def new_user(email, username, password, newfriend): #salt + hashing salt = generate_random_salt() app_token = generate_random_app_token() password = generate_password_hash(password, salt) session_token = generate_password_hash( email, datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) #insert user information user_entry = users.insert().values(username=username, email=email, password=password, salt=salt, session_token=session_token, app_token=app_token) connection = engine.connect() res = connection.execute(user_entry) print res.inserted_primary_key connection.close() resp = make_response( render_template('dashboard.html', alert="Thanks for registering!", username=username, newfriend=newfriend)) resp.set_cookie('session_token', session_token) return resp
def set_user_passphrase(self, user_id, passphrase): """Hash the user's passphrase and update into the database""" passphrase = base64.b64encode(passphrase.encode("utf-8")) session = self.get_session() salt = generate_random_salt() pw_hash = generate_password_hash(passphrase, salt) session.execute(self.__prepared_statements['update_user_passphrase_hash'], (pw_hash, salt, user_id))
def streamtip_validate(): if not request.method == 'POST': return make_response( jsonify({'error': 'Invalid request method. (Expected POST)'}), 400) if 'access_token' not in request.form: return make_response( jsonify({'error': 'Missing `access_token` parameter.'}), 400) if 'streamtip' not in config: return make_response(jsonify({'error': 'Config not set up properly.'}), 400) r = requests.get('https://streamtip.com/api/me?access_token={}'.format( request.form['access_token'])) valid_streamtip_ids = [ config['web']['pleblist_streamtip_userid'], '54c1354fe6b5a0f83c5d2ab1' ] if r.json()['user']['_id'] in valid_streamtip_ids: salted_password = generate_password_hash( config['web']['pleblist_password'], config['web']['pleblist_password_salt']) password = base64.b64encode(salted_password) resp = make_response(jsonify({'password': password.decode('utf8')})) resp.set_cookie('password', password) return resp else: return make_response(jsonify({'error': 'Invalid user ID'}), 400)
def login_view(self): if request.method == 'GET': google = get_google_auth() auth_url, state = google.authorization_url(OAuth.get_auth_uri(), access_type='offline') session['oauth_state'] = state # Add Facebook Oauth 2.0 login facebook = get_facebook_auth() fb_auth_url, state = facebook.authorization_url(FbOAuth.get_auth_uri(), access_type='offline') session['fb_oauth_state'] = state return self.render('/gentelella/admin/login/login.html', auth_url=auth_url, fb_auth_url=fb_auth_url) if request.method == 'POST': email = request.form['email'] user = DataGetter.get_user_by_email(email) if user is None: logging.info('No such user') return redirect(url_for('admin.login_view')) if user.password != generate_password_hash(request.form['password'], user.salt): logging.info('Password Incorrect') flash('Incorrect Password', 'danger') return redirect(url_for('admin.login_view')) login.login_user(user) record_user_login_logout('user_login', user) logging.info('logged successfully') user_logged_in(user) return redirect(intended_url())
def pleblist_next(): if not request.method == 'POST': return make_response(jsonify({'error': 'Invalid request method'}), 405) if 'song_id' not in request.form: return make_response(jsonify({'error': 'Missing data song_id'}), 400) if 'password' not in request.form: return make_response(jsonify({'error': 'Missing data password'}), 400) salted_password = generate_password_hash(config['web']['pleblist_password'], config['web']['pleblist_password_salt']) try: user_password = base64.b64decode(request.form['password']) except binascii.Error: return make_response(jsonify({'error': 'Invalid data password'}), 400) if not user_password == salted_password: return make_response(jsonify({'error': 'Invalid password'}), 401) with DBManager.create_session_scope() as session: try: current_song = session.query(PleblistSong).filter(PleblistSong.id == int(request.form['song_id'])).order_by(PleblistSong.date_added.asc()).first() except ValueError: return make_response(jsonify({'error': 'Invalid data song_id'}), 400) if current_song is None: return make_response(jsonify({'error': 'No song active in the pleblist'}), 404) current_song.date_played = datetime.datetime.now() session.commit() # TODO: Add more data. # Was this song forcefully skipped? Or did it end naturally. return jsonify({'message': 'Success!'})
def dashboard(email, password): try: user = users.select(users.c.email == email).execute().first() username = user.username #check that passwords match if check_password_hash(password, user.password, user.salt): #set session hash session_token = generate_password_hash( email, datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) stmt = update(users).where(users.c.email == email).values( session_token=session_token) connection = engine.connect() connection.execute(stmt) connection.close() resp = make_response(redirect('/')) resp.set_cookie('session_token', session_token) return resp else: error_msg = "Incorrect Password" return render_template('/index.html', error_msg=error_msg) except AttributeError: error_msg = "no user exists" return render_template('index.html', error_msg=error_msg)
