def routes_login(): if request.method == "POST": if request.headers.get("TOKEN_ONLY", default="false") == "true": username = request.headers.get("Username") password = request.headers.get("Password") if username != ADMIN_USER or auth.get_hash( ADMIN_PASS) != auth.get_hash(password): return "Unauthorized", 401 token = auth.generate_token() res = Response() res.headers.set("Content-Type", "application/json") res.set_data(json.dumps({"token": str(token, encoding="utf8")})) return res else: username = request.form.get('admin_username') password = request.form.get('admin_passwd') if username != ADMIN_USER or auth.get_hash( ADMIN_PASS) != auth.get_hash(password): return render_template("login.html", errors=["Bad Credentials"]) token = auth.generate_token() res = make_response(redirect("/creator")) res.set_cookie("authorization", "Bearer " + str(token, encoding="utf8")) return res elif request.method == "GET": return render_template("login.html"), 200
def test_generate_token(): SECRET = 'aaaaaddeeeiiklmmnnnnnorrsy' clear() token = generate_token(0) decoded = jwt.decode(token, SECRET, algorithms='HS256') assert decoded['u_id'] == 0
def flush_standup(channel_id): ''' Input: channel_id (int) Returns: Nothing Purpose: Helper function to concat messages in a standup and send them at once ''' with STANDUP_LOCK: standups = get_standup() try: [to_flush ] = list(filter(lambda x: x['channel_id'] == channel_id, standups)) to_send = '\n'.join(to_flush['messages']) # message is empty.. do not bother if not to_send: standups.remove(to_flush) return # get the token given u_id user_token = get_token(to_flush['u_id']) if user_token is None: # generate a temporary token user_token = generate_token(to_flush['u_id']) get_tokens()[user_token] = to_flush['u_id'] message_send(user_token, channel_id, to_send) auth_logout(user_token) else: message_send(user_token, channel_id, to_send) standups.remove(to_flush) except ValueError: pass
def register_user(): if mail_validation(user.email): pass else: quit() insert_user_into_table() token = auth.generate_token(user.password, user.email) # Send mail with veryficaton token (link from front-end) link = '\nhttps://pythonhosted.org/itsdangerous/#itsdangerous.TimestampSigner' body, subject = mail.template_veryfication(token, link) mail.send_email(user.email, body, subject) cursor.execute('''UPDATE users SET confirmation_sent = ? where email = ?''', (datetime.now(), user.email)) db.commit() # Artificial waiting for confirmation------- time.sleep(2) #------------------------------- (confirmed, token_email) = auth.confirm_token(token, expiration, user.password) if confirmed: user_confirmed(token_email) print("User registered") get_data_from_REGON(user.nip) else: print('User not registered')
def post(self): username, password = extract_credentials(self.json_request) while True: got_it = yield tornado.gen.Task(self.signup_lock.acquire, blocking=True) if got_it: break else: yield gen.sleep(10) inserted = yield tornado.gen.Task( self.redis_conn.setnx, username, auth.encrypt_password(password) ) if inserted == 0: raise tornado.web.HTTPError(409, 'Such a username already exists') yield gen.Task(self.signup_lock.release) self.reply({ 'status': 'ok', 'token': auth.generate_token(username).decode('ascii') }, status_code=201)
def API_login(): # Check if the email exists users = get_session().query(User).filter_by( email=request.form["email"]).all() if (len(users) < 1): return json.dumps({ "state": "error", "message": "Invalid e-mail or password." }) our_user = users[0] # Check if the password supplied is the same as the password in the User model if (our_user.password != hash_multiple( [request.form["email"], request.form["password"]])): return json.dumps({ "state": "error", "message": "Invalid e-mail or password." }) session['token'] = generate_token(our_user.id) return json.dumps({ "state": "ok", "message": "", "token": session['token'] })
def get_token(): incoming = request.get_json() user = User.get_user_with_email_and_password(incoming["email"], incoming["password"]) if user: return jsonify(token=generate_token(user)) return jsonify(error=True), 403
def api_login(error=None): content = request.get_json(silent=True) username = content.get('username') password = content.get('password') if auth.try_login(username, password): new_token = auth.generate_token(username) response = {'status': 'success', 'token': new_token} return jsonify(**response) else: raise InvalidRequestData('Invalid username or password (mismatched).')
