def test_password_hashing(self):
correct = hash_password(self.correct)
incorrect = hash_password(self.incorrect)
self.assertFalse(check_password(self.incorrect, correct))
self.assertTrue(check_password(self.correct, correct))
self.assertFalse(check_password(self.correct, incorrect))
def edit_user_password(username):
# Updates password of a user on non PubCookie setups.
message = None
errors = []
if session['user_auth_level'] >= 10000 or session['user_username'] == username: # administrator access
log_access('users/password')
if request.method == 'POST':
log_access('users/password', 'posted form')
user_id = request.form['user_id']
current_pw = request.form['cur_password'] if 'cur_password' in request.form else ''
new_pw = request.form['new_password']
again_pw = request.form['again_password']
user = model.get_user(user_id)
current_hash_pw = auth.hash_password(current_pw)
if session['user_auth_level'] >= 10000 and session['user_id'] != user_id:
current_hash_pw = user['password']
if not user['password'] == current_hash_pw:
errors.append("Current Password is incorrect")
elif new_pw == '':
errors.append("New password is empty")
elif not new_pw == again_pw:
errors.append("Passwords don't match")
else:
model.set_password(user_id, auth.hash_password(new_pw))
message = "Saved."
form=model.get_user_by_username(username)
return render_template('user_edit_password.html',
form=form,
errors=errors,
message=message)
else:
log_access('users/password', 'access_denied changing password for: ' + username)
return redirect(url_for('access_denied'))
def test_password_hashing(self):
correct = hash_password(self.correct)
incorrect = hash_password(self.incorrect)
self.assertFalse(check_password(self.incorrect, correct))
self.assertTrue(check_password(self.correct, correct))
self.assertFalse(check_password(self.correct, incorrect))
def user_editor(self):
request = self.request
# Verifica se o usuário está logado
if self.logged_in != None:
# Verifica se ele tem privilégio para adicionar admin
if get_privileges(self.logged_in) != 4:
return HTTPForbidden()
else:
url = request.route_url('user_editor')
referrer = request.url
# Verifica se o referer é a página de edição, se sim muda ela pra home
if referrer == url:
referrer = '/'
came_from = request.params.get('came_from', referrer)
message = ''
username = ''
password = ''
level = ''
if 'form.submitted' in request.params:
username = request.params['username']
password = request.params['password']
level = request.params['level']
# Inicia o DB
db = MongoClient(host=DB_HOST, port=DB_PORT)
users = db[DB_NAME]['users']
if groupfinder(username, '') != None:
users.update_one({'username': username}, {
'$set': {
'password': hash_password(password),
'level': int(level)
}
})
return HTTPFound(location=came_from)
else:
users.insert_one({
'username': username,
'password': hash_password(password),
'level': int(level)
})
return HTTPFound(location=came_from)
return dict(
message=message,
url=request.application_url + '/user_editor',
came_from=came_from,
)
else:
return HTTPForbidden()
def register():
data = request.get_json()
missing = []
if 'firstName' not in data:
missing.append('firstName')
if 'lastName' not in data:
missing.append('lastName')
if 'email' not in data:
missing.append('email')
if 'password' not in data:
missing.append('password')
elif 'email' in data:
data['password'] = auth.hash_password(data['password'], data['email'])
if len(missing) > 0:
message = 'Incorrect request, missing ' + str(missing)
abort(400, message)
user_id, perms = db.create_user(data)
jwt = auth.jwt.make_jwt(user_id)
resp = {
'firstName': data['firstName'],
'lastName': data['lastName'],
'auth': jwt,
'permissions': perms,
}
return jsonify(resp)
def reset_password(email, token, password):
"""Uses a token/email combination to set a password"""
if not password:
raise ValueError("Password must be specified")
database = sqlite3.connect('database.sqlite3')
database.execute(("DELETE FROM password_recovery"
" WHERE datetime(generated, '+15 minute') < CURRENT_TIMESTAMP"))
database.commit()
count = database.execute(("SELECT count() FROM password_recovery"
" WHERE email=:email AND token=:token"),
{"email": email, "token": token}).fetchone()[0]
if not count == 1:
