def reset_verify(username, token): user = User.query.filter_by(username=username).first_or_404() if user.token == None: flash( "%s's account has not requested a password reset." % user.username.capitalize(), "error") return redirect(url_for('index')) if user.getResetToken() != token: flash( "This does not seem to be a valid reset link, if you reset your account multiple times make sure you are using the link in the last email you received!", "error") return redirect(url_for('index')) form = NewPasswordForm() error = None if form.validate_on_submit(): # null the reset token user.token = None # set the new password user.password = hash_password(form.password.data) db.session.commit() flash("Your password was updated and you can login with it now.", "success") return redirect(url_for('login')) return render_template('account/reset_newpassword.html', user=user, form=form, error=error)
def insert_user(): user = User.query.filter_by(username='******').first() if user is None: _id = str(uuid.uuid1()) user = User(id=_id, username='******', password_hash=hash_password('admin@1234'), group_id=admin_group_id) db.session.add(user) db.session.commit()
def put(): claims = get_jwt_claims() if not claims['is_admin']: return send_error( message="Bạn không đủ quyền để thực hiện thao tác này") user_id = request.args.get('user_id') user = client.db.user.find_one({'_id': user_id}) if user is None: return send_error(message='Không tìm thấy người dùng.') params = { 'user_name': FieldString(requirement=True), 'password': FieldString(requirement=True), 'email': FieldString(requirement=True), 'full_name': FieldString(requirement=True), 'group_role_id': fields.Number(), 'status': fields.Number() } try: json_data = parse_req(params) full_name = json_data.get('full_name', None) email = json_data.get('email', None).lower() user_name = json_data.get('user_name', None) password = json_data.get('password', None) group_role_id = json_data.get('group_role_id', 0) status = json_data.get('status', 0) except Exception: return send_error(message='Lỗi dữ liệu đầu vào') '''Check ''' if status == USER_ACTIVATED: status = USER_ACTIVATED elif status == USER_DEACTIVATED: status = USER_DEACTIVATED else: return send_error(message="Bạn chưa nhập trạng thái") '''End check''' _id = str(ObjectId()) new_user = { '$set': { 'full_name': full_name, 'user_name': user_name, 'password': hash_password(password), 'email': email, 'group_role_id': int(group_role_id), 'status': int(status), } } try: client.db.user.update_one({'_id': user_id}, new_user) except Exception: return send_error(message='có lỗi ngoại lệ sảy ra') return send_result(message="Cập nhật thành công", data=user)
def index(): form = IndexForm() if form.login.is_submitted( ) and form.login.submit.data and form.login.validate_on_submit(): try: user = query_db('SELECT * FROM Users WHERE username=?', form.login.username.data, one=True) if user == None: flash('Sorry, wrong username or password!') elif user['password'] == hash_password(form.login.password.data): login_user(User(user['username'], user['password'], user['id']), remember=form.login.remember_me.data) return redirect( url_for('stream', username=form.login.username.data)) else: flash('Sorry, wrong username or password!') except Exception as e: flash( 'An error has occured, please contact the admin\nError was: {}' .format(e), 'error') elif form.register.is_submitted( ) and form.register.submit.data and form.register.validate_on_submit(): username = sanitizeStr(form.register.username.data) firstname = sanitizeStr(form.register.first_name.data) lastname = sanitizeStr(form.register.last_name.data) password = hash_password(sanitizeStr(form.register.password.data)) flash('Congratulations, {} registered!'.format( sanitizeStr(form.register.username.data))) query_db( 'INSERT INTO Users (username, first_name, last_name, password) VALUES(?, ?, ?, ?)', username, firstname, lastname, password) return redirect(url_for('index')) return render_template('index.html', title='Welcome', form=form)
def _get_user_object(self, user_dict): roles = user_dict['roles'] _roles = [] for role in roles: roleObj = self.get_role(role) if roleObj is not None: _roles.append(roleObj) else: raise CustomException('Role with name : ' + str(role) + ' Not found') if len(_roles) == 0: raise CustomException('No roles found') del user_dict['roles'] user = LoginUser(**user_dict) user.roles = _roles user.password = hash_password(user.password) return user