def create_user(): incoming = request.get_json() user = User(email='*****@*****.**', password='******') db.session.add(user) try: db.session.commit() except IntegrityError: return jsonify(message="User with that email already exists"), 409 new_user = User.query.filter_by(email=incoming["email"]).first() return jsonify(id=user.id, token=generate_token(new_user))
def login_expired(): test_only() #This endpoint will log the user in with expired token res = jsonify({ "success": True, "result": "setting expired token successfully" }) expired_token = generate_token(user_id=1, secret=SECRET, expiration_delta=timedelta(days=-7), issued_at=datetime.now()) res.headers.add('Authorization', expired_token["result"]) return res, 200
def post(self): email = squeeze(self.get_argument('email', '')) password = squeeze(self.get_argument('password', '')) action = self.get_argument('action') response = {'status': 'failed'} if not email or not password: response['error'] = 'Email and password are mandatory' self.write(json_encode(response)) return if action == 'Login': id = get_identity(email, password) if not id: response['error'] = 'Wrong Username/Email and password combination' self.write(json_encode(response)) return user = User.objects.find(id=id) if user: token = generate_token() user.authenticate(token) self.set_secure_cookie("auth", token) self.redirect('/') elif action == 'Signup': already_exists = email_exists(email) if not already_exists: fullname = email.split('@')[0].replace('.', ' ').replace('_', ' ') user = User.objects.create('', fullname) store_credentials(user.id, email, password) token = generate_token() user.authenticate(token) self.set_secure_cookie("auth", token) self.redirect('/signup')
def test_generate_token_uniqueness(): clear() token1 = generate_token(0) token2 = generate_token(1) token3 = generate_token(2) token4 = generate_token(3) token5 = generate_token(4) token6 = generate_token(5) token7 = generate_token(6) tokens = [token1, token2, token3, token4, token5, token6, token7] assert len(tokens) == len(set(tokens))
def post(self): username, password = extract_credentials(self.json_request) stored_password = yield tornado.gen.Task( self.redis_conn.get, username ) if ( stored_password is not None and stored_password == auth.encrypt_password(password) ): self.reply({ 'status': 'ok', 'token': auth.generate_token(username).decode('ascii') }) else: raise tornado.web.HTTPError(401, 'Wrong password')
def register(): # Get parameters email = request.form.get('email') username = request.form.get('username') password = request.form.get('password') # Generate hashed password hash = hashlib.sha256(password.encode()).hexdigest() # Connect to database connection = psycopg2.connect(user="******", password=os.environ.get("DATABASE_PASSWORD"), host="localhost", port="5432", database="twitterbrief") cursor = connection.cursor() if not auth.check_unique_credentials(username, email, cursor): return dumps({ "Error": "Credentials already exist!" }), 500 # Get followed user response = auth.get_followed_twitter_accounts(username) if response.status_code != 200: print(response.json()) return dumps({ "Error": "Invalid Twitter Account" }), 500 # Add user to database auth.register_user(username, email, hash, cursor) follows = response.json() # Add followed accounts auth.add_accounts(follows['ids'], cursor) auth.populate_followed_users(username, follows['ids'], cursor) # Close database connection connection.commit() cursor.close() connection.close() # Return token return auth.generate_token(username)
def authenticate(self, prefix, social_id, username, fullname, pic): connection = Redis.get_connection() new_user = False key = '{0}:{1}'.format(prefix, unsalted_hash(social_id)) id = connection.get(key) if id: user = User.objects.find(id=id.decode()) else: new_user = True user = User.objects.create( '', fullname, pic) connection.set(key, user.id) token = generate_token() user.authenticate(token) self.set_secure_cookie("auth", token) self.render("redirect.html", new_user=new_user)
def login(): """Login using a POST request, else prompt for credentials """ if request.method == 'GET': raise CredentialsRequired() # handle POST login username = request.form.get('username') password = request.form.get('password') if auth.check_auth(username, password): return { 'message': [ auth.SERVICE_MESSAGES['login'], { 'available endpoints': app.config.get('AVAILABLE_ENDPOINTS') } ], 'token': auth.generate_token(username, password) } else: raise AuthenticationFailed()
def login(): # Get parameters username = request.args.get('username') password = request.args.get('password') # Generate hashed password hash = hashlib.sha256("mypassword".encode()).hexdigest() # Connect to database connection = psycopg2.connect(user="******", password=os.environ.get("DATABASE_PASSWORD"), host="localhost", port="5432", database="twitterbrief") cursor = connection.cursor() findUserQuery = "select username, password from users where username = '******'".format(username) cursor.execute(findUserQuery) user = cursor.fetchone() if user[1] != hash: return {'Error': 'invalid credentials'}, 401 return auth.generate_token(username)
