def user_settings(): """ User settings page where users manage their information as well as delete their account. """ password_form = PasswordResetForm() delete_account_form = DeleteAccountForm() # Verifys that the password was correct and changes it to a new one. if password_form.submit_password.data and password_form.validate(): if verify_password(password_form.old_password.data, current_user.password): current_user.password = hash_password( password_form.new_password.data) db.session.commit() return redirect(url_for('store_page')) # Verifies that the password was correct and then deletes the account. if delete_account_form.submit_delete_account.data and delete_account_form.validate( ): if verify_password(delete_account_form.password.data, current_user.password): db.session.delete(current_user) db.session.commit() return redirect(url_for('store_page')) return render_template('user_settings.html', password_form=password_form, delete_account_form=delete_account_form)
def set_new_password(): form = ChangePasswordForm(request.form) user = app.security.datastore.get_user(session["_user_id"]) old_password = user.password _status = "empty" if form.validate_on_submit(): if form.old_password.data: app.artemis_logger.debug( "verify: {}".format( verify_password(form.old_password.data, old_password) ) ) if verify_password(form.old_password.data, old_password): app.artemis_logger.debug("password_match") user = User.query.filter_by(username=user.username).first() user.password = hash_password(form.password.data) db.session.commit() _status = "success" else: _status = "wrong_old_password" return render_template( "security/new_password.htm", password_change=form, status=_status )
def test_user_may_change_their_password(self, testapi, user, authHeader): oldPassword = '******' newPassword = '******' resp = testapi.post_json(url_for('v1.AuthView:change_password'), dict(new=newPassword, old=oldPassword), headers=authHeader) resp.status_code.should.equal(200) verify_password(newPassword, user.password).should.be.true
def test_changes_password_command(session): UserFactory.create(username='******', password=hash_password('old_pass')) changes_password('test_change_pass', 'new_pass') user = User.query.filter_by(username='******').first() assert not verify_password('old_pass', user.password) assert verify_password('new_pass', user.password)
def test_verify_password_argon2(app, sqlalchemy_datastore): init_app_with_options(app, sqlalchemy_datastore, **{"SECURITY_PASSWORD_HASH": "argon2"}) with app.app_context(): hashed_pwd = hash_password("pass") assert verify_password("pass", hashed_pwd) assert "t=10" in hashed_pwd # Verify double hash assert verify_password("pass", argon2.hash(get_hmac("pass")))
def test_verify_password_backward_compatibility(app, sqlalchemy_datastore): init_app_with_options( app, sqlalchemy_datastore, **{ 'SECURITY_PASSWORD_HASH': 'bcrypt', 'SECURITY_PASSWORD_SINGLE_HASH': False, 'SECURITY_PASSWORD_SCHEMES': ['bcrypt', 'plaintext'] }) with app.app_context(): # double hash assert verify_password('pass', encrypt_password('pass')) # single hash assert verify_password('pass', plaintext.hash('pass'))
def test_verify_password_backward_compatibility(app, sqlalchemy_datastore): init_app_with_options( app, sqlalchemy_datastore, **{ "SECURITY_PASSWORD_HASH": "bcrypt", "SECURITY_PASSWORD_SINGLE_HASH": False, "SECURITY_PASSWORD_SCHEMES": ["bcrypt", "plaintext"], }) with app.app_context(): # double hash assert verify_password("pass", hash_password("pass")) # single hash assert verify_password("pass", plaintext.hash("pass"))
def test_user_teams(self): # create stub m = Mox() m.StubOutWithMock(utils, "encrypt_password") m.StubOutWithMock(utils, "verify_password") m.StubOutWithMock(base64, "b64encode") m.StubOutWithMock(os, "urandom") # start recording utils.encrypt_password("test") utils.verify_password("test", None).AndReturn(True) utils.verify_password("asdfasdf", None).AndReturn(False) # mock the urandom return for the salt, and make sure that gets base-64 encoded into something different os.urandom(128).AndReturn("she sells sea shells by the sea shore") base64.b64encode("she sells sea shells by the sea shore").AndReturn("Salt-n-Pepa") m.ReplayAll() # Create user and teams user1 = self.user_access.create_user(self.__get_user_dict()) team1 = self.user_access.create_team(self.__get_team_dict()) team2 = self.user_access.create_team(self.__get_team_dict()) # Add user to teams team_ids = [team1["id"], team2["id"]] self.user_access.update_user(user1["id"], {"team_ids": team_ids}) user_teams = self.user_access.find_user_teams({"user_id": user1["id"]}) team_id_list = [user_team["team_id"] for user_team in user_teams] self.assertEqual(team_id_list, team_ids) # Making team generalist should make all members generalists self.assertEqual(self.user_access.get_user(user1["id"])["is_generalist"], False) self.assertEqual(self.user_access.get_team(team1["id"])["is_generalist"], False) self.user_access.update_team(team1["id"], {"is_generalist": True}) self.assertEqual(self.user_access.get_user(user1["id"])["is_generalist"], True) self.assertEqual(self.user_access.get_team(team1["id"])["is_generalist"], True) # Making team not generalist should not affect members in another generalist team self.user_access.update_team(team2["id"], {"is_generalist": True}) self.user_access.update_team(team1["id"], {"is_generalist": False}) self.assertEqual(self.user_access.get_user(user1["id"])["is_generalist"], True) self.assertEqual(self.user_access.get_team(team1["id"])["is_generalist"], False) self.assertEqual(self.user_access.get_team(team2["id"])["is_generalist"], True) # Making team not generalist should update all affected users self.user_access.update_team(team2["id"], {"is_generalist": False}) self.assertEqual(self.user_access.get_user(user1["id"])["is_generalist"], False) self.assertEqual(self.user_access.get_team(team2["id"])["is_generalist"], False)
