def test_check_login_has_connection(self):
ret = database.check_login(
'*****@*****.**',
'pbkdf2:sha256:150000$WT5eNrHI$fabc60fc188bcebf165644501d540f27c33998ff5da2f381e743b9097462463e'
)
self.assertIsNotNone(ret)
ret = database.check_login('*****@*****.**', '123')
self.assertIsNone(ret)
pass
def login():
# Check if they are submitting details, or they are just logging in
if (request.method == 'POST'):
# submitting details
login_return_data = database.check_login(request.form['email'],
request.form['password'])
# Check if the database gave an error
if (login_return_data == None):
page['bar'] = False
flash("""There was an error with the database.""")
return redirect(url_for('login'))
# If it's null, saying they have incorrect details
if (login_return_data is None or len(login_return_data) < 1):
page['bar'] = False
flash("Incorrect email/password, please try again")
return redirect(url_for('login'))
# If there was no error, log them in
page['bar'] = True
flash('You have been logged in successfully')
session['logged_in'] = True
# Store the user details for us to use throughout
global user_details
user_details = login_return_data
session['member_type'] = user_details['member_type']
return redirect(url_for('index'))
elif (request.method == 'GET'):
return (render_template('login.html', page=page))
def login():
"""
Provides /login
- [GET] If they are just viewing the page then render login page.
- [POST] If submitting login details, check login.
"""
# Check if they are submitting details, or they are just logging in
if (request.method == 'POST'):
# submitting details
# The form gives back EmployeeID and Password
login_return_data = database.check_login(request.form['id'],
request.form['password'])
# If it's null, saying they have incorrect details
if login_return_data is None:
page['bar'] = False
flash("Incorrect id/password, please try again")
return redirect(url_for('login'))
# If there was no error, log them in
page['bar'] = True
flash('You have been logged in successfully')
session['logged_in'] = True
# Store the user details for us to use throughout
global user_details
user_details = login_return_data
# Is the user a manager or a normal user?
session['manager'] = database.is_manager(request.form['id'])
return redirect(url_for('index'))
elif (request.method == 'GET'):
return (render_template('login.html', session=session, page=page))
def get_user():
"""Returns the username of the currently logged in user"""
user = request.cookies.get('user')
hash = request.cookies.get('password_hash')
if (user != None and user != '' and database.check_login(user, hash)):
return user
return None
def test_check_login_no_connection(self, conn):
conn.return_value = None
ret = database.check_login(
'*****@*****.**',
'pbkdf2:sha256:150000$WT5eNrHI$fabc60fc188bcebf165644501d540f27c33998ff5da2f381e743b9097462463e'
)
self.assertIsNone(ret)
pass
def post(self):
username = self.get_argument("name")
password = self.get_argument("password")
if check_login(username, password):
self.set_secure_cookie("user", username)
self.redirect("/")
else:
self.render('login.html',
error="Error: incorrect password or username")
def login():
isError=False
error=""
if request.method == "POST":
username = request.form['loginUsername'] #assuming SSL connection so this is okay
password = request.form['loginPassword'] #jk SSL certs cost money
if database.check_login(username,password):
session['username'] = username
return redirect(url_for('index'))
else: #invalid
print "invalid login"
isError=True
error="Wrong username or password. Please try again!"
return render_template("login.html", error=error, isError=isError)
def login():
# Check if they are submitting details, or they are just logging in
if (request.method == 'POST'):
# submitting details
val = database.check_login(request.form['email'],
request.form['password'])
# Check if the database gave an error
if (val == ERROR_CODE):
page['bar'] = False
flash("""There was an error with the database.""")
