def change_pass_of_client(self, new_pass, logged_user): validate_client(logged_user) self.__validate_logged_user(logged_user) validate_password(new_pass, logged_user.get_username()) self.cursor.execute(UPDATE_PASSWORD_OF_CLIENT, (encode(new_pass), logged_user.get_id())) self.db.commit()
def post(self): """Register a new user.""" req_body = request.get_json() not_found = [] required_fields = ("email", "password") for field in required_fields: if field not in req_body.keys(): not_found.append(field) if not_found: return ( f"Required field(s) not found:" f" {', '.join(field for field in not_found)}", 400, ) # Check if email is valid user_email = req_body["email"] try: validate_email(user_email) except ValidationError: return "Incorrect format for field: email", 400 # Check if password is secure enough user_password = req_body["password"] try: validate_password(user_password) except ValidationError: return ( "Password is not secure enough: include at least one uppercase," " one lowercase, one number and one symbol, and keep it between" " 12 and 255 characters long. Whitespace is not allowed.", 400, ) salt = generate_random_salt() hashed_password = hash_password(user_password, salt) # noinspection PyArgumentList new_user = User( email=user_email, password=hashed_password, salt=str(salt, encoding=ENCODING), ) db.session.add(new_user) try: db.session.commit() except IntegrityError: return {}, 409 apikey = get_or_create_api_key(new_user) return apikey, 201
def register(username, password): if not validate_password(username, password): print("""Invalid password! - 8 symbols, special symbol, capital letter, number""") password = getpass.getpass("Enter a new password: "******"""Invalid password! - 8 symbols, special symbol, capital letter, number""") password = getpass.getpass("Enter a new password: ") cursor.execute(INSERT_USER, (username, encode_pass(password))) conn.commit()
def change_pass(new_pass, logged_user): if not validate_password(logged_user.get_username(), new_pass): print("""Invalid password! - 8 symbols, special symbol, capital letter, number""") new_pass = getpass.getpass("Enter a new password: "******"""Invalid password! - 8 symbols, special symbol, capital letter, number""") new_pass = getpass.getpass("Enter a new password: ") cursor.execute(UPDATE_PASSWORD, (encode_pass(new_pass), logged_user.get_id())) conn.commit()
def patch(self, user): """Edit individual fields on a user. Non-admins can only edit some fields on their own account. """ req_data = request.get_json() invalid_fields = [] modified = 0 for key in req_data: if not hasattr(user, key) or key in ("id", "salt"): invalid_fields.append(key) continue if not invalid_fields: if key == "email": new_email = req_data[key] try: validate_email(new_email) except ValidationError: return "Invalid format for email address.", 400 user.email = new_email modified += 1 elif key == "password": new_password = req_data[key] try: validate_password(new_password) except ValidationError: return "New password is not secure enough or too long.", 400 new_salt = generate_random_salt() user.password = hash_password(new_password, new_salt) user.salt = new_salt modified += 1 elif key == "lemmas": lemma_refs = req_data[key] if isinstance(lemma_refs[0], int): lemma_filter = Lemma.id.in_(lemma_refs) else: lemma_filter = Lemma.content.in_(lemma_refs) lemmas = Lemma.query.filter(lemma_filter) user.lemmas.extend(lemmas) modified += 1 if invalid_fields: return f"Invalid fields: {', '.join(invalid_fields)}", 400 if not modified: return "No valid field specified.", 400 db.session.commit() return {}, 204
def signup_seller(): connection = None try: data = request.json if 'username' not in data: raise ApiException(400, INVALID_PASSWORD) if 'password' not in data: raise ApiException(400, INVALID_INPUT_USERNAME) if 'koreanBrandName' not in data: raise ApiException(400, INVALID_INPUT_PASSWORD) if 'englishBrandName' not in data: raise ApiException(400, INVALID_INPUT_ENGLISH_BRAND_NAME) if 'sellerCategoryId' not in data: raise ApiException(400, INVALID_INPUT_SELLER_CATEGORY) if 'customerServiceNumber' not in data: raise ApiException(400, INVALID_INPUT_SERVICE_NUMBER) if 'userTypeId' not in data: raise ApiException(400, INVALID_INPUT_USER_TYPE_ID) if 'phoneNumber' not in data: raise ApiException(400, INVALID_INPUT_PHONE_NUMBER) if not validate_password(data['password']): raise ApiException(400, INVALID_PASSWORD) seller_info = { 'user_type_id': int(data['userTypeId']), 'username': data['username'], 'korean_brand_name': data['koreanBrandName'], 'english_brand_name': data['englishBrandName'], 'seller_category_id': data['sellerCategoryId'], 'customer_service_number': data['customerServiceNumber'], 'password': data['password'], 'phone_number': data['phoneNumber'] } connection = connect_db() seller_service = SellerService() seller_service.signup_seller(seller_info, connection) connection.commit() return {"custom_message": "CREATED SELLER", "result": "POST"} except ApiException as e: connection.rollback() raise e finally: if connection: connection.close()
def sign_up_user(): """ [서비스] 유저 회원가입 Author: Mark Hasung Kim Returns: { "custom_message": "SERVICE_USER_CREATED, "result": "POST } """ connection = None try: data = request.json if 'username' not in data: raise ApiException(400, INVALID_INPUT) if 'email' not in data: raise ApiException(400, INVALID_INPUT) if 'password' not in data: raise ApiException(400, INVALID_INPUT) if 'userTypeId' not in data: raise ApiException(400, INVALID_INPUT) if not validate_password(data['password']): raise ApiException(400, INVALID_PASSWORD) if not validate_email(data['email']): raise ApiException(400, INVALID_EMAIL) user_info = { 'username': data['username'], 'email': data['email'], 'password': data['password'], 'user_type_id': int(data['userTypeId']), 'phone_number': '', } connection = connect_db() user_service = UserService() user_service.create_user(user_info, connection) connection.commit() return {"custom_message": "SERVICE_USER_CREATED", "result": "POST"} except ApiException as e: if connection: connection.rollback() raise e finally: if connection: connection.close()
def register_new_client(self, username, password): validate_username(username) validate_password(password, username) self.cursor.execute(ADD_CLIENT, (username, encode(password))) self.db.commit()
def test_validation(self): self.assertFalse(validate_password('Tester', '123')) self.assertFalse(validate_password('Zimbabwe', 'Zimbabwe@21')) self.assertTrue(validate_password('Tester', 'SDA@224FS2'))
def test_validate_password(self): self.assertTrue(validate_password("Abc123???", "John")) self.assertTrue(validate_password("Password1$", "John"))