def login(): """ Logs in user and returns access token :return: """ request_json = request.get_json() email = request_json.get('email') password = request_json.get('password') if not all([email, password]): return responses.missing_params() user = User.query.filter_by(email=email).first() if user is None: return responses.user_not_found() if not verify_password(password, user.password): return responses.invalid_password() jwt_token = create_access_token(identity=user.id) refresh_token = create_refresh_token(identity=user.id) return responses.user_logged_in(jwt_token, refresh_token, user.id)
def patch(self, user): """Update a user's properties.""" content_type = request.headers.get('Content-Type') loader = self.loaders.get(content_type) if loader is None: abort(406) data = loader(user=user) if data.get('password'): try: old_password = data['old_password'] except KeyError: raise MissingOldPasswordError() updated_password = data['password'] if verify_password(data['old_password'], user.password): user.password = encrypt_password(updated_password) db.session.commit() _datastore.put(user) password_changed.send(current_app._get_current_object(), user=user) del data['password'] del data['old_password'] user = User(id=user.id, **data) user = db.session.merge(user) db.session.commit() return self.make_response(user, 200)
def logInUser(): requestJSON = request.get_json() print('requestJSON = ', requestJSON) email = requestJSON['email'] password = requestJSON['password'] print('email = ', email) print('password = '******'User not activated') return jsonify(userLoggedIn=False) if not verify_password(password, user.password): print('Incorrect password') return jsonify(userLoggedIn=False) #return json.dumps({'success':True}), 205, {'ContentType':'application/json'} print('Logging user in') login_user(user) #return json.dumps({'success':True}), 200, {'ContentType':'application/json'} return jsonify(userLoggedIn=True)
def login(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): email = form.email.data.lower() # check if user exists user = User.query.filter_by(email=email).first() if user: # check if password is correct if verify_password(form.password.data, user.password): if user.active: # login user login_user(user, remember=form.remember_me.data) return redirect(url_for('.dashboard')) else: if not user.has_verified_account: flash('Please verify your account to proceed', 'error') return redirect(url_for('.verify')) else: flash( 'Your account is inactive. Please contact an administrator', 'error') else: flash('Email address and password do not match', 'error') else: flash('Your email address could not be found', 'error') return render_template('frontend/login.html', form=form)
def login(): form = LoginFormView(request.form) if request.method == 'POST': if form.validate_on_submit(): session['email'] = request.form['email'] takeEmail = session['email'] = request.form['email'] try: takeRoles = User.query.filter_by(email=takeEmail).first() takeRoles = takeRoles.roles # takeRoles = ''.join(takeRoles) print('testing', takeRoles) user = User.query.filter_by(email=form.email.data).first() if verify_password(user.password, form.password.data): user.authenticated = True db.session.add(user) db.session.commit() login_user(user) login_user(user, remember=form.remember.data) if takeRoles == ['user']: return redirect(url_for('operator')) elif takeRoles == []: return redirect(url_for('society')) else: pass else: return '<h1>Invalid username or password</h1>' except: return 'Sepertinya user yang Anda masukan belum terdaftar, mohon diperiksa lagi' return render_template('login.html', form=form)
def get_user(email, password, *args, **kwargs): user = User.query.filter_by(email=email).first() # password가 맞고 confirmed_at이 null이 아님 if (user and verify_password(password, user.password) and user.confirmed_at is not None): return user return None
def post(self): args = self.parser.parse_args() asset_id = args.get("id") pay_password = args.get("pay_password") user_id = args.get("userId") user = self.models.Users.get_or_none(self.models.Users.user_id == user_id) asset = self.models.Assets.get_or_none(self.models.Assets.id == asset_id) if not asset or asset.lock == True: return self.utils.make_api_response(message="Illegal operation,please submit order again") if not pay_password: api_abort(400, message="The password of pay is required") if len(pay_password) != 6 or not verify_password(pay_password,user.pay_password): return self.utils.make_api_response(message="password of pay is error") with db.database.atomic(): self.models.Assets.update(lock=True,visible=0).where( self.models.Assets.id == asset_id, self.models.Assets.cate == user.id).execute() self.models.Commodity.create( price = 1, # 暂定 price_unit = 'tnc', # 暂定 status = 1, platform = 2, # 暂挂c2c commodity_type = 1, asset = asset_id, seller = user.id ) self.data = { "result": "success" } return self.utils.make_api_response(data=self.data)