raise ValueError("Incorrect email/token combination")
salt = database.execute("SELECT salt FROM groups WHERE contact_email=?", (email,)).fetchone()
if salt is None:
raise ValueError("Could not find salt for email")
salt = salt[0]
password_hash = auth.hash_password(password, salt)
database.execute("UPDATE groups SET password=:password WHERE contact_email=:email",
{"password": password_hash, "email": email})
database.execute("DELETE from password_recovery WHERE token=:token", {"token": token})
database.commit()
return password_hash
def update_password(options):
given_email = options['email']
given_password = options['pass']
given_password = auth.hash_password(given_password)
#First connect to the table
client = boto3.client('rds-data')
#Check that the user exists
existing_user = client.execute_statement(
secretArn=constants.SECRET_ARN,
database=constants.DB_NAME,
resourceArn=constants.ARN,
sql="SELECT email FROM UserData WHERE email = '%s';" % (given_email))
if (existing_user['records'] == []):
constants.ERR = "Password DNE"
constants.STATUS_CODE = 404
return
#Replace password in database
client.execute_statement(
secretArn=constants.SECRET_ARN,
database=constants.DB_NAME,
resourceArn=constants.ARN,
sql="UPDATE UserData SET pass = '******' WHERE email = '%s';" %
(given_password, given_email))
#Return success
return
def register(options):
#options: a list of variables
given_email = options['email']
given_password = options['pass']
#HASH here
given_password = auth.hash_password(given_password)
#First connect to the table
client = boto3.client('rds-data')
#Check if the user already exist in the database and throw a 400 statuscode if they do
existing_user = client.execute_statement(
secretArn=constants.SECRET_ARN,
database=constants.DB_NAME,
resourceArn=constants.ARN,
sql="SELECT email FROM UserData WHERE email = '%s'" % (given_email))
if (existing_user['records'] != []):
print("user exists already")
constants.ERR = "User already exists"
constants.STATUS_CODE = 409
return
existing_user = client.execute_statement(
secretArn=constants.SECRET_ARN,
database=constants.DB_NAME,
resourceArn=constants.ARN,
sql=
"INSERT INTO UserData (email, pass, type, name) VALUES ('%s','%s','%s','%s')"
% (given_email, given_password, 0, given_email))
#Return success
return constants.respond(statusCode="200") #OK
def reset_password(self):
# process password reset request
try:
token = self.request.path[2]
body = self.request.body
password = body['password']
reset_item = self.tables['reset'].get_item(hash_key=token)
if (timestamp() - reset_item['timestamp']) > (15 * 60):
self.response = Response(status=400)
return
email_item = self.tables['email'].get_item(hash_key=reset_item['email'])
user_item = self.tables['user'].get_item(hash_key=email_item['user'])
user_item['password'] = hash_password(password)
user_item.put()
reset_item.delete()
self.response = Response(status=204)
return
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.format_exception(exc_type, exc_value, exc_traceback)
self.response = Response(status=400)
return
def register_manager_customer(first_name, last_name, username, password, company,
street_address, city, state, zipcode, credit_cards, database):
# Generate Manager row
new_manager = Manager(username=username, password=None, firstname=first_name,
lastname=last_name, state=state, city=city, zipcode=zipcode,
street=street_address, companyname=company)
new_manager.password = hash_password(password, new_manager)
database.add(new_manager)
database.commit()
# Execute an insert onto Customer manually to avoid duplicate User creation
database.execute(Customer.__table__.insert(), {
"username": username,
"password": new_manager.password,
"firstname": first_name,
"lastname": last_name})
# Insert credit cards
new_credit_cards = [Creditcard(
creditcardnum=cc, owner=username) for cc in credit_cards]
database.add_all(new_credit_cards)
database.commit()
token = provision_jwt(new_manager, is_manager=True, is_customer=True,
cc_count=len(credit_cards)).get_token().decode()
return jsonify({"token": token})
def create(self, params):
hashed_password = hash_password(params.get("password"))
query = f'insert into {self.TABLENAME} ' \
f'(Name, Email, CreatedOn, password) ' \
f'values ("{params.get("Name")}","{params.get("Email")}",' \