def create_user(): """ This is api for the user management registers user. Request Body: Returns: Examples:: """ try: json_data = request.get_json() # Check valid params validate(instance=json_data, schema=user_validator) username = json_data.get('username', None).strip() password = json_data.get('password', None) except Exception as ex: logger.error('{} Parameters error: '.format(get_datetime_now().strftime('%Y-%b-%d %H:%M:%S')) + str(ex)) return send_error(message="Parameters error: " + str(ex)) user_duplicated = client.db.users.find_one({"username": username}) if user_duplicated: return send_error(message="The username has existed!") if is_password_contain_space(password): return send_error(message='Password cannot contain spaces') keys = ["username", "name", "gender", "phone", "email", "is_admin"] user_id = str(ObjectId()) new_user = { "_id": user_id, 'password_hash': hash_password(password) } for key in keys: if key in json_data: new_user[key] = json_data.get(key) try: client.db.users.insert_one(new_user) except Exception as ex: return send_error(message="Insert to database error: " + str(ex)) return send_result(data=new_user, message="Create user successfully!")
def change_password(): """ This api for all user change their password. Request Body: Returns: Examples:: """ user_id = get_jwt_identity() current_user = client.db.users.find_one({"_id": user_id}) try: json_data = request.get_json() # Check valid params validate(instance=json_data, schema=password_validator) current_password = json_data.get('current_password', None) new_password = json_data.get('new_password', None) except Exception as ex: logger.error('{} Parameters error: '.format(get_datetime_now().strftime('%Y-%b-%d %H:%M:%S')) + str(ex)) return send_error(message='Parse error ' + str(ex)) if not check_password_hash(current_user["password_hash"], current_password): return send_error(message="Current password incorrect!") if is_password_contain_space(new_password): return send_error(message='Password cannot contain spaces') new_value = { '$set': { 'password_hash': hash_password(new_password) } } try: client.db.users.update_many({'_id': user_id}, new_value) except Exception as ex: return send_error(message='Database error: ' + str(ex)) # revoke all token of current user from database except current token revoke_all_token2(user_id) return send_result(message="Change password successfully!")
def reset_verify(username, token): user = User.query.filter_by(username=username).first_or_404() if user.token == None: flash("%s's account has not requested a password reset." % user.username.capitalize(), "error") return redirect(url_for('index')) if user.getResetToken() != token: flash("This does not seem to be a valid reset link, if you reset your account multiple times make sure you are using the link in the last email you received!", "error") return redirect(url_for('index')) form = NewPasswordForm() error = None if form.validate_on_submit(): # null the reset token user.token = None # set the new password user.password = hash_password(form.password.data) db.session.commit() flash("Your password was updated and you can login with it now.", "success") return redirect(url_for('login')) return render_template('account/reset_newpassword.html', user = user, form = form, error = error)
def reset_password(user_id): """ This api for the user management resets the users password. Request Body: Returns: Examples:: """ user = client.db.users.find_one({"_id": user_id}) if user is None: return send_error(message="Not found user!") try: json_data = request.get_json() # Check valid params validate(instance=json_data, schema=password_validator) new_password = json_data.get('new_password', None) except Exception as ex: logger.error('{} Parameters error: '.format(get_datetime_now().strftime('%Y-%b-%d %H:%M:%S')) + str(ex)) return send_error(message='Parse error ' + str(ex)) if is_password_contain_space(new_password): return send_error(message='Password cannot contain spaces') new_value = { '$set': { 'password_hash': hash_password(new_password) } } try: client.db.users.update_many({'_id': user_id}, new_value) except Exception as ex: return send_error(message='Database error: ' + str(ex)) # revoke all token of reset user from database revoke_all_token(user_id) return send_result(data=None, message="Reset password successfully!")
