async def authenticate(self, username: str, password: str) -> Optional[UserInDB]: user = await self.get_by_username(username) if user is None: return if not verify_password(password, user.password): return return user
async def authenticate(email: str, password: str): user = get_by_email(email=email) if not user: return None if not verify_password(password, user.hashed_password): return None return user
def authenticate(self, *, username: str, password: str): user = self.get(username=username) if not user: return None if not verify_password(password, user.hashed_password): return None return user
def authenticate(db_session, *, email: str, password: str) -> Optional[User]: user = get_by_email(db_session, email=email) if not user: return None if not verify_password(password, user.hashed_password): return None return user
def authenticate(self, db: Session, *, email: str, password: str) -> Optional[AdminUser]: user = self.get_by_email(db, email=email) if not user: return None if not verify_password(password, user.hashed_password): return None return user
def authenticate(db: Session, email: str, password: str): user = get_by_email(db, email=email) if not user: return None if not verify_password(password, user.password): return None return user
def authenticate(self, email: str, password: str) -> Optional[User]: user = self.get_by_email(email) if not user: return None if not verify_password(password, user.hashed_password): return None return user
def view_login(): utils = Utils() msg = '' if request.method == 'POST': username = request.form.get('username', None) password = request.form.get('password', None) if rds.is_ip_blocked(request.remote_addr): return render_template('login.html', err='Your IP has been blocked.') if verify_password(username, password): session['session'] = username return redirect('/') else: return render_template('login.html', err='Incorrect username or password. \ After 5 attempts, you will get blocked.' ) if not utils.is_version_latest(): msg = 'New Version is Available' return render_template('login.html', msg=msg)
def mutate(parent, info, username, password): user = db.query(User).filter_by(username=username).first() if user is None or not verify_password(password, user.password): errors = [{"error": "Can't validate username or password"}] return SignInUser(errors=errors, success=False) token = create_jwt_token(data={"sub": user.username, "id": user.id}) return SignInUser(token=token, success=True)
async def authenticate_user(db: AsyncIOMotorDatabase, username: str, password: str) -> UserInDB: user = await get_user(db, username) if not user: return None if not verify_password(password, user.hashed_password): return None return user
async def authenticate_user(username: str, password: str): logging.info(">>> " + __name__ + ":authenticate_user") user = await get_user(username) if not user: return False if not verify_password(password, user.hashed_password): return False return user
def authenticate(self, db_session: Session, *, username: str, password: str) -> Optional[User]: user = self.get_by_username(db_session, username=username) if not user: return None if not verify_password(password, user.hashed_password): return None return user
async def admin_login( auth: Auth, db: Session = Depends(deps.get_db) ): user = db.query(Admin).filter(Admin.username == auth.username).first() if not user or not security.verify_password(auth.password, user.password_hash): return Response404(msg="用户名或密码错误") token = Token(token=f"Bearer {create_access_token(user.id)}") return Response200(data=token)
async def login(login: Login, users: UserRepository = Depends(get_user_repository)): user = await users.get_by_email(login.email) if user is None or not verify_password(login.password, user.hashed_password): raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect username or password") return Token(access_token=create_access_token({"sub": user.email}), token_type="Bearer")
def test_update_user(db: Session) -> None: password = random_lower_string() email = random_email() user_in = UserCreate(email=email, password=password, is_superuser=True) user = crud.user.create(db, obj_in=user_in) new_password = random_lower_string() user_in_update = UserUpdate(password=new_password, is_superuser=True) crud.user.update(db, db_obj=user, obj_in=user_in_update) user_2 = crud.user.get(db, id=user.id) assert user_2 assert user.email == user_2.email assert verify_password(new_password, user_2.hashed_password)
def authenticate( db: Session, *, username: Optional[str] = None, password: str, email: Optional[str] = None ): user = get_by_username( db, username=username ) if username else get_by_email(db, email) if not user: return None if not verify_password(password, user.password): return None return user
async def authenticate(self, db: AsyncIOMotorClient, login_data: UserLogin): md5_password = login_data.password password = DeAesCrypt(md5_password, login_data.verify_key, 'pkcs7').decrypt_aes if not password: return None user_info = await self.get_by_username(db, username=login_data.username) if not user_info: return None if not verify_password(password, user_info['password']): return None return user_info
async def authenticate_user(password: str, username: str = None, email: str = None) -> dict or None: """ Authenticate user """ user = await _get_user(username=username, email=email) if user is None: raise HTTPException(status_code=404, detail='User does not exist') else: if verify_password(plain_password=password, hashed_password=user['hashed_password']): return user else: raise HTTPException(status_code=404, detail='invalid password')
