def profile_password(): if not config.CONFIG_DB.has_email_authentication: flask.abort(418) user_db = auth.current_user_db() form = ProfilePasswordForm(obj=user_db) if form.validate_on_submit(): errors = False old_password = form.old_password.data new_password = form.new_password.data if new_password or old_password: if user_db.password_hash: if util.password_hash(user_db, old_password) != user_db.password_hash: form.old_password.errors.append('Invalid current password') errors = True if not errors and old_password and not new_password: form.new_password.errors.append('This field is required.') errors = True if not (form.errors or errors): user_db.password_hash = util.password_hash(user_db, new_password) flask.flash('Your password has been changed.', category='success') if not (form.errors or errors): user_db.put() return flask.redirect(flask.url_for('profile')) return flask.render_template( 'profile/profile_password.html', title=user_db.name, html_class='profile-password', form=form, user_db=user_db, )
def create_admin(cls): """Creates mock admin user""" cls(username='******', password_hash=util.password_hash('123456'), admin=True, verified=True, active=True)
def user_activate(token): if auth.is_logged_in(): login.logout_user() return flask.redirect(flask.request.path) user_db = model.User.get_by('token', token) if not user_db: flask.flash(u'Холбоос буруу эсвэл хугацаа нь дууссан байна.', category='danger') return flask.redirect(flask.url_for('welcome')) form = UserActivateForm(obj=user_db) if form.validate_on_submit(): form.populate_obj(user_db) user_db.password_hash = util.password_hash(user_db, form.password.data) user_db.token = util.uuid() user_db.verified = True user_db.put() return auth.signin_user_db(user_db) return flask.render_template( 'user/user_activate.html', title=u'Дансаа идэвхижүүлэх', html_class='user-activate', user_db=user_db, form=form, )
def user_reset(token=None): user_db = model.User.get_by('token', token) if not user_db: flask.flash(u'Холбоос буруу эсвэл хугацаа нь дууссан байна.', category='danger') return flask.redirect(flask.url_for('welcome')) if auth.is_logged_in(): login.logout_user() return flask.redirect(flask.request.path) form = UserResetForm() if form.validate_on_submit(): user_db.password_hash = util.password_hash(user_db, form.new_password.data) user_db.token = util.uuid() user_db.verified = True user_db.put() flask.flash(u'Таны нууц үг амжилттай солигдлоо.', category='success') return auth.signin_user_db(user_db) return flask.render_template( 'user/user_reset.html', title=u'Нууц үгээ солих', html_class='user-reset', form=form, user_db=user_db, )
def user_activate(token): if auth.is_logged_in(): login.logout_user() return flask.redirect(flask.request.path) user_db = model.User.get_by('token', token) if not user_db: flask.flash('That link is either invalid or expired.', category='danger') return flask.redirect(flask.url_for('welcome')) form = UserActivateForm(obj=user_db) if form.validate_on_submit(): form.populate_obj(user_db) user_db.password_hash = util.password_hash(user_db, form.password.data) user_db.token = util.uuid() user_db.verified = True user_db.put() return auth.signin_user_db(user_db) return flask.render_template( 'user/user_activate.html', title='Activate Account', html_class='user-activate', user_db=user_db, form=form, )
def activate_user(self, id, code): with self.__create_db_connection__() as conn: with conn.enter_scope() as scope: # find request id & test code: if not self.__user_db.user_request_id_exists(scope, id): raise exception.NotFoundException("Request not found.") request = self.__user_db.get_user_request(scope, id) if request["request_code"] != code: raise exception.InvalidRequestCodeException() # activate user account: password = util.generate_junk(config.DEFAULT_PASSWORD_LENGTH, secure=True) salt = util.generate_junk(config.PASSWORD_SALT_LENGTH, secure=True) user_id = self.__user_db.activate_user(scope, id, code, util.password_hash(password, salt), salt) # generate mail: tpl = template.AccountActivatedMail(config.DEFAULT_LANGUAGE) tpl.bind(username=request["username"], password=password) subject, body = tpl.render() self.__mail_db.push_user_mail(scope, subject, body, user_id) mailer.ping(config.MAILER_HOST, config.MAILER_PORT) scope.complete() return request["username"], request["email"], password