def post(): params = { 'user_name': FieldString(requirement=True), 'password': FieldString(requirement=True), 'email': FieldString(requirement=True), 'full_name': FieldString(requirement=True), 'group_role_id': fields.Number() } try: json_data = parse_req(params) full_name = json_data.get('full_name', None) email = json_data.get('email', None).lower() user_name = json_data.get('user_name', None) password = json_data.get('password', None) group_role_id = json_data.get('group_role_id', 0) except Exception: return send_error(message='Lỗi dữ liệu đầu vào') '''check conditions''' '''end check''' '''create MNV auto''' '''end create MNv''' _id = str(ObjectId()) user = { '_id': _id, 'full_name': full_name, 'user_name': user_name, 'password': hash_password(password), 'email': email, 'group_role_id': int(group_role_id), 'status': USER_ACTIVATED, 'MaNV': set_auto_MaNV() } try: client.db.user.insert_one(user) except Exception: return send_error(message='có lỗi ngoại lệ sảy ra') return send_result(message="Tạo user thành công ", data=user)
def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] otp = request.form['twofactor'] hashed_password = utils.hash_password(password) db_user = models.Users.query.filter( models.Users.username == username).first() try: otp_result = utils.check_otp(otp, db_user.twofactor) otp_result = True except: return render_template('login.html') if db_user and otp_result and hashed_password == str(db_user.password): login_user(db_user) return redirect(url_for('index')) else: return render_template('login.html') else: return render_template('login.html')
def create_user(): """ This is api for the user management registers user. Request Body: username: string, require The username of the user. Max length accepted is 50 and minimum length is 1. password: string, require The password of the user wanted to log in. Max length accepted is 50 and minimum length is 1. Returns: username: string username of newly registered user. group_id: string group id of this new user. Examples:: curl --location --request POST 'http://<sv_address>:5013/api/v1/users' --header 'Authorization: Bearer <access_token>' """ params = { 'username': FieldString(requirement=True), 'password': FieldString(requirement=True), 'first_name': FieldString(requirement=True), 'last_name': FieldString(requirement=True), 'company': FieldString(), 'address': FieldString(), 'mobile': FieldString() } try: json_data = parse_req(params) # Check valid params validate(instance=json_data, schema=schema_user_create) username = json_data.get('username', None).lower().strip() password = json_data.get('password', None) first_name = json_data.get('first_name', None) last_name = json_data.get('last_name', None) company = json_data.get('company', None) address = json_data.get('address', None) mobile = json_data.get('mobile', None) except Exception as ex: logger.error('{} Parameters error: '.format( datetime.datetime.utcnow().strftime('%Y-%b-%d %H:%M:%S')) + str(ex)) return send_error(message="Registers user fail!") # log input fields # logger.debug(f"INPUT api create user: {json_data}") user = Users.find_by_user_name(user_name=username) if user: return send_error(message="User exist") if is_password_contain_space(password): return send_error(message='Password cannot contain spaces') create_date = datetime.datetime.utcnow().timestamp() _id = str(uuid.uuid1()) user = Users(id=_id, username=username, password_hash=hash_password(password), force_change_password=False, create_date=create_date, modified_date=create_date, is_active=True, firstname=first_name, lastname=last_name, company=company, address=address, mobile=mobile, modified_date_password=create_date) user.save_to_db() data = { 'id': _id, 'username': username, 'first_name': first_name, 'last_name': last_name, 'create_date': create_date } return send_result(data=data, message="Registers user successfully!")
def __init__(self, username, password, realname, email): self.username = username self.password = hash_password(password) self.realname = realname self.email = email
def is_valid_password(self, password): return hash_password(password, self.salt) == self.password_hash
def __init__(self, name, password): self.name = name self.salt = urandom(512) self.password_hash = hash_password(password, self.salt)