def test_check_password(self):
""" Ensure given password is correct after unhashing """
data = {"password" : "admin", "email" : "*****@*****.**"}
with self.client:
user = User.query.filter_by(email='*****@*****.**').first()
self.assertTrue(bcrypt.check_password_hash(user.password, "admin"))
self.assertFalse(bcrypt.check_password_hash(user.password, 'foobar'))
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(email=post_data.get('email')).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(responseObject)), 500
def login_user() -> APIResponse:
post_data = request.get_json()
if not post_data:
return jsonify({
'status': 'error',
'message': 'Invalid payload.'
}), http_response.BAD_REQUEST
try:
user = User.query.filter_by(email=post_data.get('email')).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
return jsonify({
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': encode_auth_token(user.id).decode()
}), http_response.OK
else:
return jsonify({
'status': 'error',
'message': 'User does not exist.'
}), http_response.NOT_FOUND
except Exception as e:
print(e)
return jsonify({
'status': 'error',
'message': 'Try again.'
}), http_response.INTERNAL_SERVER_ERROR
def post(self):
if not request.is_json:
return jsonResponse({"err": "TypeError: Not JSON Type Request."},
400)
user_id = request.json.get('userId', None)
password = request.json.get('password', None)
user = User.query.filter_by(user_id=user_id).first()
match = bcrypt.check_password_hash(user.password, password)
res = {
'title': 'AjouNICE!',
'message': '빤스런 프로젝트 아주나이스 - 아주대 차세대 학부 커뮤니티 서비스',
'APIName': '/auth/login',
'APIDescription': '로그인 토큰처리',
}
if match:
# 사용자 마지막 로그인 IP 및 일시 업데이트
user.log_ip = request.remote_addr
user.log_dt = datetime.now(tz=timezone(timedelta(hours=9)))
db.session.commit()
tokenizer = Tokenizer(secret=SECRET_KEY)
tokenizer.create_payload(user, request.remote_addr)
access_token = tokenizer.create_access_token()
res['result'] = {
'code': '201',
'access_token': access_token,
'auth_email_yn': user.auth_email_yn
}
return jsonResponse(res, 201)
res['result'] = {'code': '401', 'message': '로그인 정보가 올바르지 않습니다.'}
return jsonResponse(res, 401)
def post(self):
try:
users = mongo_db.db.users
login_user = users.find_one({'email': request.json['email']})
if login_user:
if bcrypt.check_password_hash(login_user['password'],
request.json['password']):
auth_token = models.encode_auth_token(
str(login_user['_id']))
if auth_token:
response_object = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(response_object)), 200
else:
response_object = {
'status': 'fail',
'message': 'Please enter valid email or password.'
}
return make_response(jsonify(response_object)), 401
else:
response_object = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(response_object)), 404
except Exception as e:
print(e)
response_object = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(response_object)), 500
def login():
'''
login
1. check validity of email such as [email protected] etc...
2. via digest to compare user input password and password in the DB
'''
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if not user:
flash('Login Failed,Please Check Your Email', 'danger')
return render_template('login.html', title='Login', form=form)
'''
To compare hashpassword (backend and user-input)
'''
hashed_password = bcrypt.generate_password_hash(user.password)
if bcrypt.check_password_hash(hashed_password, form.password.data):
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(
url_for('home'))
#return '<p>White Test two Digests are The Same</p>'
else:
#return 'White Test two Digests are not The Same'
flash('Login Failed,Please check your Password', 'danger')
return render_template('login.html', title='Login', form=form)
def verify_user(username, password):
# lookup user by user name
user = session.query(User).filter(User.username == username).one()
#return false if user does not exist
if not user:
return False
# compare (hashed) input password to hashed value stored in table
# return true or false for the passwords matching
return bcrypt.check_password_hash(user.pw_hash, password)
def verify_user(username, password):
# lookup user by user name
user = session.query(User).filter(User.username == username).one()
#return false if user does not exist
if not user:
return False
# compare (hashed) input password to hashed value stored in table
# return true or false for the passwords matching
return bcrypt.check_password_hash(user.pw_hash, password)
def index(self):
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
admin = AdminModel.query.filter_by(name=form.name.data).first()
if admin and bcrypt.check_password_hash(admin.password, form.password.data):
login_user(admin, remember=form.remember.data)
return redirect(url_for('home'))
return self.render('admin/login.html', form=form)
