def test_shorthash(self): manager = BCRYPTPasswordManager() def match(hash): return True manager.match = match short_hash = manager.encode(self.snowpass)[:28] assert_true(manager.match(short_hash)) manager.check(short_hash, self.snowpass)
def password_check(password, stored_passw): """ Returns a boolean of whether the password was correct. """ from cryptacular.bcrypt import BCRYPTPasswordManager manager = BCRYPTPasswordManager() return manager.check(stored_passw, password)
def check_password(cls, username, password, session=None): if session is None: session = DBSession manager = BCRYPTPasswordManager() try: user = User.by_username(username) except NoResultFound: return False return manager.check(user.password, password)
def do_login(request): username = request.params.get('username', None) password = request.params.get('password', None) if not (username and password): raise ValueError('both username and password are required') settings = request.registry.settings manager = BCRYPTPasswordManager() if username == settings.get('auth.username', ''): hashed = settings.get('auth.password', '') return manager.check(hashed, password)
def validate_user_password(cls, username, password): user = DBSession.query(cls).options(noload(cls.groups)).filter(cls.username == username.lower()).first() if user is None: return None manager = BCRYPTPasswordManager() if manager.check(user.credentials, password): return user return None
def login(request): username = request.params.get("username", None) password = request.params.get("password", None) if not (username and password): raise ValueError("Username and password are required") manager = BCRYPTPasswordManager() try: user = User.get_by_username(username) except: raise ValueError("User does not exist") return manager.check(user.password, password)
def test_create_user(db_session): kwargs = { 'username': "******", 'password': "******" } kwargs['session'] = db_session user = app.User.new(**kwargs) db_session.flush() u = db_session.query(app.User).filter(app.User.id == user.id).one() assert getattr(u, 'id', '') is not None assert getattr(u, 'username', '') == "Test_Username" manager = BCRYPTPasswordManager() assert manager.check(getattr(user, 'password', ''), "testpassword")
def do_login(request): username = request.params.get('username', None) password = request.params.get('password', None) if not (username and password): raise ValueError('both username and password are required') settings = request.registry.settings # you can always get hold of application settings with # `request.registry.settings` manager = BCRYPTPasswordManager() if username == settings.get('auth.username', ''): hashed = settings.get('auth.password', '') return manager.check(hashed, password) return False
def do_login(request): login_result = False manager = BCRYPTPasswordManager() entered_username = request.params.get('username', None) entered_password = request.params.get('password', None) user_obj = User.lookup_by_attribute(username=entered_username)[0] db_username = user_obj.username if entered_username == db_username: db_hashed = user_obj.password # manager.check returns BOOL login_result = manager.check(db_hashed, entered_password) return login_result
def check_password(cls, username, password): """ Check the user password. Check if the submited password for username is the same than the encrypted one recorded in the database. Return None if the username did not exist. :param username: the user username :type username: unicode :param username: the submited password :type username: unicode :return: True if the password is correct. false if incorect :rtype: boolean """ bcrypt = BCRYPTPasswordManager() user = cls.get_by_username(username) if user: return bcrypt.check(user.password, password)
def verify_password(self, password): manager = Manager() return manager.check(self.password, password)
def check_password(self, password): manager = BCRYPTPasswordManager() return manager.check(self.credentials, password)
def validate_password(self, value): manager = BCRYPTPasswordManager() return manager.check(self._password, value)
def verify_password(self, password): ''' Verify username and password using Cryptacular. ''' manager = Manager() return manager.check(self.password, password)
from cryptacular.bcrypt import BCRYPTPasswordManager manager = BCRYPTPasswordManager() hashed = manager.encode('password') assert manager.check(hashed, 'password')
def authenticate_user(self, password): manager = BCRYPTPasswordManager() return manager.check(self.password, password)
class TestBCRYPTPasswordManager(object): snowpass = "******" def setup(self): self.manager = BCRYPTPasswordManager() @raises(TypeError) def test_None1(self): self.manager.encode(None) @raises(TypeError) def test_None2(self): self.manager.check(None, 'xyzzy') @raises(TypeError) def test_None3(self): hash = self.manager.encode('xyzzy') self.manager.check(hash, None) def test_badhash(self): eq_(self.manager.check('$p5k2$400$ZxK4ZBJCfQg=$kBpklVI9kA13kP32HMZL0rloQ1M=', self.snowpass), False) @raises(ValueError) def test_shorthash(self): manager = BCRYPTPasswordManager() def match(hash): return True manager.match = match short_hash = manager.encode(self.snowpass)[:28] assert_true(manager.match(short_hash)) manager.check(short_hash, self.snowpass) @raises(ValueError) def test_too_few_rounds(self): self.manager.encode(self.snowpass, rounds=1) @raises(ValueError) def test_too_many_rounds(self): self.manager.encode(self.snowpass, rounds=100) def test_emptypass(self): self.manager.encode('') def test_general(self): manager = self.manager hash = manager.encode(self.snowpass) eq_(manager.match(hash), True) eq_(len(hash), 60) assert_true(manager.check(hash, self.snowpass)) password = "******" hash = manager.encode(password) assert_true(manager.check(hash, password)) assert_true(manager.check(unicode(hash), password)) assert_false(manager.check(password, password)) assert_not_equal(manager.encode(password), manager.encode(password)) hash = manager.encode(password, rounds=4) assert_true(manager.check(hash, password)) @raises(ValueError) def test_fail_1(self): def return_none(*args): return None bcrypt = BCRYPTPasswordManager() bcrypt.crypt_gensalt_rn = return_none bcrypt.encode('foo') @raises(ValueError) def test_fail_2(self): def return_none(*args): return None bcrypt = BCRYPTPasswordManager() bcrypt.crypt_rn = return_none bcrypt.encode('foo') @raises(ValueError) def test_fail_3(self): def return_none(*args): return None bcrypt = BCRYPTPasswordManager() pw = bcrypt.encode('foobar') bcrypt.crypt_rn = return_none bcrypt.check(pw, 'foo')