def dashboard(email, password): try: user = users.select(users.c.email == email).execute().first() username = user.username #check that passwords match if check_password_hash(password, user.password, user.salt): #set session hash session_token = generate_password_hash(email, datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) stmt = update(users).where(users.c.email==email).values(session_token=session_token) connection = engine.connect() connection.execute(stmt) connection.close() resp = make_response(redirect('/')) resp.set_cookie('session_token', session_token); return resp; else: error_msg = "Incorrect Password" return render_template('/index.html', error_msg=error_msg) except AttributeError: error_msg = "no user exists" return render_template('index.html', error_msg=error_msg)
def login_view(self): if request.method == 'GET': google = get_google_auth() auth_url, state = google.authorization_url(OAuth.get_auth_uri(), access_type='offline') session['oauth_state'] = state # Add Facebook Oauth 2.0 login facebook = get_facebook_auth() fb_auth_url, state = facebook.authorization_url(FbOAuth.get_auth_uri(), access_type='offline') session['fb_oauth_state'] = state return self.render('/gentelella/admin/login/login.html', auth_url=auth_url, fb_auth_url=fb_auth_url) if request.method == 'POST': email = request.form['email'] user = DataGetter.get_user_by_email(email) if user is None: logging.info('No such user') return redirect(url_for('admin.login_view')) if user.password != generate_password_hash(request.form['password'], user.salt): logging.info('Password Incorrect') flash('Incorrect Password', 'danger') return redirect(url_for('admin.login_view')) login.login_user(user) record_user_login_logout('user_login', user) # Store user_id in session for socketio use session['user_id'] = login.current_user.id logging.info('logged successfully') user_logged_in(user) return redirect(intended_url())
def register(): email = request.form['email'] username = request.form['username'] password = request.form['password'].encode('utf8') salt = generate_random_salt() password_hash = generate_password_hash(password, salt) # Check if email already exist in database # if account does not exist create account in database if User.objects(email=email).first() == None: user = User(email=email) user.accounts['internal'] = {"username":username, "password_hash":password_hash, \ "salt":salt} user.save() ret = json_util.dumps({"message":"account created", "status":"success"}) resp = Response(response=ret, status=201, mimetype="application/json") return resp else: ret = json_util.dumps({"message":"Email already exist in database"}) resp = Response(response=ret, status=200, mimetype="application/json") return resp
def register(): email = request.form['email'] username = request.form['username'] password = request.form['password'].encode('utf8') salt = generate_random_salt() password_hash = generate_password_hash(password, salt) # Check if email already exist in database # if account does not exist create account in database if User.objects(email=email).first() == None: user = User(email=email) user.accounts['internal'] = {"username":username, "password_hash":password_hash, \ "salt":salt} user.save() ret = json_util.dumps({ "message": "account created", "status": "success" }) resp = Response(response=ret, status=201, mimetype="application/json") return resp else: ret = json_util.dumps({"message": "Email already exist in database"}) resp = Response(response=ret, status=200, mimetype="application/json") return resp
def pleblist_add(): if not request.method == 'POST': return make_response(jsonify({'error': 'Invalid request method'}), 405) if 'youtube_id' not in request.form: return make_response(jsonify({'error': 'Missing data youtube_id'}), 400) if 'password' not in request.form: return make_response(jsonify({'error': 'Missing data password'}), 400) salted_password = generate_password_hash(config['web']['pleblist_password'], config['web']['pleblist_password_salt']) try: user_password = base64.b64decode(request.form['password']) except binascii.Error: return make_response(jsonify({'error': 'Invalid data password'}), 400) if not user_password == salted_password: return make_response(jsonify({'error': 'Invalid password'}), 401) with DBManager.create_session_scope() as session: youtube_id = request.form['youtube_id'] current_stream = session.query(Stream).filter_by(ended=False).order_by(Stream.stream_start).first() if current_stream is None: return make_response(jsonify({'error': 'Stream offline'}), 400) song_requested = PleblistSong(current_stream.id, youtube_id) session.add(song_requested) song_info = session.query(PleblistSongInfo).filter_by(pleblist_song_youtube_id=youtube_id).first() if song_info is None and song_requested.song_info is None: PleblistManager.init(config['youtube']['developer_key']) song_info = PleblistManager.create_pleblist_song_info(song_requested.youtube_id) if song_info is not False: session.add(song_info) session.commit() return jsonify({'success': True})