def user_reset(token=None): user_db = model.User.get_by('token', token) if not user_db: flask.flash(__('That link is either invalid or expired.'), category='danger') return flask.redirect(flask.url_for('welcome')) if auth.is_logged_in(): login.logout_user() return flask.redirect(flask.request.path) form = UserResetForm() if form.validate_on_submit(): user_db.password_hash = util.password_hash(user_db, form.new_password.data) user_db.token = util.uuid() user_db.verified = True user_db.put() flask.flash(__('Your password was changed succesfully.'), category='success') return auth.signin_user_db(user_db) return flask.render_template( 'user/user_reset.html', title='Reset Password', html_class='user-reset', form=form, user_db=user_db, )
def change_password(self, username, old_password, new_password1, new_password2): # validate passwords: if not validate_password(new_password1): raise exception.InvalidParameterException("new_password1") if new_password1 != new_password2: raise exception.InvalidParameterException("new_password2") # change password: with self.__create_db_connection__() as conn: with conn.enter_scope() as scope: self.__test_active_user__(scope, username) if self.__validate_password__(scope, username, old_password): # change password: salt = util.generate_junk(config.PASSWORD_SALT_LENGTH, secure=True) hash = util.password_hash(new_password1, salt) self.__user_db.update_user_password(scope, username, hash, salt) # generate mail: user = self.__user_db.get_user(scope, username) tpl = template.PasswordChangedMail(self.__get_language__(user)) tpl.bind(username=username) subject, body = tpl.render() self.__mail_db.push_user_mail(scope, subject, body, user["id"]) mailer.ping(config.MAILER_HOST, config.MAILER_PORT) scope.complete() else: raise exception.WrongPasswordException()
def user_activate(token): if auth.is_logged_in(): login.logout_user() return flask.redirect(flask.request.path) user_db = model.User.get_by('token', token) if not user_db: flask.flash(__('That link is either invalid or expired.'), category='danger') return flask.redirect(flask.url_for('welcome')) form = UserActivateForm(obj=user_db) if form.validate_on_submit(): form.populate_obj(user_db) user_db.password_hash = util.password_hash(user_db, form.password.data) user_db.token = util.uuid() user_db.verified = True user_db.put() return auth.signin_user_db(user_db) return flask.render_template( 'user/user_activate.html', title='Activate Account', html_class='user-activate', user_db=user_db, form=form, )
def user_reset(token=None): user_db = model.User.get_by('token', token) if not user_db: flask.flash('That link is either invalid or expired.', category='danger') return flask.redirect(flask.url_for('welcome')) if auth.is_logged_in(): login.logout_user() return flask.redirect(flask.request.path) form = UserResetForm() if form.validate_on_submit(): user_db.password_hash = util.password_hash(user_db, form.new_password.data) user_db.token = util.uuid() user_db.verified = True user_db.put() flask.flash('Your password was changed succesfully.', category='success') return auth.signin_user_db(user_db) return flask.render_template( 'user/user_reset.html', title='Reset Password', html_class='user-reset', form=form, user_db=user_db, )
def create_user_db(auth_id, username, email, verified, password, **props): """Saves new user into datastore Args: auth_id: username: email: verified: password: **props: """ if password: password = util.password_hash(password) email = email.lower() username = username.lower() user_db = model.User(email=email, username=username, auth_ids=[auth_id] if auth_id else [], verified=verified, token=util.uuid(), password_hash=password, **props) user_db.put() task.new_user_notification(user_db) return user_db
def appRequest(environ, start_response): start_response('200 OK', HEADERS_CORS, HEADERS_TEXT) credentials = util.get_raw_post(environ).split(b"|") username = base64.b64decode(credentials[0]).decode("utf-8") password = util.password_hash(base64.b64decode(credentials[1]).decode("utf-8")) q = storage.sql("select id from users where username=? and password=?", (username, password)) if q: sessid = util.new_session_key() storage.sql("update users set sessid=? where id=?", (sessid, q[0]["id"])) return [bytes(sessid, "ascii")] else: return [b"INVAL"]
def post(self, key): """Changes user's password""" parser = reqparse.RequestParser() parser.add_argument('currentPassword', type=UserValidator.create('password', required=False), dest='current_password') parser.add_argument('newPassword', type=UserValidator.create('password'), dest='new_password') args = parser.parse_args() # Users, who signed up via social networks have empty password_hash, so they have to be allowed # to change it as well if g.model_db.password_hash != '' and not g.model_db.has_password(args.current_password): raise ValueError('Given password is incorrect.') g.model_db.password_hash = util.password_hash(args.new_password) g.model_db.put() return make_empty_ok_response()