f'"{datetime.now()}","{hashed_password}")'
result = self.conn.execute(query)
return self.get_by_id(result.lastrowid)
def registration():
if request.method == 'GET':
return render_template('registration.html')
elif request.method == 'POST':
new_user_data = {
'user_name': request.form['user_name'],
'password': auth.hash_password(request.form['password'])}
data_manager.add_user(new_user_data)
return redirect(url_for('list'))
def register_user(first_name, last_name, username, password, database):
# Add new user to the database
new_user = User(username=username, password=None,
firstname=first_name, lastname=last_name)
new_user.password = hash_password(password, new_user)
database.add(new_user)
database.commit()
token = provision_jwt(new_user, cc_count=0).get_token().decode()
return jsonify({"token": token})
def post(self):
username = self.get_argument('username', None)
password = self.get_argument('password', '')
password_hash = auth.hash_password(password)
user = auth.maybe_get_user_by_full_creds(username, password_hash)
if user is None:
self.render('templates/bad-auth.html')
else:
self.render('templates/view-user-info.html', user=user)
def setUp(self):
self.userid = generate_key()
self.username = '******'
self.email = '*****@*****.**'
self.password = '******'
self.sessionid = None
self.connection = boto.dynamodb.connect_to_region('eu-west-1')
try:
username_item = self.connection.get_table('username').get_item(
hash_key=self.username)
self.connection.get_table('user').get_item(
hash_key=username_item['user']).delete()
username_item.delete()
# XXX scan these test user tags and delete them
except:
pass
try:
self.connection.get_table('email').get_item(
hash_key=self.email).delete()
except:
pass
self.connection.get_table('user').new_item(hash_key=self.userid,
attrs={
'username':
self.username,
'email':
self.email,
'password':
hash_password(
self.password),
}).put()
self.connection.get_table('username').new_item(hash_key=self.username,
attrs={
'user': self.userid,
}).put()
self.connection.get_table('email').new_item(hash_key=self.email,
attrs={
'user': self.userid,
}).put()
self.sessionid = generate_key()
self.connection.get_table('session').new_item(hash_key=self.sessionid,
attrs={
'user': self.userid,
'email': self.email,
'username':
self.username,
'timestamp':
timestamp()
}).put()
self.cookie = 'session_id=' + self.sessionid + ';'
def password_do():
code = request.forms.get('code')
share = db.shares.find_one({'code':code})
if not share:
abort(400,"That is not a valid password reset code.")
user = db.users.find_one({'email':share['email']})
user['password'] = hash_password(request.forms.get('new_password'))
db.users.save(user)
do_login(request,user)
return redirect('/')
def create_do():
eml = request.forms.get('email')
pwd = request.forms.get('password')
code = request.forms.get('code')
name = request.forms.get('name')
kwargs = {"email":eml,"password":pwd,"code":code,"name":name,"errors":[]}
if not eml or '@' not in eml or not pwd:
kwargs['errors'].append("Please enter a valid username and password")
return template('create',**kwargs)
user = db.users.find_one({'email':eml})
print user
if user:
kwargs['errors'].append('That email is already in use! Maybe you want to <a class="btn small" href="/login">login</a>?')
return template('create',**kwargs)
if not name or name.lower() == 'name':
stupid = ['Jills_Mortuary--You_kill_Em_We_Chill_Em','no_fatties,please','Hey!','wonderful-bill','DataDyne-Inc.',\
'Wonderful_Me','programmers-delight','The_Colbert_Nation','WackoMan','the-ugly-duckling']
kwargs['errors'].append("You must provide a name for your pile. Like '%s' or '%s'" % (random.choice(stupid),random.choice(stupid)))
return template('create',**kwargs)
valid,invalid_char = valid_chars(name)
if not valid:
kwargs['errors'].append("That is an invalid name. Just use letters, numbers and '_-,+'. You can't use '%s'." % invalid_char)
return template('create',**kwargs)
if db.piles.find_one({'name':name}):
kwargs['errors'].append('Sorry, that pile name is already in use!')
return template('create',**kwargs)
invite = db.invites.find_one({'code':code})
if not invite:
kwargs['errors'].append("That is an invalid code or has already been used. Sorry.")