def stop_sell(): try: data = request_data_to_dict() page = data.get("page") asset_id = int(data.get("asste_id")) pay_pwd = data.get('pay_pwd') query = Commodity.select().where(Commodity.id == asset_id) asset = int([q.asset.id for q in query][0]) except Exception as e: raise else: # 验证密码 if len(pay_pwd) == 6 and verify_password(pay_pwd, current_user.pay_password): with db.database.atomic(): Commodity.update(status=0).where( Commodity.id == asset_id).execute() Assets.update(lock=False, visible=1).where(Assets.id == asset).execute() messages = mi['stop-sell-success'] if session.get( 'lang', 'en') == 'en' else mi['stop-sell-success-zh'] flash(messages, 'order-success') return redirect(url_for('user_sales', page=page)) messages = mi['pay-pwd-err'] if session.get( 'lang', 'en') == 'en' else mi['pay-pwd-err-zh'] flash(messages, 'order-error') return redirect(url_for('user_sales', page=page))
def validate_form(self, form): user = self.get_one(request.args["id"]) if "active" in form and user.id == current_user.id and not form.active.data: flash(gettext("You can not deactivate your own account.")) return False if not form["old_password"].data: return super().validate_form(form) if not user: flash(gettext("User does not exist."), category="error") return False o, n, c = [ form[f].data for f in ("old_password", "new_password", "new_password_confirm") ] if not verify_password(o, user.password): flash(gettext("The password you have entered is incorrect."), category="error") return False elif o and not any([n, c]): flash(gettext("A new password was not provided."), category="warning") return False elif n != c: flash(gettext("Passwords do not match."), category="error") return False return True
def test_invenio_aes_encrypted_email(app): """Test legacy encryption.""" with app.app_context(): ctx = flask.current_app.extensions['security'].pwd_context user = create_legacy_user() assert verify_password(user.password_plaintext, user.password) assert ctx.needs_update(user.password)
def validate(self): if not self.email.data or self.email.data.strip() == '': self.email.errors.append(get_message('EMAIL_NOT_PROVIDED')[0]) return False if not self.password.data: self.add_error_to_wtf_field(self.password, get_message('PASSWORD_NOT_SET')[0]) return False user = self.login_verification.get_user_from_email(self.email.data) self.user = user if self.user is not None: if not self.user.is_active: self.add_error_to_wtf_field(self.email, get_message('DISABLED_ACCOUNT')[0]) return False if self.user.password is not None and utils.verify_password( self.password.data, self.user.password): return True elif self.user.password is None and self.login_verification.is_success_pwd( self.user.email, self.password.data): return True else: self.add_error_to_wtf_field(self.email, get_message('INVALID_PASSWORD')[0]) return False else: self.add_error_to_wtf_field(self.email, get_message('USER_DOES_NOT_EXIST')[0]) return False
def jwt_auth(): user = None # if user is not logged in check parameters if not current_user.is_authenticated: data = request.get_json() if not data: resp = jsonify({"error": "wrong credentials"}) return resp, 401 username = data["username"] password = data["password"] app.artemis_logger.info(username) # if user and pass does not correspond to user return unauthorized user = data_store.find_user(username=username) if not user or not verify_password(password, user.password): resp = jsonify({"error": "wrong credentials"}) return resp, 401 else: user = current_user # Create the tokens we will be sending back to the user access_token = create_access_token(identity=user) # Set the JWT cookies in the response resp = jsonify({"access_token": access_token}) return resp, 200
def oAuthConvert(provider): oAuthID = request.form['oAuthID'] oAuthUserName = request.form['oAuthUsername'] password = request.form['password'] existingUserID = request.form['existingUserID'] userQuery = Sec.User.query.filter_by(id=int(existingUserID), username=oAuthUserName.replace( " ", "_"), authType=0).first() if userQuery is not None: passwordMatch = verify_password(password, userQuery.password) if passwordMatch is True: userQuery.authType = 1 userQuery.oAuthProvider = provider userQuery.oAuthID = oAuthID userQuery.password = None db.session.commit() flash( "Conversion Successful. Please log in again with your Provider", "success") return redirect('/login') else: flash("Invalid Password or Information. Please try again.", "error") return redirect('/login') flash("Invalid User!", "error") return redirect('/login')
def close_account(): form = CloseAccountForm() if form.validate_on_submit(): if verify_password(form.password.data, current_user.password): Chatmessage.query.filter_by(author=current_user.id).delete() ChatmessageIngame.query.filter_by(author=current_user.id).delete() Privatemessage.query.filter_by(sender=current_user.id).delete() Privatemessage.query.filter_by(receiver=current_user.id).delete() current_user.alternative_id = current_user.id + 100000000 current_user.username = f'DeletedUser{current_user.id}' current_user.email = None current_user.password = None current_user.active = False current_user.avatar = None db.session.commit() return redirect(url_for('generic.index')) else: form.password.errors.append(lazy_gettext('Wrong password')) return render_template('profile/close_account.html', form=form, title=lazy_gettext('Close account'))