def get_by_credentials(cls, email_or_username, password): """Gets user model instance by email or username with given password""" try: email_or_username == User.email except ValueError: cond = email_or_username == User.username else: cond = email_or_username == User.email user_db = User.query(cond).get() if user_db and user_db.password_hash == util.password_hash(password): return user_db return None
def profile_password(): if not config.CONFIG_DB.has_email_authentication: flask.abort(418) user_db = auth.current_user_db() form = ProfilePasswordForm(obj=user_db) if not user_db.password_hash: del form.old_password if form.validate_on_submit(): errors = False old_password = form.old_password.data if form.old_password else None new_password = form.new_password.data if new_password or old_password: if user_db.password_hash: if util.password_hash(user_db, old_password) != user_db.password_hash: form.old_password.errors.append( _('Invalid current password')) errors = True if not (form.errors or errors): user_db.password_hash = util.password_hash( user_db, new_password) flask.flash(__('Your password has been changed.'), category='success') if not (form.errors or errors): user_db.put() return flask.redirect(flask.url_for('profile')) return flask.render_template( 'profile/profile_password.html', title=user_db.name, html_class='profile-password', form=form, user_db=user_db, )
def profile_password(): if not config.CONFIG_DB.has_email_authentication: flask.abort(418) user_db = auth.current_user_db() form = ProfilePasswordForm(obj=user_db) if form.validate_on_submit(): errors = False old_password = form.old_password.data new_password = form.new_password.data if new_password or old_password: if user_db.password_hash: if util.password_hash(user_db, old_password) != user_db.password_hash: form.old_password.errors.append( u'Одоо ашиглагдаж буй нууц үг буруу байна') errors = True if not errors and old_password and not new_password: form.new_password.errors.append('This field is required.') errors = True if not (form.errors or errors): user_db.password_hash = util.password_hash( user_db, new_password) flask.flash(u'Таны нууц үг солигдсон.', category='success') if not (form.errors or errors): user_db.put() return flask.redirect(flask.url_for('profile')) return flask.render_template( 'profile/profile_password.html', title=user_db.name, html_class='profile-password', form=form, user_db=user_db, )
def get_user_db_from_email(email, password): user_dbs, cursors = model.User.get_dbs(email=email, active=True, limit=2) if not user_dbs: return None if len(user_dbs) > 1: flask.flash('''We are sorry but it looks like there is a conflict with your account. Our support team is already informed and we will get back to you as soon as possible.''', category='danger') task.email_conflict_notification(email) return False user_db = user_dbs[0] if user_db.password_hash == util.password_hash(user_db, password): return user_db return None
def post(self): username = util.param('username') or util.param('email') password = util.param('password') if not username or not password: return flask.abort(400) if username.find('@') > 0: user_db = model.User.get_by('email', username.lower()) else: user_db = model.User.get_by('username', username.lower()) if user_db and user_db.password_hash == util.password_hash(user_db, password): auth.signin_user_db(user_db) return helpers.make_response(user_db, model.User.FIELDS) return flask.abort(401)
def post(self): """Sets new password given by user if he provided valid token Notice ndb.toplevel decorator here, so we can perform asynchronous put and signing in in parallel """ parser = reqparse.RequestParser() parser.add_argument('token', type=UserValidator.create('token')) parser.add_argument('newPassword', type=UserValidator.create('password'), dest='new_password') args = parser.parse_args() user_db = User.get_by('token', args.token) user_db.password_hash = util.password_hash(args.new_password) user_db.token = util.uuid() user_db.verified = True user_db.put_async() auth.signin_user_db(user_db) return user_db.to_dict(include=User.get_private_properties())