return template('create',**kwargs)
if invite.get('remaining', 1) == 1:
db.invites.remove(invite)
else:
invite['remaining'] -= 1
db.invites.save(invite)
randid = lambda: ''.join([random.choice(string.letters + string.digits) for x in xrange(6)])
pid = randid()
while db.piles.find_one({"_id":pid}):
pid = randid()
user = {'email':eml,'password':hash_password(pwd)}
pile = {'_id':pid,'emails':[eml],'name':name,'welcome':True}
db.piles.save(pile)
db.users.save(user)
do_login(request,user) # Let the login look up the piles because they might have more than one!
return redirect('/%s' % pile['name'])
def before_insert(self, mapper, connection, instance):
if instance.active:
instance.active = 1
else:
instance.active = 0
instance.datecreated = datetime.now()
instance.datemodified = datetime.now()
instance.rowstamp = uuid.uuid4()
hashed = hash_password(instance.password)
instance.password = hashed.split('$')[0]
instance.salt = hashed.split('$')[1]
def register_manager(first_name, last_name, username, password, company,
street_address, city, state, zipcode, database):
# Add new manager to the database
new_manager = Manager(username=username, password=None, firstname=first_name,
lastname=last_name, state=state, city=city, zipcode=zipcode,
street=street_address, companyname=company)
new_manager.password = hash_password(password, new_manager)
database.add(new_manager)
database.commit()
token = provision_jwt(new_manager, is_manager=True, cc_count=0).get_token().decode()
return jsonify({"token": token})
def put(self, id):
user = User.get_by_id(id)
if user is None:
abort(404)
args = self.reqparse.parse_args()
u = dict(filter(lambda (k, v): v is not None, args.items()))
if u.get('password') is not None:
u['password'] = hash_password(u['password'])
update_model(user, u)
user.put()
return {'user': marshal(user, user_fields)}
def post(self):
args = self.reqparse.parse_args()
u = User.all(keys_only=True).filter('user_name', args['user_name']).get()
if u:
abort(409, message="User with user_name '%s' already exists" % args['user_name'])
u = User(user_name=args.user_name,
first_name=args.first_name,
last_name=args.last_name,
password=hash_password(args.password))
u.put()
return {'user': marshal(u, user_fields)}
def setUp(self):
self.userid = generate_key()
self.username = '******'
self.email = '*****@*****.**'
self.password = '******'
self.sessionid = None
self.connection = boto.dynamodb.connect_to_region('eu-west-1')
try:
username_item = self.connection.get_table('username').get_item(hash_key=self.username)
self.connection.get_table('user').get_item(hash_key=username_item['user']).delete()
username_item.delete()
# XXX scan these test user tags and delete them
except: pass
try: self.connection.get_table('email').get_item(hash_key=self.email).delete()
except: pass
self.connection.get_table('user').new_item(
hash_key=self.userid,
attrs={
'username': self.username,
'email': self.email,
'password': hash_password(self.password),
}
).put()
self.connection.get_table('username').new_item(
hash_key=self.username,
attrs={
'user': self.userid,
}
).put()
self.connection.get_table('email').new_item(
hash_key=self.email,
attrs={
'user': self.userid,
}
).put()
self.sessionid = generate_key()
self.connection.get_table('session').new_item(
hash_key=self.sessionid,
attrs={
'user': self.userid,
'email': self.email,
'username': self.username,
'timestamp': timestamp()
}
).put()
self.cookie = 'session_id=' + self.sessionid + ';'
def post(self):
username = self.get_argument('username', None)
password = self.get_argument('password', '')
otp = self.get_argument('otp', None)
password_hash = auth.hash_password(password)
session_id = auth.maybe_authorize_user(username, password_hash, otp)
if session_id is None:
self.render('templates/bad-auth.html')
else:
logger.info('User {} logged in, session_id = {}', username,
session_id)
self.set_cookie('session_id', session_id)
self.redirect('/')
def register_customer(first_name, last_name, username, password, credit_cards, database):
# Add new customer to the database
new_customer = Customer(username=username, password=None,
firstname=first_name, lastname=last_name)