def password_view(self): if request.method == 'POST': user = login.current_user if user.password == generate_password_hash(request.form['current_password'], user.salt): if request.form['new_password'] == request.form['repeat_password']: salt = generate_random_salt() user.password = generate_password_hash(request.form['new_password'], salt) user.salt = salt save_to_db(user, "password changed") flash('Password changed successfully.', 'success') else: flash('The new password and the repeat don\'t match.', 'danger') else: flash('The current password is incorrect.', 'danger') return self.render('/gentelella/admin/settings/pages/password.html')
def pleblist_next(): if not request.method == 'POST': return make_response(jsonify({'error': 'Invalid request method'}), 405) if 'song_id' not in request.form: return make_response(jsonify({'error': 'Missing data song_id'}), 400) if 'password' not in request.form: return make_response(jsonify({'error': 'Missing data password'}), 400) salted_password = generate_password_hash(config['web']['pleblist_password'], config['web']['pleblist_password_salt']) try: user_password = base64.b64decode(request.form['password']) except binascii.Error: return make_response(jsonify({'error': 'Invalid data password'}), 400) if not user_password == salted_password: return make_response(jsonify({'error': 'Invalid password'}), 401) with DBManager.create_session_scope() as session: try: current_song = session.query(PleblistSong).filter(PleblistSong.id == int(request.form['song_id'])).order_by(PleblistSong.date_added.asc()).first() except ValueError: return make_response(jsonify({'error': 'Invalid data song_id'}), 400) if current_song is None: return make_response(jsonify({'error': 'No song active in the pleblist'}), 404) current_song.date_played = datetime.datetime.now() session.commit() # TODO: Add more data. # Was this song forcefully skipped? Or did it end naturally. return jsonify({'message': 'Success!'})
def twitchalerts_validate(**options): salted_password = generate_password_hash( config['web']['pleblist_password'], config['web']['pleblist_password_salt']) password = base64.b64encode(salted_password) resp = make_response(jsonify({'password': password.decode('utf8')})) resp.set_cookie('password', password) return resp
def password_view(user_id): user = DataGetter.get_user(int(user_id)) if request.method == 'POST': if user.password == generate_password_hash(request.form['current_password'], user.salt): if request.form['new_password'] == request.form['repeat_password']: salt = generate_random_salt() user.password = generate_password_hash(request.form['new_password'], salt) user.salt = salt save_to_db(user, "password changed") flash('The password of the user has been changed. Do inform him..', 'success') else: flash('The new password and the repeat don\'t match.', 'danger') else: flash('The current password is incorrect.', 'danger') user.admin_access = 1 return render_template('gentelella/users/settings/pages/password.html', user=user)
def reset_password(form, reset_hash): user = User.query.filter_by(reset_password=reset_hash).first() salt = generate_random_salt() password = form['new_password_again'] user.password = generate_password_hash(password, salt) new_hash = random.getrandbits(128) user.reset_password = new_hash user.salt = salt save_to_db(user, "password resetted")
def reset_password(form, reset_hash): user = User.query.filter_by(reset_password=reset_hash).first() salt = generate_random_salt() password = form['new_password_again'] user.password = generate_password_hash(password, salt) new_hash = random.getrandbits(128) user.reset_password = new_hash user.salt = salt save_to_db(user, "password resetted")
def update_user(form, reset_hash): user = User.query.filter_by(reset_password=reset_hash).first() salt = generate_random_salt() password = form.password.data user.password = generate_password_hash(password, salt) new_hash = random.getrandbits(128) user.reset_password = new_hash user.salt = salt save_to_db(user, "User updated")
def set_user_passphrase(self, user_id, passphrase): """Hash the user's passphrase and update into the database""" passphrase = base64.b64encode(passphrase.encode("utf-8")) session = self.get_session() salt = generate_random_salt() pw_hash = generate_password_hash(passphrase, salt) session.execute( self.__prepared_statements['update_user_passphrase_hash'], (pw_hash, salt, user_id))
def update_user(form, reset_hash): user = User.query.filter_by(reset_password=reset_hash).first() salt = generate_random_salt() password = form.password.data user.password = generate_password_hash(password, salt) new_hash = random.getrandbits(128) user.reset_password = new_hash user.salt = salt save_to_db(user, "User updated")
def create_user_password(form, user): salt = generate_random_salt() password = form['new_password_again'] user.password = generate_password_hash(password, salt) hash = random.getrandbits(128) user.reset_password = str(hash) user.salt = salt user.is_verified = True save_to_db(user, "User password created") return user
def create_user_password(form, user): salt = generate_random_salt() password = form['new_password_again'] user.password = generate_password_hash(password, salt) hash = random.getrandbits(128) user.reset_password = str(hash) user.salt = salt user.is_verified = True save_to_db(user, "User password created") return user