def post(self): username = util.param('username') or util.param('email') password = util.param('password') if not username or not password: return flask.abort(400) if username.find('@') > 0: user_db = model.User.get_by('email', username.lower()) else: user_db = model.User.get_by('username', username.lower()) if user_db and user_db.password_hash == util.password_hash( user_db, password): auth.signin_user_db(user_db) return helpers.make_response(user_db, model.User.FIELDS) return flask.abort(401)
def post(self): args = parser.parse({ 'username': wf.Str(missing=None), 'email': wf.Str(missing=None), 'password': wf.Str(missing=None), }) handler = args['username'] or args['email'] password = args['password'] if not handler or not password: return flask.abort(400) user_db = model.User.get_by('email' if '@' in handler else 'username', handler.lower()) if user_db and user_db.password_hash == util.password_hash( user_db, password): auth.signin_user_db(user_db) return helpers.make_response(user_db, model.User.FIELDS) return flask.abort(401)
def reset_password(self, id, code, new_password1, new_password2): # validate passwords: if not validate_password(new_password1): raise exception.InvalidParameterException("new_password1") if new_password1 != new_password2: raise exception.InvalidParameterException("new_password2") # reset password: with self.__create_db_connection__() as conn: with conn.enter_scope() as scope: # find request id & test code: if not self.__user_db.password_request_id_exists(scope, id): raise exception.NotFoundException("Request not found.") request = self.__user_db.get_password_request(scope, id) username = request["user"]["username"] self.__test_active_user__(scope, username) if request["request_code"] != code: raise exception.InvalidRequestCodeException() # change password: salt = util.generate_junk(config.PASSWORD_SALT_LENGTH, secure=True) hash = util.password_hash(new_password1, salt) self.__user_db.reset_password(scope, id, code, hash, salt) # generate mail: user = self.__user_db.get_user(scope, username) tpl = template.PasswordChangedMail(self.__get_language__(user)) tpl.bind(username=username) subject, body = tpl.render() self.__mail_db.push_user_mail(scope, subject, body, user["id"]) mailer.ping(config.MAILER_HOST, config.MAILER_PORT) scope.complete() return username, new_password1
def create_user_db(auth_id, name, username, email='', verified=False, password='', **props): """Saves new user into datastore""" if password: password = util.password_hash(password) email = email.lower() user_db = model.User( name=name, email=email, username=username, auth_ids=[auth_id] if auth_id else [], verified=verified, token=util.uuid(), password_hash=password, **props ) user_db.put() task.new_user_notification(user_db) return user_db
def post(self): args = parser.parse({ 'username': wf.Str(missing=None), 'email': wf.Str(missing=None), 'password': wf.Str(missing=None), }) handler = args['username'] or args['email'] password = args['password'] if not handler or not password: return flask.abort(400) user_db = model.User.get_by( 'email' if '@' in handler else 'username', handler.lower() ) if user_db and user_db.password_hash == util.password_hash(user_db, password): auth.signin_user_db(user_db) return helpers.make_response(user_db, model.User.FIELDS) return flask.abort(401)
def post(self, key): """Changes user's password""" parser = reqparse.RequestParser() parser.add_argument('currentPassword', type=UserValidator.create('password', required=False), dest='current_password') parser.add_argument('newPassword', type=UserValidator.create('password'), dest='new_password') args = parser.parse_args() # Users, who signed up via social networks have empty password_hash, so they have to be allowed # to change it as well if g.model_db.password_hash != '' and not g.model_db.has_password( args.current_password): raise ValueError('Given password is incorrect.') g.model_db.password_hash = util.password_hash(args.new_password) g.model_db.put() return make_empty_ok_response()
def user_activate(token): if auth.is_logged_in(): login.logout_user() return flask.redirect(flask.request.path) user_db = models.User.get_by("token", token) if not user_db: flask.flash("That link is either invalid or expired.", category="danger") return flask.redirect(flask.url_for("welcome")) form = forms.UserActivateForm(obj=user_db) if form.validate_on_submit(): form.populate_obj(user_db) user_db.password_hash = util.password_hash(user_db, form.password.data) user_db.token = util.uuid() user_db.verified = True user_db.put() return auth.signin_user_db(user_db) return flask.render_template( "user/user_activate.html", title="Activate Account", html_class="user-activate", user_db=user_db, form=form )