def login(login, password): # 1 - Проверить, есть ли пользователь с таким логином # 2 - Выполнить подтверждение пароля # 3 - Если не ок, то возвращаем (False, 'Invalid login and/or password') # 4 - Генерируем новый токен # 5 - Ищем по дереву(словарю) токенов имеющийся токен по данному логину # 6 - Заменяем или создаем новый токен и помещаем в дерево(словарь) # 7 - Возвращаем пользователю рожденный токен # TODO Надо получить доступ над циклом исполнения в Торнадо, что бы направить этот поток на служебные цели: # Проверка времени жизни токенов: если токены долго бездействуют - удаляем user = database.find_user_by_login(login) if user is None: return False, 'Invalid login and/or password' else: if auth.compare_password(password, user.password, user.salt): new_token = auth.generate_token() auth.insert_new_token(login, new_token) return True, new_token else: return False, 'Invalid login and/or password'
def home(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] try: assert (len(username) >= 2 and len(username) <= 40) assert (len(password) >= 2 and len(password) <= 40) token = auth.generate_token(username, password) response = make_response( render_template('index.html', data=auth.validate_token(token))) response.set_cookie('token', token) return response except: return 'invalid username and/or password' else: token = request.cookies.get('token') if token: return render_template('index.html', data=auth.validate_token(token)) else: return render_template('index.html')
def API_register(): # Check if the email already exists if (len(get_session().query(User).filter_by( email=request.form["email"]).all()) > 0): return json.dumps({ "state": "error", "message": "E-mail already registered!" }) password = hash_multiple([request.form["email"], request.form["password"]]) user = User(email=request.form["email"], fullname=request.form["fullname"], password=password) push_model(user) # Get back the users, I shouldn't do it like this db_users = get_session().query(User).filter_by( email=request.form["email"]).all() session['token'] = generate_token(db_users[0].id) return json.dumps({ "state": "ok", "message": "", "token": session['token'] })
def test_token(self): token = generate_token(userid='12345', secret=secret_string) self.assertTrue(validate_token(token=token, secret=secret_string))
def playlist_to_genres(user_id, playlist_id): ''' Function to iterate through a playlist, pull 30-second samples of songs, and separate them out into their genres. Some songs have multiple genres, so they will appear in multiple folders. ''' token = generate_token() spotify = spotipy.Spotify(auth=token) # Authorization token results = spotify.user_playlist(user=user_id, playlist_id=playlist_id) # Getting track, url, and artists on a track tracks = results['tracks'] # Setting cols for DataFrame track_info_cols = ['id', 'genre', 'track_name', 'preview_url', 'location', 'filename', 'artist', 'artist_uri', 'album', 'release_date', # Track info 'danceability', 'energy', 'key', 'loudness', 'mode', 'speechiness', 'acousticness', 'instrumentalness', 'liveness', 'valence', 'tempo'] # Audio features # Setting a timestamp for .csv versioning timestamp = time.ctime().replace(' ', '_').replace(':', '_') # Set filepath name filepath = f'./data/song_genres.csv' # -------------MAIN LOOP------------- while True: # We need to create a dataframe to store the results, going to store the # results at each stage in case the process gets interrupted song_df = pd.DataFrame(columns=track_info_cols) for track in tqdm(tracks['items']): track_info = track['track'] # Some songs don't have ids, apparently? try: track_id = track_info['id'] except: continue # Some songs don't have preview_urls try: url = track_info['preview_url'] # 30-sec song sample except: continue artists = track_info['artists'] album_name = track_info['album']['name'] release_date = track_info['album']['release_date'] # This returns the audio features Spotify has created for each song audio_features = spotify.audio_features(track_info['uri'])[0] # Looping through each artist, getting their name and uri (Spotify's unique identifier) for artist in artists: artist_name = artist['name'] artist_uri = artist['uri'] track_name = track_info['name'] try: genres = spotify.artist(artist_uri)['genres'] except: continue # urls would throw AttributeError occasionally, some songs don't have previews try: # There are multiple genres per artist for genre in genres: # Add info to dictionary row = {'id' : track_id, 'genre' : genre, 'track_name' : track_name, 'preview_url' : url, 'location' : f'./scrapes/{genre}/{track_name}.mp3', 'filename' : f'{track_name}.mp3', 'artist' : artist_name, 'artist_uri' : artist_uri, 'album' : album_name, 'release_date' : release_date } # Need to create a dictionary for the audio features audio_feature_dict = {key: value for key, value in audio_features.items() if key in track_info_cols} # Combine the above row and audio_feature_dict into one row.update(audio_feature_dict) song_df = song_df.append(row, ignore_index=True) except AttributeError: pass if tracks['next']: tracks = spotify.next(tracks) # updates the offset by 100 song_df.to_csv(filepath, mode='a', index=False) else: break song_df.to_csv(filepath, mode='a', index=False)