def login_for_teacher():
r = get_request()
if r.is_json and 'password' in r.json and bcrypt.check_password_hash(get_teacher_password_hash(), r.json['password']):
# Cherche si un token existe
t: Token = get_or_create_token_for(None, True)
return flask.jsonify({'token': t.token})
else:
return ERRORS.INVALID_PASSWORD
def get_user(username_or_email, password):
"""
query for the user from the database. can bu found via username or email, needs to input the corresponding password
:param username_or_email: username or email of the user (str)
:param password: users password (str)
:return: user object from the db
"""
user = TeacherModel.query.filter_by(email=username_or_email).first() or \
TeacherModel.query.filter_by(username=username_or_email).first() # User can be validated with both username and email
if user and bcrypt.check_password_hash(user.password, password):
return user
def get(self):
parser = reqparse.RequestParser()
parser.add_argument('username', type=str)
parser.add_argument('password_hash', type=str)
user = models.User.objects.get(
username=parser.parse_args()['username'])
print(
bcrypt.check_password_hash(user.password,
parser.parse_args()['password']))
if user and bcrypt.check_password_hash(
user.password,
parser.parse_args()['password']):
return jsonify({
'username': user.username,
'address': user.address,
'authenticated': True,
'registered_on': user.registered_on
})
else:
return 'AUTHENTICATION ERROR'
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(
user.password, request.form['password']):
login_user(user)
flash('You are logged in. Welcome!', 'success')
return redirect(url_for('user.members'))
else:
flash('Invalid email and/or password.', 'danger')
return render_template('user/login.html', form=form)
return render_template('user/login.html', title='Please Login', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user, remember=form.remember.data)
flash("You have been logged in successfully", 'success')
return redirect(url_for('main'))
else:
flash("Login Unsuccessful,Please check your email and password",
'danger')
return render_template('login.html', title="Login", form=form)
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
request.form['password']):
login_user(user)
flash('You are logged in. Welcome!', 'success')
return redirect(url_for('user.members'))
else:
flash('Invalid email and/or password.', 'danger')
return render_template('user/login.html', form=form)
return render_template('user/login.html', title='Please Login', form=form)
def account():
form = UpdateAccountForm()
db = current_app.config["db"]
user_id = db.get_user_id(current_user.username)
pp = url_for('static', filename='profile_pics/' + current_user.profile_pic)
#image_file = url_for('static', filename='profile_pics/' + current_user.profile_pic)
if form.validate_on_submit():
tmp = get_user(current_user.username)
password = form.password.data
if bcrypt.check_password_hash(tmp.password, password):
temp = User(username=form.username.data,password=tmp.password,email=form.email.data, phone=form.password.data, profile_pic=current_user.profile_pic)
if form.picture.data:
picture_file = save_picture(form.picture.data)
temp.profile_pic = picture_file
if form.phone.data:
temp.phone = form.phone.data
db.update_user(temp,user_id)
#flash('Your account has been update!', 'success')
return redirect(url_for('account'))
else:
return ("Please enter correct password")
elif request.method == 'GET':
form.username.data = current_user.username
form.password.data = current_user.password
form.phone.data = current_user.phone
form.email.data = current_user.email
#######yukarısı update kısmı
post_list = db.bring_users_post(current_user.username)
posts = []
for item in post_list:
#user,item,date
#user = db.get_username_from_id(item[1])
user = current_user.username
item_name = db.get_item_info(item[2])[2]
item_description = db.get_item_info(item[2])[3]
item_image = db.get_item_info(item[2])[4]
image_file = url_for('static', filename='profile_pics/' + item_image)
tempItem = Item(title=item_name,description=item_description,category="")
tempItem.image = image_file
date = item[3]
temp = Post(tempItem,user,date)
temp.key = item[0] #init key
posts.append(temp)
return render_template('account.html', posts=posts, form=form, img = pp)
def login() -> Response:
res = CustomResponse()
if current_user.is_authenticated:
res.set_data(current_user.get_relaxed_view())
return res.get_response()
librarian = db.session.query(Librarian).filter(
Librarian.email == request.json.get('email')).first()
if librarian and bcrypt.check_password_hash(librarian.password,
request.json.get('password')):
login_user(librarian)
session['login_type'] = 'librarian'
res.set_data(librarian.get_relaxed_view())
else:
res.set_error('Wrong email or password!')