def authenticate(db: Session, *, username: Optional[str] = None, password: str, email: Optional[str] = None): user = user_service.get_by_field( db, field='username', value=username) if username else user_service.get_by_field( db, field='email', value=email) if not user: return None if not verify_password(password, user.password): return None return user
def login(form_data: OAuth2PasswordRequestForm): user_name = form_data.username password = form_data.password user_exists = find_user_by_user_name(user_name) if not user_exists: return {"detail": "User does not exists"}, 404 password_matched = verify_password(password, user_exists["password"]) if not password_matched: return {"detail": "Incorrect credential combination"}, 401 encoded_jwt, expire = create_access_token(data=TokenPayload( user_id=user_exists["id"]).dict()) return LoginResp(access_token=encoded_jwt.decode("utf-8"), token_type="bearer"), 200
def put(self, new_data): """Password Change [PROTECTED] Args: old_passowrd (str): [The current password] new_password (int): [The new password] """ current_user = get_jwt_identity() user = user_crud.get(current_user) if not user: abort(404, message="User not Found") verified = verify_password(new_data['old_password'], user.hashed_password) if not verified: abort(401, message='Wrong old Password') data = {'password': new_data['new_password']} user_crud.update(user, data) return {'msg': 'Password Changed'}
async def resolve_login(_, info, **kwargs): user = await find_user_by_email(kwargs["email"]) if not user: return {"error": "User with that email not found"} password_matched = verify_password(kwargs["password"], user["password"]) if not password_matched: return {"error": "Incorrect credentials combination."} encoded_jwt, expire = create_access_token(data={ "user_id": str(user["id"]), "group": user["group"] }) added_token_in_db = await add_token_in_db( user_id=str(user["id"]), token=encoded_jwt.decode("utf-8")) return { "token": { "access_token": encoded_jwt.decode("utf-8"), "token_type": "bearer" } }
def change_password_by_token(self, db: Session, response: Response, *, decode_token: dict, obj_in: schema_user.UserChangePasswordIn): """ 通过 token 设置初始/修改 密码 :param decode_token: 解析之后的 token :param old_password: 原始密码(如果用户未设置初始密码,则不用填) :param new_password: 新密码 :return: 状态码, 用户信息, 提示信息 """ # --------- 获取当前用户信息 ----------- # db_user, message = self.jwt_token_auth(db, response, decode_token=decode_token) if not db_user: return None, message # ---------- 修改密码 ------------ # if db_user.hashed_password: # 判断用户是否设置过初始密码 if not security.verify_password(obj_in.old_password, db_user.hashed_password): # 校验原始密码 message = "原始密码不正确" response.status_code = status.HTTP_401_UNAUTHORIZED return None, message hashed_new_password = security.get_password_hash(obj_in.new_password) db_user_obj = crud_user.update_password_by_id( db, id=db_user.id, hashed_password=hashed_new_password) if not db_user_obj: message = "密码修改失败" response.status_code = status.HTTP_500_INTERNAL_SERVER_ERROR logger.error(message) else: message = "密码修改成功" response.status_code = status.HTTP_200_OK redis_client.set(db_user.id, "", ex=1) return db_user_obj, message
def test_verify_password(): assert verify_password(MOCK_PASSWORD, MOCK_PASSWORD_HASH) == True
def check_password(self, password: str): return verify_password(self.salt + password, self.hashed_password)
def signin(self, db: Session, request: Request, response: Response, *, obj_in: schema_user.UserPasswordSigninIn): """ 通过密码登录 :param account: 手机号/邮箱/用户名 :param password: 密码 :return: token, 提示信息 """ # -------- 判断输入账号 手机号/邮箱/用户名 ------- # if re.match(RE_PHONE, obj_in.account): # 手机 db_user = crud_user.get_user_by_phone(db, phone=obj_in.account) elif re.match(RE_EMAIL, obj_in.account): # 邮箱 db_user = crud_user.get_user_by_email(db, email=obj_in.account) else: # 用户名 db_user = crud_user.get_user_by_username(db, username=obj_in.account) # --------- 判断账号是否注册过 ---------- # if not db_user: message = f"账号 {obj_in.account} 未注册" response.status_code = status.HTTP_404_NOT_FOUND elif db_user.status == 1: message = f"账号 {obj_in.account} 已被禁用" response.status_code = status.HTTP_403_FORBIDDEN else: # ------ 判断用户是否设置初始密码 ------ # if not db_user.hashed_password: message = f"账号 {obj_in.account} 还未设置初始密码" response.status_code = status.HTTP_401_UNAUTHORIZED return None, message # --------- 密码进行比对 ----------- # if not security.verify_password(obj_in.password, db_user.hashed_password): message = f"用户 {obj_in.account} 密码不正确" response.status_code = status.HTTP_401_UNAUTHORIZED logger.error(message) else: # -------- # 登录token 存储了userid 和 authorityid ------- # access_token_expires = timedelta( minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES) token = security.create_access_token( db_user.id, db_user.authorityid, expires_delta=access_token_expires) redis_client.set(db_user.id, token, ex=settings.ACCESS_TOKEN_EXPIRE_MINUTES) # -------- 登录成功之后向数据库添加一条登录日志信息 -------- # ip = request.client.host # 用户ip db_signin_log = crud_user.add_signin_log(db, userid=db_user.id, ip=ip) if not db_signin_log: message = f"用户 {obj_in.account} 登录失败" response.status_code = status.HTTP_401_UNAUTHORIZED else: message = f"用户 {obj_in.account} 登录成功" response.status_code = status.HTTP_200_OK return token, message logger.error(message) return None, message