async def login(): session = get_session(request) resp, code = {"response": "dummy"}, 200 if request.method == "GET": return redirect("/?wmsg_rd=login") reqform = await request.form user, password, integrity = ( reqform.get("user"), reqform.get("password"), reqform.get("integrity"), ) if user is None or password is None or integrity != session.get( "u-id", ""): resp = {"error": "fields_empty_or_session_error"} code = 403 udata = userData.query.filter( func.lower(userData.user) == func.lower(user)).first() if udata is None: resp = {"error": "no_such_user"} code = 403 return resp, code session["logged_in"] = False if check_password_hash(udata.pw_hash, password): session["logged_in"] = True session["user"] = udata.user resp = {"success": "authenticated", "user": udata.user} else: session["logged_in"] = False resp = {"error": "incorrect_password"} code = 403 return _response(resp, code=code, cookies=session)
def authenticate(cls, username, password): """Validate that admin exists & password is correct. Return admin if valid; else return False. """ u = Admin.query.filter(Admin.username==username, Admin.is_active==True).first() if u and check_password_hash(hashed_pwd=u.password, password=password): # return admin instance return u else: return False
def authenticate(cls, username, password): """Validate that admin exists & password is correct. Return admin if valid; else return False. """ u = User.query.filter_by(username=username).first() if u and u.is_active and check_password_hash(u.password, password): # return admin instance return u else: return False
def check_password(self, password): return check_password_hash(self.pw_hash, password)
def login(cls, name, password): user = cls.by_name(name) if user and utils.check_password_hash(name, password, user.password_hash): return
def check_password(self, raw_password): "Returns True if the given raw password is correct for this user." return utils.check_password_hash(raw_password, self.password)
def _manage_db_data(self): """Return Data based on request..reading the data will check for the site ID and return response only if the password is provided. Writing the data will take the site_id """ data_action: int = self.js_data.get("db_action") if data_action == READ_TYPE: """Read the data. Should only be uswed in the dashboard or data.pycode.tk""" pw: str = self.js_data.get("password", "") if not pw: return self._err("No Password Provided") meta_doc: DocumentReference = manager.get_document( f"/{SITE_META}/{self.origin}") if not manager.document_exists(meta_doc): return self._err("Incorrect username or password") doc_snap_shot: DocumentSnapshot = meta_doc.get() site_id = doc_snap_shot.get("site_id") if not check_password_hash(doc_snap_shot.get("hashedPassword"), pw): return self._err("Incorrect username or password") doc: CollectionReference = manager.get_collection( f"/{SITE_DATA}/{site_id}/{ANALYTICS}") actions_doc_snap: DocumentSnapshot = doc.document("ACTIONS").get() visiter_doc_snap: DocumentSnapshot = doc.document( "VISITOR_DATA").get() return { "actions": actions_doc_snap.to_dict(), "visitor_data": visiter_doc_snap.to_dict(), } if data_action == WRITE_TYPE: """js_data should be a dictionary with the keys: INTERNAL_JSON_CONFIG_DATA,INDIVIDUAL_VISIT_DATA,SESSION_STORAGE_DATA """ exclude_updates_for: list = self.js_data.get("exclude", []) _site_id: str = manager.get_document( f"{SITE_META}/{self.origin}").get().get("site_id") if _site_id != self.site_id: return self._err("Invalid Site ID") doc: DocumentReference = manager.get_document( f"{SITE_DATA}/{self.site_id}") col: CollectionReference = doc.collection(ANALYTICS) analytics_arr: DocumentReference = col.document("VISITOR_DATA") internal_arr: DocumentReference = col.document("INTERNAL_DATA") actions_arr: DocumentReference = col.document("ACTIONS") analytics_arr_exists = manager.document_exists(analytics_arr) doc.set({"last_update_from_backend": now()}) visit_id = self.js_data.get("visit_id") for field in ANALYTICS_FIELDS: name: str = field.get("NAME") if name in exclude_updates_for: continue set_by_server: bool = field.get("SET_BY_SERVER", False) expected_type: Any = field.get( "EXPECTED_TYPE" ) # Check for malformed input..like [object Object] if name not in self.js_data and not set_by_server: return self._err(f"Required Field Missing - {name}") if set_by_server: """Values that will be set by the server..like VIEW_COUNT""" data_fields: DocumentReference = col.document(name) data_field_snapshot: DocumentSnapshot = data_fields.get() if name == "VIEW_COUNT" and self.js_data.get( "update_view_count"): if manager.document_exists(data_fields): data_fields.update({ "value": data_field_snapshot.get("value") + 1 }) else: data_fields.set({ "value": data_field_snapshot.get("value") + 1 }) continue if name == "INTERNAL_JSON_CONFIG_DATA": """internal json data including errors""" config = self.js_data[name] if not isinstance(config, expected_type): return self.__err_msg(name) internal_arr.set({name: {visit_id: config}}, merge=True) continue if name == "INDIVIDUAL_VISIT_DATA": """Indiviual user data including session tokens, user agent, time spent on the site (sent during window.onunload or other event specified by the user """ visit_data = self.js_data[name] visit_data["id"] = visit_id visit_data["addr"] = self.headers.get("X-Forwarded-For") if not isinstance(visit_data, expected_type): return self.__err_msg(name) if analytics_arr_exists: analytics_arr.update({name: ArrayUnion([visit_data])}) else: analytics_arr.set({name: [visit_data]}, merge=True) analytics_arr_exists = True continue if name == "SESSION_STORAGE_DATA": """Session storage data.. useful for tracking session times and visit counters""" sess_data = self.js_data[name] sess_data["id"] = visit_id if not isinstance(sess_data, expected_type): return self.__err_msg(name) if analytics_arr_exists: analytics_arr.update({name: ArrayUnion([sess_data])}) else: analytics_arr.set({name: [sess_data]}, merge=True) analytics_arr_exists = True continue if name == "ACTIONS": action_data = self.js_data.get(name) if not action_data: continue if not isinstance(action_data, expected_type): return self.__err_msg(name) if manager.document_exists(actions_arr): actions_arr.update({name: ArrayUnion([action_data])}) else: actions_arr.set({name: [action_data]}) continue return {"success": True} else: return self._err("bad data_action type")