def test_create_account(client, db): r = client.get( "/api/createaccount", headers={ "Authorization": f"Basic {basic_auth_string('me123', 'mypassword')}" }, ) assert r.status_code == 200 data = r.get_json() assert "token" in data token = data["token"] statement = text("SELECT token FROM Token WHERE Username = :user") results = db.execute(statement, {"user": "******"}).fetchall() assert results != [] db_token = results[0] assert token == db_token[0] statement = text("SELECT * FROM User WHERE Username = :user") results = db.execute(statement, {"user": "******"}).fetchall() assert results != [] row = results[0] assert hash_password("mypassword", row.Salt) == row.Password_Hash
def _insert(self): with sqlite3.connect(self.dbpath) as conn: curs = conn.cursor() sql = """ INSERT INTO {} (username, password_hash, balance, api_key) VALUES (?,?,?,?); """.format(self.tablename) curs.execute(sql, (self.username, hash_password( self.password_hash), self.balance, self.api_key))
def password_check(connection, username, password): fetch_pws = text( "SELECT Password_Hash, Salt FROM User WHERE Username=:username") result = connection.execute(fetch_pws, {"username": username}).fetchall() if not result: return False pwh, salt = result[0] digest = hash_password(password, salt) return digest == pwh
def deposit(self, username, password, deposit_amount): cur_balance = Account.select_one_where("WHERE username = ? \ AND password_hash = ?", (username, hash_password(password))) self.pk = cur_balance.pk self.username = cur_balance.username self.password_hash = cur_balance.password_hash self.balance = round(cur_balance.balance + deposit_amount,2) self.api_key = cur_balance.api_key return round(cur_balance.balance + deposit_amount, 2)
def create_account(): username = view.create_username() password = view.create_password() password_hash = hash_password(password) new_account = Account(username=username, password_hash=password_hash, balance=0) new_account.generate_api_key() new_account.save() view.login_menu() login()
def generate_fake(): seed() sp = SalesPerson( email = forgery_py.internet.email_address(), password = hash_password(forgery_py.lorem_ipsum.word()), givenname = forgery_py.name.first_name(), surname = forgery_py.name.last_name(), telephone = forgery_py.address.phone(), region = random.choice(REGIONS_LIST) ) return sp
def create_user(connection, username, password): """ Creates a new user with username and password. Returns true if creation was successful and false otherwise. """ # Check if username exists already fetch_pws = text("SELECT Username FROM User WHERE Username=:username") result = connection.execute(fetch_pws, {"username": username}).fetchall() if result: return False # Create user salt = uuid4().hex # Generate salt from UUID pwh = hash_password(password, salt) insert = text( "INSERT INTO User VALUES (:username, :password_hash, :salt, TRUE)" ) # TEMPORARY connection.execute(insert, { "username": username, "password_hash": pwh, "salt": salt }) return True
def generate_fake(): seed() c = Customer( givenname = forgery_py.name.first_name(), surname = forgery_py.name.last_name(), email = forgery_py.internet.email_address(), password = hash_password(forgery_py.lorem_ipsum.word()), dob = forgery_py.date.date(True), billto_address1 = forgery_py.address.street_address(), billto_city = forgery_py.address.city(), billto_state = forgery_py.address.state_abbrev(), billto_postalcode = forgery_py.address.zip_code(), telephone = forgery_py.address.phone(), gender = forgery_py.personal.gender(), ) # Forgery generates telephone numbers with a random country code prefix # just strip that off for now c.telephone = c.telephone[2:] # There's a 24% chance the billing and shipping address might differ if random.random() < .24: c.shipto_address1 = forgery_py.address.street_address() c.shipto_city = forgery_py.address.city() c.shipto_state = forgery_py.address.state_abbrev() c.shipto_postalcode = forgery_py.address.zip_code() else: c.shipto_address1 = c.billto_address1 c.shipto_city = c.billto_city c.shipto_state = c.billto_state c.shipto_postalcode = c.billto_postalcode return c
def set_password(self, password): self.password_hash = hash_password(password)
def login(cls, username, password): """ login TODO: check password hash """ return cls.select_one_where("WHERE username = ? AND password_hash = ?", (username, hash_password(password)))
def get_bal(self, username, password): cur_balance = Account.select_one_where("WHERE username = ? \ AND password_hash = ?", (username, hash_password(password))) return (cur_balance.balance, cur_balance.pk)
def login(cls, email, password): return cls.select_one_where("WHERE email = ? AND password_hash = ?", (email, hash_password(password)))
def login(cls, username, password): return Account.one_from_where_clause( "WHERE username=? AND password_hash=?", (username, hash_password(password)))
def login(cls, username, password): return cls.select_one_where("WHERE username = ? AND password_hash = ?", (username, hash_password(password)))
def testHashPass(self): hashed_pass = util.hash_password('password') t = '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8' self.assertEqual(hashed_pass, t)
def set_password(self, password): hashed_pw = hash_password(password) self.password_hash = hashed_pw return hashed_pw
def testHashPass(self): testoutput = '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8' test = util.hash_password("password") self.assertEqual(test, testoutput, "hash_pass returns correct output")