def test_shorthash(self):
manager = BCRYPTPasswordManager()
def match(hash):
return True
manager.match = match
short_hash = manager.encode(self.snowpass)[:28]
assert_true(manager.match(short_hash))
manager.check(short_hash, self.snowpass)
def password_check(password, stored_passw):
"""
Returns a boolean of whether the password was correct.
"""
from cryptacular.bcrypt import BCRYPTPasswordManager
manager = BCRYPTPasswordManager()
return manager.check(stored_passw, password)
def check_password(cls, username, password, session=None):
if session is None:
session = DBSession
manager = BCRYPTPasswordManager()
try:
user = User.by_username(username)
except NoResultFound:
return False
return manager.check(user.password, password)
def do_login(request):
username = request.params.get('username', None)
password = request.params.get('password', None)
if not (username and password):
raise ValueError('both username and password are required')
settings = request.registry.settings
manager = BCRYPTPasswordManager()
if username == settings.get('auth.username', ''):
hashed = settings.get('auth.password', '')
return manager.check(hashed, password)
def validate_user_password(cls, username, password):
user = DBSession.query(cls).options(noload(cls.groups)).filter(cls.username == username.lower()).first()
if user is None:
return None
manager = BCRYPTPasswordManager()
if manager.check(user.credentials, password):
return user
return None
def do_login(request):
username = request.params.get('username', None)
password = request.params.get('password', None)
if not (username and password):
raise ValueError('both username and password are required')
settings = request.registry.settings
manager = BCRYPTPasswordManager()
if username == settings.get('auth.username', ''):
hashed = settings.get('auth.password', '')
return manager.check(hashed, password)
def login(request):
username = request.params.get("username", None)
password = request.params.get("password", None)
if not (username and password):
raise ValueError("Username and password are required")
manager = BCRYPTPasswordManager()
try:
user = User.get_by_username(username)
except:
raise ValueError("User does not exist")
return manager.check(user.password, password)
def test_create_user(db_session):
kwargs = {
'username': "******",
'password': "******"
}
kwargs['session'] = db_session
user = app.User.new(**kwargs)
db_session.flush()
u = db_session.query(app.User).filter(app.User.id == user.id).one()
assert getattr(u, 'id', '') is not None
assert getattr(u, 'username', '') == "Test_Username"
manager = BCRYPTPasswordManager()
assert manager.check(getattr(user, 'password', ''), "testpassword")
def do_login(request):
username = request.params.get('username', None)
password = request.params.get('password', None)
if not (username and password):
raise ValueError('both username and password are required')
settings = request.registry.settings
# you can always get hold of application settings with
# `request.registry.settings`
manager = BCRYPTPasswordManager()
if username == settings.get('auth.username', ''):
hashed = settings.get('auth.password', '')
return manager.check(hashed, password)
return False
def do_login(request):
login_result = False
manager = BCRYPTPasswordManager()
entered_username = request.params.get('username', None)
entered_password = request.params.get('password', None)
user_obj = User.lookup_by_attribute(username=entered_username)[0]
db_username = user_obj.username
if entered_username == db_username:
db_hashed = user_obj.password
# manager.check returns BOOL
login_result = manager.check(db_hashed, entered_password)
return login_result
def check_password(cls, username, password):
""" Check the user password.
Check if the submited password for username is the same than the
encrypted one recorded in the database. Return None if the username
did not exist.
:param username: the user username
:type username: unicode
:param username: the submited password
:type username: unicode
:return: True if the password is correct. false if incorect
:rtype: boolean
"""
bcrypt = BCRYPTPasswordManager()
user = cls.get_by_username(username)
if user:
return bcrypt.check(user.password, password)
def verify_password(self, password):
manager = Manager()
return manager.check(self.password, password)
def check_password(self, password):
manager = BCRYPTPasswordManager()
return manager.check(self.credentials, password)
def check_password(self, password):
manager = BCRYPTPasswordManager()
return manager.check(self.credentials, password)
def verify_password(self, password):
manager = Manager()
return manager.check(self.password, password)
def validate_password(self, value):
manager = BCRYPTPasswordManager()
return manager.check(self._password, value)
def verify_password(self, password):
'''
Verify username and password using Cryptacular.