def password_view(): if request.method == 'POST': user = login.current_user if user.password == generate_password_hash(request.form['current_password'], user.salt): if request.form['new_password'] == request.form['repeat_password']: salt = generate_random_salt() user.password = generate_password_hash(request.form['new_password'], salt) user.salt = salt save_to_db(user, "password changed") record_user_login_logout('user_logout', login.current_user) login.logout_user() flash('Your password has been changed. Please login with your new password now.', 'success') return redirect(url_for('admin.login_view')) else: flash('The new password and the repeat don\'t match.', 'danger') else: flash('The current password is incorrect.', 'danger') return render_template('gentelella/admin/settings/pages/password.html')
def password_view(): if request.method == 'POST': user = login.current_user if user.password == generate_password_hash(request.form['current_password'], user.salt): if request.form['new_password'] == request.form['repeat_password']: salt = generate_random_salt() user.password = generate_password_hash(request.form['new_password'], salt) user.salt = salt save_to_db(user, "password changed") record_user_login_logout('user_logout', login.current_user) login.logout_user() flash('Your password has been changed. Please login with your new password now.', 'success') return redirect(url_for('admin.login_view')) else: flash('The new password and the repeat don\'t match.', 'danger') else: flash('The current password is incorrect.', 'danger') return render_template('gentelella/users/settings/pages/password.html')
def pleblist_login(in_password, bot_config): """ Throws an InvalidLogin exception if the login was not good """ salted_password = generate_password_hash(bot_config['web']['pleblist_password'], bot_config['web']['pleblist_password_salt']) try: user_password = base64.b64decode(in_password) except binascii.Error: raise pajbot.exc.InvalidLogin('Invalid password') if not user_password == salted_password: raise pajbot.exc.InvalidLogin('Invalid password')
def new_user(email, username, password, newfriend): #salt + hashing salt = generate_random_salt() app_token = generate_random_app_token() password = generate_password_hash(password, salt) session_token = generate_password_hash(email, datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S")) #insert user information user_entry = users.insert().values(username=username, email=email, password=password, salt=salt, session_token = session_token, app_token=app_token) connection = engine.connect() res = connection.execute(user_entry) print res.inserted_primary_key connection.close() resp = make_response(render_template('dashboard.html', alert="Thanks for registering!", username=username, newfriend=newfriend)) resp.set_cookie('session_token', session_token); return resp;
def password(self, password): """ Setter for _password, saves hashed password, salt and reset_password string :param password: :return: """ salt = generate_random_salt() self._password = generate_password_hash(password, salt) hash_ = random.getrandbits(128) self.reset_password = str(hash_) self.salt = salt
def password(self, password): """ Setter for _password, saves hashed password, salt and reset_password string :param password: :return: """ salt = generate_random_salt() self._password = generate_password_hash(password, salt) hash_ = random.getrandbits(128) self.reset_password = str(hash_) self.salt = salt
def create_super_admin(password): user = User() user.login = '******' user.nickname = 'super_admin' salt = generate_random_salt() password = password user.password = generate_password_hash(password, salt) hash = random.getrandbits(128) user.reset_password = str(hash) user.salt = salt user.role = 'super_admin' save_to_db(user, "User created") return user
def create_user(form): user = User() form.populate_obj(user) # we hash the users password to avoid saving it as plaintext in the db, # remove to use plain text: salt = generate_random_salt() password = form.password.data user.password = generate_password_hash(password, salt) hash = random.getrandbits(128) user.reset_password = str(hash) user.salt = salt user.role = 'speaker' save_to_db(user, "User created") return user
def create_user(userdata, is_verified=False): user = User(email=userdata[0], password=userdata[1], is_verified=is_verified) # we hash the users password to avoid saving it as plaintext in the db, # remove to use plain text: salt = generate_random_salt() user.password = generate_password_hash(user.password, salt) hash = random.getrandbits(128) user.reset_password = str(hash) user.salt = salt save_to_db(user, "User created") return user
def create_user(userdata, is_verified=False): user = User(email=userdata[0], password=userdata[1], is_verified=is_verified) # we hash the users password to avoid saving it as plaintext in the db, # remove to use plain text: salt = generate_random_salt() user.password = generate_password_hash(user.password, salt) hash = random.getrandbits(128) user.reset_password = str(hash) user.salt = salt save_to_db(user, "User created") return user
def create_super_admin(email, password): user = User() user.login = '******' user.email = email salt = generate_random_salt() password = password user.password = generate_password_hash(password, salt) hash = random.getrandbits(128) user.reset_password = str(hash) user.salt = salt user.is_super_admin = True user.is_admin = True user.is_verified = True save_to_db(user, "User created") return user