def login(self): max_logins = 6 request = self.request login_url = request.route_url('login_path') referrer = request.url if referrer == login_url: referrer = '/' # never use login form itself as came_from came_from = request.params.get('came_from', referrer) login = None password = None flash_messages = [] if 'form.submitted' in request.params: if('login' in request.params and request.params['login'] != None): login = request.params['login'] else: flash_messages.append('No email address provided.') if('password' in request.params and request.params['password'] != None): password = request.params['password'] else: flash_messages.append('No password entered.') #Check that this user hasn't gone over their maximum number of login attempts four_hours_ago = dt.datetime.now() - dt.timedelta(hours = 4) failed_login_count = request.db.query(FailedLogin).filter(and_(or_(FailedLogin.email == login, FailedLogin.ip_address == request.remote_addr), FailedLogin.date_of_failure >= four_hours_ago)).count() if failed_login_count <= max_logins: if(login != None and password != None): #Start by finding this user in the database user = request.db.query(RegisteredUser).filter(RegisteredUser.email == login).first() #Create the crypto_manager crypto_manager = BCRYPTPasswordManager() #If they exist, let's verify that this is their password if(user and crypto_manager.check(user.getPassword(), password)): #Create a random number and fill in the database with key information #This is done in a while loop using the was_created sentinal variable to insure that #we did not accidently create two different sessions with the same session key value #If this should happen, we will retry logging the user in. was_not_created = True iter_value = 0 while was_not_created: try: iter_value += 1 if(iter_value < 10): new_session_key = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits + string.ascii_lowercase) for _ in range(64)) user_session = SessionCookie( session_key = new_session_key, user_id = user.id, user_role = request.db.query(UserGroup).filter(UserGroup.id == user.getGroupId()).first().getName(), creation_date = dt.datetime.now(), expiration_date = dt.datetime.now() + dt.timedelta(minutes = 20), update_time = dt.datetime.now() + dt.timedelta(minutes = 2) ) request.db.add(user_session) request.db.commit() request.db.flush() was_not_created = False except exc.SQLAlchemyError as e: print e request.db.rollback() was_not_created = True request.session['session_key'] = new_session_key headers = remember(request, new_session_key) request.session.flash("You have successfully logged in to your account.", "success") return HTTPFound(location=came_from, headers=headers) else: #Tell the user their login failed. flash_messages.append('Invalid e-mail/password.') #Increase the number failed logins recorded failed_login = FailedLogin(email=login, date_of_failure=dt.datetime.now(), ip_address=request.remote_addr) request.db.add(failed_login) logEntry = LogItem(event_name = 'Failed Login Attempt', event_description = 'A user attempted to log into the user with email, {0}, using invalid login credentials.'.format(login), event_tag_id = None, user_id = None, ip_address = request.remote_addr, danger_index = 1, event_date = dt.datetime.now()) request.db.add(logEntry) request.db.commit() #Increase the number of failed logins on this user (if they entered a valid login email) if(user): if(user.getNumberOfFailedLogins() != None): new_failed_login_count = user.getNumberOfFailedLogins() + 1 else: new_failed_login_count = 1 user.num_of_failed_logins = new_failed_login_count #Check if this is their final allowed login if(new_failed_login_count >= max_logins): user.setNextAvailableLoginDate(dt.datetime.now() + dt.timedelta(hours = 4)) logEntry = LogItem(event_name = 'Login Attempt Limit Exceeded', event_description = 'A user has entered too many invalid passwords for the user with email, {0}.'.format(login), event_tag_id = None, user_id = None, ip_address = request.remote_addr, danger_index = 5, event_date = dt.datetime.now()) request.db.add(logEntry) request.db.commit() request.db.flush() return dict( name='Login', flash_messages=flash_messages, url=request.application_url + '/login', came_from=came_from, ) else: #Inform the user that they have gone over their login attempts flash_messages.append('Login atttempt limit exceeded.') url = request.route_url('index_path') return HTTPFound(location=url) return dict( name='Login', flash_messages=flash_messages, url=request.application_url + '/login', came_from=came_from )
def cryptacular(): manager = BCRYPTPasswordManager() hashed = manager.encode('password') if manager.check(hashed, 'password'): print(hashed)
def verify_password(self, password): manager = BCRYPTPasswordManager() return manager.check(self.hashword, password)
def validate_password(self, password): pwd_manager = BCRYPTPasswordManager() return pwd_manager.check(self.password, password)