def register(): newUser = request.get_json() if UserModel.find_by_username(newUser['username']): return {'message':'Username already exists'}, 400 user = UserModel(newUser['username'],hash_password(newUser['password'])) user.save_to_db() return jsonify({'message':'User created successfully'})
def register_account(cls, username, password, email): hashed_password = security.hash_password(password) account = Account(username=username, hashed_password=hashed_password, email=email) account.put() return account
def consumer_edit(request): consumer = DBSession.query(Consumer).get(int(request.matchdict['id'])) if DBSession.query(User).filter(User.email == request.json['email']).filter(User.id != consumer.id).one_or_none(): request.response.status = 403 return {'msg' : MESSAGES['email']} consumer.email = request.json['email'] consumer.password = hash_password(request.json['password']) consumer.first_name = request.json['first_name'] consumer.second_name = request.json['second_name'] consumer.languages = request.json['languages'] consumer.gender = request.json['gender'] if 'interests' in request.json.keys(): old_interests = set(map(lambda x: x.id, consumer.interests)) new_interests = set(request.json['interests']) to_remove = old_interests.difference(new_interests) to_add = new_interests.difference(old_interests) try: if len(to_remove): DBSession.execute(consumer_interests.delete() .where(and_(consumer_interests.c.consumer_id == consumer.id, consumer_interests.c.course_category_id.in_(to_remove)))) if len(to_add): DBSession.execute(consumer_interests.insert(), [ {'consumer_id': consumer.id, 'course_category_id': x} for x in to_add ]) except SQLAlchemyError as e: LOG.exception(e.message) request.response.status = 500 return {'msg' : MESSAGES['db'], 'err' : e.message} DBSession.flush() request.response.status = 200 return {'msg' : MESSAGES['ok']}
def user(): url = __check_login('user') if url: return redirect(url) usererrors = [] userform = UserForm(prefix="user") user = get_user(session['email']) if request.method == 'GET': # Add default values userform.email.data = user.email userform.first_name.data = user.short_name userform.last_name.data = user.family_name userform.alias.data = user.alias elif userform.validate_on_submit(): if (validate_login(session['email'], userform.password.data)): # Update info user.email = userform.email.data user.short_name = userform.first_name.data user.family_name = userform.last_name.data user.full_name = userform.first_name.data + " " + userform.last_name.data user.alias = userform.alias.data if userform.alias.data != "" else None if (userform.new_password.data): user.password = hash_password(userform.new_password.data) save_user(user) flash(_(u'Information updated')) else: usererrors.append(_(u'Invalid password')) if userform.errors: for key, value in userform.errors.items(): usererrors.append(key + ': ' + value[0]) return render_template('user.html', userform=userform, usererrors=usererrors)
def create_tables(): for sql in create_tables_SQL: process_sql(sql) if not process_sql("Select * FROM LoginTbl"): pwdhash = security.hash_password('password') process_sql("INSERT INTO LoginTbl VALUES (?, ?)", parameters=('admin', pwdhash))
def post(self): newUser = UserRegister.parser.parse_args() if UserModel.find_by_username(newUser['username']): return {'message': 'Username already exists'}, 400 user = UserModel(newUser['username'], hash_password(newUser['password']), newUser['email']) user.save_to_db() return {'message': 'User created successfully'}
def post(self): data = UserRegister.parser.parse_args() if UserModel.find_by_username(data['username']): return {"message": "A user with that username already exists"}, 400 user = UserModel(data['username'], hash_password(data['password'])) user.save_to_db() return {"message": "User created successfully."}, 201
def create_user(db: Session, user: UserCreate) -> User: """ Create a new entry in the database user table """ user_data = user.dict() user_data["password"] = hash_password(user.password) db_user = User(**user_data) db.add(db_user) db.commit() db.refresh(db_user) return db_user
def registration(cursor, data): data.update({'registration_time': utility.get_date_time(), 'reputation': 0, 'hashed_pw': security.hash_password(data['password'])}) cursor.execute( sql.SQL(''' INSERT INTO users (user_name, hashed_pw, reputation, registration_time) VALUES (%(username)s, %(hashed_pw)s, %(reputation)s, %(registration_time)s); '''), data )