def user_reset(token=None): user_db = models.User.get_by("token", token) if not user_db: flask.flash("That link is either invalid or expired.", category="danger") return flask.redirect(flask.url_for("welcome")) if auth.is_logged_in(): login.logout_user() return flask.redirect(flask.request.path) form = forms.UserResetForm() if form.validate_on_submit(): user_db.password_hash = util.password_hash(user_db, form.new_password.data) user_db.token = util.uuid() user_db.verified = True user_db.put() flask.flash("Your password was changed succesfully.", category="success") return auth.signin_user_db(user_db) return flask.render_template( "user/user_reset.html", title="Reset Password", html_class="user-reset", form=form, user_db=user_db )
def appLogin(environ, start_response): data = util.get_json_post(environ) username = data.username password = util.password_hash(data.password) q = storage.sql( """ SELECT id FROM users WHERE username = ? AND password = ? """, (username, password)) if not q: start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [util.err_json("Invalid username and/or password.")] uid = q[0].id sessid = util.new_session_key() logger.log( TAG, "uid %i logged in from ip %s" % (uid, util.get_real_ip(environ))) storage.sql( """ UPDATE users SET sessid = ? WHERE id = ? """, (sessid, uid)) start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [util.json_bytes({"success": True, "sessid": sessid})]
def __validate_password__(self, scope, username, password): current_password, salt = self.__db.get_user_password(scope, username) return util.password_hash(password, salt) == current_password
def on_accepted(self): password = self.passwordField.text() hashed_password = util.password_hash(password) login = self.loginField.text().strip() self.accept() self.finished.emit(login, hashed_password)
def appRegister(environ, start_response): data = util.get_json_post(environ) q = storage.sql( """ SELECT id FROM users WHERE username = ? """, (data.username, )) if q: start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [ util.err_json( "That username already exists. Please choose a different one.") ] if not (data.username.strip() and data.password.strip()): start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [util.err_json("Username and password may not be empty.")] if len(data.username) > 20: start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [util.err_json("Username is too long.")] if len(data.message) > 150: start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [util.err_json("Message is too long.")] if data.password != data.password2: start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [util.err_json("Your passwords do not match.")] if data.starter not in ("CYNDAQUIL", "TOTODILE", "CHIKORITA"): start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [util.err_json("Invalid starter choice. You dirty hacker.")] if not util.recaptcha_verify(data.recaptcha): start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [ util.err_json( "Bot verification failed. Please complete the reCAPTCHA challenge. Refresh the page if you encounter any problems." ) ] sessid = util.new_session_key() storage.sql( """ INSERT INTO users (username, password, sessid, message, fun, rtc, registered_ip) VALUES (?, ?, ?, ?, ?, 1, ?) """, [ data.username, util.password_hash(data.password), sessid, data.message, util.new_fun_value(), util.get_real_ip(environ) ]) user_id = storage.get_user_id_by_username(data.username) if user_id is None: start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [ util.err_json( "An unknown error occured (17). Try again in a few minutes.") ] save_data = util.create_starter_save() storage.sql( """ INSERT INTO progress (user_id, tokens_got, tokens_used, cur_kingdom, cur_visit_started, save_blob, visited_kingdoms, starter, laylah_blessing, save_uid) VALUES (?, 0, 0, 'none', 0, ?, '[]', ?, 0, '') """, (user_id, json.dumps(save_data), data.starter)) monsters = '[{"nick":"%s","species":"%s","level":20}]' % (data.starter, data.starter) storage.sql( """ INSERT INTO leaderboard (user_id, score, achievements, highest_rank, monsters, last_update) VALUES (?, 0, '{}', (SELECT COUNT(1)+1 FROM leaderboard WHERE score >= 0), ?, ?) """, (user_id, monsters, util.unix_time())) start_response('200 OK', HEADERS_JSON + HEADERS_CORS) return [util.json_bytes({"success": True, "sessid": sessid})]
def has_password(self, password): """Tests if user has given password""" return self.password_hash == util.password_hash(password)