def login(self,payload): email = payload['userName'] pword = payload['password'] type = payload['account-type'] if type == 'admin': admin = self.Admin.query.filter_by(email=email).first() if admin is None: return {'status':404,'account':admin,'message':'The provided email is not linked to an existing account.'} else: password = argon2.verify(pword,admin.account.pword) if password == True: return {'status':200,'account':admin.account,'message':'Login successful.'} else: return {'status':404,'account':admin.account,'message':'An incorrect password was provided.'} if type == 'user': user = self.Manager.query.filter_by(email=email).first() if user is None: return {'status':404,'account':user,'message':'The provided email is not linked to an existing account.'} else: password = argon2.verify(pword,user.account.pword) if password == True: return {'status':200,'account':user.account,'message':'Login successful.'} else: return {'status':404,'account':user.account,'message':'An incorrect password was provided.'} return {'status':400,'account':None,'message':'An invalid account type was given.'}
def generate_delete_token(sql_cursor, email, comment_id, thread_id): """ Generates a delete token and stores it within the database. ASSUMES comment_id, and thread_id ARE VALID get this through your dumb skull """ # TODO: check if email hashes for that comment and thread_id (and do the sleepy stuff) email_hash = db.get_delete_email_hash(sql_cursor, email, comment_id, thread_id) if email_hash is None: # hash anyway to obscure whether the email exists anyway res = argon2.verify("dingdong", settings.DUMMY_HASH) return None, None # well, looks like they provided the wrong email for the EXISTING hash if not argon2.verify(email, email_hash): return None, None # generate deltoken ID and deltoken secret, SHA256 the secret, and store the two in the DB del_token_id = secrets.token_urlsafe(settings.ID_BYTES) del_token_secret = secrets.token_urlsafe(settings.TOKEN_BYTES) # SHA256 the secret (we'll be storing this) del_token_secret_hash = hmac.new(settings.HMAC_SECRET, del_token_secret.encode('utf-8'), 'sha256').digest() db.store_delete_token(sql_cursor, del_token_id, del_token_secret_hash, comment_id, thread_id) return del_token_id, del_token_secret
def post(cls): """ Getting POST requests on the '/api/users/login' endpoint, and returning 200 http status code if username and password were correct. And 400 http status if user was not found or password didn't match. """ try: incoming_user = user_signin_schema.load(request.get_json()) except ValidationError as err: return err.messages, 400 ### db_session = g.flask_backend_session db_user = db_session.query(UserModel).filter_by( username=incoming_user["username"]).first() db_email_address = db_session.query(UserModel).filter_by( email_address=incoming_user["email_address"]).first() ### if db_user: if argon2.verify(incoming_user["password"], db_user.password): return make_response( jsonify({ "message": f"Login succesfull {db_user.username}", "user_uuid": db_user.user_uuid, "username": db_user.username, "origin": db_user.origin, }), 200, ) return make_response( jsonify({"message": "Username or password Incorect!"}), 400) elif db_email_address: if argon2.verify(incoming_user["password"], db_email_address.password): return make_response( jsonify({ "message": (f"Login succesfull " f"{db_email_address.email_address}"), "user_uuid": db_email_address.user_uuid, "username": db_email_address.username, "origin": db_email_address.origin, }), 200, ) return make_response( jsonify({"message": "Email address or password Incorect!"}), 400) else: return make_response( jsonify({"message": "Username or Email address not found."}), 400)
def configure(c, confdir=""): "Set the configuration" base_name = os.path.basename(sys.argv[0]) appname = str(base_name).replace(".py", "") c.config["appname"] = appname c.config["version"] = VERSION version = VERSION if confdir == "": dirs = AppDirs(appname, AUTHOR) confdir = dirs.user_data_dir #print(confdir) if not os.path.isdir(confdir): logging.warning("Creating config dir %s" % (confdir)) os.makedirs(confdir) conffile = os.path.join(confdir, "conf.db") c.config["confdir"] = confdir c.config["conffile"] = conffile with shelve.open(conffile) as app: vp = "" app["appname"] = c.config["appname"] app["version"] = c.config["version"] if not "app_hash" in app: logging.warning("Creating config file %s" % (conffile)) logging.warning("Vault Password not set, please set now") np = getpass.getpass(prompt='Set a vault password: '******'Re-enter vault password: '******'Enter vault password: ') # verify password if not argon2.verify(vp, phash): logging.error("Password verification failed. Try Again") exit() c.config["conffile"] = conffile c.config["passwd"] = vp
def verify_hash2(password, hvalue): """ Verify the hashed value :param val: :return: """ return argon2.verify(password, hvalue)
