def login_password(user_id, password):
passwd_hash = cursor.execute(
"select password_hash from users where user_id = ?",
[user_id]).fetchone()
if not passwd_hash: return False
check = passwords.check_password(password, passwd_hash[0])
return bool(check)
def login(self):
"""
login user function
"""
print "Login...."
self.send(actions.USERNAME_ACTION)
username = self.receive() # get username
print username
password_hash = None
salt = None
hash_and_salt = database.get_password(
username) # get salt and hashed password from database
if hash_and_salt:
password_hash = hash_and_salt[0]
salt = hash_and_salt[1]
if not salt: # user does not exist in database
salt = passwords.get_salt(
) # to not reveal if username exist or not
# behave naturally with newly generated salt
nonce = passwords.get_salt()
self.send(actions.NONCE_ACTION + ":" + salt + ":" + nonce)
self.send(actions.PASSWORD_ACTION)
password = self.receive() # get password
if password_hash is not None and passwords.check_password(
password, nonce, password_hash):
self.send("Successfully login") # passwords matched
self.loggedin(username) # access granted
else:
self.send("User or password incorrect") # passwords mismatch
def test_authenticate():
p.uid = uid
p.pwd = pwd
logger.info('UID = %s, PWD = %s.', p.uid, p.pwd)
assert uid.encode(options.args.default_encoding) == p.uid.encode(options.args.default_encoding)
assert passwords.check_password(pwd, p.pwd)
assert p.authenticate(uid, pwd)
assert p.pwd != pwd
def testPossibleToSignIn(self):
"""
It should be possible to sign in with the password provided during sign
up.
"""
password = '******'
password_for_db = get_password_for_database(password)
self.assertTrue(check_password(password, password_for_db))
def login():
username = request.form['username']
password = request.form['password']
sql = GET_PASSWORD % {
'username': username,
}
cursor = g.db.cursor()
cursor.execute(sql)
result = cursor.fetchone()
if result:
user_id, password_from_db = result
if check_password(password, password_from_db):
return login_user(user_id)
abort(401)
parser.print_help()
# u p t s l
parser.add_argument("-u", "--username", help="username")
parser.add_argument("-p", "--password", help="password")
parser.add_argument("-t", "--to", help="send to user")
parser.add_argument("-s", "--send", help="test to send in a message")
parser.add_argument("-l", "--list", help="list all users", action="store_true")
args = parser.parse_args()
print(args)
#przeczytaj wiadomości -u -p -l
if args.username and args.password and not args.to and args.list and not args.send:
cur = conn.cursor()
user = models.users.load_user_by_username(cur, str(args.username))
if user and check_password(args.password, user.hashed_password):
msg = models.messages.load_all_messages_to(cur, user.id)
for i in msg:
print(
f"User {i.from_id} send a message: {i.m_text}; on {i.creation_date}"
)
else:
print("User not authorise")
#nowe hasło -u -p -s -t
if args.username and args.password and args.to and not args.list and args.send:
cur = conn.cursor()
user = models.users.load_user_by_username(cur, str(args.username))
if user and check_password(args.password, user.hashed_password):
user_to = models.users.load_user_by_username(cur, str(args.to))
if user_to:
def testPasswordsLongerThanMaxDontWork(self):
"Make sure password field limit doesn't affect the system."
password = '******' + 'A' * self.MAX_PASSWORD_LENGTH
password_for_db = get_password_for_database(password)
short_password = password[:self.MAX_PASSWORD_LENGTH]
self.assertFalse(check_password(short_password, password_for_db))
def testAppendingToPasswordDoesntWork(self):
"Appending data to good password doesn't work."
password = '******'
password_for_db = get_password_for_database(password)
self.assertFalse(check_password(password + 'Extra', password_for_db))
def testWrongPasswordDoesntWork(self):
"Wrong passwords don't work."
password_good = 'This Is Some Password'
password_bad = 'This is Some Other Password'
password_for_db = get_password_for_database(password_good)
self.assertFalse(check_password(password_bad, password_for_db))
def authenticate(self, uid, pwd): return bytes(uid.encode(options.args.default_encoding) if type(uid) != bytes else uid) == self.uid.encode(options.args.default_encoding) and passwords.check_password(pwd, self.pwd)
def test_check_password(): pwd = 'test' assert passwords.check_password(pwd, passwords.to_password(pwd))
