def login(): if request.method == 'GET': return render_template("login.html") username = request.form['username'] password = request.form['password'] user = g.db.users.find_one({'username': username}) errors = False if not user: flash(messages.INVALID_USERNAME_PASSWORD, 'error') errors = True else: if utils.encrypt_password(password, app.config['SECRET_KEY']) == user['password']: auth_token = str(uuid.uuid4()) g.db.users.update({'username': username}, {"$set": {'auth_token': auth_token} }) session['user_id'] = user['uuid'] session['user'] = username session['role'] = user['role'] session['auth_token'] = auth_token else: flash(messages.INVALID_USERNAME_PASSWORD, 'error') errors = True if errors: url = url_for('login') else: if request.args.has_key('next'): url = request.args['next'] else: url = url_for('index') return redirect(url)
def register(): form = RegisterForm() if form.validate_on_submit(): user = models.User.query.filter_by(username = \ str(form.username.data)).first() if user is not None: flash('Username %s already exists. Try another one.' \ % str(form.username.data)) return redirect(url_for('register')) else: user = models.User(username = str(form.username.data), first_name = str(form.first_name.data), last_name = str(form.last_name.data), age = str(form.age.data), gender = str(form.gender.data), password = \ encrypt_password(str(form.password.data))) db.session.add(user) db.session.commit() flash('Registration successful for username ' + form.username.data) return redirect(url_for('index')) return render_template('register.html', title='Register', form=form, user=g.user)
async def join_channel(request): data = await request.json() channel = data.get('channel') if channel is None or channel == '': return web.json_response({'error': 'Channel cant be empty'}) async with aiosqlite.connect('../database.db') as db: cursor = await db.execute('SELECT id, name, passwd FROM channels where id=?', (channel,)) row = await cursor.fetchone() if row is None: return web.json_response({'error': 'Channel does not exists'}) password = data.get('password') sha256 = encrypt_password(password) success = False if row[2]: if sha256 == row[2]: success = True else: success = False else: success = True if success: resp = web.json_response({"status": "success"}) resp.set_cookie('channels', row[0]) return resp else: return web.json_response({'error': 'Invalid credentials.'})
def register(): form = RegistrationForm() if form.validate_on_submit(): user = User() form.populate_obj(user) encrypted_password = encrypt_password(form.password.data) user.passhash = encrypted_password db.session.add(user) db.session.commit() form.dispose_password() # http://flask.pocoo.org/snippets/50/ serialized_token = get_serialized_token(user, 'activate') send_verification_mail(user, serialized_token) flash(msgs['CREATE_ACCOUNT_SUCCESS']) return redirect(url_for('.login')) for field in form.errors: flash('<strong>' + field.capitalize() + '</strong>' + ': ' + form.errors[field][0], 'error') login_link = '<p>Already have an account? <a href="' + url_for('.login') + '">Click here to log in.</a></p>' return render_template('register.html', form=form, login=login_link)
def reset_password(serialized_token): expired, invalid, user = unserialize_token(serialized_token, 'reset') if expired: flash(msgs['LINK_EXPIRED'], 'error') return redirect(url_for('.index')) if invalid: flash(msgs['LINK_INVALID'], 'error') return redirect(url_for('.index')) form = ResetPasswordForm() form.login.data = user.login if form.validate_on_submit(): encrypted_password = encrypt_password(form.password.data) user.passhash = encrypted_password db.session.add(user) db.session.commit() form.dispose_password() flash(msgs['RESET_PASSWORD_SUCCESS']) return redirect(url_for('.login')) for field in form.errors: flash('<strong>' + field.capitalize() + '</strong>' + ': ' + form.errors[field][0], 'error') return render_template('reset_password.html', form=form, serialized_token=serialized_token)
def admin_profile(login): user = User.query.filter_by(login=login).first() if user == None: flash('User ' + login + ' not found.', 'error') return redirect(url_for('admin_index')) form = EditForm() if request.method == 'POST': form.login.data = user.login; if form.validate(): if form.password.data == '': user.first_name = form.first_name.data user.last_name = form.last_name.data user.email = form.email.data else: form.populate_obj(user) user.passhash = encrypt_password(form.password.data) form.dispose_password() db.session.add(user) db.session.commit() flash(msgs['EDIT_SUCCESS']) return redirect(url_for('admin_profile', login=login)) for field in form.errors: flash('<strong>' + field.capitalize() + '</strong>' + ': ' + form.errors[field][0], 'error') return render_template('admin/profile.html', form=form, user=user)
