def post(self): email = request.get_json().get('email', None) if not email: return {'status': 'error'} # User exists, login user = User.query.filter_by(email=email).first() if user and user.type != '': token = create_token(user.id) return { 'status': 'success', 'token': token, 'user_type': user.type, } # User doesn't exist or user hasn't filled out their profile else: if not user: # First name, last name and user type are set in the profile # creation page user = User(email=email, firstname='', lastname='', type='') db.session.add(user) db.session.commit() token = create_token(user.id) return {'status': 'success', 'token': token, 'msg': 'new_user'}
def post(self): username = self.get_argument("username", default=None, strip=False) password = self.get_argument("password", default=None, strip=False) cursor = conf.DB_CONN.execute(""" SELECT id, hash_scheme, passhash FROM Users WHERE username=? """, (username,)) r = cursor.fetchone() if not r: # To simplify code path user_id, hash_scheme, passhash = (0, conf.DEFAULT_SCHEME, '') else: user_id, hash_scheme, passhash = r if conf.HASH_SCHEMES[hash_scheme].verify(password, passhash): token = create_token(user_id) self.write(token) else: self.set_status(401)
def register(email, password): """ generates a random salt, salts the password and saves """ if not email: return (False, "Empty email") if not password: return (False, "Empty password") if not EMAIL_CHECK.match(email): return (False, "Invalid email") password = password.strip() if len(password) < 6: return (False, "Invalid password") salt = get_salt() token = create_token().lower() m = sha1() m.update(salt + password) res = DB().create_user(email, salt, m.hexdigest(), token) if res[0]: send_new_user_notification(email, token) return res
def login(): if request.method == 'POST': # { k:v[0] for k, v in dict(request.form).items() } username = request.form.get('username') password = request.form.get('password') if not username or not password: print 2 return json.dumps({'code' : 1, 'errmsg' : 'your must input login username and password.'}) query_result = app.config['mysqlconn'].get_one_result(table_name='user', fields=['password', 'role'], where={'name':username}) if not query_result: return json.dumps({'code' : 1, 'errmsg' : 'user not exists.'}) if query_result.get('password') != hashlib.md5(password).hexdigest(): return json.dumps({'code' : 1, 'errmsg' : 'password error.'}) else: data = {'last_login_time' : time.strftime('%Y-%m-%d %H:%M:%S')} app.config['mysqlconn'].execute_update_sql(table_name='user', data=data, where={'name' : username}) role = query_result.get('role') token = create_token(username, role, app.config['passport']) decode_token_result = valid_token(token, app.config['passport']) session['token'] = token session['username'] = username return json.dumps({'code' : 0, 'result' : 'login sucessful.'}) return render_template('login.html')
def successful_login(self, email): conn = self.get_connection() auth_token = create_token() cur = conn.cursor() cur.execute('update users set tries = 0, auth_token=? where email = ? ', (auth_token,email,)) conn.commit() return auth_token
def login(): data = json.loads(request.get_data()) user = database.user.find_one({ 'username': re.compile('^%s$' % data['username'], re.IGNORECASE), 'password': data['password'] }) return jsonify({'data': {'token': create_token(str(user['_id'])), 'username': user['username']}, 'message': 'success', 'code': 20000}) \ if user != None else jsonify({'message': 'You entered an incorrect username or password', 'code': 20000})
def get(self, request, format=None): email = request.GET.get('email', '').lower() password = request.GET.get('password', '') user = authenticate(username=email, password=password) data = {} if user: data['result'] = 'success' data['uid'] = user.id data['token'] = create_token(user) else: data['result'] = 'failed' return Response(data)
async def badge(msg: Message) -> None: admin_rank = msg.user.rank(msg.conn.main_room) rooms: Dict[str, str] = {} for room in msg.user.rooms: rooms[room.roomid] = msg.user.rank(room) or " " token_id = utils.create_token(rooms, 1, admin_rank) userid = utils.to_user_id(msg.arg or msg.user.userid) await msg.user.send(f"{msg.conn.domain}badges/{userid}?token={token_id}")