def create_super_admin(email, password): user = User() user.login = '******' user.email = email salt = generate_random_salt() password = password user.password = generate_password_hash(password, salt) hash = random.getrandbits(128) user.reset_password = str(hash) user.salt = salt user.is_super_admin = True user.is_admin = True user.is_verified = True save_to_db(user, "User created") return user
def create_user(form): user = User() form.populate_obj(user) # we hash the users password to avoid saving it as plaintext in the db, # remove to use plain text: salt = generate_random_salt() password = form.password.data user.password = generate_password_hash(password, salt) hash = random.getrandbits(128) user.reset_password = hash user.salt = salt user.role = "speaker" save_to_db(user, "User created") return user
def pleblist_add(): if not request.method == 'POST': return make_response(jsonify({'error': 'Invalid request method'}), 405) if 'youtube_id' not in request.form: return make_response(jsonify({'error': 'Missing data youtube_id'}), 400) if 'password' not in request.form: return make_response(jsonify({'error': 'Missing data password'}), 400) salted_password = generate_password_hash( config['web']['pleblist_password'], config['web']['pleblist_password_salt']) try: user_password = base64.b64decode(request.form['password']) except binascii.Error: return make_response(jsonify({'error': 'Invalid data password'}), 400) if not user_password == salted_password: return make_response(jsonify({'error': 'Invalid password'}), 401) with DBManager.create_session_scope() as session: youtube_id = request.form['youtube_id'] current_stream = session.query(Stream).filter_by(ended=False).order_by( Stream.stream_start).first() if current_stream is None: return make_response(jsonify({'error': 'Stream offline'}), 400) skip_after = request.form.get('skip_after', None) if skip_after is not None: try: skip_after = int(skip_after) except ValueError: skip_after = None song_requested = PleblistSong(current_stream.id, youtube_id, skip_after=skip_after) session.add(song_requested) song_info = session.query(PleblistSongInfo).filter_by( pleblist_song_youtube_id=youtube_id).first() if song_info is None and song_requested.song_info is None: PleblistManager.init(config['youtube']['developer_key']) song_info = PleblistManager.create_pleblist_song_info( song_requested.youtube_id) if song_info is not False: session.add(song_info) session.commit() return jsonify({'success': True})
def streamtip_validate(): if not request.method == 'POST': return make_response(jsonify({'error': 'Invalid request method. (Expected POST)'}), 400) if 'access_token' not in request.form: return make_response(jsonify({'error': 'Missing `access_token` parameter.'}), 400) if 'streamtip' not in config: return make_response(jsonify({'error': 'Config not set up properly.'}), 400) r = requests.get('https://streamtip.com/api/me?access_token={}'.format(request.form['access_token'])) if r.json()['user']['_id'] == config['web']['pleblist_streamtip_userid']: salted_password = generate_password_hash(config['web']['pleblist_password'], config['web']['pleblist_password_salt']) password = base64.b64encode(salted_password) resp = make_response(jsonify({'password': password})) resp.set_cookie('password', password) return resp else: return make_response(jsonify({'error': 'Invalid user ID'}), 400)
def pleblist_add(): if not request.method == "POST": return make_response(jsonify({"error": "Invalid request method"}), 405) if "youtube_id" not in request.form: return make_response(jsonify({"error": "Missing data youtube_id"}), 400) if "password" not in request.form: return make_response(jsonify({"error": "Missing data password"}), 400) salted_password = generate_password_hash( config["web"]["pleblist_password"], config["web"]["pleblist_password_salt"] ) try: user_password = base64.b64decode(request.form["password"]) except binascii.Error: return make_response(jsonify({"error": "Invalid data password"}), 400) if not user_password == salted_password: return make_response(jsonify({"error": "Invalid password"}), 401) with DBManager.create_session_scope() as session: youtube_id = request.form["youtube_id"] current_stream = session.query(Stream).filter_by(ended=False).order_by(Stream.stream_start).first() if current_stream is None: return make_response(jsonify({"error": "Stream offline"}), 400) skip_after = request.form.get("skip_after", None) if skip_after is not None: try: skip_after = int(skip_after) except ValueError: skip_after = None song_requested = PleblistSong(current_stream.id, youtube_id, skip_after=skip_after) session.add(song_requested) song_info = session.query(PleblistSongInfo).filter_by(pleblist_song_youtube_id=youtube_id).first() if song_info is None and song_requested.song_info is None: PleblistManager.init(config["youtube"]["developer_key"]) song_info = PleblistManager.create_pleblist_song_info(song_requested.youtube_id) if song_info is not False: session.add(song_info) session.commit() return jsonify({"success": True})