new_customer.password = hash_password(password, new_customer)
new_credit_cards = [Creditcard(
creditcardnum=cc, owner=username) for cc in credit_cards]
database.add_all([new_customer] + new_credit_cards)
database.commit()
token = provision_jwt(new_customer, is_customer=True,
cc_count=len(credit_cards)).get_token().decode()
return jsonify({"token": token})
def create_user(form):
cur = db.singleton()
form['auth_level'] = int(form['auth_level'])
if not 'password' in form:
form['password'] = ''
form['password'] = auth.hash_password(form['password'])
id = -1
error = None
try:
id = db.query(cur, '''INSERT INTO ''' + config.DATABASE_SCHEMA + '''.users(
fullname, username, networkid, pager, email, cellphone, deskphone, auth_level, password)
VALUES (%(fullname)s, %(username)s, %(networkid)s, %(pager)s, %(email)s, %(cellphone)s, %(deskphone)s,
%(auth_level)s, %(password)s) RETURNING id''', form, True)
except psycopg2.IntegrityError, e:
error = e.message
def do_put(self):
try:
if self.session:
body = self.request.body
if not 'password' in body: # malformed payload
self.response = Response(status=400)
return
user = self.tables['user'].get_item(hash_key=self.session['user'])
user['password'] = hash_password(body['password'])
self.response = Response(status=204)
return
else:
self.response = Response(status=401)
return
except:
self.response = Response(status=400)
return
def insert_new_cleaner(data):
if not ('phonenumber' in data and data['password']):
raise Exception('new cleaner data must include phonenumber and password')
if db.cleaners.find_one({"phonenumber": data["phonenumber"]}):
raise Exception("cleaner with phonenumber {0} already exists".format(data["phonenumber"]))
salt = auth.generate_salt()
hashed_pwd = auth.hash_password(data["password"], salt)
ret = db.cleaners.insert({
"name": data["name"],
"phonenumber": data['phonenumber'],
"salt": salt,
"hashed_pwd": hashed_pwd,
})
return ret
def create_user(form):
cur = db.singleton()
form['auth_level'] = int(form['auth_level'])
if not 'password' in form:
form['password'] = ''
form['password'] = auth.hash_password(form['password'])
id = -1
error = None
try:
id = db.query(
cur, '''INSERT INTO ''' + config.DATABASE_SCHEMA + '''.users(
fullname, username, networkid, pager, email, cellphone, deskphone, auth_level, password)
VALUES (%(fullname)s, %(username)s, %(networkid)s, %(pager)s, %(email)s, %(cellphone)s, %(deskphone)s,
%(auth_level)s, %(password)s) RETURNING id''', form, True)
except psycopg2.IntegrityError, e:
error = e.message
def login():
data = request.get_json()
if 'email' not in data or 'password' not in data:
abort(400, "Missing credentials")
data['password'] = auth.hash_password(data['password'], data['email'])
res, perms = db.login(data)
jwt = auth.jwt.make_jwt(res[0])
resp = {
'firstName': res[1],
'lastName': res[2],
'auth': jwt,
'permissions': perms,
}
return jsonify(resp)
def register_new_user(login, password, name, data):
# 1 - Проверить, нет ли пользователя с таким же логином
# 2 - Родить рандомную соль (10 байт)
# 3 - Захешировать пароль с применением рандомной соли
# 4 - Начать транзакцию
# 5 - Сохранить запись пользователя и получить ID
# 6 - Сохранить записи users_kv_data из массива data
# 7 - Закоммитить транзакцию
# 8 - Вернуть (True, None)
if database.count_users_by_login(login) > 0:
return False, 'Login already exists'
else:
salt = auth.generate_r_salt()
pass_h = auth.hash_password(password, salt)
if database.add_user_with_data(login, pass_h, salt, name, data):
return True, None
else:
return False, 'Internal error'
def POST_reset_password():
try:
data = json.loads(request.data)
cleaner = model.get_cleaner(phonenumber=data["phonenumber"])
if not (cleaner and 'reset_code' in cleaner):
raise Exception(str("Something went wrong"))
if not ((data['reset_code'] == cleaner["reset_code"]) and (datetime.now() < cleaner['reset_code_expires'])):
raise Exception(str("Invalid password reset code"))
# if they made it this far all is good
new_hashed_pwd = auth.hash_password(data["password"], cleaner["salt"])
model.update_cleaner(cleaner["_id"], {"hashed_pwd": new_hashed_pwd})