def create(request): values = {} if request.META["REQUEST_METHOD"] == "POST": valid, error = utils.check_auth_token(request.POST['username']) if valid: utils.create_user(request.POST['username'], request.POST['password'], request.POST['google_wave_address']) values['user_created'] = True else: values['token_failed'] = True values['error'] = error if 'user_created' not in values: values['token'] = utils.create_token() return render_to_response('create.html', values)
def post_connect(self, request, user, action): next_redirect = request.GET.get('ref', '') if next_redirect: if user: token = create_token(user) next_redirect += '#?token=' + token next_redirect += '&uid=' + str(user.id) next_redirect += '&res=1' else: next_redirect += '#?res=0' return redirect(next_redirect) return super(RegistrationBackend, self).post_connect( request, user, action)
def login(): if request.method == 'POST': # Extract request data username = request.form['username'] password = request.form['pass'] remember_me = request.form.get('remember-me') == 'on' next_page = request.args.get('next') if next_page is not None and not request.host in next_page: # Redirect is not on same domain (or any subdomain of) our current domain. Abort! abort(404) # Query database for username query = USER.select().where(USER.username == username) if not query.exists(): # Send back to login page return redirect(url_for('login')) else: user = query.dicts().get() # Validate password hashed_pass = user.pop('password') # Removing password from dict if not bcrypt.checkpw(password.encode(), hashed_pass.encode()): return redirect(url_for('login', next=next_page)) # Construct token expire_in = datetime.timedelta(seconds=TOKEN_EXPIRATION_TIME) auth_token = utils.create_token( { 'id': user['id'] }, expire_in, TOKEN_SECRET ) # Return and set token inside cookie resp = redirect(next_page) if next_page is not None else make_response(jsonify(success=True)) resp.set_cookie(COOKIE_NAME, auth_token.decode(), domain=COOKIE_DOMAIN, max_age=expire_in.total_seconds() if remember_me else None) # Set as a session cookie if remember_me is not checked return resp # Fetch next parameter from query action = url_for('login', next=request.args.get('next')) return render_template('login.html', APP_NAME=APP_NAME, ACTION=action)
def handleLogin(code: schemas.Authcode, db: Session = Depends(get_db)): # 获取用户信息 res_dic = utils.getUserinfo(code.dict()['code']) # 数据库中查询用户身份,如果是管理员则授权码为1并生成有效token,否则为0,token为空 user = db.query(models.User).filter( res_dic['user_info']['openid'] == models.User.Openid).first() if user: if user.Authorized: authcode = 1 else: authcode = 0 token = utils.create_token(res_dic['user_info']['openid']) else: # 如果用户不在数据库内,则在其token内加入department属性 authcode = 0 department = utils.getDepartment(res_dic['user_info']['unionid']) token = utils.create_token(res_dic['user_info']['openid'], department, res_dic['user_info']['nick']) return { 'access_token': token, 'token_type': 'bearer', 'nick': res_dic['user_info']['nick'], 'authcode': authcode }
async def quotelist(conn: Connection, room: Optional[str], user: str, arg: str) -> None: quoteroom = arg.split(",")[0] db = Database() quotes_n = db.execute("SELECT COUNT(*) FROM quotes WHERE roomid = ?", [quoteroom]).fetchone() if not quotes_n[0]: await conn.send_reply(room, user, "Nessuna quote da visualizzare.") return message = f"{conn.domain}quotes/{quoteroom}" if utils.is_private(conn, quoteroom): token_id = utils.create_token(" ", [quoteroom]) message += f"?token={token_id}" await conn.send_reply(room, user, message)
def login(request): user, password = request.data["user"], request.data["password"] user_id = check_user_login(user, password) if user_id: token = create_token(user_id) login_response = {'message': token, 'status_code': 200} login_response = ResponseSerializer(login_response).data return Response(login_response) elif user_id is None: login_response = { 'message': "The user was not found", 'status_code': 404 } return Response(ResponseSerializer(login_response).data) else: login_response = {'message': "User login failed", 'status_code': 403} return Response(ResponseSerializer(login_response).data)
async def dashboard(conn: Connection, room: Optional[str], user: str, arg: str) -> None: userid = utils.to_user_id(user) for r in conn.rooms: users = Room.get(r).users if userid in users and utils.is_driver(users[userid]["rank"]): rank = users[userid]["rank"] break else: return private_rooms = [r for r in conn.private_rooms if userid in Room.get(r).users] token_id = utils.create_token(rank, private_rooms, 1) await conn.send_pm( user, "{url}?token={token}".format(url=conn.domain, token=token_id) )