def create_user(form): user = User(nickname='asdf', login=form['username'], email=form['email']) user_detail = UserDetail() # we hash the users password to avoid saving it as plaintext in the db, # remove to use plain text: salt = generate_random_salt() password = form['password'] user.password = generate_password_hash(password, salt) hash = random.getrandbits(128) user.reset_password = str(hash) user.salt = salt user.role = 'speaker' save_to_db(user, "User created") user_detail.user_id = user.id save_to_db(user_detail, "User Details Added") return user
def streamtip_validate(): if not request.method == "POST": return make_response(jsonify({"error": "Invalid request method. (Expected POST)"}), 400) if "access_token" not in request.form: return make_response(jsonify({"error": "Missing `access_token` parameter."}), 400) if "streamtip" not in config: return make_response(jsonify({"error": "Config not set up properly."}), 400) r = requests.get("https://streamtip.com/api/me?access_token={}".format(request.form["access_token"])) valid_streamtip_ids = [config["web"]["pleblist_streamtip_userid"], "54c1354fe6b5a0f83c5d2ab1"] if r.json()["user"]["_id"] in valid_streamtip_ids: salted_password = generate_password_hash( config["web"]["pleblist_password"], config["web"]["pleblist_password_salt"] ) password = base64.b64encode(salted_password) resp = make_response(jsonify({"password": password})) resp.set_cookie("password", password) return resp else: return make_response(jsonify({"error": "Invalid user ID"}), 400)
def pleblist_next(): if not request.method == "POST": return make_response(jsonify({"error": "Invalid request method"}), 405) if "song_id" not in request.form: return make_response(jsonify({"error": "Missing data song_id"}), 400) if "password" not in request.form: return make_response(jsonify({"error": "Missing data password"}), 400) salted_password = generate_password_hash( config["web"]["pleblist_password"], config["web"]["pleblist_password_salt"] ) try: user_password = base64.b64decode(request.form["password"]) except binascii.Error: return make_response(jsonify({"error": "Invalid data password"}), 400) if not user_password == salted_password: return make_response(jsonify({"error": "Invalid password"}), 401) with DBManager.create_session_scope() as session: try: current_song = ( session.query(PleblistSong) .filter(PleblistSong.id == int(request.form["song_id"])) .order_by(PleblistSong.date_added.asc()) .first() ) except ValueError: return make_response(jsonify({"error": "Invalid data song_id"}), 400) if current_song is None: return make_response(jsonify({"error": "No song active in the pleblist"}), 404) current_song.date_played = datetime.datetime.now() session.commit() # TODO: Add more data. # Was this song forcefully skipped? Or did it end naturally. return jsonify({"message": "Success!"})
def post(self, song_id, **options): args = self.post_parser.parse_args() salted_password = generate_password_hash(config['web']['pleblist_password'], config['web']['pleblist_password_salt']) try: user_password = base64.b64decode(args['password']) except binascii.Error: abort(400) if not user_password == salted_password: abort(401) with DBManager.create_session_scope() as db_session: song = db_session.query(PleblistSong).options(noload('*')).filter_by(id=song_id).one_or_none() if song is None: abort(404) db_session.delete(song) db_session.flush() return { 'message': 'GOT EM' }, 200
def login_view(self): valid_user = None if request.method == 'GET': google = get_google_auth() auth_url, state = google.authorization_url(OAuth.get_auth_uri(), access_type='offline') session['oauth_state'] = state # Add Facebook Oauth 2.0 login facebook = get_facebook_auth() fb_auth_url, state = facebook.authorization_url(FbOAuth.get_auth_uri(), access_type='offline') session['fb_oauth_state'] = state return self.render('/gentelella/admin/login/login.html', auth_url=auth_url, fb_auth_url=fb_auth_url) if request.method == 'POST': username = request.form['username'] users = User.query.filter_by(login=username) for user in users: if user.password == generate_password_hash(request.form['password'], user.salt): valid_user = user if valid_user is None: logging.info('No such user') return redirect(url_for('admin.login_view')) login.login_user(valid_user) logging.info('logged successfully') return redirect(intended_url())
def create_user(): # Enter user name user_name = raw_input("Enter a username: "******"Username can't be empty: ") # Enter password password = raw_input("Enter a password: "******"Password can't be empty: ") # generate salt that will flavour the hash salt = generate_random_salt() # generate password hash together with the salt value hashed_password = generate_password_hash(str(password), salt) # Build user document user_doc = { "username": str(user_name), "password": hashed_password, "salt": salt } # Now, store user credentials in MongoDB with app.app_context(): try: result = mongo_users_utils.save(user_doc) if result: print "\nUser %s has been created" % user_name else: print "\nAn error has occurred." except Exception as e: print "\nAn error occurred.\n %s" % e
def post(self, song_id, **options): args = self.post_parser.parse_args() salted_password = generate_password_hash( config['web']['pleblist_password'], config['web']['pleblist_password_salt']) try: user_password = base64.b64decode(args['password']) except binascii.Error: abort(400) if not user_password == salted_password: abort(401) with DBManager.create_session_scope() as db_session: song = db_session.query(PleblistSong).options( noload('*')).filter_by(id=song_id).one_or_none() if song is None: abort(404) db_session.delete(song) db_session.flush() return {'message': 'GOT EM'}, 200