def post(self): data = parser.parse_args() current_user = user_datastore.get_user(data['email']) if not current_user: return { 'message': 'Incorrect Email or password', "loggedIn": False }, 401 if verify_password(data['password'], current_user.password): access_token = create_access_token(identity=data['email']) refresh_token = create_refresh_token(identity=data['email']) user = user_datastore.get_user(data['email']) return { 'message': 'Successfully logged in as {}'.format(current_user.email), "tokens": { "access_token": access_token, "refresh_token": refresh_token, "expires_at": (datetime.utcnow() + timedelta(minutes=15)).isoformat() }, "loggedIn": True, "user": user.serialize() } else: return { 'message': 'Incorrect Email or password', "loggedIn": False }, 401
def login(): """Creates a session for the current user""" data = request.get_json() response = dict() try: email = data['email'] password = data['password'] except Exception: response['status'] = 'failure' response['message'] = 'Invalid request input' response['code'] = 401 pp(response) return jsonify(response) user = User.query.filter_by(email=email).first() if user is not None and verify_password(password, user.password): user.token = hash_password(binascii.b2a_hex(os.urandom(16))) db.session.commit() response['email'] = user.email response['name'] = user.name response['token'] = user.token response['status'] = 'success' response['message'] = f'{user.name} successfully logged in.' response['code'] = 202 else: response['status'] = 'failure' response['message'] = 'Invalid email or password given.' response['code'] = 401 pp(response) return jsonify(response)
def run(self, identifier, email, password, fn, ln, add_roles, remove_roles): user = flask.current_app.datastore.get_user(identifier) print("Modifying user", user.identifier) if password is not None: verified = verify_password(password, encrypt_password(password)) if verified: user.password = encrypt_password(password) else: "User password not verified." roles = set(user.roles) if add_roles is not None: for r in add_roles.split(','): role = flask.current_app.datastore.find_or_create_role(name=r) roles.add(role) if remove_roles is not None: for r in remove_roles.split(','): role = flask.current_app.datastore.find_or_create_role(name=r) roles.remove(role) user.roles = list(roles) if email is not None: user.email = email if fn is not None: user.givenName = fn if ln is not None: user.familyName = ln flask.current_app.datastore.commit() print("Updated user: %s" % (user, ))
def _get_user(): if request.authorization is None: return abort(401, 'Unauthorized') username = request.authorization.get('username') password = request.authorization.get('password') if username is None or password is None: return jsonify(success=False, code=1, message='no login information provided') user = manager.user_datastore.find_user(email=username) if user is None: return jsonify(success=False, code=2, message=f'user does not exist: {username}') verified = verify_password(password, user.password) if not verified: return jsonify(success=False, code=3, message=f'bad password for {username}') return user
def login(): """View function for login view.""" logger.info('Logged in user') params = request.get_json() username = params.get('username', None) password = params.get('password', None) user = Session.query(User).filter_by(username=username).first() print(user) if not username: return jsonify({"msg": "Missing username parameter"}), Status.HTTP_BAD_REQUEST if not password: return jsonify({"msg": "Missing password parameter"}), Status.HTTP_BAD_REQUEST if not user: return jsonify({"msg": "Bad password or username"}), Status.HTTP_BAD_REQUEST # TODO Check from DB if username != user.username or not verify_password( password, user.password): return jsonify({"msg": "Bad username or password" }), Status.HTTP_BAD_UNAUTHORIZED # Identity can be any data that is json serializable ret = { 'jwt': create_jwt(identity=user.email), 'exp': datetime.utcnow() + current_app.config['JWT_EXPIRES'] } return jsonify(ret), 200
def test_verify_password_bcrypt(app, sqlalchemy_datastore): init_app_with_options(app, sqlalchemy_datastore, **{ 'SECURITY_PASSWORD_HASH': 'bcrypt', 'SECURITY_PASSWORD_SALT': 'salty' }) with app.app_context(): assert verify_password('pass', encrypt_password('pass'))
def get_token(): # 数据头需为json格式 if request.headers['Content-Type'] == 'application/json': args = request.json current_app.logger.debug('get_token args: {}'.format(args)) else: raise InvalidMessage('only support json data', 404) username = args.get('username', '') password = args.get('password', '') if username: # 获取用户对象 try: user = user_datastore.find_user(username=username) except Exception as e: current_app.logger.error( "[user][get] fail expection: {}".format(e)) raise InvalidMessage(str(e), 500) if user: # 验证密码 isok = verify_password(password, user.password) if not isok: raise InvalidMessage("password is invalid") else: raise InvalidMessage("username is not found") # 获取token try: token = user.get_auth_token() except Exception as e: current_app.logger.error( "[user][get_auth_token] fail expection: {}".format(e)) raise InvalidMessage(str(e), 500) data = user_helper.make_user_reponse_body(user) data['token'] = token return return_data(data, 200)