def test_create_token( rooms: Dict[str, str], expire_minutes: int, admin: Optional[str] ) -> None: token_id = utils.create_token(rooms, expire_minutes, admin) db = Database.open() with db.get_session() as session: tokens = session.query(d.Tokens).filter_by(token=token_id).all() room_tokens = {i.room: i.rank for i in tokens if i.room is not None} global_tokens = [i.rank for i in tokens if i.room is None] assert room_tokens == rooms if admin is not None: assert global_tokens == [admin] else: assert global_tokens == [] for token in tokens: delta = datetime.utcnow() - datetime.fromisoformat(token.expiry) # 5 seconds should be more than enough assert abs(delta.total_seconds()) - expire_minutes * 60 < 5
def send_deletion_email(poll_id): """View function for send poll deletion email page.""" # Query database for poll details. row = db_funcs.get_poll(poll_id) if row is None: abort(404) if row["email"] is None: flash("No email recorded for this poll") return redirect(url_for("polls.get_poll", poll_id=poll_id)) form = CaptchaOnlyForm() if request.method == "GET": # Send user the captcha. return render_template("send_deletion_email.html", form=form) # It's a POST. # Check for captcha completion or ignore if debug if not form.validate_on_submit() and not current_app.config["DEBUG"]: for error in form.errors: flash(error) return render_template("send_deletion_email.html", form=form) # Create expiring single-use token recording poll id and deletion op. token = utils.create_token("delete_poll", poll_id) # Render the template to put in an email. email_html = render_template("EMAIL_deletion_link.html", poll_id=poll_id, title=row["title"], token=token) try: send_mail("Confirm poll deletion", email_html, "*****@*****.**", row["email"]) flash("Email sent") # Success, redirect back to poll. return redirect(url_for("polls.get_poll", poll_id=poll_id)) except Exception as e: flash("Problem sending email, administrator notified") current_app.logger.error("Problem sending email: {0}".format(e)) # Failure, redirect back to deletion page. return redirect(url_for("polls.delete_poll", poll_id=poll_id))
def post(self): super_token = self.get_argument("super_token", default=None, strip=False) username = self.get_argument("username" , default=None, strip=False) email = self.get_argument("email" , default=None, strip=False) password = self.get_argument("password" , default=None, strip=False) # Only allow root to create users. if not (get_user(super_token) and get_user(super_token)[1] == 'root'): self.set_status(401) return cursor = conf.DB_CONN.execute(""" INSERT INTO Users (username, email, hash_scheme, passhash) VALUES (?, ?, ?, ?) """, (username, email, conf.DEFAULT_SCHEME, conf.DEFAULT_HASHER(password)) ) conf.DB_CONN.commit() # TODO potential race condition if tornado is multithreaded token = create_token(cursor.lastrowid) self.write(token)
def login(): if request.method == 'POST': # { k:v[0] for k, v in dict(request.form).items() } username = request.form.get('username') password = request.form.get('password') if not username or not password: print 2 return json.dumps({ 'code': 1, 'errmsg': 'your must input login username and password.' }) query_result = app.config['mysqlconn'].get_one_result( table_name='user', fields=['password', 'role'], where={'name': username}) if not query_result: return json.dumps({'code': 1, 'errmsg': 'user not exists.'}) if query_result.get('password') != hashlib.md5(password).hexdigest(): return json.dumps({'code': 1, 'errmsg': 'password error.'}) else: data = {'last_login_time': time.strftime('%Y-%m-%d %H:%M:%S')} app.config['mysqlconn'].execute_update_sql( table_name='user', data=data, where={'name': username}) role = query_result.get('role') token = create_token(username, role, app.config['passport']) decode_token_result = valid_token(token, app.config['passport']) session['token'] = token session['username'] = username return json.dumps({'code': 0, 'result': 'login sucessful.'}) return render_template('login.html')
def test_expired_token(self): token = create_token('*****@*****.**', expiration_time=-1) assert is_token_valid(token) == False
def get_salt(): return create_token()