def generate_hash(key): """ Generate hash for key """ phash = generate_password_hash(key, get_settings()['secret']) return b64encode(phash)[:10] # limit len to 10, is sufficient
def password(self, password): self.password_salt = generate_random_salt() self.password_hash = generate_password_hash(password, self.password_salt)
def signup(): error = False #if flask.session: # return flask.redirect(flask.url_for(str(flask.session['role']))) #if not flask.session: #return flask.render_template('signup.html') if flask.request.method == 'POST': nickname = flask.request.form['username'] password = flask.request.form['Password'] vpassword = flask.request.form['vpassword'] #hash it 3 times with with scrypt pgp_fingerprint = flask.request.form['pgpid'] email = flask.request.form['email'] pgp = flask.request.form['pgpkey'] #verify password if vpassword == password: hashone = generate_password_hash(password, hash1) hashtwo = generate_password_hash(hashone, hash2) hashthree = generate_password_hash(hashtwo, hash3) hashedpasswd = hashthree #import key gpg.import_keys(pgp) #bitcoin it privkey = urandom(32).encode('hex') mypriv = privkey sk = ecdsa.SigningKey.from_string(mypriv.decode('hex'), curve=ecdsa.SECP256k1) vk = sk.verifying_key den_publika = ('\00' + vk.to_string()).encode( 'hex') #00 for att adda addressen t main network #u can verify to c that this piece of code works great https://www.bitaddress.org/ #time to print out an address ripemd160 = hashlib.new('ripemd160') ripemd160.update(hashlib.sha256(den_publika.decode('hex')).digest()) ripemd160.digest() today = datetime.date.today() mixit = '\34' + ripemd160.digest() checksum = hashlib.sha256(hashlib.sha256(mixit).digest()).digest()[:4] binaryaddress_som_vi_gen = mixit + checksum bitcoinaddress = base58.b58encode(binaryaddress_som_vi_gen) #insert it ba = bitcoinaddress cur = db.cursor() #if pgp_fingerprint if not pgp: pgp = 'no' # pgp_fingerprint = 'no' role = 'user' #we only want ppl to become usrs n not admins cur.execute( 'insert into bloggen (name, password, email, pgp, btcaddress, joined, role, pgp_fingerprint) values (%s, %s, %s, %s, %s, %s, %s, %s)', (nickname, hashedpasswd, email, pgp, ba, today, role, pgp_fingerprint)) db.commit() #btcaddress return ''' Welcome ''' + nickname + ''' your private bitcoin key is ''' + privkey + ''' remeber to save it cuz we dont, u need it to controll ur bitcoins , login at /login ''' #else: #error = 'ur password doesnt match' #return flask.render_template('signup.html', error=error) #return flask.render_template('signup.html') return flask.render_template('signup.html', error=error)
def login(): error = False #if flask.session.has_key('im_online') and flask.session["im_online"]: # return flask.redirect(flask.url_for(str(flask.session['role']))) #if not flask.session.has_key('im_online'): #return flask.render_template('login.html') if flask.request.method == 'POST': nickname = flask.request.form['username'] password = flask.request.form['Password'] #correct login? curlee = db.cursor() hashone = generate_password_hash(password, hash1) hashtwo = generate_password_hash(hashone, hash2) hashthree = generate_password_hash(hashtwo, hash3) hashedpasswd = hashthree curlee.execute('select password from bloggen where name=%s', (nickname,)) crr = db.cursor() crr.execute('select role from bloggen where name=%s', (nickname,)) roler = crr.fetchone() result = curlee.fetchone() cuuu = db.cursor() cuuu.execute('select pgp from bloggen where name=%s', (nickname,)) lpgp = cuuu.fetchone() xaa = db.cursor() xaa.execute('select pgp_fingerprint from bloggen where name=%s', (nickname,)) thefing = xaa.fetchone() if lpgp[0] == 'no': if hashedpasswd == result[0]: flask.session['im_online'] = True flask.session['nick'] = nickname flask.session['role'] = roler[0] return flask.redirect(flask.url_for(str(flask.session["role"]))) if thefing: shelloo = base64.b64encode(urandom(16)) #base64 encode bytes from the kernel to use as auth for 2 factor auth code data = str(shelloo) fing = thefing[0] encrypted_ascii_data = gpg.encrypt(data, fing) hello = str(encrypted_ascii_data) #sig2 = gpg.sign(hello, default_key=thefing, passphrase='passwd') sigmsg = hello usrin = flask.request.form['code'] if usrin == shelloo: flask.session['online'] = True flask.session['nick'] = nickname flask.session['role'] = roler[0] return flask.render_template(flask.url_for(str(flask.session['role']))) # if flask.request.method == 'POST': # if secret == secdata: # flask.session['im_online'] = True # flask.session['nick'] = nickname # flask.session['role'] = roler[0] #return flask.redirect(flask.url_for(str(flask.session["role"]))) return flask.render_template('2factor.html', user=nickname, thecode=sigmsg, kid=fing) else: return '' if hashespasswd == result[0]: flask.session['im_online'] = True flask.session['nick'] = nickname flask.session['role'] = roler[0] return flask.redirect(flask.url_for(str(flask.session["role"]))) #if usr got pgp go to 2 factor # elif lpgp: return flask.render_template('login.html') return flask.render_template('login.html', error=error)
