry = Employees.query.filter_by(username=args['username']).first()
if qry is None:
validation = self.policy.test(args['password'])
if validation:
errorList = []
for item in validation:
split = str(item).split('(')
error, num = split[0], split[1][0]
errorList.append("{err}(minimum {num})".format(err=error,
num=num))
message = "Tolong periksa kembali password Anda: " + ', '.join(
x for x in errorList)
return {
'message': message
}, 422, {
'Content-Type': 'application/json'
}
encrypted = hashlib.md5(args['password'].encode()).hexdigest()
employee = Employees(args['id_outlet'], args['full_name'],
args['username'], encrypted, args['position'])
db.session.add(employee)
db.session.commit()
app.logger.debug('DEBUG : %s', employee)
return {
'message': "Input Pegawai Berhasil"
}, 200, {
'Content-Type': 'application/json'
}
return {'message': "Input Pegawai Gagal"}, 401
def post(self):
policy = PasswordPolicy.from_names(
length=6,
# uppercase = 2,
# numbers = 1,
# special = 1
)
parser = reqparse.RequestParser()
parser.add_argument('username', location='json', required=True)
parser.add_argument('password', location='json', required=True)
parser.add_argument('email', location='json', required=True)
args = parser.parse_args()
validation = policy.test(args['password'])
if validation == []:
password_digest = hashlib.md5(
args['password'].encode()).hexdigest()
user = Users(args['username'], password_digest, args['email'])
api_key = 'ae7375326b6063793661b40590f4c845'
api_secret = 'f2a15384f00c5f95a48ca5a5026a261a'
mailjet = Client(auth=(api_key, api_secret), version='v3.1')
data = {
'Messages': [
{
"From": {
"Email": "*****@*****.**",
"Name": "easy.my.id"
},
"To": [
{
"Email": args['email'],
"Name": args['username']
}
],
"Subject": "Welcome aboard {username}".format(username=args['username']),
"TextPart": "Thanks for Sign Up",
"HTMLPart": "<h3>Hai {username}, Welcome to <a href='https://www.easy.my.id/'>easy.my.id</a>!</h3><br />Everyone can be smarter. Good Luck!!!!".format(username=args['username']),
"CustomID": "Thanks for Sign Up"
}
]
}
result = mailjet.send.create(data=data)
db.session.add(user)
db.session.commit()
app.logger.debug('DEBUG : %s', user)
return marshal(user, Users.response_fields), 200, {'Content-Type': 'application/json'}
class RegisterResource(Resource):
policy = PasswordPolicy.from_names(
length = 6,
numbers = 1
)
# register account
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('username', location = 'json', required = True)
parser.add_argument('email', location = 'json', required = True)
parser.add_argument('password', location = 'json', required = True)
parser.add_argument('confirm_password', location = 'json', required = True)
args = parser.parse_args()
if args['password'] != args['confirm_password']:
return {'message': 'Konfirmasi password tidak sesuai'}, 401
else:
validation = self.policy.test(args['password'])
if validation:
errorList = []
for item in validation:
split = str(item).split('(')
error, num = split[0], split[1][0]
errorList.append("{err}(minimum {num})".format(err=error, num=num))
message = "Please check your password: "******"registrasi berhasil, silakan login untuk proses selanjutnya"},200,{'Content-Type': 'application/json'}
def options(self, id=None):
return {'status':'ok'},200
def policyChecker(passwordString):
policy = PasswordPolicy.from_names(
length=8,
uppercase=2,
numbers=2,
special=2,
nonletters=2
)
output = policy.test(passwordString)
print(output)
def post(self):
policy = PasswordPolicy.from_names(length=6)
parser = reqparse.RequestParser()
parser.add_argument('name', location='json', required=True)
parser.add_argument('email', location='json', required=True)
parser.add_argument('password', location='json', required=True)
parser.add_argument('image', location='json')
parser.add_argument('address', location='json')
parser.add_argument('description', location='json')
parser.add_argument('industry', location='json')
parser.add_argument('location', location='json')
args = parser.parse_args()
validation = policy.test(args['password'])
if validation == []:
password_digest = hashlib.md5(
args['password'].encode()).hexdigest()
company = Company(datetime.datetime.now(), args['name'],
args['email'], password_digest, args['image'],
args['address'], True, 'company',
args['description'], args['industry'],
args['location'])
try:
db.session.add(company)
db.session.commit()
except Exception as e:
return {
"status": "failed",
"result": "company already exist"
}, 400, {
'Content-Type': 'application/json'
}
app.logger.debug('DEBUG : %s ', company)
return {
"status": "success",
"result": marshal(company, Company.response_field)
}, 200, {
'Content-Type': 'application/json'
}
return {
"status": "failed",
"result": "Wrong Password Length"
}, 400, {
'Content-Type': 'application/json'
}
class ChangePassword(Resource):
# Enable CORS
def options(self,id=None):
return {'status':'ok'} , 200
# To keep the password secret
policy = PasswordPolicy.from_names(
length = 6,
uppercase = 1,
