def test_create_account(client, db):
r = client.get(
"/api/createaccount",
headers={
"Authorization":
f"Basic {basic_auth_string('me123', 'mypassword')}"
},
)
assert r.status_code == 200
data = r.get_json()
assert "token" in data
token = data["token"]
statement = text("SELECT token FROM Token WHERE Username = :user")
results = db.execute(statement, {"user": "******"}).fetchall()
assert results != []
db_token = results[0]
assert token == db_token[0]
statement = text("SELECT * FROM User WHERE Username = :user")
results = db.execute(statement, {"user": "******"}).fetchall()
assert results != []
row = results[0]
assert hash_password("mypassword", row.Salt) == row.Password_Hash
def _insert(self):
with sqlite3.connect(self.dbpath) as conn:
curs = conn.cursor()
sql = """
INSERT INTO {} (username, password_hash, balance, api_key)
VALUES (?,?,?,?);
""".format(self.tablename)
curs.execute(sql, (self.username, hash_password(
self.password_hash), self.balance, self.api_key))
def password_check(connection, username, password):
fetch_pws = text(
"SELECT Password_Hash, Salt FROM User WHERE Username=:username")
result = connection.execute(fetch_pws, {"username": username}).fetchall()
if not result:
return False
pwh, salt = result[0]
digest = hash_password(password, salt)
return digest == pwh
def deposit(self, username, password, deposit_amount):
cur_balance = Account.select_one_where("WHERE username = ? \
AND password_hash = ?",
(username, hash_password(password)))
self.pk = cur_balance.pk
self.username = cur_balance.username
self.password_hash = cur_balance.password_hash
self.balance = round(cur_balance.balance + deposit_amount,2)
self.api_key = cur_balance.api_key
return round(cur_balance.balance + deposit_amount, 2)
def create_account():
username = view.create_username()
password = view.create_password()
password_hash = hash_password(password)
new_account = Account(username=username,
password_hash=password_hash,
balance=0)
new_account.generate_api_key()
new_account.save()
view.login_menu()
login()
def generate_fake():
seed()
sp = SalesPerson(
email = forgery_py.internet.email_address(),
password = hash_password(forgery_py.lorem_ipsum.word()),
givenname = forgery_py.name.first_name(),
surname = forgery_py.name.last_name(),
telephone = forgery_py.address.phone(),
region = random.choice(REGIONS_LIST)
)
return sp
def create_user(connection, username, password):
"""
Creates a new user with username and password.
Returns true if creation was successful and false otherwise.
"""
# Check if username exists already
fetch_pws = text("SELECT Username FROM User WHERE Username=:username")
result = connection.execute(fetch_pws, {"username": username}).fetchall()
if result:
return False
# Create user
salt = uuid4().hex # Generate salt from UUID
pwh = hash_password(password, salt)
insert = text(
"INSERT INTO User VALUES (:username, :password_hash, :salt, TRUE)"
) # TEMPORARY
connection.execute(insert, {
"username": username,
"password_hash": pwh,
"salt": salt
})
return True
def generate_fake():
seed()
c = Customer(
givenname = forgery_py.name.first_name(),
surname = forgery_py.name.last_name(),
email = forgery_py.internet.email_address(),
password = hash_password(forgery_py.lorem_ipsum.word()),
dob = forgery_py.date.date(True),
billto_address1 = forgery_py.address.street_address(),
billto_city = forgery_py.address.city(),
billto_state = forgery_py.address.state_abbrev(),
billto_postalcode = forgery_py.address.zip_code(),
telephone = forgery_py.address.phone(),
gender = forgery_py.personal.gender(),
)
# Forgery generates telephone numbers with a random country code prefix
# just strip that off for now
c.telephone = c.telephone[2:]
# There's a 24% chance the billing and shipping address might differ
if random.random() < .24:
c.shipto_address1 = forgery_py.address.street_address()
c.shipto_city = forgery_py.address.city()
c.shipto_state = forgery_py.address.state_abbrev()
c.shipto_postalcode = forgery_py.address.zip_code()
else:
c.shipto_address1 = c.billto_address1
c.shipto_city = c.billto_city
c.shipto_state = c.billto_state
c.shipto_postalcode = c.billto_postalcode
return c
def set_password(self, password):
self.password_hash = hash_password(password)
def login(cls, username, password):
""" login TODO: check password hash """
return cls.select_one_where("WHERE username = ? AND password_hash = ?",
(username, hash_password(password)))
def get_bal(self, username, password):
cur_balance = Account.select_one_where("WHERE username = ? \
AND password_hash = ?",
(username, hash_password(password)))
return (cur_balance.balance, cur_balance.pk)
def login(cls, email, password):
return cls.select_one_where("WHERE email = ? AND password_hash = ?",
(email, hash_password(password)))
def login(cls, username, password):
return Account.one_from_where_clause(
"WHERE username=? AND password_hash=?",
(username, hash_password(password)))
def login(cls, username, password):
return cls.select_one_where("WHERE username = ? AND password_hash = ?",
(username, hash_password(password)))
def testHashPass(self):
hashed_pass = util.hash_password('password')
t = '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8'
self.assertEqual(hashed_pass, t)
def set_password(self, password):
hashed_pw = hash_password(password)
self.password_hash = hashed_pw
return hashed_pw
def testHashPass(self):
testoutput = '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8'
test = util.hash_password("password")
self.assertEqual(test, testoutput, "hash_pass returns correct output")
