def post(self, mID):
username = self.request.get('username')
password = self.request.get('password')
message = []
if username and password:
user = db.GqlQuery('select * from UserModel where username = :1 limit 1', username)
user = list(user)
if len(user) > 0:
user = user[0]
if utils.verify_password(username, password, user.hashedpw):
userid = str(user.key().id())
self.response.headers.add_header('Set-Cookie', 'userid=%s; Path=/' % utils.securify_cookie(userid))
self.redirect('/adminpanel')
else:
logging.error('wrong password')
message.append('wrong password')
utils.assign_session_message(self, mID, message)
self.redirect('/login')
else:
logging.error('no such user')
message.append('no such user')
utils.assign_session_message(self, mID, message)
self.redirect('/login')
else:
message.append('fill both fields')
utils.assign_session_message(self, mID, message)
self.redirect('/login')
def login():
try:
if request.is_json:
content = request.get_json()
else:
content = request.form
email = content["email"]
password = content["password"]
except Exception as e:
log.error(e)
return error("Bad form data")
_target = db.users.find_one({"email": email})
if _target is None:
return error(message="User not found", code=404)
if verify_password(_target["password"], password) is False:
return error(message="Wrong credentials")
_jwt = jwt.encode({
"id": str(_target["_id"])
}, SECRET, algorithm='HS256').decode()
return {"token": _jwt}, 200
def login():
if g.user is not None and g.user.is_authenticated:
return redirect(url_for('index'))
form = LoginForm()
if form.validate_on_submit():
#flash('Login requested for username = %s, remember_me = %s' %
#(form.username.data, str(form.remember_me.data))
#)
user = models.User.query.filter_by(username = \
str(form.username.data)).first()
if user is None:
flash('username "%s" not registered. Please register' \
% str(form.username.data))
return render_template('login.html',
title='Sign in',
form=form,
user=g.user)
elif verify_password(form.password.data, user.password) is False:
flash('Invalid password')
return render_template('login.html',
title='Sign in',
form=form,
user=g.user)
else:
session['remember_me'] = form.remember_me.data
login_user(user, remember=form.remember_me.data)
return redirect(request.args.get('next') or url_for('dashboard'))
return render_template('login.html',
title='Sign in',
form=form,
user=g.user)
def post(self):
json_data = request.get_json()
email = json_data.get('email')
username = json_data.get('username')
if (email):
user = User.get_by_email(email=email)
elif (username):
user = User.get_by_username(username=username)
password = json_data.get('password')
if not user or not verify_password(password, user.password):
return {
'message': 'email or password is incorrect'
}, HTTPStatus.UNAUTHORIZED
access_token = create_access_token(identity=user.id, fresh=True)
refresh_token = create_refresh_token(identity=user.id)
return {
'access_token': access_token,
'refresh_token': refresh_token,
}, HTTPStatus.OK
def login():
if request.method == 'GET':
return render_template('login.html', logged_user=session['user_id'],
logged_user_name=session['user_name'])
user_name_to_check = request.form['user_name']
password_to_check = request.form['password']
hash_to_check = datamanager.get_hash(user_name_to_check)
try:
is_verified = utils.verify_password(password_to_check, hash_to_check['hash'])
except:
error_message = "Wrong password or User Name"
return render_template('login.html', error_message=error_message, logged_user=session['user_id'],
logged_user_name=session['user_name'])
if is_verified == True:
session['user_id'] = datamanager.get_user_id(user_name_to_check)['user_id']
session['user_name'] = user_name_to_check
questions = datamanager.get_questions()
main_page = 0
return render_template("list.html",
questions=questions,
header=datamanager.list_header,
main_page=main_page,
logged_user=session['user_id'],
logged_user_name=session['user_name'])
else:
error_message = "Wrong password or User Name"
return render_template('login.html', error_message=error_message, logged_user=session['user_id'],
logged_user_name=session['user_name'])
def post(self):
#next_url = str(self.request.get('next_url'))
#if not next_url or next_url.startswith('/login'):
#next_url = '/'
username = self.request.get('username')
password = self.request.get('password')
verify = self.request.get('verify')
email = self.request.get('email')
valid_user = utils.valid_username(username)
valid_pass = utils.valid_password(password)
passwords_match = utils.verify_password(password, verify)
email_valid = utils.valid_email(email)
params = dict(valid_user = valid_user, valid_pass = valid_pass,
passwords_match = passwords_match, email_valid = email_valid)
errors = set_errors(params)
if not errors:
user_exists = db.GqlQuery("SELECT * FROM User WHERE name = :1", username).get()
if not user_exists:
new_user = User(name = username, password = utils.make_pw_hash(username, password), email = email)
new_user.put()
self.login(new_user)
self.redirect('/wiki') # CHANGE THIS!!!