def home(): if request.method == "POST": #If no input, redirect back if ((request.form["user_name"] == "") or (request.form["password"] == "")): flash("Enter Credentials!") return redirect(url_for("home")) user_name = request.form["user_name"] password = request.form["password"] #Checking with database for username and password cur = mysql.connection.cursor() cur.execute( "SELECT user_id,password,role FROM users where user_name = %s ", [user_name]) row = cur.fetchone() #If username is found on database, if row: #Checking password is correct or not if (argon2.verify(password, row[1])): session["user_id"] = row[0] session["role"] = row[2] flash("Login Succesful") return redirect(url_for("driver")) else: flash("Login Failed") return redirect(url_for("home")) else: flash("Could not find user") return redirect(url_for("home")) else: return render_template("index.html")
def login(): if session.get('user'): user = session['user'] return redirect(url_for('index')) username = str(request.form.get('username')) password = str(request.form.get('password')) db = get_db() cur = db.cursor() # [0] id, [1] username, [2] password, [3] token, [4] is_admin cur.execute('SELECT * FROM user WHERE username = %(username)s', {'username': username}) users = cur.fetchall() valid_user = False for user in users: if argon2.verify(password, user[2]): valid_user = user if valid_user: session['user'] = valid_user return redirect(url_for('index')) if request.method == 'POST': flash("Mauvais identifiants") return render_template('login.html.j2')
def account(): user_ID = session.get('user_ID') username = get_username(user_ID) if request.method == 'POST': current_password = request.form['current_password'] new_password = request.form['new_password'] repeated_password = request.form['repeated_password'] if not (username and new_password and repeated_password): flash("Fill in all the fields!", 'error') elif not (new_password == repeated_password): flash('Passwords do not match', 'error') elif new_password == current_password: flash('Pick a new password', 'error') else: record = get_data('SELECT password FROM tbl_users WHERE username = %s', username) password_correct = argon2.verify(current_password, record[0][0]) if password_correct: argon_hash = argon2.hash(new_password) update_password(argon_hash, user_ID) flash('Password changed', 'success') else: flash('Old password is wrong', 'error') return render_template('account.html', username=username)
def dash_login(): if request.method == 'GET': return render_template('login.html') elif request.method == 'POST': if not request.form.get("username") or not request.form.get( "password"): flash("You forgot to enter your username and/or password!") return redirect(url_for('dash_login')) user = User.query.filter( User.username == request.form.get('username')).first() if not user: flash("Incorrect username! and/or password!") return redirect(url_for('dash_login')) # Check Credentials if argon2.verify(request.form.get('password'), user.password): # login success session['id'] = user.id session['username'] = user.username session['access_level'] = user.access_level return redirect(url_for('portal')) else: flash("Incorrect username and/or password!") return redirect(url_for('dash_login')) else: return abort(400)
def login_user(self, data: "LoginData") -> bool: """ Logs in the user (through the application's login manager) described by the given login data if the user exists. Arguments: data (LoginData): The login data of the user to log in. Returns: `True` if the login data corresponds to an existing user and the entered password is correct, `False` otherwise. """ user = self.get_user(data.username) if user is None: return False from passlib.hash import argon2 try: if argon2.verify(data.password, self._password_getter(user)) and\ (self._verification_checker is None or self._verification_checker(user)): from flask_login import login_user login_user(user, remember=data.remember) return True except Exception: # Catch everything the verify method can raise. pass return False
def auth_username(): print('User Authentication.\nPlease type the user name:') username = input() assert username, 'Please type the user name.' try: cc.execute(select_username, (username,)) data_returned = cc.fetchone() assert data_returned is not None, 'User not found.' for _ in data_returned: print(f'Please type the password for {username}:') password = input() assert password, 'Please type a password' hashed_db_password = data_returned[1] checkpwd = argon2.verify(password, hashed_db_password) if checkpwd: print(f'The user "{username}" has been authenticated.') conn.close() callexit() else: print(f'Invalid password for "{username}".') conn.close() callexit() except conn.Error as error: print(f'Error: {error}')