numbers = 1
)
@jwt_required
@user_required
def put(self):
# Take input from user
claims = get_jwt_claims()
parser = reqparse.RequestParser()
parser.add_argument('old_password', location = 'json')
parser.add_argument('new_password', location = 'json')
parser.add_argument('confirm_new_password', location = 'json')
args = parser.parse_args()
# Check emptyness
if args['old_password'] == None or args['old_password'] == '' or args['new_password'] == None or args['new_password'] == '' or args['confirm_new_password'] == None or args['confirm_new_password'] == '':
return {'message': 'Tidak boleh ada kolom yang dikosongkan'}, 400
# Check the old password
encrypted = hashlib.md5(args['old_password'].encode()).hexdigest()
owner = Users.query.filter_by(id = claims['id']).filter_by(password = encrypted).first()
if owner is None:
return {'message': 'Mohon maaf password lama yang Anda masukkan salah'}, 400
# Check new password and confirmation
if args['new_password'] != args['confirm_new_password']:
return {'message': 'Tolong periksa kembali password Anda'}, 400
# Validate the new password
validation = self.policy.test(args['new_password'])
if validation:
errorList = []
for item in validation:
split = str(item).split('(')
error, num = split[0], split[1][0]
errorList.append("{err}(minimum {num})".format(err=error, num=num))
message = "Tolong periksa kembali password Anda: " + ', '.join(x for x in errorList)
return {'message': message}, 422, {'Content-Type': 'application/json'}
encrypted = hashlib.md5(args['new_password'].encode()).hexdigest()
owner.password = encrypted
db.session.commit()
return {'message': 'Sukses mengubah password'}, 200
def passwordPolicyCheck(password):
policy = PasswordPolicy.from_names(
length=8,
uppercase=2,
numbers=2,
special=2,
nonletters=2,
entropybits= 30,
)
Result = policy.test(password)
return Result
def post(self):
policy = PasswordPolicy.from_names(
length=6,
uppercase=1,
numbers=1,
special=1,
)
parser = reqparse.RequestParser()
parser.add_argument('email', location='json')
parser.add_argument('name', location='json')
parser.add_argument('url_image', location='json')
parser.add_argument('googleID', location='json')
args = parser.parse_args()
qry = Pemain.query.all()
# qry = Pemain.query.order_by(desc(Pemain.created_time)).all()
# return {"message": "Success", "data":marshal(qry, Pemain.response_field)}, 200, {'Content-Type': 'application/json'}
#check Existence Of Data
flag = False
rows = []
for row in qry:
if args["email"] == marshal(row, Pemain.response_field)["username"]:
flag = True
break
rows.append(marshal(row, Pemain.response_field))
#if Daata Exist
if (flag):
return {"message": "Success", "data":"login"}, 200, {'Content-Type': 'application/json'}
#If Data Didnt Exist
passwords = args['googleID'] + "Rekt$"
validation = policy.test(passwords)
if validation == [] :
password = hashlib.md5(passwords.encode()).hexdigest()
pemain = Pemain(args['email'],password,args['name'],args['email'],"0","empty","empty","pemain",str(datetime.datetime.now()),args['url_image'],1,120000)
db.session.add(pemain)
db.session.commit()
events = threading.Event()
myCalendar = calendar.Calendar(events,args["email"])
t1 = threading.Thread(target = myCalendar.flags)
t2 = threading.Thread(target = myCalendar.setCalendar)
t1.start()
t2.start()
print ("T2",t2)
return {"message": "Success", "data":"registered"}, 200, {'Content-Type': 'application/json'}
return {"message": "Wrong Value", "data":"error"}, 200, {'Content-Type': 'application/json'}
def get_password_policy_rules(bool_policy):
default_policy = PasswordPolicy.from_names(
length = 8, # min length: 8
uppercase = 2, # need min. 2 uppercase letters
numbers = 2, # need min. 2 digits
special = 2, # need min. 2 special character need min.
nonletters = 2, # 2 non-letter characters (digits, specials, anything)
)
if bool_policy:
policy_length = input("Minimum Password Length (enter number): ")
policy_uppercase = input("Minimum Number of Uppercase Letters (enter number): ")
policy_numbers = input("Minimum Number of Numbers (enter number): ")
policy_special = input("Minimum Number of Special Characters (enter number): ")
policy_nonletters = input("Minimum Number of Non-Letters [non-letter characters means digits, specials, anything] (enter number): ")
try:
user_policy = PasswordPolicy.from_names(
length = int(policy_length), # min length: 8
uppercase = int(policy_uppercase), # need min. 2 uppercase letters
numbers = int(policy_numbers), # need min. 2 digits
special = int(policy_special), # need min. 2 special characters need min. 2 non-letter characters (digits, specials, anything)
nonletters = int(policy_nonletters),
)
return user_policy
except SyntaxError as s:
print("Invalid Entry: Default of 8 length, 2 uppercase, 2 numbers, 2 special, and 2 non letters will be entered")
return default_policy
except SyntaxError as s:
print("Invalid Entry: Default of 8 length, 2 uppercase, 2 numbers, 2 special, and 2 non letters will be entered")
return default_policy
return None