return redirect(url_for('login'))
# If it's null, saying they have incorrect details
if (val is None or len(val) < 1):
page['bar'] = False
flash("Incorrect user/password, please try again")
return redirect(url_for('login'))
# If there was no error, log them in
page['bar'] = True
flash('You have been logged in successfully')
session['logged_in'] = True
user_details['member_no'] = val[0][0]
# check if it's admin
if (user_details['member_no'] == ADMIN_NO):
return redirect(url_for('admin'))
# Store the user details for us to use throughout
user_details['email'] = val[0][1]
user_details['first'] = val[0][2]
user_details['family'] = val[0][3]
user_details['address'] = val[0][4]
user_details['mobile_phone'] = val[0][5]
user_details['work_phone'] = val[0][6]
user_details['home_phone'] = val[0][7]
# Store dogs' details
dogs_details.clear()
for i in range(len(val)):
dogs_details.append({})
dogs_details[-1]['name'] = val[i][8]
dogs_details[-1]['breed'] = val[i][9]
dogs_details[-1]['birthdate'] = val[i][10]
return redirect(url_for('index'))
elif (request.method == 'GET'):
return (render_template('login.html', page=page))
def post(self):
"""Handle login attempts"""
username = self.get_argument("username", default=None, strip=True)
password = self.get_argument("password", default=None, strip=True)
time.sleep(settings.LOGIN_ATTEMPT_DELAY)
if database.check_login(username, password):
self.set_secure_cookie("logged_in", username)
view = self.get_argument("view", default="overview", strip=True)
self.redirect("/admin/" + view)
return
self.render("login.html", error="Login failed.", ajax=False)
def insert_user():
if not request.json or 'Login' not in request.json:
abort(400)
if(db.check_login(request.json)>0):
return make_response(jsonify({'error': "User with the same login exists!"}), 400)
if(db.check_email(request.json)>0):
return make_response(jsonify({'error': "User with the same email exists!"}), 400)
rows_affected = db.insert_user(request.json)
if rows_affected:
return make_response(jsonify({'result': "ok"}), 201)
else:
return make_response(jsonify({'error': "couldn't insert user"}),400)
def index(e):
app.logger.debug('app.py index')
app.logger.debug('app.py login BEGIN')
app.logger.info('app.py login error: %s', e)
data = {'e': e}
if request.method == 'POST':
app.logger.info("login POST request: %s", request)
app.logger.info("login POST request: %s %s", request.form['email'],
request.form['password'])
record = database.check_login(request.form['email'],
request.form['password'])
if record is not None:
return redirect(url_for('main', record=record))
else:
e = "Email or password is invalid"
data = {'e': e}
app.logger.debug('app.py login END')
return render_template('index.html', data=data)
def login():
# Check if they are submitting details, or they are just logging in
if (request.method == 'POST'):
# submitting details
val = database.check_login(request.form['email'],
request.form['password'])
# Check if the database gave an error
if (val == ERROR_CODE):
page['bar'] = False
flash("""There was an error with the database.""")