def test_encrypt_password(self): from utils import encrypt_password p = encrypt_password('', log_rounds=1) p2 = encrypt_password('', log_rounds=1) self.assertNotEqual(p, p2) self.assertTrue(isinstance(p, unicode)) self.assertTrue('$bcrypt$' in p) # simulate what the User class's check_password does import bcrypt p = 'secret' r = encrypt_password(p, log_rounds=2) hashed = r.split('$bcrypt$')[-1].encode('utf8') self.assertEqual(hashed, bcrypt.hashpw(p, hashed))
def signup(): an_error_has_ocurred = False username = request.form.get('username') password = request.form.get('password') repeat_password = request.form.get('password-repeat') errors = {} if not username or not utils.validate_data(username, 'username'): errors['username_error'] = 'Use alphanumeric characters (3 to 20) only' an_error_has_ocurred = True elif User.exist(username=username): errors['username_error'] = 'This username is already on use' an_error_has_ocurred = True if not password or not utils.validate_data(password, 'password'): errors['password_error'] = 'Use alphanumeric characters (3 to 20) only' an_error_has_ocurred = True elif not repeat_password or repeat_password != password: errors['repeat_password_error'] = 'The passwords do not match' an_error_has_ocurred = True if not an_error_has_ocurred: new_user = User(username=username, hashed_password=utils.encrypt_password(password)) new_user.save() response = make_response(redirect('/')) response.set_cookie('user-token', utils.gen_secure_cookie(new_user.id)) return response return render_template('index.html', username=username, **errors)
def get_aac_token(self, email, password): token_param = 'Token' enc_password = utils.encrypt_password(email, password) params = { 'Email': email, 'EncryptedPasswd': enc_password, 'add_account': '1', 'accountType': 'HOSTED_OR_GOOGLE', 'google_play_services_version': '11951438', 'has_permission': '1', 'source': 'android', 'device_country': 'de', 'lang': 'de', 'client_sig': '38918a453d07199354f8b19af05ec6562ced5788', 'callerSig': '38918a453d07199354f8b19af05ec6562ced5788', 'service': 'sj', 'callerPkg': 'com.google.android.gms' } raw_response = requests.post(constants.AUTH_URL, data=params) if raw_response.status_code >= 400: print(raw_response.text.split()) return None if raw_response.status_code == 200: response = raw_response.text.split() for param in response: if param.startswith(token_param): return param[6:] else: return None
def register(): if request.method == 'GET': return render_template('register.html', page='signup') elif request.method == 'POST': username = request.form.get('username', None) nickname = request.form.get('nickname', None) password = request.form.get('password', None) password_again = request.form.get('password_again', None) if username is None or nickname is None or password is None or password_again is None: flash(u'请检查输入是否为空', 'danger') return redirect(url_for('register')) password, password_again, username, nickname = unicode(password), unicode(password_again), unicode(username), unicode(nickname) # 1. 用户名是否存在 user = User.query.filter_by(username=username).first() if user: flash(u'该用户名已被注册', 'danger') return redirect(url_for('register')) # 2. 密码输入不一致 if password != password_again: flash(u'两次密码输入不一致', 'danger') return redirect(url_for('register')) proc_password = utils.encrypt_password(password, salt=config.SALT) User.add(User(username, proc_password, nickname)) flash(u'注册成功', 'success') return redirect(url_for('login'))
def login(): if request.method == 'GET': return render_template("login.html") username = request.form['username'] password = request.form['password'] user = g.db.users.find_one({'username': username}) errors = False if not user: flash(messages.INVALID_USERNAME_PASSWORD, 'error') errors = True else: if utils.encrypt_password( password, app.config['SECRET_KEY']) == user['password']: auth_token = str(uuid.uuid4()) g.db.users.update({'username': username}, {"$set": { 'auth_token': auth_token }}) session['user_id'] = user['uuid'] session['user'] = username session['role'] = user['role'] session['auth_token'] = auth_token else: flash(messages.INVALID_USERNAME_PASSWORD, 'error') errors = True if errors: url = url_for('login') else: if request.args.has_key('next'): url = request.args['next'] else: url = url_for('index') return redirect(url)