def practitioners_login(*args, **kwargs): if request.method == 'POST': data = json.loads(request.data) user = User.by_email(data['email']) if not user or not user.activated: data.pop('password') response = jsonify( request=data, response={'error': 'Invalid Practitioner'}) response.status_code = 404 return response if not verify_password(data['password'], user.password): data.pop('password') response = jsonify( request=data, response={'error': 'Authentication Failed'}) response.status_code = 401 return response else: data.pop('password') response = jsonify( request=data, response={'secret': user.secret}) response.status_code = 200 return response else: response = jsonify( request=request.json, response={'error': 'This request type not supported'}) response.status_code = 400 return response
def post(self): """Logs a user in @:param: email, password in form data @:return: {token: token} authorization token """ from .models import User parser = reqparse.RequestParser() parser.add_argument('email', type=str, help='Email of user') parser.add_argument('password', type=str, help='Password of user') args = parser.parse_args() user = User.query.filter_by(email=args['email']).first() try: if verify_password(password=args['password'], password_hash=user.password): # we can even send remember me cookies and session id, but let's not do it for rest # login_user(user, remember=True) is_admin = len([role for role in user.roles if role.name == 'admin']) == 1 return {'token': user.get_auth_token(), 'success': True, 'is_admin': is_admin}, 200 else: return {'token': None, 'success': False}, 401 except AttributeError: return {'token': None, 'success': False}, 401
def login(): """ Creates a session for the current user """ if request.method == 'GET': return render_template('auth/login.html', form=LoginForm()) form = LoginForm(request.form) if not form.validate(): flash('error Invalid Email or Password.') return redirect(url_for('auth.login')) email = form.email.data password = form.password.data user = user_datastore.find_user(email=email) # user does not exist if user is None: flash('error Please Make Sure You Have Created an Account.') return redirect(url_for('auth.signup')) # user provided invalid password if not verify_password(password, user.password): flash('error Invalid Email or Password.') return redirect(url_for('auth.login')) # user has not authenticated their account if not user.is_authenticated(): flash('error Please Authenticate Your Account.') return redirect(url_for('auth.login')) login_user(user) flash('success Logged in Successfully, {}'.format(user.name)) return redirect(request.args.get('next') or url_for('meetings.home'))
def delete_user(): form = LoginForm(request.form) if not form.validate(): flash('error Could Not Delete User') return redirect(url_for('auth.login')) email = form.email.data password = form.password.data try: user = User.objects.get(email=email) except Exception as e: return jsonify({'error': 'user not found'}) if not verify_password(password, user.password): return jsonify({'error': 'invalid password'}) meetings = user.meetings for meeting in meetings: meeting.members.remove(user) groups = user.groups for group in groups: group.members.remove(user) group.admins.remove(user) user.delete() return jsonify({'success': True})
def user(id): user = models.User.get(id) if id else None roles = models.Role.query.filter(models.Role.id >= current_user.roles[0].id).all() class UserForm(barrel.forms.Form): email = wtforms.StringField("email", [ wtforms.validators.Required() ]) role = wtforms.SelectField(choices=[(r.id, r.name) for r in roles], default=user.roles[0].id if user else 0) active = wtforms.BooleanField(default=True) new_password = wtforms.PasswordField() confirm_password = wtforms.PasswordField(None, [ wtforms.validators.EqualTo('new_password', message='Passwords must match') ]) if current_user.has_role('admin'): if user: UserForm.group_id = SelectField(models.Group, label='group', default=user.group_id) else: UserForm.group_id = SelectField(models.Group, label='group') elif id: UserForm.password = wtforms.PasswordField('Huidig wachtwoord', [wtforms.validators.Required()]) if request.method == 'POST': form = request.form if user and not current_user.has_role('admin'): if not security.verify_password(form.get('current_password'), user.password): app.logger.flash("Password incorrect", 'error') kwargs = {kw: form.get(kw) for kw in 'email active'.split()} if form.get('new_password'): kwargs['password'] = form.get('new_password') if form.get('role'): kwargs['roles'] = [models.Role.get(int(form.get('role')))] if form.get('group_id'): kwargs['group_id'] = int(form.get('group_id')) else: kwargs['group_id'] = current_user.group_id if user: user.update(**kwargs) else: user = models.User.create(**kwargs) return redirect(url_for('user', id=user.id)) else: columns = 'email role active' users = models.User.query if current_user.has_role('admin'): columns += ' group' else: users = users.filter_by(group_id=current_user.group_id) return app.forms.render_page( id, models.User, template='lists/base.jinja2', columns=columns, form_class=UserForm, rows=users)