cleaner_data = model.public_cleaner(cleaner)
auth.login(cleaner_data)
return respond200()
except Exception as e:
return respond500(e)
def request_new_account(self):
# request creation of new user account
try:
body = self.request.body
try: email_item = self.tables['email'].get_item(hash_key=body['email'])
except: email_item = None
try: username_item = self.tables['username'].get_item(hash_key=body['username'])
except: username_item = None
if email_item or username_item: # such a user already exists
self.response = Response(status=400, body='Username and/or email already registered')
return
attrs = {
'email': body['email'],
'username': body['username'],
'password': hash_password(body['password']),
'timestamp': timestamp(),
}
token = generate_key()
activation_item = self.tables['activation'].new_item(hash_key=token, attrs=attrs)
activation_item.put()
# send email with activation token to given address
conn = boto.ses.connect_to_region('us-east-1')
msg_subject = 'XXX Service Name Here new user account creation requested'
msg_body = '' \
'You requested that we create a new XXX Service Name Here user account for you. ' \
'To activate your account, please click the following link, or copy and paste it to your web browser:\n\n' \
'http://xxxservicedomain/user/activation/%s\n\n' \
'The link is valid until XXXX-XX-XX XX:XX:XX\n\n' \
'\tYours, &c.\n\tXXX Service Name Here' % token
conn.send_email('*****@*****.**', msg_subject, msg_body, [body['email']])
self.response = Response(status=204)
return
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.format_exception(exc_type, exc_value, exc_traceback)
self.response = Response(status=400)
return
def login_do():
if not request.forms.get('email') or not request.forms.get('password'):
return template('login',email=request.forms['email'],errors=['No username or password'])
hashed_pwd = hash_password(request.forms['password'])
email = request.forms['email'].lower()
user_ent = db.users.find_one({"email":email,"password":hashed_pwd})
if not user_ent:
return template('login',email=request.forms['email'],errors=['Bad email or password'])
piles = list(db.piles.find({'emails':email}))
do_login(request,user_ent,piles)
print piles
if piles:
return redirect('/'+piles[0]['name'])
else:
return redirect('/broke')
def init_db(Meal, Plan, User):
db.create_all()
user = User.query.filter_by(email='*****@*****.**').first()
if not user:
user = User(
alt_id=generate_alt_id(size=64),
alias='dummy',
email='*****@*****.**',
password=hash_password('password'),
)
plan = Plan(name='dummy plan', users=[user])
meal = Meal(
name='dummy meal',
created_date=datetime.datetime.utcnow(),
planned_date=to_date_int(datetime.date.today()),
plan=plan,
)
db.session.add(user)
db.session.add(meal)
db.session.commit()
def mk_organization():
if request.method == 'POST':
# add organization
org = organizations.Organizations()
org.load(name=request.json.get('name'),
domain=request.json.get('domain'))
if org.dump():
return Response(json.dumps(
dict(error='cannot create organization')),
status=400,
mimetype='application/json')
if not check_fields():
return Response(json.dumps(
dict(error='fields not correct: {0}'.format(','.join(
error_fields)))),
status=400,
mimetype='application/json')
try:
for k, v in request.json.items():
org.set(k, v)
org.set('enabled', False)
org.set('api_key', uuid.uuid4())
org.set('password',
auth.hash_password(request.json.get('password')))
org.insert()
org.load(name=request.json.get('name'))
return Response(json.dumps(
dict(success='organization created',
api_key=str(org.get('api_key')))),
status=200,
mimetype='application/json')
except Exception, e:
print str(e)
return Response(json.dumps(
dict(error='cannot create organization')),
status=500,
mimetypr='applicate/json')
def resetPassword():
data = request.get_json()
missing = []
if 'email' not in data:
missing.append('email')
if 'newPassword' not in data:
missing.append('newPassword')
if 'token' not in data:
missing.append('token')
if len(missing) > 0:
message = 'Incorrect request, missing ' + str(missing)
abort(400, message)
user_id = db.checkPasswordToken(data['email'], data['token'])