return res.get_response()
def login_view(self):
form = SessionCreateForm(request.form)
if helpers.validate_form_on_submit(form):
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password, form.password.data):
# User is auth with falsk-login
login_user(user, remember=True)
if current_user.is_authenticated():
return redirect(url_for('.index'))
link = '<p>Don\'t have an account? <a href="' + url_for('.register_view') + '">Click here to register.</a></p>'
self._template_args['form'] = form
self._template_args['link'] = link
return super(MyAdminIndexView, self).index()
def login() -> Response:
res = CustomResponse()
if current_user.is_authenticated:
res.set_data(current_user.get_relaxed_view())
return res.get_response()
user = db.session.query(Customer).filter(
Customer.email == request.json.get('email')).first()
if user and bcrypt.check_password_hash(user.password,
request.json.get('password')):
login_user(user)
session['login_type'] = 'customer'
res.set_data(user.get_relaxed_view())
else:
res.set_error('Wrong email or password!')
return res.get_response()
def login():
if current_user.is_authenticated:
return redirect(url_for('blog'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
flash(f'Welcome {user.username}!', 'success')
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(
url_for('blog'))
else:
flash('Login failed, check email or password', 'danger')
return render_template('login.html', title="Login", form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(
url_for('home'))
else:
flash('Login Unsuccessful. Please check username and password',
'danger')
return render_template('login.html', title='Login', form=form)
def index(self):
if current_user.is_authenticated:
return redirect(url_for("admin.index"))
form = AdminLoginForm()
if form.validate_on_submit():
username = request.form['username']
password = request.form['password']
user = User.query.filter_by(username=username).first()
if user and bcrypt.check_password_hash(user.password, password):
login_user(user)
flash("Logged in", "success")
return redirect(url_for("admin.index"))
else:
flash("Invalid Credentials, please try again", "danger")
return redirect(url_for("admin.index"))
return render_template("admin.html", form=form)
def login() -> str:
if CurrentUser().authenticated():
return PageRedirect(PageUrlFor('home')).link()
form: FlaskForm = LoginForm()
if form.validate_on_submit():
user: User = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
CurrentUser().login(user, form)
next_page: Request = PageRequest('next').get()
return PageRedirect(
PageUrlFor(next_page if next_page else 'home')).link()
else:
PageFlash('Login Unsuccessful. Please check email and password',
'danger').display()
return BlogTemplate('login.html').render(title='Login', form=form)
def login():
if request.method == 'POST':
# Check if the user is already logged in.
if current_user.is_authenticated:
return "You're already logged in"
username = request.form.get('username')
password = request.form.get('password')
user = models.User.query.filter_by(username=username).first()
# If a user exists with the given credentials and if the password
# matches with the one stored in the application database.
if user and bcrypt.check_password_hash(user.password, password):
login_user(user)
return f"Successful Login as {username}"
else:
return abort(403, "Invalid Credentials")
return abort(403, "Method not allowed for this endpoint")
def login():
if request.method == 'POST':
init_data = request.get_json(silent=True)
data = {'username': init_data.get(
'username'), 'password': init_data.get('password'), 'email': init_data.get('email')}
if data['email']:
user = User.query.filter_by(email=data['username']).first()
else:
user = User.query.filter_by(username=data['username']).first()
if user and bcrypt.check_password_hash(user.password, data['password']):
token = jwt.encode({'username': user.username, 'exp': datetime.datetime.utcnow(
) + datetime.timedelta(hours=24)}, current_app.config['SECRET_KEY'])
return jsonify({'token': token.decode('UTF-8')})
else:
return jsonify({'token': 'invalid'})
return jsonify({'token': 'invalid'})
def login():
email = request.form.get("email")
password = request.form.get("password")
if any(x is None for x in [email, password]):
return jsonify({"error": "Parameter is missing"}), 400
pw_hash = bcrypt.generate_password_hash(password)
account = PostAccount.query.filter(PostAccount.email == email and bcrypt.check_password_hash(pw_hash, password)).first()
if account:
account.sign_in_count = account.sign_in_count + 1
account.last_sign_in_at = datetime.now()
sqldb.session.commit()
return jsonify({'account_id': account.id})
else:
return jsonify({'error': 'Unable to authenticate'}), 400
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
try:
user = models.User.objects.get(username=form.username.data)
except:
user = None
if user and bcrypt.check_password_hash(
user.password, request.form['password']):
login_user(user)
flash('You are logged in. Welcome!', 'success')
return redirect(url_for('main.landing'))
else:
flash('Invalid email and/or password.', 'danger')
return render_template('user/login.html', form=form)
return render_template('user/login.html', form = form)
def login_view(self):
form = SessionCreateForm(request.form)
if helpers.validate_form_on_submit(form):
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
# User is auth with falsk-login
login_user(user, remember=True)
if current_user.is_authenticated():
return redirect(url_for('.index'))
link = '<p>Don\'t have an account? <a href="' + url_for(
'.register_view') + '">Click here to register.</a></p>'
self._template_args['form'] = form
self._template_args['link'] = link
return super(MyAdminIndexView, self).index()
def login():
form = LoginForm(request.form)
user = User(email=form.email.data)
try:
if request.method == 'POST' and form.validate():
user.get()
if user.exists() and user.is_active() \
and bcrypt.check_password_hash(user.password, form.password.data):
if login_user(user):
return redirect(request.args.get('next') or url_for('nest.home'))
message = 'Login failed.'