def test_user_basic_crud(self): # create stub m = Mox() m.StubOutWithMock(utils, "encrypt_password") m.StubOutWithMock(utils, "verify_password") m.StubOutWithMock(base64, "b64encode") m.StubOutWithMock(os, "urandom") # start recording utils.encrypt_password("test") utils.verify_password("test", None).AndReturn(True) utils.verify_password("asdfasdf", None).AndReturn(False) # mock the urandom return for the salt, and make sure that gets base-64 encoded into something different os.urandom(128).AndReturn("she sells sea shells by the sea shore") base64.b64encode("she sells sea shells by the sea shore").AndReturn("Salt-n-Pepa") m.ReplayAll() user_dict = self.__get_user_dict() user = self.user_access.create_user(user_dict) self.assertIn("id", user) self.assertEqual(user_dict["email"], user["email"]) self.assertEqual(user_dict["is_generalist"], user["is_generalist"]) self.assertEqual(user_dict["active"], user["active"]) self.assertEqual(len(user["roles"]), 1) self.assertTrue(self.user_access.verify_user_password(user["id"], user_dict["password"])) self.assertFalse(self.user_access.verify_user_password(user["id"], "asdfasdf")) self.assertEqual("Salt-n-Pepa", user["salt"]) user2 = self.user_access.update_user(user["id"], {"email": "*****@*****.**"}) self.assertEqual(user2["email"], "*****@*****.**") self.assertEqual(user2["id"], user["id"]) user3 = self.user_access.get_user(user2["id"]) self.assertEqual(user2, user3) result = self.user_access.delete_user(user3["id"]) self.assertEqual(result, True) no_user = self.user_access.get_user(user2["id"]) self.assertEqual(no_user, None)
def authenticate(username, password): try: user = user_datastore.find_user(email=username) except KeyError: return None if username == user.email and verify_password(password, user.password): return user return None
def authenticate(username, password): try: user = User.objects.get(email=username) except User.DoesNotExist: return None result = OneLove.Result(id=str(user.id), email=user.email, first_name=user.first_name, last_name=user.last_name) if verify_password(password, user.password): return result
def test_verify_password_independent_of_salt(webapp): app = webapp.app password = '******' with app.app_context(): encrypted = encrypt_password(password) assert encrypted != password app.config['SECURITY_PASSWORD_SALT'] = 'some other salt here' with app.app_context(): assert verify_password(password, encrypted)
def test_context(app): """Test passlib password context.""" with app.app_context(): ctx = flask.current_app.extensions['security'].pwd_context hashval = hash_password("test") assert hashval != "test" assert verify_password("test", hashval) assert not ctx.needs_update(hashval) assert ctx.hash("test") != ctx.hash("test")
def test_add_admin(self): email = '*****@*****.**' password = '******' add_admin(email, password) user = User.query.filter_by(email=email).first() admin_role = Role.query.filter_by(name='admin').first() self.assertEqual(user.email, email) self.assertTrue(user.active) self.assertIn(admin_role, user.roles) self.assertTrue(verify_password('password', user.password)) self.assertTrue(verify_and_update_password(password, user))
def test_team_industries(self): # create stub m = Mox() m.StubOutWithMock(utils, "encrypt_password") m.StubOutWithMock(utils, "verify_password") m.StubOutWithMock(base64, "b64encode") m.StubOutWithMock(os, "urandom") # start recording utils.encrypt_password("test") utils.verify_password("test", None).AndReturn(True) utils.verify_password("asdfasdf", None).AndReturn(False) # mock the urandom return for the salt, and make sure that gets base-64 encoded into something different os.urandom(128).AndReturn("she sells sea shells by the sea shore") base64.b64encode("she sells sea shells by the sea shore").AndReturn("Salt-n-Pepa") m.ReplayAll() # Create user and teams user1 = self.user_access.create_user(self.__get_user_dict()) team1 = self.user_access.create_team(self.__get_team_dict()) team2 = self.user_access.create_team(self.__get_team_dict()) industry_id1 = self.__get_industry_id() industry_id2 = self.__get_industry_id() # Add user to teams team_ids = [team1["id"], team2["id"]] self.user_access.update_user(user1["id"], {"team_ids": team_ids}) industry_ids = [industry_id1, industry_id2] self.user_access.update_team(team1["id"], {"industry_ids": industry_ids}) team_industries = self.user_access.find_team_industries({"team_id": team1["id"]}) industry_id_list = [team_industry["industry_id"] for team_industry in team_industries] self.assertEqual(industry_id_list, industry_ids) user_industry_list = self.user_access.get_user_industries(user1["id"]) self.assertEqual(user_industry_list, industry_ids)
def get_user(email, password, *args, **kwargs): """Get user for grant type password. Needed for grant type 'password'. Note, grant type password is by default disabled. :param email: User email. :param password: Password. :returns: The user instance or ``None``. """ user = datastore.find_user(email=email) if user and verify_password(password, user.password): return user
def change_password(): if request.method == 'POST': user = User.query.get(session.get('user_id')) oldpass = request.form.get("oldpass") if not verify_password(oldpass, user.password): flash('Wrong password entered.') else: password = request.form.get('password') if password != '': user.password = hash_password(password) user.save() flash ('Password changed successfully. ') return render_template('change-password.html')