return redirect(url_for('login'))
# If it's null, saying they have incorrect details
if (val is None or len(val) < 1):
page['bar'] = False
flash("Incorrect email/password, please try again")
return redirect(url_for('login'))
# If there was no error, log them in
page['bar'] = True
flash('You have been logged in successfully')
session['logged_in'] = True
# Store the user details for us to use throughout
user_details['email'] = val[9]
user_details['nickname'] = val[0]
user_details['title'] = val[1]
user_details['first'] = val[2]
user_details['family'] = val[3]
user_details['address'] = val[4]
if val[5] is None:
user_details['homebay'] = 'Add a homebay'
else:
user_details['homebay'] = val[5]
user_details['membersince'] = val[6]
user_details['plan'] = val[7]
user_details['num_bookings'] = val[8]
return redirect(url_for('index'))
elif (request.method == 'GET'):
return (render_template('login.html', page=page))
def auth(request):
body = json.loads(request.body)
if body["type"] == "isLog":
for this_session in request.session.keys(): #If session exists yet
return HttpResponse(json.dumps({"isLog": True
})) #Return true if session exists
return HttpResponse(json.dumps(
{"isLog": False})) #Return false if session doesn't exist
elif body["type"] == "login":
if database.check_user(
body["login"], body["password"]
) == True: #Checking if login and password correct
request.session[body["login"]] = body[
"password"] #Start new session
return HttpResponse(
json.dumps({"redirect_url": url + "?profile=" + body["login"]})
) #Return redirection link to profile page after success login
else:
return HttpResponse(
json.dumps({'error': 'Incorrect login or password'
})) #Error if login or password incorrect
elif body["type"] == "logout":
for this_session in request.session.keys(): #Get session name
del request.session[this_session] #Delete session with this name
break #Stop loop
return HttpResponse(json.dumps({"redirect_url": url + "auth"
})) #Return redirection link to auth
elif body["type"] == "registration":
if database.check_login(
body["login"]) == True: #Checking login uniqueness
return HttpResponse(json.dumps({'error': 'User already exist'
})) #Error if this login exist yet
database.add_user(body["name"], body["login"],
body["password"]) #Create new user
request.session[body["login"]] = body["password"] #Start new session
return HttpResponse(
json.dumps({
"redirect_url": url + "?profile=" + body["login"]
})) #Return redirection link to profile page after registration
def check_login():
'''Defines the behaviour of the chcek login page,
This page is called by the login page and is used to verify the users credentials'''
if request.method == 'POST':
try:
unm = request.form['unm']
pswd = request.form['pswd']
conn = mysql.connect()
cookie = generate_salt()
mg = "Welcome " + database.check_login(conn, unm, pswd, bcrypt)
database.add_cookie(conn, cookie, unm)
response = make_response(render_template("result.html",msg = mg, links=loggedin))
response.set_cookie('user', cookie)
except NameError:
mg = "That password is incorrect."
response = make_response(render_template("result.html",msg = mg, links=check_for_cookie()[0]))
except TypeError:
mg = "That username does not exist."
response = make_response(render_template("result.html",msg = mg, links=check_for_cookie()[0]))
finally:
conn.rollback()
return response
def login():
# Check if they are submitting details, or they are just logging in
if(request.method == 'POST'):
# submitting details
val = database.check_login(request.form['email'] , request.form['password'])
# Check if the database gave an error
if(val == ERROR_CODE):
page['bar'] = False
flash("""There was an error with the database.""")
return redirect(url_for('login'))
# If it's null, saying they have incorrect details
if(val is None or len(val) < 1):
page['bar'] = False
flash("Incorrect email/password, please try again")
return redirect(url_for('login'))
# If there was no error, log them in
page['bar'] = True
flash('You have been logged in successfully')
session['logged_in'] = True
# Store the user details for us to use throughout
user_details['email'] = request.form['email']
user_details['nickname'] = val[0]
user_details['title'] = val[1]
user_details['first'] = val[2]
user_details['family'] = val[3]
user_details['address'] = val[4]
user_details['homebay'] = val[5]
user_details['membersince'] = val[6]
user_details['plan'] = val[7]
user_details['num_bookings'] = val[8]
return redirect(url_for('index'))
elif(request.method == 'GET'):
return(render_template('login.html', page=page))
def account():
error=""
isError=False
success=""
isSuccess=False
if request.method == "POST":
newPass = request.form['newPass']
confirmNewPass = request.form['confirmNewPass']
oldPass = request.form['oldPass']
if newPass == "" or confirmNewPass == "" or oldPass == "":
error = "Did you remember to fill out the entire form? (no)"
isError=True
elif newPass!= confirmNewPass:
error = "Your passwords don't match. Please try again!"
isError=True
elif not database.check_login(session['username'], oldPass):
error = "You typed in the wrong password..."
isError=True
else:
success = "Okay! Your password has now been successfully changed."
isSuccess=True
database.set_password(session['username'], newPass)
print newPass
return render_template("account.html", error=error, success=success, isError=isError, isSuccess=isSuccess)
