def show():
connector = current_app.connector
user_repository = UserRepository(connector)
if request.method == 'GET':
uuid_ = request.args.get('uuid')
if uuid_ != session['uuid']:
return redirect(url_for('login.show'))
user = user_repository.find_by_uuid(uuid_)
user = dictionaries.strip_none(user)
section_repository = SectionRepository(connector)
sections = section_repository.list_by(active=1, order_by='id')
connector.close()
return render_template('password/password.html',
sections=sections,
user=user)
uuid_ = request.form['uuid']
password_ = request.form['password']
new_password = request.form['new_password']
repeat = request.form['repeat']
if uuid_ != session['uuid']:
return redirect(url_for('login.show'))
user = user_repository.find_by_username(session['username'])
if not user:
flash('Invalid username.', 'danger')
return redirect(url_for('password.show', uuid=uuid_))
registered_user = User(user['uuid'], user['username'], user['password'])
if not registered_user.check_password(password_):
flash('Invalid password.', 'error')
return redirect(url_for('password.show', uuid=uuid_))
# the given passwords do not match
if new_password != repeat:
flash('The newly entered passwords do not match.', 'danger')
return redirect(url_for('password.show', uuid=uuid_))
# change the password
user = {'uuid': uuid_, 'password': hasher.sha256(new_password)}
user_repository.update(user)
connector.commit()
connector.close()
# show the login screen
flash('The password is updated successfully.', 'success')
return redirect(url_for('password.show', uuid=uuid_))
def post(self):
try:
payload = request.get_json(silent=True)
if not payload:
return responsify(
message='Invalid JSON content, or content-type header '
'is not set to application/json'), 400
username = payload.get('username')
password = payload.get('password')
if not username:
logging.debug('no username given')
return responsify(message='invalid username or password'), 400
if not password:
logging.debug('no password given')
return responsify(message='invalid username or password'), 400
connector = current_app.connector
user_repository = UserRepository(connector)
user = user_repository.find_by_username(username)
if not user:
logging.debug('user not found')
return responsify(message='invalid username or password'), 400
# hash the given password, so it can be checked against the hashed password
# stored in the database
password = hasher.sha256(password)
if password != user.get('password'):
logging.debug('invalid password')
return responsify(message='invalid username or password'), 401
access_token = create_access_token(identity=username)
return responsify(access_token=access_token), 200
except Exception:
response = tracer.build()
logging.exception('authentication failed')
return response, 500
def show():
connector = current_app.connector
if request.method == 'GET':
properties = current_app.properties
section_repository = SectionRepository(connector)
sections = section_repository.list_by(active=1, order_by='id')
return render_template('register/register.html', sections=sections)
if request.method == 'POST':
register_repository = RegistrationRepository(connector)
role_repository = RoleRepository(connector)
template_repository = TemplateRepository(connector)
username = request.form['username']
password = request.form['password']
first_name = request.form['first_name']
last_name = request.form['last_name']
nickname = request.form['nickname']
registered = register_repository.is_registered(username)
if registered:
connector.close()
flash('This account is already registered.', 'danger')
return redirect(url_for('register.show'))
role = role_repository.find_by(role='user', active=1)
registration = {
'username': username,
'password': hasher.sha256(password),
'uuid': str(uuid4()),
'first_name': first_name,
'last_name': last_name,
'nickname': nickname,
'rle_id': role['id']
}
id_ = register_repository.insert(registration)
print("registration created with id ", id_)
properties = current_app.properties
settings = utils.load_json(properties, 'snapsnare.json')
credentials = settings['gmail']
snapsnare = settings['snapsnare']
host = snapsnare['host']
template = template_repository.find_by(template='activate')
content = template['content']
content = content.replace("{host}", host)
content = content.replace("{uuid}", registration['uuid'])
connector.commit()
connector.close()
gmail.send_email(credentials, registration['username'],
"Activate your account on snapsnare.org", content)
flash(
'Your account is successfully registered, an activation email is send.',
'success')
return redirect(url_for('register.show'))
def check_password(self, password):
password = hasher.sha256(password)
if password == self.password:
return True
return False
from snapsnare.system import hasher
print(hasher.sha256('#Sharethemusic1#'))
'2a5c5f2623024ce3de6fe7dc8f5e13ca55b7aadc13174254b40af574e37018c1'
'2a5c5f2623024ce3de6fe7dc8f5e13ca55b7aadc13174254b40af574e37018c1'