def change_password(self): schema = RELS['v1.AuthView:change'][request.method] args = change_password_options.parse_args() try: validate(args, schema, format_checker=FormatChecker()) except ValidationError as e: return dict(status=400, message=e.message), 400 if not verify_password(args.get('old'), current_user.password): return dict(status=409, message='Invalid credentials'), 409 change_user_password(current_user, password=args.get('new')) return {'status': 200, 'message': 'Password updated', 'user': generate_response_dict(user=current_user)}
def validate(self): if not super(UpdatePasswordForm, self).validate(): return False if self.currentPassword.data.strip() == '': return False if self.newPassword.data.strip() == '': return False if self.newPasswordConfirm.data.strip() == '': return False self.user = users.first(email=self.email.data) if self.user is None: return False if not verify_password(self.currentPassword.data, self.user.password): return False return True
def validate_login(self): user = self.get_user() if user is None: return False if not user.is_authenticated(): return False if not user.is_active(): return False if not verify_password(self.password.data, user.password): return False return True
def login(): body = request.get_json() email = body['email'] password = body['password'] user = User.query.filter_by(email=email).one_or_none() if user and verify_password(password, user.password): login_user(user) return jsonify({ 'data': { 'email': user.email, 'roles': [role.name for role in user.roles] } }) return jsonify({ 'message': 'Email or password is incorrect' }), 422
def change_password(): """ Renders the change password page and stores the new password """ form = forms.ChangePassword(request.form) if form.validate_on_submit(): # Check if password is valid, then hash and store new password if utils.verify_password(form.old_password.data, current_user.password): current_user.password = utils.encrypt_password(form.new_password.data) current_user.store() flash(u'Passordet ble endret') return redirect(url_for('user')) form.old_password.errors.append(u'Feil passord') return render_template( 'user/change_password.html', title=u'Endre passord', form=form, action=url_for('change_password') )
def change_email(): """ Renders the change email page and stores the new email """ form = forms.ChangeEmail(request.form) if form.validate_on_submit(): # Check if password is valid, then store new password if utils.verify_password(form.password.data, current_user.password): current_user.email = form.new_email.data current_user.store() flash(u'E-post adressen ble oppdatert') return redirect(url_for('user')) # Redirect to user settings page form.password.errors.append(u'Feil passord') return render_template( 'user/change_email.html', title=u'Endre e-post', form=form, action=url_for('change_email') )
def rest_login(): username = request.form['username'] password = request.form['password'] user = user_datastore.find_user(username=username) if user is not None and utils.verify_password(password,user.password): session['current_active_user'] = user session['rest_user'] = {'user':user,'authorization':None} serializer = Serializer(secret_key=app.config['SECRET_KEY'],salt=config.SECURITY_PASSWORD_SALT) authorization_code = "%s-%s" % (user.username,user.email) authorization_code = serializer.dumps(authorization_code) found_sites = UserSite.objects(user=user) sites = [] for found in found_sites: site = {'name':found.name,'url':found.url,'username':found.username,'password':found.password,'folder':found.folder ,'settings':{'favourite':found.settings['favourite'],'autologin':found.settings['autologin'],'autofill':found.settings['autofill']}, 'id':str(found.id)} if found.fields is not None and len(found.fields) > 0: site['fields'] = [] for field in found.fields: site['fields'].append({ 'name':field['name'], 'value':field['value'], 'type':str(field['type']).lower() }) else: site['fields'] = [] site['fields'].append({'name':'username','type':'text','value':site['username']}) site['fields'].append({'name':'password','type':'text','value':site['password']}) sites.append(site) digester = hashlib.md5() digester.update(authorization_code) authorization = digester.hexdigest() account = {'name':user.name,'email':user.email,'username':user.username,'authorization':authorization} response = Response(dumps({'success':True,'sites':sites,'account':account,'authorization':authorization}),status=200,mimetype='application/json') response.headers['Authorization'] = digester.hexdigest() session['rest_user']['authorization'] = digester.hexdigest() response.set_cookie('authorization',value=digester.hexdigest(),expires=False) return response else: return flask.jsonify({'success':False})
def change_password(): if not current_user.is_authenticated(): return redirect('/') if request.method == 'POST': user_id = current_user.get_id() user = account.get_user_by_id(user_id) if not verify_password(request.form['current_password'],user.password): return redirect('pass_error') new_h = hmac.new(app.config['SECURITY_PASSWORD_SALT'], request.form['new_password1'], hashlib.sha512) new_hash = base64.b64encode(new_h.digest()) new_password = sha512_crypt.encrypt(new_hash) account.update_user(user_id, password=new_password) return redirect('/profile') return redirect('/profile')
def login(): try: data = loginSchema.validate(request.json) except SchemaError as e: error = {"code": "auth.login.invalid", "message": "Invalid data for login", "details": str(e)} return jsonify(error=error), 403 no_match_error = {"code": "auth.login.no_match", "message": "The supplied email and password is invalid"} user = User.query.filter_by(email=data["email"]) if user.count() != 1: return jsonify(error=no_match_error), 401 user = user.one() if not verify_password(data["password"], user.password): return jsonify(error=no_match_error), 401 login_user(user, True) auth_token = user.get_auth_token() return jsonify(user=user.as_personal_json(), auth_token=auth_token), 200