db.updatePassword(user_id, auth.hash_password(data['newPassword'], data['email']), data['email'])
return jsonify('Success')
def create_group(name, password, contact):
if not name or not password or not contact:
raise ValueError('Must have at least 1 character in all fields')
contact = trimstring(contact)
#Verify Email Address
match = re.match(r'^.+@.+\..+$', contact)
if match is None:
raise ValueError('Malformed email address')
database = sqlite3.connect('database.sqlite3')
trim_group = trimstring(name)
group_count = database.execute(
"SELECT count() FROM groups WHERE lower(name)=:groupname", {
"groupname": trim_group
}).fetchone()[0]
if group_count > 0:
raise ValueError('Groupname already exists')
salt = auth.generate_random()
hashed_password = auth.hash_password(password, salt)
try:
database.execute(
('INSERT INTO groups(name, password, salt, contact_email)'
' values(:name, :password, :salt, :contact)'), {
"name": name,
"password": hashed_password,
"salt": salt,
"contact": contact
})
database.commit()
except sqlite3.IntegrityError:
raise ValueError(
"Could not create group. Contact Skvaderonen for support. %s")
return True
def set_password(self, password):
user = system.users.first(loginid=self.username, status='A')
if user:
self.set_hashed_password(hash_password(password))
def create(username, password):
user = User(username=username, password=auth.hash_password(password))
db.session.add(user)
db.session.commit()
return user
app = Flask(__name__)
api = Api(app)
api.add_resource(UserListApi, '/api/v1.0/users', endpoint='users')
api.add_resource(UserApi, '/api/v1.0/users/<int:id>', endpoint='user')
api.add_resource(BeerReviewUserApi, '/api/v1.0/users/<int:id>/reviews', endpoint='user_reviews')
api.add_resource(BeerGlassListApi, '/api/v1.0/beer_glasses', endpoint='beer_glasses')
api.add_resource(BeerGlassApi, '/api/v1.0/beer_glasses/<int:id>', endpoint='beer_glass')
api.add_resource(BeerListApi, '/api/v1.0/beers', endpoint='beers')
api.add_resource(BeerApi, '/api/v1.0/beers/<int:id>', endpoint='beer')
api.add_resource(BeerReviewBeerApi, '/api/v1.0/beers/<int:id>/reviews', endpoint='beer_reviews')
api.add_resource(BeerReviewListApi, '/api/v1.0/beer_reviews', endpoint='reviews')
api.add_resource(BeerReviewApi, '/api/v1.0/beer_reviews/<int:id>', endpoint='review')
api.add_resource(FavoritesUserApi, '/api/v1.0/users/<int:id>/favorites', endpoint='user_favorites')
api.add_resource(FavoritesBeerApi, '/api/v1.0/beers/<int:id>/favorites', endpoint='beer_favorites')
api.add_resource(FavoritesListApi, '/api/v1.0/favorites', endpoint='favorites')
api.add_resource(FavoritesApi, '/api/v1.0/favorites/<int:id>', endpoint='favorite')
# Create initial user if the user does not exist
u = User.all().get()
if u is None:
u = User(user_name='admin',
first_name='Admin',
last_name='Admin',
password=hash_password('beer_app1'))
u.put()
if __name__ == '__main__':
app.run(debug = True)
def set_password(self, password):
user = system.users.first(loginid=self.username, status='A')
if user:
self.set_hashed_password(hash_password(password))
def test_02_equality(self, client):
hash = auth.hash_password("test")
assert auth.verify_password(hash, "test")
def test_01_len(self, client):
assert len(auth.hash_password("test")) == 152
'/api/v1.0/beers/<int:id>/reviews',
endpoint='beer_reviews')
api.add_resource(BeerReviewListApi,
'/api/v1.0/beer_reviews',
endpoint='reviews')
api.add_resource(BeerReviewApi,
'/api/v1.0/beer_reviews/<int:id>',
endpoint='review')
api.add_resource(FavoritesUserApi,
'/api/v1.0/users/<int:id>/favorites',
endpoint='user_favorites')
api.add_resource(FavoritesBeerApi,
'/api/v1.0/beers/<int:id>/favorites',
endpoint='beer_favorites')
api.add_resource(FavoritesListApi, '/api/v1.0/favorites', endpoint='favorites')
api.add_resource(FavoritesApi,
'/api/v1.0/favorites/<int:id>',
endpoint='favorite')
# Create initial user if the user does not exist
u = User.all().get()
if u is None:
u = User(user_name='admin',
first_name='Admin',
last_name='Admin',
password=hash_password('beer_app1'))
u.put()
if __name__ == '__main__':
app.run(debug=True)