def register(): if request.method == 'GET': return render_template('register.html', page='signup') elif request.method == 'POST': username = request.form.get('username', None) nickname = request.form.get('nickname', None) password = request.form.get('password', None) password_again = request.form.get('password_again', None) if username is None or nickname is None or password is None or password_again is None: flash(u'请检查输入是否为空', 'danger') return redirect(url_for('register')) password, password_again, username, nickname = unicode( password), unicode(password_again), unicode(username), unicode( nickname) # 1. 用户名是否存在 user = User.query.filter_by(username=username).first() if user: flash(u'该用户名已被注册', 'danger') return redirect(url_for('register')) # 2. 密码输入不一致 if password != password_again: flash(u'两次密码输入不一致', 'danger') return redirect(url_for('register')) proc_password = utils.encrypt_password(password, salt=config.SALT) User.add(User(username, proc_password, nickname)) flash(u'注册成功', 'success') return redirect(url_for('login'))
def test_change_account(self): user = self.db.User() user.username = u"peter" user.first_name = u"Ptr" user.password = encrypt_password(u"secret") user.save() other_user = self.db.User() other_user.username = u'peterbe' other_user.save() data = dict(username=user.username, password="******") response = self.post('/auth/login/', data, follow_redirects=False) self.assertEqual(response.code, 302) user_cookie = self.decode_cookie_value('user', response.headers['Set-Cookie']) guid = base64.b64decode(user_cookie.split('|')[0]) self.assertEqual(user.username, u'peter') cookie = 'user=%s;' % user_cookie response = self.get('/user/', headers={'Cookie':cookie}) self.assertEqual(response.code, 200) self.assertTrue('value="Ptr"' in response.body) # not logged in response = self.post('/user/', {}) self.assertEqual(response.code, 403) # no username supplied response = self.post('/user/', {}, headers={'Cookie':cookie}) self.assertEqual(response.code, 404) data = {'username':'******'} response = self.post('/user/', data, headers={'Cookie':cookie}) self.assertEqual(response.code, 400) #data = {'email':'*****@*****.**'} #response = self.post('/user/account/', data, headers={'Cookie':cookie}) #self.assertEqual(response.code, 400) data = {'username':'******', 'email':' [email protected] ', 'last_name': ' Last Name \n'} response = self.post('/user/', data, headers={'Cookie':cookie}, follow_redirects=False) self.assertEqual(response.code, 302) user = self.db.User.one(dict(email='*****@*****.**')) self.assertEqual(user.last_name, data['last_name'].strip()) user = self.db.User.one(dict(username='******')) self.assertEqual(user.last_name, data['last_name'].strip()) self.assertEqual(user.first_name, u'') # log out response = self.get('/auth/logout/', headers={'Cookie':cookie}, follow_redirects=False) self.assertEqual(response.code, 302) self.assertTrue('user=;' in response.headers['Set-Cookie'])
def test_create_user(self): user = self.db.User() user.username = u'peterbe' assert user.add_date assert user.modify_date user.save() inst = self.db.users.User.one() assert inst.username from utils import encrypt_password inst.password = encrypt_password('secret') inst.save() self.assertFalse(inst.check_password('Secret')) self.assertTrue(inst.check_password('secret'))
def test_create_user(self): user = self.db.User() assert user.guid assert user.add_date assert user.modify_date user.save() inst = self.db.users.User.one() assert inst.guid from utils import encrypt_password inst.password = encrypt_password('secret') inst.save() self.assertFalse(inst.check_password('Secret')) self.assertTrue(inst.check_password('secret'))
def post(self): if self.get_current_user(): raise tornado.web.HTTPError(403) name = self.get_argument('name') pwd = self.get_argument('password') if name == '' or pwd == '': self.write('用户名和密码不能为空!') return pwd = encrypt_password(pwd) sql = "SELECT uid FROM user WHERE name=? AND password=? AND type>=10 LIMIT 1" user = self.db.get(sql, name, pwd) print user if user: self.set_secure_cookie("admin", str(user.uid)) self.redirect(self.get_argument('next', '/admin')) else: self.write('用户名或密码不正确!')