'''
manager = Manager()
return manager.check(self.password, password)
from cryptacular.bcrypt import BCRYPTPasswordManager
manager = BCRYPTPasswordManager()
hashed = manager.encode('password')
assert manager.check(hashed, 'password')
def authenticate_user(self, password):
manager = BCRYPTPasswordManager()
return manager.check(self.password, password)
class TestBCRYPTPasswordManager(object):
snowpass = "******"
def setup(self):
self.manager = BCRYPTPasswordManager()
@raises(TypeError)
def test_None1(self):
self.manager.encode(None)
@raises(TypeError)
def test_None2(self):
self.manager.check(None, 'xyzzy')
@raises(TypeError)
def test_None3(self):
hash = self.manager.encode('xyzzy')
self.manager.check(hash, None)
def test_badhash(self):
eq_(self.manager.check('$p5k2$400$ZxK4ZBJCfQg=$kBpklVI9kA13kP32HMZL0rloQ1M=', self.snowpass), False)
@raises(ValueError)
def test_shorthash(self):
manager = BCRYPTPasswordManager()
def match(hash):
return True
manager.match = match
short_hash = manager.encode(self.snowpass)[:28]
assert_true(manager.match(short_hash))
manager.check(short_hash, self.snowpass)
@raises(ValueError)
def test_too_few_rounds(self):
self.manager.encode(self.snowpass, rounds=1)
@raises(ValueError)
def test_too_many_rounds(self):
self.manager.encode(self.snowpass, rounds=100)
def test_emptypass(self):
self.manager.encode('')
def test_general(self):
manager = self.manager
hash = manager.encode(self.snowpass)
eq_(manager.match(hash), True)
eq_(len(hash), 60)
assert_true(manager.check(hash, self.snowpass))
password = "******"
hash = manager.encode(password)
assert_true(manager.check(hash, password))
assert_true(manager.check(unicode(hash), password))
assert_false(manager.check(password, password))
assert_not_equal(manager.encode(password), manager.encode(password))
hash = manager.encode(password, rounds=4)
assert_true(manager.check(hash, password))
@raises(ValueError)
def test_fail_1(self):
def return_none(*args): return None
bcrypt = BCRYPTPasswordManager()
bcrypt.crypt_gensalt_rn = return_none
bcrypt.encode('foo')
@raises(ValueError)
def test_fail_2(self):
def return_none(*args): return None
bcrypt = BCRYPTPasswordManager()
bcrypt.crypt_rn = return_none
bcrypt.encode('foo')
@raises(ValueError)
def test_fail_3(self):
def return_none(*args): return None
bcrypt = BCRYPTPasswordManager()
pw = bcrypt.encode('foobar')
bcrypt.crypt_rn = return_none
bcrypt.check(pw, 'foo')
def authenticate_user(self, password):
manager = BCRYPTPasswordManager()
return manager.check(self.password, password)
def login(self):
max_logins = 6
request = self.request
login_url = request.route_url('login_path')
referrer = request.url
if referrer == login_url:
referrer = '/' # never use login form itself as came_from
came_from = request.params.get('came_from', referrer)
login = None
password = None
flash_messages = []
if 'form.submitted' in request.params:
if('login' in request.params and request.params['login'] != None):
login = request.params['login']
else:
flash_messages.append('No email address provided.')
if('password' in request.params and request.params['password'] != None):
password = request.params['password']
else:
flash_messages.append('No password entered.')