def test_01_write_update_delete_cache(self): teststart = datetime.datetime.utcnow() r = add_to_cache(self.username, self.realm, self.resolver, self.password) self.assertTrue(r > 0) auth = AuthCache.query.filter(AuthCache.id == r).first() self.assertEqual(auth.username, self.username) self.assertTrue(argon2.verify(self.password, auth.authentication)) self.assertTrue(auth.first_auth > teststart) self.assertEqual(auth.last_auth, auth.first_auth) update_cache(r) auth = AuthCache.query.filter(AuthCache.id == r).first() self.assertTrue(auth.last_auth > teststart) r_delete = delete_from_cache(self.username, self.realm, self.resolver, self.password) self.assertEqual(r, r_delete) auth = AuthCache.query.filter( AuthCache.username == self.username).first() self.assertEqual(auth, None)
def altera_senha_de_usuario(): global senha print('--- Alteração das credencias de usuário ---\n') if checa_se_usuario_existe(): for alt in resultado['hits']['hits']: alteracoes = alt['_source']['alteracoes_senha'] + 1 senha_antiga = alt['_source']['senha'] senha = getpass(f'Digite a nova senha para o usuário {usuario}: ') if argon2.verify(senha, alt['_source']['senha']): callexit('Mesma senha anterior. Digite uma nova senha') else: pass if checa_qualidade_da_senha(senha) is True: hashedpwd = argon2.using(salt_size=64).hash(senha) data = datetime.now().strftime("%m/%d/%Y %H:%M:%S UTC−03:00") credenciais = {'doc': {'senha': hashedpwd, 'historico_de_senhas': {alteracoes: senha_antiga}, 'datas_alteracao_senha': {alteracoes: data}, 'alteracoes_senha': alteracoes}} ESEARCH.update(index="userdb", id=usuario, body=credenciais) print('Senha alterada com sucesso.') else: print(POLITICA_SENHA_VALIDA) else: callexit('Usuário inexistente.')
def login_process(): """Process login.""" # Get form variables email = request.form["email"] passwd = request.form["password"] if not email: flash("Missing email. Please try again.") return redirect("/login") if not passwd: flash("Missing password. Please try again.") return redirect("/login") user = User.query.filter_by(email=email).first() if not user: flash("No user found with that email. Please try again.") return redirect("/login") else: # hashed = argon2.hash(passwd) # del passwd if (argon2.verify(passwd, user.password)): session["user_id"] = user.user_id # TODO: add username or email to flash message. flash("Logged in successfully.") return redirect("/profile/%s" % user.user_id) else: flash("Password does not match.") return redirect("/login")
def login(): if session.get("user_id", False): flash("You're already logged in!", "info") return redirect(url_for("front.index")) if request.method == "POST": username = request.form["user"] password = request.form["password"] db_pass = db.query_db( "SELECT id, password FROM users WHERE username = ?", (username, ), True) if db_pass is None: flash("No such username: {}".format(username), "warn") return redirect(url_for("front.login")) if argon2.verify(password, db_pass["password"]): session.clear() session["user_id"] = db_pass["id"] flash("You're logged in as {}.".format(username), "info") return redirect(url_for("front.index")) else: flash("Incorrect password for {}.".format(username), "error") return redirect(url_for("front.login")) return render_template("front/login.html")
def login_(totp=False): req_fields = ['nickname', 'password'] if totp: req_fields.append('totp') valid, data, msg = form_data(req_fields) if valid: # busca un usuario con ese id (nickname) r = c.find_one({'_id': data['nickname']}) # Si lo encuentra continua con las comprobaciones valid = False if r: # Verifica la contraseña pasada if argon2.verify(data['password'], r['password']): # Si ha entrado por /login y en la BD no tiene el campo totp (login normal) try: if not totp and not ('totp' in r.keys()): valid = True # Si ha entrado por /login_totp y en la BD existe el campo totp y este es válido (login con totp) elif totp and ('totp' in r.keys()) and otp.valid_totp(token=data['totp'], secret=r['totp']): valid = True except KeyError: pass if valid: msg = "Bienvenido " + r['name'] print(msg) return msg else: msg = "Usuario o contraseña incorrectos" print(msg) return msg else: msg = "Datos inválidos: " + msg print(msg) return msg
def login () : if session.get('user'): user = session['user'] else : user = False email = str(request.form.get('email')) password = str(request.form.get('password')) db = get_db() cur = db.cursor() cur.execute('SELECT email, password, is_admin FROM user WHERE email = %(email)s', {'email' : email}) users = cur.fetchall() valid_user = False for user in users : if argon2.verify(password, user[1]) : valid_user = user if valid_user : session['user'] = valid_user return redirect(url_for('admin')) return render_template('login.html', user = user)