def login(): if request.method == 'POST': name = request.form['name'] password = request.form['password'] if not name: return redirect(url_for('login', error='no_name', goto=request.args.get('goto'))) if not password: return redirect(url_for('login', error='no_password', name=name, goto=request.args.get('goto'))) user = model.User.query.filter_by(name=name).first() if not user: return redirect(url_for('login', error='bad_password', name=name, goto=request.args.get('goto'))) password_hash = utils.encrypt_password(password, name) if user.password_hash != password_hash: return redirect(url_for('login', error='bad_password', name=name, goto=request.args.get('goto'))) session['logged_in_user'] = request.form['name'] return redirect(urldecode(request.args.get('goto') or '') or url_for('main'), code=303) else: return render_template('login.html')
def login(): username = request.form['username'] password = request.form['password'] user_key = schema.USERS.format(username) user = g.db.get(user_key) if not user: flash(messages.INVALID_USERNAME_PASSWORD, 'error') else: user_data = json.loads(user) if utils.encrypt_password(password, app.config['SECRET_KEY']) == user_data['password']: auth_token = str(uuid.uuid4()) user_data['auth_token'] = auth_token g.db.set(user_key, json.dumps(user_data)) session['user'] = username session['role'] = user_data['role'] session['auth_token'] = auth_token else: flash(messages.INVALID_USERNAME_PASSWORD, 'error') return redirect(url_for('index'))
def user_authorize(self): print(Color.BLUE, end='') print('Выберите роль:') print('1. Ученик') print('2. Учитель') print('3. Администратор') print('0. Выход') print(Color.RESET, end='') self.user_role = None while self.user_role not in ('0', '1', '2', '3'): self.user_role = input('? ') if self.user_role is '0': exit(0) self.user_role = Role.get_role(self.user_role) user_login = input('Логин: ') user_password = encrypt_password(getpass.getpass('Пароль: ')) if self.user_role is Role.STUDENT: self.db_execute('SELECT user_id, student_id FROM users_students WHERE login = %s AND PASSWORD = %s;', user_login, user_password) elif self.user_role is Role.TEACHER: self.db_execute('SELECT user_id, teacher_id FROM users_teachers WHERE login = %s AND PASSWORD = %s;', user_login, user_password) elif self.user_role is Role.ADMINISTRATOR: self.db_execute('SELECT user_id FROM users_admins WHERE login = %s AND PASSWORD = %s;', user_login, user_password) result = self.cursor.fetchall() if not result: print(Color.RED, end='') print('Неправильная пара логин/пароль') print(Color.RESET, end='') exit(0) self.authorization_success = True self.user_id = result[0][0] if self.user_role is Role.STUDENT: self.student_id = result[0][1] elif self.user_role is Role.TEACHER: self.teacher_id = result[0][1] self.hello_message()
def insert_superuser(username, password): name = username type = 1 accesstype = 2 comment = '' encrypted_password = utils.encrypt_password(password) print 'enc : %s' % encrypted_password try: defuser = DefUser.objects.get(name__iexact=name) return except DefUser.DoesNotExist: pass try: defuser = DefUser.objects.create(name=name, type=type, accesstype=accesstype, comment=comment) o = DefUserName.objects.create(id=defuser, displayname=name, password=encrypted_password) except: pass
def register(): error = None if request.method == 'POST': username = request.form['username'] password = request.form['password'] if username.strip() == '' or password.strip() == '': error = 'username or password cannot be empty' else: cursor = g.db.execute('select * from user where username = ?', [username]) if cursor.fetchone() != None: error = 'This name has been used, please change another one :) ' else: g.db.execute( 'insert into user (username,password) values (?,?)', [ username, utils.encrypt_password(request.form['password'], None) ]) g.db.commit() select_cur = g.db.execute( 'select * from user where username = ?', [username]) create_table(select_cur.fetchone()[0]) return render_template('login.html') return render_template('register.html', error=error)
