def login_user():
"""User login."""
data = json.loads(request.data)
uname = data.get('uname')
password = data.get('pass')
dummy = True # If problem with implementation, fails closed.
if not uname:
dummy = True
else:
user = User.query.filter(User.uname == uname.lower()).first()
if user is None:
dummy = True
elif user.deleted:
dummy = True
else:
dummy = False
if dummy == True: # Helps prevent side channel timing attacks.
check_password(password)
abort(403)
else:
hash_match = check_password(password, user.salt, user.pass_hash)
if hash_match is True:
session['id'] = auth_change(request.remote_addr,
request.user_agent, user.id)
return jsonify({'uid': user.id})
else:
abort(403)
def auth_acc() -> Tuple[str, bool, str]:
os.chdir('TheFourth')
files = os.listdir('notes')
for i in range(3):
try:
auth_acc = input("Введите ваш логин от аккаунта:")
if auth_acc in files:
os.chdir('notes')
os.chdir(auth_acc)
with open("maininf.conf", 'r', encoding='utf-8') as auth_file:
method = auth_file.readline().rstrip().split(' ')
for i in range(3):
try:
auth_p = input("Введите пароль для аккаунта:")
if security.check_password(method[1], auth_p) is True:
return auth_acc, True, auth_p
else:
i += 1
if i == 3:
os.chdir('..')
return auth_acc, False, auth_p
except BaseException:
print("Проблемы с паролем")
else:
i += 1
if i == 3:
return auth_acc, False, auth_p
except FileNotFoundError:
print("Не найдено такого аккаунта")
return auth_acc, False, auth_p
def sign_in():
params = request.get_json()
user = models.User.query.filter_by(email=params["email"]).first()
if user is None:
return jsonify(error="User doesn't exist")
if check_password(params["password"], user.password):
return jsonify({"ok": True})
else:
return jsonify({"notok": True})
def login(username, password):
"""returns the dict:
\"success\": bool,
\"user_id\": user_id
"""
if user_exist(username):
user_password = db.get_password_db(username)
if user_password:
login_success = sec.check_password(password, user_password[0],
user_password[1])
if login_success:
return {
"success": True,
"user_id": db.get_userid_db(username)[0]
}
return {"success": False}
def login(request):
try:
validate(instance=request.json, schema=login_schema)
user = DBSession.query(User).filter(User.email == request.json['email']).first()
if user:
if check_password(user.password, request.json['password']):
request.response.status = 200
return {
'id' : user.id,
'group' : user.group,
'token' : request.create_jwt_token(user.id)
}
except:
request.response.status = 400
return {'msg' : MESSAGES['request']}
request.response.status = 403
return {'msg' : MESSAGES['login']}
def login():
username = request.form.get('username')
password = request.form.get('password')
validate = validate_login(username, password)
if validate is True:
username, password = username.strip(), decrypt_password(password)
customer = Customer.query.filter_by(username=username).all()
if len(customer) == 1:
pwhash = username + password
pwd = customer[0].password
if check_password(pwd, pwhash):
cookie = generate_cookie(username, password)
if add_cookie(cookie, {username: password}):
return render_200(cookie)
return render_400(_('login failed'))
return render_400(_('The password invalid'))
return render_400(_('The username invalid'))
return validate
def authentication() -> str:
try:
flag = 0
way = os.getcwd()
bd_way = os.path.join(way, 'bd.txt')
flag = start_file(bd_way)
if flag == 3:
print("Создайте аккаунт")
access = ''
return access
while flag < 3:
login = input("\nВведите логин\n")
flag += 1
with open(bd_way, 'r', encoding='utf-8') as bd_file:
for line in bd_file:
line = line.rstrip('\n')
login1, hash_salt, access = line.split('|')
if login == login1:
i = 0
while i != 3:
password = input("Введите пароль\n")
if sec.check_password(hash_salt, password):
print("Успешно")
i = 2
sec.security_sys_files(bd_way)
return access
else:
print("Неверный пароль")
i += 1
if i == 3:
print("Слишком много попыток")
if login != login1:
print("Данный пользователь не найден")
if flag == 3:
print("Слишком много попыток")
except FileNotFoundError:
sec.security_sys_files(bd_way)
print("Создайте аккаунт")
except Exception:
sec.security_sys_files(bd_way)
print("Ошибка")
assert False
def delete_acc() -> bool:
os.chdir('TheFourth')
files = os.listdir('notes')
for j in range(3):
try:
delete_login = input("Введите логин аккаунта который удаляете:")
if delete_login in files:
break
else:
j += 1
if j == 3:
os.chdir('..')
return False
except FileNotFoundError:
print("Не найдено такого аккаунта")
os.chdir('notes')
os.chdir(delete_login)
with open("maininf.conf", 'r', encoding='utf-8') as delete_file:
method = delete_file.readline().rstrip().split(' ')
for i in range(3):
try:
delete_pass = input("Введите пароль для данного аккаунта:")
if security.check_password(method[1], delete_pass) is True:
check = True
break
else:
i += 1
if i == 3:
os.chdir('..')
os.chdir('..')
os.chdir('..')
return False
except BaseException:
print("Проблемы с паролем")
if check is True:
os.chdir('..')
shutil.rmtree(delete_login)
os.chdir('..')
os.chdir('..')
return True
return False
def check_password(self, password):
return check_password(password, self.password)
def check_pw(self, pw, hashed_pw):
return check_password(pw, hashed_pw)
def is_password_valid(_login, user_password):
hashed_password = fetch_user(_login).password
return check_password(hashed_password, user_password)
def change_password() -> bool:
os.chdir('TheFourth')
files = os.listdir('notes')
for j in range(3):
try:
change_login = input("Введите логин аккаунта который изменяете:")
if change_login in files:
break
else:
j += 1
if j == 3:
os.chdir('..')
return False
except FileNotFoundError:
print("Не найдено такого аккаунта")
os.chdir('notes')
os.chdir(change_login)
with open("maininf.conf", 'r', encoding='utf-8') as change_file:
method = change_file.readline().rstrip().split(' ')
for i in range(3):
try:
change_pass = input("Введите пароль для данного аккаунта:")
if security.check_password(method[1], change_pass) is True:
check = True
break
else:
i += 1
if i == 3:
os.chdir('..')
os.chdir('..')
os.chdir('..')
return False
except BaseException:
print("Проблемы с паролем")
if check is True:
for i in range(3):
try:
new_pass = input("Введите ваш новый пароль(без пробелов):")
if ' ' in new_pass:
i += 1
elif len(new_pass) < 1:
i += 1
elif len(new_pass) > 30:
i += 1
else:
choise = True
break
if i == 3:
os.chdir('..')
os.chdir('..')
os.chdir('..')
return False
except BaseException:
print("Проблемы с паролем")
if choise is True:
with open('encodeinf.conf', 'rb') as encode_file:
encode_key = encode_file.read()
master_key = security.master_key(change_pass)
new_master_key = security.master_key(new_pass)
new_encode_key = security.decrypt(encode_key, master_key)
new_encode_key = security.encrypt(new_encode_key, new_master_key)
mainf = open("maininf.conf", 'w')
mainf.write(change_login + ' ' + security.hash_password(new_pass))
mainf.close()
encodefile = open("encodeinf.conf", 'wb')
encodefile.write(new_encode_key)
encodefile.close()
os.chdir('..')
os.chdir('..')
os.chdir('..')
return True
return False
def sign(login, password):
db_password = repository.get_password(login)
return security.check_password(password, db_password)