def login_action(): form=LoginForm(request.form) if request.method=='POST': username=request.form['username'] password=request.form['password'] user=User.query.filter_by(username=username).one() bcrypt=Bcrypt(app) if bcrypt.check_password_hash(user.password,password): session['user']=user.id return redirect(url_for('add_article')) return render_template('tachilab/login.html',form=form)
class BasicTestCase(unittest.TestCase): def setUp(self): app = flask.Flask(__name__) app.config['BCRYPT_LOG_ROUNDS'] = 6 self.bcrypt = Bcrypt(app) def test_is_string(self): pw_hash = self.bcrypt.generate_password_hash('secret') self.assertTrue(isinstance(pw_hash, str)) def test_not_string(self): pw_hash = self.bcrypt.generate_password_hash(42) self.assertTrue(isinstance(pw_hash, str)) def test_custom_rounds(self): password = '******' pw_hash1 = self.bcrypt.generate_password_hash(password, 5) self.assertNotEqual(password, pw_hash1) def test_check_hash(self): pw_hash = self.bcrypt.generate_password_hash('secret') # check a correct password self.assertTrue(self.bcrypt.check_password_hash(pw_hash, 'secret')) # check an incorrect password self.assertFalse(self.bcrypt.check_password_hash(pw_hash, 'hunter2')) # check unicode pw_hash = self.bcrypt.generate_password_hash(u'\u2603') self.assertTrue(self.bcrypt.check_password_hash(pw_hash, u'\u2603')) # check helpers pw_hash = generate_password_hash('hunter2') self.assertTrue(check_password_hash(pw_hash, 'hunter2')) def test_check_hash_unicode_is_utf8(self): password = u'\u2603' pw_hash = self.bcrypt.generate_password_hash(password) # check a correct password self.assertTrue(self.bcrypt.check_password_hash(pw_hash, '\xe2\x98\x83')) def test_rounds_set(self): self.assertEquals(self.bcrypt._log_rounds, 6)
def login(): form=LoginForm(request.form) if request.method=='POST' and form.validate(): try: admin=Admin.query.filter_by(username=request.form['username']).one() bcrypt=Bcrypt(app) if bcrypt.check_password_hash(admin.password,request.form['password']): session['admin_id']=admin.id return redirect('/') else: return render_template('admin_login.html',form=form,data='no password') except: return render_template('admin_login.html',form=form,data='no username') return render_template('admin_login.html',form=form,data='')
def login_action(): username = request.form["username"] password = request.form["password"] token = request.form["token"] usersService = UsersService() if username: usernameResult = usersService.first(username=username) else: usernameResult = False if not username: error = 'Please enter a username' elif not password: error = 'Please enter a password' elif not usernameResult: error = 'This user does not exist' elif not isTokenValid(token): error = 'The request did not come from Pycamp' else: error = False if not error and usernameResult: bcrypt = Bcrypt(app) if not bcrypt.check_password_hash(usernameResult.password, password): error = 'Invalid password entered' else: print 'logged in again' user = load_user(usernameResult.id) login_user(user) return redirect("/projects/list-projects") """session = request.environ['beaker.session'] if not session.has_key('username'): session['username'] = username session.save() return "Session value set." else: return session['username'] """ return render_custom_template('login/login.html', error=error, username=username)
def login(email, password): """Tries to log in a user Args: email_or_username: obvi. password: plaintext plaintext password Returns: User object if login succeeded False if login failed """ ret = False bcrypt = Bcrypt() user = User.find_by_email(email) if user and bcrypt.check_password_hash(user.password, password): ret = user return ret
class UserApi(Resource): def __init__(self): self.db = current_app.config['DB'] self.bcrypt = Bcrypt(current_app) def abort(self, response=None): if response is None: abort(400) return (response, 400) def prettify(self, user): return { 'login': user['login'], 'role': 'Admin' if user['admin'] else 'User' } def find_user(self, login=None): if login is None: login = request.json['login'] return self.db.User.find_one({'login': login}) def get(self, login=None): if login: user = self.find_user(login) if user: return self.prettify(user) else: return [ self.prettify(r) for r in self.db.User.find() ] def post(self): if request.json is None: return self.abort({'message': "Data required"}) if self.find_user(): return {'message': "User already exists"} user = self.db.User() user['login'] = request.json['login'] user['password'] = self.bcrypt.generate_password_hash( request.json['password'] ) user.save() return ({'message': 'User created successfully!'}, 201) def put(self, login): user = self.find_user(login) if user is None: return self.abort({'message': "User not found"}) curr_pass = request.json.get('current_password', '') if not self.bcrypt.check_password_hash( user['password'], curr_pass): return self.abort({'message': "Invalid password"}) new_pass = request.json.get('new_password', '') if new_pass == curr_pass: return self.abort({'message': "New password should be different than the old one"}) confirm_pass = request.json.get('confirm_password') if not new_pass: return self.abort({'message': "Please provide new password"}) if new_pass != confirm_pass: return self.abort({'message': "New password confirmed incorrectly"}) user = self.db.User(user) user['password'] = self.bcrypt.generate_password_hash( request.json['new_password'] ) user.save() return {'message': "Password changed"} def delete(self, login): user = self.find_user(login) if user: self.db.User(user).delete() else: return self.abort({'message': "User was not found"}) if self.find_user(login) is not None: return self.abort({'message': "User still exists"}) return {'message': "User deleted successfully"}