def create_new_acc() -> bool: os.chdir('TheFourth') files = os.listdir('notes') for i in range(3): try: new_login = input("Придумайте логин аккаунта(без пробелов):") if ' ' in new_login: i += 1 elif len(new_login) < 1: i += 1 elif len(new_login) > 100: i += 1 elif new_login in files: i += 1 else: break if i == 3: os.chdir('..') return False except BaseException: print("Проблемы с логином") for i in range(3): try: new_password = input("Придумайте пароль аккаунта(без пробелов):") if ' ' in new_password: i += 1 elif len(new_login) < 1: i += 1 elif len(new_login) > 30: i += 1 else: choise = True break if i == 3: os.chdir('..') return False except BaseException: print("Проблемы с паролем") if choise is True: os.chdir('notes') os.mkdir(new_login) os.chdir(new_login) master_key = security.master_key(new_password) encode_key = security.encrypt(security.secret_key(), master_key) mainfile = open("maininf.conf", 'w') mainfile.write(new_login + ' ' + security.hash_password(new_password)) mainfile.close() encodefile = open("encodeinf.conf", 'wb') encodefile.write(encode_key) encodefile.close() os.chdir('..') os.chdir('..') os.chdir('..') return True return False
def post(self): """Register a new user.""" req_body = request.get_json() not_found = [] required_fields = ("email", "password") for field in required_fields: if field not in req_body.keys(): not_found.append(field) if not_found: return ( f"Required field(s) not found:" f" {', '.join(field for field in not_found)}", 400, ) # Check if email is valid user_email = req_body["email"] try: validate_email(user_email) except ValidationError: return "Incorrect format for field: email", 400 # Check if password is secure enough user_password = req_body["password"] try: validate_password(user_password) except ValidationError: return ( "Password is not secure enough: include at least one uppercase," " one lowercase, one number and one symbol, and keep it between" " 12 and 255 characters long. Whitespace is not allowed.", 400, ) salt = generate_random_salt() hashed_password = hash_password(user_password, salt) # noinspection PyArgumentList new_user = User( email=user_email, password=hashed_password, salt=str(salt, encoding=ENCODING), ) db.session.add(new_user) try: db.session.commit() except IntegrityError: return {}, 409 apikey = get_or_create_api_key(new_user) return apikey, 201
def login_query(self, form): """Login if credentials match""" if not form: return None username = form.get("username") hashed_password = hash_password(form.get("password")) result = self._is_user(username, hashed_password) if result: return {"username": username, "secret": hashed_password} else: return None
def create_list(): params = request.get_json() user.name = params['name'] user.email = params['email'] user.password = hash_password(params['password']) db.session.add(user) db.session.commit() return jsonify(user)
def add_user(self, new_user, request): root = firstpyramid.root_factory(request) root['users'].update({ new_user['username']: { 'password': hash_password(new_user['password']), 'name': new_user['name'] } }) transaction.commit()
def register(): """Create user, add to the database.""" # submit button disabled if any field is left blank # cleared form in component after fetch to resolve infinite loop data = request.get_json() username = data.get('username') fname = data.get('fname') user_region = data.get('user_region') password = data.get('password') confirm_password = data.get('confirm_password') # check if a user is logged in, if so redirect to /garden current_user = session.get('user_id') if current_user is not None: flash("You're already logged in!") return jsonify({'response': 'success'}) # check if username exists in db, if so redirect to /register user = crud.get_user_by_username(username) if user: flash("Username is already registered, please try another name.") return jsonify({'response': 'failed'}) # if passwords entered don't match, redirect to /register if password != confirm_password: flash("Passwords do not match, please try again.") return jsonify({'response': 'failed'}) # if password, encrypt if password is not None: hashed = hash_password(password) # create new user in db new_user = crud.create_user(username=username, fname=fname, password_hash=hashed, user_region=user_region) # create garden in db associated with new user new_usergarden = crud.create_user_garden(user_id=new_user.user_id) # save user_id, user_region, usergarden_id and fname to session session['usergarden_id'] = new_usergarden.usergarden_id session['user_id'] = new_user.user_id session['user_region'] = new_user.user_region session['fname'] = new_user.fname flash(f"Welcome, { fname }!") # redirect to /garden return jsonify({'response': 'success'})
def provider_edit(request): provider = DBSession.query(Provider).get(int(request.matchdict['id'])) if DBSession.query(User).filter(User.email == request.json['email']).filter(User.id != provider.id).one_or_none(): request.response.status = 403 return {'msg' : MESSAGES['email']} provider.email = request.json['email'] provider.password = hash_password(request.json['password']) provider.name = request.json['name'] provider.website = request.json['website'] provider.about = request.json['about'] DBSession.flush() request.response.status = 200 return {'msg' : MESSAGES['ok']}