def edit_teacher(session): print(Color.BLUE, end='') print('### Редактирование учителя ###') print(Color.RESET, end='') teacher_id = input('Введите id учителя: ') try: teacher_id = int(teacher_id) except ValueError: print(Color.RED, end='') print('Ожидалось число') print(Color.RESET, end='') return None session.db_execute( 'SELECT teacher_id FROM teachers WHERE teacher_id = %s;', teacher_id) if not session.cursor.fetchall(): print(Color.RED, end='') print('Учитель с id ' + str(teacher_id) + ' не существует') print(Color.RESET, end='') return None teacher = Teacher(session, teacher_id) print('Фамилия:', str(teacher.get(Teacher.name_last))) print('Имя:', str(teacher.get(Teacher.name_first))) name_middle = teacher.get(Teacher.name_middle) print('Отчество:', str(name_middle) if name_middle else '') phone = teacher.get(Teacher.phone) print('Телефон:', str(phone) if phone else '') while True: print(Color.BLUE, end='') print('Выберите действие:') print('1. Изменить телефон') print('2. Создать аккаунт в системе') print('3. Уволить учителя') print('0. Назад') print(Color.RESET, end='') option = None while option not in ('0', '1', '2', '3', '4'): option = input('? ') if option is '0': return None if option is '1': phone = input('Новый телефон: ') if len(phone) > 30: print(Color.RED, end='') print('Длина телефона не может быть более 30 символов') print(Color.RESET, end='') continue teacher.set(Teacher.phone, phone if len(phone) else None) session.connection.commit() print(Color.GREEN, end='') print('Телефон изменён') print(Color.RESET, end='') elif option is '2': login = input('Введите логин нового аккаунта: ') password = encrypt_password( input('Введите пароль нового аккаунта: ')) if not password or not login: print(Color.RED, end='') print('Пароль/логин не могут быть пустыми') print(Color.RESET, end='') continue try: session.db_execute( 'INSERT INTO users_teachers (login, password, teacher_id) VALUES (%s, %s, %s);', login, password, teacher.id) except psycopg2.IntegrityError as err: if err.pgcode == '23505': # unique_violation if err.diag.constraint_name == 'users_teachers_teacher_id_key': print(Color.RED, end='') print('У данного учителя уже существует аккаунт') print(Color.RESET, end='') elif err.diag.constraint_name == 'users_teachers_login_key': print(Color.RED, end='') print('Этот логин уже занят') print(Color.RESET, end='') else: raise err session.connection.rollback() continue raise err session.connection.commit() print(Color.GREEN, end='') print('Аккаунт с логином', login, 'создан') print(Color.RESET, end='') elif option is '3': try: session.db_execute( 'DELETE FROM users_teachers WHERE teacher_id = %s;', teacher.id) session.db_execute( 'DELETE FROM teachers WHERE teacher_id = %s;', teacher.id) except psycopg2.IntegrityError as err: if err.pgcode == '23503': print(Color.RED, end='') print( 'Удаление невозможно: учитель до сих пор является классным руководителем' ) print(Color.RESET, end='') session.connection.rollback() continue raise err session.connection.commit() print(Color.GREEN, end='') print('Учитель уволен') print(Color.RESET, end='') return None