else:
error_user = "******"
self.render("signup.html", error_user = error_user)
else:
self.render("signup.html", username=username, email=email, **errors)
def verify_user(name, hashed_password):
query = Query()
import app
res = app.db.search(query.username == name)
if not res or not utils.verify_password(hashed_password,
res[0]['password']):
return False
return True
def validate_user(db: Session, credentials):
user = get_user_by_email(db, credentials.username)
if user is None:
raise ValueError("Wrong username. Use your email.")
if not verify_password(user.password, credentials.password):
raise WrongPasswordException("Password incorrect.")
return user
def authenticate_user(self, username: str, password: str):
user = self.__repository.find_by_username(username)
if user:
if verify_password(user.password, password):
access_token = self.__login_manager.create_access_token(
data={"sub": username}, expires=timedelta(hours=4))
return self.__presenter.respond(access_token)
else:
return self.__presenter.respond_with_error(
f"Invalid password for user: {user.username}")
else:
return self.__presenter.respond_with_error("Invalid username")
def user_verification():
attempt_email = request.form["email"]
user_hash = data_manager.get_password_hash_by_email(attempt_email)
attempt_password = request.form["plain_text_password"]
verified = utils.verify_password(attempt_password, user_hash)
if verified:
session["user"] = attempt_email # could be a dictionary instead
session[attempt_email] = data_manager.get_user_data_by_email(attempt_email)
data_manager.save_login_time(session[session["user"]]["id"])
return redirect(url_for("index"))
else:
form_action = url_for("user_verification")
user_action = "Sign in"
return render_template("new_user.html", form_action=form_action, user_action=user_action,
verification_failed=True)
def post(self):
password_ok = False
try:
password_ok = utils.verify_password(self.config.password_hash,
self.get_argument("password"))
if password_ok:
self.set_secure_cookie(USER_COOKIE_NAME,
self.get_argument("username"))
except utils.VerificationError:
pass
if password_ok:
next_url = self.get_argument("next_url")
self.redirect(next_url)
else:
self.get()
def get_from_defuser(self, username, password):
try:
o = DefUser.objects.get(name=username)
m = o.defusername_set.get(id=o)
if m is None:
return None, False
if utils.verify_password(password, m.password):
return o, True
else:
return o, False
except DefUser.DoesNotExist:
return None, False
return None, False
def post(self):
user_username = self.request.get("username")
user_password = self.request.get("password")
user_verify = self.request.get("verify")
user_email = self.request.get("email")
uname = user_username
email = user_email
uname_err = utils.check_username(user_username)
pw_err=""
vpw_err=""
email_err=""
Success= True
if uname_err != "":
Success= False
if utils.check_password(user_password)==False:
pw_err="That's not a valid password."
Success= False
if utils.verify_password(user_password, user_verify)==False:
vpw_err="Your passwords didn't match."
Success= False
if len(email) != 0:
if utils.check_email(user_email)==False:
email_err="That's not a valid email."