def patch(self, user): """Edit individual fields on a user. Non-admins can only edit some fields on their own account. """ req_data = request.get_json() invalid_fields = [] modified = 0 for key in req_data: if not hasattr(user, key) or key in ("id", "salt"): invalid_fields.append(key) continue if not invalid_fields: if key == "email": new_email = req_data[key] try: validate_email(new_email) except ValidationError: return "Invalid format for email address.", 400 user.email = new_email modified += 1 elif key == "password": new_password = req_data[key] try: validate_password(new_password) except ValidationError: return "New password is not secure enough or too long.", 400 new_salt = generate_random_salt() user.password = hash_password(new_password, new_salt) user.salt = new_salt modified += 1 elif key == "lemmas": lemma_refs = req_data[key] if isinstance(lemma_refs[0], int): lemma_filter = Lemma.id.in_(lemma_refs) else: lemma_filter = Lemma.content.in_(lemma_refs) lemmas = Lemma.query.filter(lemma_filter) user.lemmas.extend(lemmas) modified += 1 if invalid_fields: return f"Invalid fields: {', '.join(invalid_fields)}", 400 if not modified: return "No valid field specified.", 400 db.session.commit() return {}, 204
def write_bd(login: str) -> Tuple[str, str]: password = input("Введите пароль\n") hash_salt = sec.hash_password(password) flag = True while flag: try: dir_name = str(random.randint(0, 1000)) os.mkdir(dir_name) flag = False break except Exception: pass str0 = f'{login}|{hash_salt}|{dir_name}\n' return str0, dir_name
def provider_add(request): if DBSession.query(User).filter(User.email == request.json['email']).one_or_none(): request.response.status = 403 return {'msg' : MESSAGES['email']} provider = Provider() provider.email = request.json['email'] provider.password = hash_password(request.json['password']) provider.name = request.json['name'] provider.website = request.json['website'] provider.about = request.json['about'] provider.group = 'provider' DBSession.add(provider) DBSession.flush() request.response.status = 200 return {'provider_id' : provider.id}
def consumer_add(request): if DBSession.query(User).filter(User.email == request.json['email']).one_or_none(): request.response.status = 403 return {'msg' : MESSAGES['email']} consumer = Consumer() consumer.email = request.json['email'] consumer.password = hash_password(request.json['password']) consumer.first_name = request.json['first_name'] consumer.second_name = request.json['second_name'] consumer.languages = request.json['languages'] consumer.gender = request.json['gender'] consumer.group = 'consumer' DBSession.add(consumer) DBSession.flush() request.response.status = 200 return {'consumer_id' : consumer.id}
def create_user(): try: body = request.get_json() email = extract_field_from_body('email', body) password = extract_field_from_body('password', body) nickname = extract_field_from_body('nickname', body) if email == None: raise Exception('Field email is missing.') if password == None: raise Exception('Field password is missing.') if nickname == None: raise Exception('Field nickname is missing.') data = { 'email': email, 'password': security.hash_password(password), 'nickname': nickname } code, res = io_service.post('/users', data) if code == 201: activation_token = generate_activation_token() data = {'user_id': res['id'], 'token': activation_token} io_service.post('/activation_tokens', data) data = {'email': email, 'token': activation_token} email_service.get('/', data) return Response(json.dumps(res), status=201, mimetype='application/json') return Response('Bad request.', status=400, mimetype='application/json') except Exception as e: return Response(str(e), status=400, mimetype='application/json')
def register(): if len(request.form['username']) == 0 or len( request.form['password']) == 0: return json.dumps({'error': 'username or password is empty'}) if security.check_text_validity(request.form['username']): if not security.check_password_validity(request.form['password']): return json.dumps({'error': 'invalid character in password'}) if data_manager.get_username(request.form['username']): return json.dumps({'error': 'username already exists'}) password = security.hash_password(request.form['password']) user = data_manager.user_register(request.form['username'], password) print(user) session['username'] = user['username'] session['user_id'] = user['id'] return json.dumps({'redirect': True}) return json.dumps({'error': 'invalid character in username'})