def edit_student(session): print(Color.BLUE, end='') print('### Редактирование ученика ###') print(Color.RESET, end='') student_id = input('Введите id ученика: ') try: student_id = int(student_id) except ValueError: print(Color.RED, end='') print('Ожидалось число') print(Color.RESET, end='') return None session.db_execute( 'SELECT student_id FROM students WHERE student_id = %s;', student_id) if not session.cursor.fetchall(): print(Color.RED, end='') print('Ученик с id ' + str(student_id) + ' не существует') print(Color.RESET, end='') return None student = Student(session, student_id) print('Фамилия:', str(student.get(Student.name_last))) print('Имя:', str(student.get(Student.name_first))) name_middle = student.get(Student.name_middle) print('Отчество:', str(name_middle) if name_middle else '') phone = student.get(Student.phone) print('Телефон:', str(phone) if phone else '') student_class = Class(session, int(student.get(Student.class_id))) print( 'Класс:', str(student_class.get(Class.class_number)) + str(student_class.get(Class.class_letter))) while True: print(Color.BLUE, end='') print('Выберите действие:') print('1. Изменить телефон') print('2. Изменить класс') print('3. Создать аккаунт в системе') print('4. Выгнать ученика') print('0. Назад') print(Color.RESET, end='') option = None while option not in ('0', '1', '2', '3', '4'): option = input('? ') if option is '0': return None if option is '1': phone = input('Новый телефон: ') if len(phone) > 30: print(Color.RED, end='') print('Длина телефона не может быть более 30 символов') print(Color.RESET, end='') continue student.set(Student.phone, phone if len(phone) else None) session.connection.commit() print(Color.GREEN, end='') print('Телефон изменён') print(Color.RESET, end='') elif option is '2': class_id = input('Введите id класса: ') try: class_id = int(class_id) except ValueError: print(Color.RED, end='') print('Ожидалось число') print(Color.RESET, end='') continue try: student.set(Student.class_id, class_id) except psycopg2.IntegrityError as err: if err.pgcode == '23503': # foreign_key_violation print(Color.RED, end='') print('Класс с id ' + str(class_id) + ' не существует') print(Color.RESET, end='') session.connection.rollback() continue raise err session.connection.commit() print(Color.GREEN, end='') print('Класс изменен') print(Color.RESET, end='') elif option is '3': login = input('Введите логин нового аккаунта: ') password = encrypt_password( input('Введите пароль нового аккаунта: ')) if not password or not login: print(Color.RED, end='') print('Пароль/логин не могут быть пустыми') print(Color.RESET, end='') continue try: session.db_execute( 'INSERT INTO users_students (login, password, student_id) VALUES (%s, %s, %s);', login, password, student.id) except psycopg2.IntegrityError as err: if err.pgcode == '23505': # unique_violation if err.diag.constraint_name == 'users_students_student_id_key': print(Color.RED, end='') print('У данного ученика уже существует аккаунт') print(Color.RESET, end='') elif err.diag.constraint_name == 'users_students_login_key': print(Color.RED, end='') print('Этот логин уже занят') print(Color.RESET, end='') else: raise err session.connection.rollback() continue raise err session.connection.commit() print(Color.GREEN, end='') print('Аккаунт с логином', login, 'создан') print(Color.RESET, end='') elif option is '4': session.db_execute( 'DELETE FROM users_students WHERE student_id = %s;', student.id) session.db_execute('DELETE FROM students WHERE student_id = %s;', student.id) session.connection.commit() print(Color.GREEN, end='') print('Ученик изгнан') print(Color.RESET, end='') return None
def set_password(self, raw_password): if isinstance(raw_password, unicode): raw_password = raw_password.encode('utf8') self.password = encrypt_password(raw_password)
def __init__(self, name, password, create_time=None): self.name = name self.password_hash = utils.encrypt_password(password, name) self.create_time = datetime.utcnow()