except ValidationError as e:
message = str(e)
except DoesNotExist:
message = 'Login failed.'
return render('login.html', mod='auth', **locals())
def login():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(
url_for('home'))
else:
flash(
'Авторизация не прошла успешно. Пожалуйста, проверьте свой логин и пароль',
'danger')
return render_template('login.html', title='Вход', form=form)
def user(username):
# POST will be to update user information
# GET will be to retrieve information about said user.
user = models.User.query.filter_by(username=username).first()
if not user:
return abort(404, "User Doesn't Exist")
if request.method == "GET":
return jsonify(username=user.username,
money=user.money,
date_registered=user.date_registered,
dice_game_stats=[{
'dice_game_wins':
user.diceGameStats.diceGameWins,
'dice_game_plays':
user.diceGameStats.diceGamePlays,
'total_money_earned':
user.diceGameStats.totalMoneyEarned,
'total_moeny_lost':
user.diceGameStats.totalMoneyLost
}])
elif request.method == "POST":
if current_user == user:
oldUserInstance = user
returnMessage = ""
# request.form.get returns None if no parameter is found, rather than raising an error.
if not request.form.get("oldPassword") or\
not bcrypt.check_password_hash(oldUserInstance.password, str(request.form.get("oldPassword"))):
return abort(
500, "Parameter 'oldpassword' was incorrect or missing")
if request.form.get("username"):
# After requst.form.get() I know the username exists, so i can use request.form["username"]
if len(request.form["username"]
) > 4 and request.form["username"] != user.username:
user.username = request.form["username"]
db.session.commit()
returnMessage += f"Credentials Updated for {oldUserInstance.username}. Username changed to {request.form['username']}\n"
if request.form.get("newPassword"):
if len(request.form["newPassword"]) > 6:
user.password = bcrypt.generate_password_hash(
request.form["newPassword"]).decode("UTF-8")
db.session.commit()
returnMessage += f"Credentials Updated for {oldUserInstance.username}. Password Changed"
return returnMessage
else:
return abort(403, "You must log in to change your credentials")
def post(self):
args = parser.parse_args()
email = args['email']
password = args['password']
user = User().where([['email', '=', email]]).first()
if user.exists() and bcrypt.check_password_hash(
user.HIDDEN['password'], password):
return response({
'user':
user.plus('token',
user.generateToken()['jwt']).plus(
'admin', user.hasRole('admin')).data()
})
return response(
{'errors': ['Credentials do not match with our records.']}, 401)
def post(self):
""" Create session using Flask-Login and Flask-Principal for roles"""
form = SessionCreateForm()
if not form.validate_on_submit():
return form.errors, 422
user = User.query.filter_by(email=form.email.data).first()
if user is None:
return "User does not exist.", 422
if not bcrypt.check_password_hash(user.password, form.password.data):
return "Invalid password.", 422
# User is auth with flask-login
login_user(user, remember=True)
# Tell Flask-Principal the identity changed
identity_changed.send(app, identity=Identity(user.id))
return 'You were logged in.', 201
def post(self):
""" Create session using Flask-Login and Flask-Principal for roles"""
form = SessionCreateForm()
if not form.validate_on_submit():
return form.errors, 422
user = User.query.filter_by(email=form.email.data).first()
if user is None:
return "User does not exist.", 422
if not bcrypt.check_password_hash(user.password, form.password.data):
return "Invalid password.", 422
# User is auth with flask-login
login_user(user, remember=True)
# Tell Flask-Principal the identity changed
identity_changed.send(app, identity=Identity(user.id))
return 'You were logged in.', 201
def login_page():
form = LoginForm()
if form.validate_on_submit():
username = form.username.data
temp = get_user(username)
if temp is not None:
#realpassword = temp.password
user = User(username, temp.password,temp.email,temp.phone,temp.profile_pic)
password = form.password.data
if bcrypt.check_password_hash(temp.password,password):
login_user(user)
#flash("You have logged in.")
next_page = request.args.get("next", url_for("home_page"))
return redirect(next_page)
else:
return ("Wrong Password")
else:
return ("User can not be found")
return render_template("login.html", form=form)
def check_password(self, password):
return bcrypt.check_password_hash(self.password, password)