Success= False
if Success:
x = utils.make_pw_hash(uname, user_password)
saltedPass = x.split("|")[0]
salt = x.split("|")[1]
if len(email) != 0:
newUser = User(key_name = uname, username = uname, email=email, password = saltedPass, salt = salt)
else:
newUser = User(key_name = uname, username = uname, password = saltedPass, salt = salt)
newUser.put()
setUser = "******" + uname
self.response.headers.add_header('Set-Cookie', setUser.encode())
self.redirect("/")
else:
self.render_signup(uname, email,uname_err, pw_err, vpw_err,email_err)
def sign_in():
if current_user.is_authenticated:
return redirect(url_for('doctor.questions'))
from utils import verify_email, verify_password
form = SignInForm()
if form.validate_on_submit():
doctor = verify_email(form.email.data)
if doctor is not None and verify_password(doctor, form.password.data):
login_user(doctor, form.remember_me.data)
flash('Welcome, Dr. %s' % doctor.first_name)
return redirect(
request.args.get('next') or url_for('doctor.questions'))
else:
flash('Invalid username or password!')
redirect(url_for(request.endpoint))
form.email.data = request.form.get('email')
return render_template('doctor/signin.html', form=form)
def retrieve_password(conn):
cur = conn.cursor()
account_name = input('Please enter account to retrieve password...: ')
try:
query = cur.mogrify('''SELECT * FROM vault WHERE account = %s''',
(account_name, ))
cur.execute(query, account_name)
return_row = cur.fetchone()
raw_passwd = verify_password(return_row[2])
logger.info('Password decryption successful')
cur.close()
return account_name, raw_passwd.decode('utf-8')
except LookupError:
logger.exception('Lookup error on database, account provided by user not in database')
print('account matching query does not exist')
sys.exit()
def login():
if request.method == 'POST':
user_data = request.form.to_dict()
if data_handler.check_if_user_exist_in_database(user_data['username']):
password = data_handler.check_if_user_exist_in_database(
user_data['username'])['password']
user_id = data_handler.check_if_user_exist_in_database(
user_data['username'])['id']
if utils.verify_password(user_data['password'], password):
utils.save_user_session([user_id, request.form['username']])
return render_template('index.html',
user_name=session['username'])
else:
message = "Invalid data"
return render_template('index.html', message=message)
else:
message = "Invalid data"
return render_template('index.html', message=message)
else:
return render_template('index.html')
def update_password(conn):
cur = conn.cursor()
account = input('Account name to be changed: ')
try:
query = cur.mogrify('''SELECT * FROM vault WHERE account = %s''',
(account, ))
cur.execute(query, account)
return_row = cur.fetchone()
raw_passwd = verify_password(return_row[2])
chance = 0
while chance <= 2:
old_password = getpass('Old password: '******'utf-8') != old_password:
logger.warning('Password given by user does not match existing password in database')
print('Incorrect password!')
if chance == 2:
print('You have tried the wrong password 3 times!')
logger.fatal('User entered incorrect password 3 times')
sys.exit()
else:
break
chance += 1
except LookupError:
print('account matching query does not exist')
sys.exit()
key = Fernet.generate_key()
new_password = getpass('New password')
token = generate_token(new_password, key)
with open(os.path.join(KEY_STORE_DIR, 'secrets.txt'), 'ab') as secret:
secret.write(key)
args = (base64.urlsafe_b64encode(token), account)
query = cur.mogrify('''UPDATE vault SET password = %s
WHERE account = %s''', args)
cur.execute(query)
conn.commit()
cur.close()
def check_password(username, password):
"""
Check the validity of a username-password pair
:param username:
:param password:
:return: DB document of user if valid
"""
user = db.users.find_one(
{"$or": [{
"username": username
}, {
"email": username
}]})
if not user or not verify_password(password, user["pwhash"], user["salt"]):
raise AuthError("用户名/密码错误")
else:
db.logs.insert_one({
"timestamp": time(),
"action": "login",
"username": username
})
user.pop("_id")
return user
def recheck_password(user_id, password):
user = db.users.find_one({"id": user_id})
return user and verify_password(password, user["pwhash"], user["salt"])
def validate_password(self, field):
password = field.data
verify_password(password)
def verify_password(self, password):
return verify_password(password, self.password)