def validate(self): if not super(LoginForm, self).validate(): self.errors[0] = 'login.failed' return False if self.loginEmail.data.strip() == '': return False if self.loginPassword.data.strip() == '': return False self.user = users.first(email=self.loginEmail.data) if self.user is None: self.errors[0] = 'login.userNotFound' return False if not verify_password(self.loginPassword.data, self.user.password): self.errors[0] = 'login.passwordIncorrect' return False if not self.user.is_active(): self.errors[0] = 'login.userDisabled' return False self.errors[0] = 'login.welcome' return True
def test_admin_user_no_users(client, with_clean_install, request, db_context): # pylint: disable=unused-argument admin_email = 'admin{}@somedomain.com'.format(uuid4()) admin_password = '******' with db_context(): models.User.query.filter_by(email=admin_email).delete() models.db.session.commit() if with_clean_install: perform_clean_install(pytest_request=request, db_context=db_context) else: with db_context(): some_user = models.User.query.first() user_datastore.add_role_to_user(some_user, 'admin') models.db.session.commit() assert models.User.query.filter( models.User.roles.any(models.Role.name == 'admin')).count() def func(): client.api.call.setup(config={ 'admin_user_email': admin_email, 'admin_user_password': admin_password, }) if with_clean_install: func() else: with pytest.raises(requests.HTTPError) as caught: func() assert caught.value.response.status_code == requests.codes.conflict with db_context(): query = models.User.query.filter_by(email=admin_email) if with_clean_install: user = query.one() assert user is not None assert verify_password(admin_password, user.password) assert user.password != admin_password else: assert not query.count()
def post(self): """Authenticates and generates a token""" schema = TokenSchema() data, errors = schema.load(current_app.api.payload) if errors: return errors, 400 try: user = User.get(email=data.email) except User.DoesNotExist: abort(403, 'No such user, or wrong password') if not user or not user.active: abort(403, 'No such user, or wrong password') if not verify_password(data.password, user.password): abort(403, 'No such user, or wrong password') access_token = create_access_token(identity=user.email) refresh_token = create_refresh_token(identity=user.email) access_expire = current_app.config['JWT_ACCESS_TOKEN_EXPIRES'] refresh_expire = current_app.config['JWT_REFRESH_TOKEN_EXPIRES'] resp = jsonify( { 'access': access_token, 'refresh': refresh_token, 'accessExpire': int(access_expire.total_seconds()), 'refreshExpire': int(refresh_expire.total_seconds()), } ) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) refresh_path = current_app.config['JWT_REFRESH_COOKIE_PATH'] refresh_secure = current_app.config['JWT_COOKIE_SECURE'] refresh_expire_date = datetime.now() + refresh_expire resp.set_cookie( 'refresh_expire', value=str(refresh_expire_date), expires=refresh_expire_date, path=refresh_path, httponly=True, secure=refresh_secure, ) return resp
def login(): """Login local user.""" login_form_data = request.get_json() username = login_form_data.get('username') password = login_form_data.get('password') # Fetch user from db user = _datastore.get_user(username) if user and verify_password(password, user.password): try: login_user(user) return current_user.email except Exception: return jsonify({ "error": "Something went wrong with the login. Please try again" }), 400 else: return jsonify({ "error": "The credentials you enter are not correct. Please try again" }), 403
def _login_with_credentials(credentials): config = get_runtime_config_private_dict() username = credentials.get('username') password = credentials.get('password') email = _fix_email(username, config) user = User.query.filter_by(email=email).first() if current_app.config['TESTING']: if user is None: user = get_or_create_user({'email': email}) if not login_user(user): _logger.error('Could not login user {}', email) error_abort('Login failed', code=requests.codes.unauthorized) return _make_success_login_response(user) if user is not None and user.password: if verify_password(password, user.password): login_user(user) return _make_success_login_response(user) _logger.debug('Could not login user locally (no user or password mismatch)') return _login_with_ldap(email, password, config)
def _http_auth(self, user, username, password): """Perform basic user authentication - Check that the password that was passed in the request can be verified against the password stored in the DB :param user: The DB user object :param username: The username from the request :param password: The password from the request :return: The DB user object """ self.logger.debug('Running basic HTTP authentication') if not user: raise_unauthorized_user_error( 'Authentication failed for ' '<User username=`{0}`>'.format(username) ) if not verify_password(password, user.password): self._increment_failed_logins_counter(user) raise_unauthorized_user_error( 'Authentication failed for {0}.' ' Bad credentials or locked account'.format(user) ) return user