def signup(): error = False #if flask.session: # return flask.redirect(flask.url_for(str(flask.session['role']))) #if not flask.session: #return flask.render_template('signup.html') if flask.request.method == 'POST': nickname = flask.request.form['username'] password = flask.request.form['Password'] vpassword = flask.request.form['vpassword'] #hash it 3 times with with scrypt pgp_fingerprint = flask.request.form['pgpid'] email = flask.request.form['email'] pgp = flask.request.form['pgpkey'] #verify password if vpassword == password: hashone = generate_password_hash(password, hash1) hashtwo = generate_password_hash(hashone, hash2) hashthree = generate_password_hash(hashtwo, hash3) hashedpasswd = hashthree #import key gpg.import_keys(pgp) #bitcoin it privkey = urandom(32).encode('hex') mypriv = privkey sk = ecdsa.SigningKey.from_string(mypriv.decode('hex'), curve = ecdsa.SECP256k1) vk = sk.verifying_key den_publika = ('\00' + vk.to_string()).encode('hex')#00 for att adda addressen t main network #u can verify to c that this piece of code works great https://www.bitaddress.org/ #time to print out an address ripemd160 = hashlib.new('ripemd160') ripemd160.update(hashlib.sha256(den_publika.decode('hex')).digest()) ripemd160.digest() today = datetime.date.today() mixit = '\34' + ripemd160.digest() checksum = hashlib.sha256(hashlib.sha256(mixit).digest()).digest()[:4] binaryaddress_som_vi_gen = mixit + checksum bitcoinaddress = base58.b58encode(binaryaddress_som_vi_gen) #insert it ba = bitcoinaddress cur = db.cursor() #if pgp_fingerprint if not pgp: pgp = 'no' # pgp_fingerprint = 'no' role = 'user' #we only want ppl to become usrs n not admins cur.execute('insert into bloggen (name, password, email, pgp, btcaddress, joined, role, pgp_fingerprint) values (%s, %s, %s, %s, %s, %s, %s, %s)', (nickname, hashedpasswd, email, pgp, ba, today, role, pgp_fingerprint)) db.commit() #btcaddress return ''' Welcome ''' + nickname + ''' your private bitcoin key is ''' + privkey + ''' remeber to save it cuz we dont, u need it to controll ur bitcoins , login at /login ''' #else: #error = 'ur password doesnt match' #return flask.render_template('signup.html', error=error) #return flask.render_template('signup.html') return flask.render_template('signup.html', error=error)
def create_pleblist_login(bot_config): """ Throws an InvalidLogin exception if the login was not good """ salted_password = generate_password_hash(bot_config['web']['pleblist_password'], bot_config['web']['pleblist_password_salt']) return base64.b64encode(salted_password).decode('utf8')
def login(): error = False #if flask.session.has_key('im_online') and flask.session["im_online"]: # return flask.redirect(flask.url_for(str(flask.session['role']))) #if not flask.session.has_key('im_online'): #return flask.render_template('login.html') if flask.request.method == 'POST': nickname = flask.request.form['username'] password = flask.request.form['Password'] #correct login? curlee = db.cursor() hashone = generate_password_hash(password, hash1) hashtwo = generate_password_hash(hashone, hash2) hashthree = generate_password_hash(hashtwo, hash3) hashedpasswd = hashthree curlee.execute('select password from bloggen where name=%s', (nickname, )) crr = db.cursor() crr.execute('select role from bloggen where name=%s', (nickname, )) roler = crr.fetchone() result = curlee.fetchone() cuuu = db.cursor() cuuu.execute('select pgp from bloggen where name=%s', (nickname, )) lpgp = cuuu.fetchone() xaa = db.cursor() xaa.execute('select pgp_fingerprint from bloggen where name=%s', (nickname, )) thefing = xaa.fetchone() if lpgp[0] == 'no': if hashedpasswd == result[0]: flask.session['im_online'] = True flask.session['nick'] = nickname flask.session['role'] = roler[0] return flask.redirect(flask.url_for(str( flask.session["role"]))) if thefing: shelloo = base64.b64encode( urandom(16) ) #base64 encode bytes from the kernel to use as auth for 2 factor auth code data = str(shelloo) fing = thefing[0] encrypted_ascii_data = gpg.encrypt(data, fing) hello = str(encrypted_ascii_data) #sig2 = gpg.sign(hello, default_key=thefing, passphrase='passwd') sigmsg = hello usrin = flask.request.form['code'] if usrin == shelloo: flask.session['online'] = True flask.session['nick'] = nickname flask.session['role'] = roler[0] return flask.render_template( flask.url_for(str(flask.session['role']))) # if flask.request.method == 'POST': # if secret == secdata: # flask.session['im_online'] = True # flask.session['nick'] = nickname # flask.session['role'] = roler[0] #return flask.redirect(flask.url_for(str(flask.session["role"]))) return flask.render_template('2factor.html', user=nickname, thecode=sigmsg, kid=fing) else: return '' if hashespasswd == result[0]: flask.session['im_online'] = True flask.session['nick'] = nickname flask.session['role'] = roler[0] return flask.redirect(flask.url_for(str(flask.session["role"]))) #if usr got pgp go to 2 factor # elif lpgp: return flask.render_template('login.html') return flask.render_template('login.html', error=error)
def is_correct_password(self, password): salt = self.salt password = generate_password_hash(password, salt) if password == self._password: return True return False