#Check that this user hasn't gone over their maximum number of login attempts
four_hours_ago = dt.datetime.now() - dt.timedelta(hours = 4)
failed_login_count = request.db.query(FailedLogin).filter(and_(or_(FailedLogin.email == login,
FailedLogin.ip_address == request.remote_addr),
FailedLogin.date_of_failure >= four_hours_ago)).count()
if failed_login_count <= max_logins:
if(login != None and password != None):
#Start by finding this user in the database
user = request.db.query(RegisteredUser).filter(RegisteredUser.email == login).first()
#Create the crypto_manager
crypto_manager = BCRYPTPasswordManager()
#If they exist, let's verify that this is their password
if(user and crypto_manager.check(user.getPassword(), password)):
#Create a random number and fill in the database with key information
#This is done in a while loop using the was_created sentinal variable to insure that
#we did not accidently create two different sessions with the same session key value
#If this should happen, we will retry logging the user in.
was_not_created = True
iter_value = 0
while was_not_created:
try:
iter_value += 1
if(iter_value < 10):
new_session_key = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits + string.ascii_lowercase) for _ in range(64))
user_session = SessionCookie(
session_key = new_session_key,
user_id = user.id,
user_role = request.db.query(UserGroup).filter(UserGroup.id == user.getGroupId()).first().getName(),
creation_date = dt.datetime.now(),
expiration_date = dt.datetime.now() + dt.timedelta(minutes = 20),
update_time = dt.datetime.now() + dt.timedelta(minutes = 2)
)
request.db.add(user_session)
request.db.commit()
request.db.flush()
was_not_created = False
except exc.SQLAlchemyError as e:
print e
request.db.rollback()
was_not_created = True
request.session['session_key'] = new_session_key
headers = remember(request, new_session_key)
request.session.flash("You have successfully logged in to your account.", "success")
return HTTPFound(location=came_from, headers=headers)
else:
#Tell the user their login failed.
flash_messages.append('Invalid e-mail/password.')
#Increase the number failed logins recorded
failed_login = FailedLogin(email=login,
date_of_failure=dt.datetime.now(),
ip_address=request.remote_addr)
request.db.add(failed_login)
logEntry = LogItem(event_name = 'Failed Login Attempt',
event_description = 'A user attempted to log into the user with email, {0}, using invalid login credentials.'.format(login),
event_tag_id = None,
user_id = None,
ip_address = request.remote_addr,
danger_index = 1,
event_date = dt.datetime.now())
request.db.add(logEntry)
request.db.commit()
#Increase the number of failed logins on this user (if they entered a valid login email)
if(user):
if(user.getNumberOfFailedLogins() != None):
new_failed_login_count = user.getNumberOfFailedLogins() + 1
else:
new_failed_login_count = 1
user.num_of_failed_logins = new_failed_login_count
#Check if this is their final allowed login
if(new_failed_login_count >= max_logins):
user.setNextAvailableLoginDate(dt.datetime.now() + dt.timedelta(hours = 4))
logEntry = LogItem(event_name = 'Login Attempt Limit Exceeded',
event_description = 'A user has entered too many invalid passwords for the user with email, {0}.'.format(login),
event_tag_id = None,
user_id = None,
ip_address = request.remote_addr,
danger_index = 5,
event_date = dt.datetime.now())
request.db.add(logEntry)
request.db.commit()
request.db.flush()
return dict(
name='Login',
flash_messages=flash_messages,
url=request.application_url + '/login',
came_from=came_from,
)
else:
#Inform the user that they have gone over their login attempts
flash_messages.append('Login atttempt limit exceeded.')
url = request.route_url('index_path')
return HTTPFound(location=url)
return dict(
name='Login',
flash_messages=flash_messages,
url=request.application_url + '/login',
came_from=came_from
)
def cryptacular():
manager = BCRYPTPasswordManager()
hashed = manager.encode('password')
if manager.check(hashed, 'password'):
print(hashed)
def verify_password(self, password):
manager = BCRYPTPasswordManager()
return manager.check(self.hashword, password)
def validate_password(self, password):
pwd_manager = BCRYPTPasswordManager()
return pwd_manager.check(self.password, password)