def login(): session.clear() error = None if request.method == "POST": if not request.form.get("username"): error = "Username Required" return render_template("login.html", error=error) elif not request.form.get("password"): error = "Password Required" return render_template("login.html", error=error) userinfo = User.query.filter_by( username=request.form.get("username")).first() if userinfo == None or not argon2.verify(request.form.get("password"), userinfo.hashword): error = "Invalid username and/or password" return render_template("login.html", error=error) session["user_id"] = userinfo.id return redirect(url_for("index")) else: return render_template("login.html")
def run(self): while True: passwordHash = None try: passwordHash = self.queue.get(block=True, timeout=1) if (passwordHash.count(':') != 1): print("[x]ERROR! Invalid hash format: " + passwordHash) return username = passwordHash.split(':')[0] encryptedPassword = passwordHash.split(':')[1] except: return try: cracked = 0 for password in passwordList: passwordCheck = argon2.verify(password, encryptedPassword) if (passwordCheck == True): print("[+] Successful Login! Username: "******" Password: "******"(" + passwordHash + ")") cracked = 1 break if (cracked == 0): print("[!] Unable to crack: " + username + " Password: " + encryptedPassword) except: raise self.queue.task_done()
def login(): '''用户登录 POST /api/login * 添加Token(建议)和session(不推荐,服务重启出现数据不一致) * 获取当前用户ID:get_jwt_identity() * 获取当前用户详情:get_jwt_claims() * session方式获取用户信息(不推荐):session['user_id'] ''' if not request.is_json: return jsonify({"msg": "Missing JSON in request"}), 400 schema = UserLoginSchema() data, errors = schema.load(request.json) if errors: return jsonify({"msg": errors}), 400 account = user.findOneByName(data['username']) if not account: return jsonify({"msg": {'username': '******'}}), 400 elif argon2.verify(data['password'], account.password): access_token = create_access_token(identity={ 'id': account.id, 'username': account.username, 'email': account.email }, fresh=True) resp = jsonify({'access_token': access_token}) set_access_cookies(resp, access_token) session['user_id'] = account.id # print(session['user_id']) return resp else: return jsonify({"msg": "用户名或密码错误"}), 403
def login(): if not ('logged_in' in session): if request.method == 'GET': return render_template('login.html') else: phone = request.form['phone'] password = request.form['password'] conn = sqlconnection() cursor = conn.execute( "SELECT PHONENUMBER ,PASSWORD FROM USERS WHERE PHONENUMBER=? ", (phone, )).fetchone() conn.close() if cursor is None: flash('Invalid Credentials', 'error') return redirect(url_for('login')) else: if argon2.verify(password, cursor[1]): if phone == "8197056461": session['admin'] = "admin" session['phone'] = phone flash('Welcome Admin') else: flash('Logged in successfully') session['logged_in'] = True session['phone'] = phone return redirect(url_for('teamInfo')) else: flash('Invalid Credentials', 'error') return redirect(url_for('login')) else: return "already logged in"
def login(): if request.method == 'GET': if not 'user_id' in session: return render_template('login.html') else: return redirect(url_for('index')) elif request.method == 'POST': db = mysqlDB() username = request.form['username'].strip() password = request.form['password'].strip() remember = request.form['remember'] parameters = [username, 0, ''] result = db.callproc('getUser', parameters) user_id = result[1] password_db = result[2] if user_id != None: if argon2.verify(password, password_db): if remember == 'on': session.permanent = True app.logger.info('session permanent') else: session.permanent = False session['user_id'] = user_id return redirect(url_for('index')) else: return render_template('login.html') return redirect(url_for('signup'))
def auth_user(self, user: str, password: str) -> Union[UserAccessMeta, None]: try: auth = self._auth_collection.find_one({"user": user}) return self._from_db(auth) if argon2.verify(password, auth.get("password", None)) else None except: logging.error("Auth Error: %s", sys.exc_info()[1]) return None
def authenticate(username, password): user = Users.query.filter_by(username=username).first() if user is None: return False username = user.username password_hash = user.password_hash return argon2.verify(password, password_hash)
def valid_password(self, passphrase: 'Optional[str]') -> bool: if not passphrase: return False # Avoid hashing passwords that are over the maximum length if len(passphrase) > self.MAX_PASSWORD_LEN: raise InvalidPasswordLength(passphrase) # No check on minimum password length here because some passwords # may have been set prior to setting the mininum password length. if self.passphrase_hash: # default case is_valid = argon2.verify(passphrase, self.passphrase_hash) else: # legacy support is_valid = pyotp.utils.compare_digest( self._scrypt_hash(passphrase, self.pw_salt), self.pw_hash) # migrate new passwords if is_valid and not self.passphrase_hash: self.passphrase_hash = \ argon2.using(**ARGON2_PARAMS).hash(passphrase) # passlib creates one merged field that embeds randomly generated # salt in the output like $alg$salt$hash self.pw_salt = None self.pw_hash = None db.session.add(self) db.session.commit() return is_valid