def route_registration(): if request.method == 'POST': username = request.form.get('username') if data_handler.get_data_by_username(username): return render_template('signup.html', usernametaken=True, registration=True) password = hash_password(request.form.get('password')) registration_date = datetime.now().strftime('%Y-%m-%d %H:%M:%S') data_handler.add_new_user(username, password, registration_date) user_id = str(data_handler.get_data_by_username(username)[0]["id"]) response = make_response(redirect(url_for('route_list'))) response.set_cookie('user_id', user_id) response.set_cookie('username', username) return response return render_template('signup.html', registration=True)
def post(self): """Log the user in, verifying and matching login data to an API key.""" req_data = request.get_json() user = User.query.filter_by(email=req_data["username"]).first() # To prevent timing attacks, get fake data and effect normal check operations # even if the user is not found. getattr() is used because user could be None. stored_password = getattr(user, "password", None) salt = getattr(user, "salt", "N/A") hashed_input = hash_password(req_data["password"], salt) if hashed_input == stored_password: apikey = get_or_create_api_key(user) return {"APIKey": apikey.key}, 200 return ( "Password is incorrect or the username entered is not registered.", 401)
def reset(reset_key): user = get_user_by_reset_key(reset_key) if user is None: flash(_(u'Invalid password reset link'), 'error') return redirect(url_for('troikas')) resetform = ResetForm() reseterrors = [] if resetform.validate_on_submit(): user.password = hash_password(resetform.password.data) user.password_reset_key = None user.password_reset_expire = None session['email'] = user.email save_user(user) flash(_(u'Password reset successful, you were logged in')) return redirect(url_for('troikas')) if resetform.errors: for key, value in resetform.errors.items(): reseterrors.append(key + ': ' + value[0]) return render_template('reset.html', resetform=resetform, reseterrors=reseterrors)
def password(self, value): if len(value) < 6: raise Exception("Password must be at least 6 characters long") self.password_hash = unicode(security.hash_password(value))
def change_password() -> bool: os.chdir('TheFourth') files = os.listdir('notes') for j in range(3): try: change_login = input("Введите логин аккаунта который изменяете:") if change_login in files: break else: j += 1 if j == 3: os.chdir('..') return False except FileNotFoundError: print("Не найдено такого аккаунта") os.chdir('notes') os.chdir(change_login) with open("maininf.conf", 'r', encoding='utf-8') as change_file: method = change_file.readline().rstrip().split(' ') for i in range(3): try: change_pass = input("Введите пароль для данного аккаунта:") if security.check_password(method[1], change_pass) is True: check = True break else: i += 1 if i == 3: os.chdir('..') os.chdir('..') os.chdir('..') return False except BaseException: print("Проблемы с паролем") if check is True: for i in range(3): try: new_pass = input("Введите ваш новый пароль(без пробелов):") if ' ' in new_pass: i += 1 elif len(new_pass) < 1: i += 1 elif len(new_pass) > 30: i += 1 else: choise = True break if i == 3: os.chdir('..') os.chdir('..') os.chdir('..') return False except BaseException: print("Проблемы с паролем") if choise is True: with open('encodeinf.conf', 'rb') as encode_file: encode_key = encode_file.read() master_key = security.master_key(change_pass) new_master_key = security.master_key(new_pass) new_encode_key = security.decrypt(encode_key, master_key) new_encode_key = security.encrypt(new_encode_key, new_master_key) mainf = open("maininf.conf", 'w') mainf.write(change_login + ' ' + security.hash_password(new_pass)) mainf.close() encodefile = open("encodeinf.conf", 'wb') encodefile.write(new_encode_key) encodefile.close() os.chdir('..') os.chdir('..') os.chdir('..') return True return False
def change_password(username, password): pwdhash = security.hash_password(password) sql = "UPDATE LoginTbl SET PasswordHash = ? WHERE Username=?" process_sql(sql, parameters=(pwdhash, username))
def is_valid_password(self, password): hashed_password, salt = self.hashed_password.split(',') computed_hashed_password = security.hash_password(password, salt) return self.hashed_password == computed_hashed_password
def add_user(username, password): pwdhash = security.hash_password(password) sql = "INSERT INTO LoginTbl (Username, PasswordHash) VALUES (?, ?)" process_sql(sql, parameters=(username, pwdhash))
def new(cls, username, password, email): hashed_password = security.hash_password(password) return cls.account.new(username=username, hashed_password=hashed_password, email=email)
def register_account(cls, username, password, email): hashed_password = security.hash_password(password) account = cls.new(username, hashed_password, email) return account.save()