def is_password_matched(self, raw_password: str) -> bool: if self.password is None or len(self.password) == 0: return False try: return argon2.verify(raw_password, self.password) except exc.MalformedHashError: return False
def login_user(self, body): ''' User login to retrieve jwt tokens :param body: :return: ''' email, password = body['email'], body['password'] try: user = Users.objects.get(email=email) # "meta.is_deleted" if argon2.verify(password, user['password']): if user['is_active'] is True: user_id = str(user['_id']) access_token = create_access_token(identity=user_id) refresh_token = create_refresh_token(identity=user_id) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) redis_db.set(access_jti, 'false', app.config['JWT_ACCESS_TOKEN_EXPIRES']) redis_db.set(refresh_jti, 'false', app.config['JWT_REFRESH_TOKEN_EXPIRES']) return { "status": 202, "access_token": access_token, "refresh_token": refresh_token }, 202 else: message = "You are missing one step on your activation process, Please check your email for instruction to activate your user" error_handler(code=401, message=message, ui_status=True) else: message = "Your Credentials don't match with our registries" error_handler(code=401, message=message, ui_status=True) except DoesNotExist as e: message = "Your Credentials don't match with our registries" error_handler(code=401, message=message, ui_status=True)
def login(): if request.method == "GET": if 'username' in session: return redirect(url_for("index")) else: return render_template("login.html") if request.method == "POST": name = request.form['name'] passwd = request.form['pwd'] conn = getconn(dbname[0]) cur = conn.cursor() cur.execute("""select * from users where emorph='%s'""" % (name)) row = cur.fetchone() if row == None: return render_template("login.html", name=name, error="Email or Phone does not exist") if row[2] == name: if argon2.verify(passwd, row[3]): session['username'] = row[0] return redirect(url_for("index")) else: return render_template("login.html", name=name, error="Incorrect password") else: return render_template("login.html", name=name, error="Email or Phone does not exist") conn.close()
def login_process(): """Process login.""" #Get form variables email = request.form["email"] attempt_password = request.form["password"] user = User.query.filter_by(email=email).first() if not user: flash("No such user.") return redirect("/login") #Verify if the password matches the hashed password in the db hashed_password = user.password if not argon2.verify(attempt_password, hashed_password): flash("Incorrect password.") return redirect("/login") session["user_id"] = user.user_id session["user_name"] = user.name flash("Welcome Back!") return redirect("/dashboard/{}".format(user.user_id))
def check_hashed_password(incoming_password, hashed_password): """Checks if password matches encrypted hash""" if argon2.verify(incoming_password, hashed_password): return True else: return False
def is_password_valid(self, password): """ Checks if the password is correct. :param password: User profile password :return: (bool) True if valid :since: v0.2.00 """ _return = False with self: if (self.local.db_instance.type != AbstractProfile.TYPE_EXTERNAL_VERIFIED_MEMBER): password_type = self.local.db_instance.password_type if (password_type == PasswordGeneratorsMixin.PASSWORD_TYPE_MCF and PasswordGeneratorsMixin.PASSWORD_TYPE_MCF in self.password_generators_available ): _return = argon2.verify(password, self.local.db_instance.password) if (password_type == PasswordGeneratorsMixin.PASSWORD_TYPE_BLAKE2B and PasswordGeneratorsMixin.PASSWORD_TYPE_BLAKE2B in self.password_generators_available ): hashed_password = self._get_blake2b_password(password, self.local.db_instance.name) _return = (hashed_password == self.local.db_instance.password) # if (password_type == PasswordGeneratorsMixin.PASSWORD_TYPE_BLAKE2S and PasswordGeneratorsMixin.PASSWORD_TYPE_BLAKE2S in self.password_generators_available ): hashed_password = self._get_blake2s_password(password, self.local.db_instance.name) _return = (hashed_password == self.local.db_instance.password) # if (password_type == PasswordGeneratorsMixin.PASSWORD_TYPE_TMD5 and PasswordGeneratorsMixin.PASSWORD_TYPE_TMD5 in self.password_generators_available ): hashed_password = self._get_tmd5_password(password, self.local.db_instance.name) _return = (hashed_password == self.local.db_instance.password) # # # return _return
def pass_matches(self, postPass): return argon2.verify(postPass, self.password)