def is_login(sk): """This method is used to verify if at least one administrator has been setup.""" try: conn = Connect(host=HOST, user=USER, password=PASSWORD, database=DATABASE) except ConnectionError as e: print(e) return False cur = conn.cursor() query = "SELECT * FROM `administrator`" try: cur.execute(query) except errors.ProgrammingError as e: print(e) return False conn.close() response = cur.fetchall() if response: b = Bcrypt() try: return b.check_password_hash(request.cookies['admin_session'], sk) except KeyError as e: return False else: return True
def auth_admin(self): """Authenticate administrator trying to login.""" try: conn = Connect(host=HOST, user=USER, password=PASSWORD, database=DATABASE) except ConnectionError as e: print(e) return False cur = conn.cursor() query = "SELECT `password` FROM `administrator` WHERE `user_name` = '{}'".format(self.user_name) try: cur.execute(query) except errors.ProgrammingError as e: print(e) return False response = cur.fetchall() conn.close() bcrypt = Bcrypt() try: return bcrypt.check_password_hash(response[0][0], self.password) except IndexError: return False
def admin_index(self): bcrypt = Bcrypt(app) """For GET requests, display the login form. For POSTS, login the current user by processing the form.""" form = LoginForm() next = request.args.get('next') if form.validate(): user = User.query.filter( User.username == form.username.data).first() if user: a = bcrypt.generate_password_hash(form.password.data) if bcrypt.check_password_hash(user.password, form.password.data): user.authenticated = True db.session.add(user) db.session.commit() login_user(user, remember=True, force=True) next = request.args.get('next') print("You have successfully logged in") return redirect(next or url_for('admin.admin_index')) else: print "bad password" else: print "user mismatch" return self.render('admin/index.html', form=form)
def login(): if request.method == "GET": next_redirect = request.args.get("next", False) return render_template("public/login.html", next=next_redirect) else: errs = [] password = request.form.get("password", "") email = request.form.get("email", "") next = request.form.get("next", "") try: bc = Bcrypt(None) conn = db.get_db() sql_query = "SELECT * FROM users WHERE email = %s;" sql_data = (escape(email), ) cur = conn.cursor(cursor_factory=psycopg2.extras.RealDictCursor) cur.execute( sql_query, sql_data ) user = cur.fetchone() cur.close() if user == None: errs.append("No User Found.") else: if bc.check_password_hash(user["password"], password): # add user to the session tools.setCookie( email, user["username"], user["userid"] ) # return the errors and redirect path redirect_url = "/welcome/" if next: redirect_url = next return redirect("/welcome/") else: print "bad pass" errs.append("Incorrect Password.") except Exception, e: print e errs.append("Unable to sign in at this time.") return render_template("public/login.html", next=next, errors=errs, email=email)
def login(): if request.method == "GET": next_redirect = request.args.get("next", False) return render_template("public/login.html", next=next_redirect) else: errs = [] password = request.form.get("password", "") email = request.form.get("email", "") next = request.form.get("next", "") try: bc = Bcrypt(None) conn = db.get_db() sql_query = "SELECT * FROM users WHERE email = %s;" sql_data = (escape(email), ) cur = conn.cursor(cursor_factory=psycopg2.extras.RealDictCursor) cur.execute(sql_query, sql_data) user = cur.fetchone() cur.close() if user == None: errs.append("No User Found.") else: if bc.check_password_hash(user["password"], password): # add user to the session tools.setCookie(email, user["username"], user["userid"]) # return the errors and redirect path redirect_url = "/welcome/" if next: redirect_url = next return redirect("/welcome/") else: print "bad pass" errs.append("Incorrect Password.") except Exception, e: print e errs.append("Unable to sign in at this time.") return render_template("public/login.html", next=next, errors=errs, email=email)
def check_login(member_id, password): try: # Create Database Connection conn = database_connect() cursor = conn.cursor() # Find the users data cursor.execute( """SELECT member_id, title, given_names, family_name, country_name, place_name, (CASE WHEN member_id IN (Select * from athlete) THEN 'athlete' WHEN member_id IN (Select * from staff) THEN 'staff' WHEN member_id IN (Select * from official) THEN 'official' ELSE 'No category' END) AS user_type, pass_word FROM member INNER JOIN country USING (country_code) INNER JOIN place ON member.accommodation = place.place_id WHERE member_id=%s""", (member_id, )) user_data = cursor.fetchone() # Retrieve Query result finally: cursor.close() # Close Curosr conn.close() if user_data is None: # INVALID USERNAME return None # Password check # people with empty passwords don't get any hahsing # Note: it is currently impossible to enter an empty password with the current form so these users cannot login. if (are_passwords_hashed()): print('logging in using hashed password') if not (password == '' and user_data[7] == ''): from flask.ext.bcrypt import Bcrypt bc = Bcrypt(None) password_hashed = bytes(user_data[7], 'utf8') if not bc.check_password_hash(password_hashed, password): # INVALID PASSWORD return () else: #compare unhashed passwords if (password != user_data[7]): return None tuples = { 'member_id': user_data[0], 'title': user_data[1], 'first_name': user_data[2], 'family_name': user_data[3], 'country_name': user_data[4], 'residence': user_data[5], 'member_type': user_data[6] } return tuples
def check_old_password(pwdhash, password): """Check the old password hash from :func:`password_hash`. .. versionadded:: 1.1.0 :param str pwdhash: Hash from :func:`password_hash` to check :param str password: Password in plaintext :return: password match :rtype: bool """ from flask.ext.bcrypt import Bcrypt app.config['BCRYPT_LOG_ROUNDS'] = 12 bcrypt = Bcrypt(app) return bcrypt.check_password_hash(pwdhash, password)
def check_old_password(pwdhash, password): """Check the old password hash from :func:`password_hash`. .. versionadded:: 1.1.0 :param str pwdhash: Hash from :func:`password_hash` to check :param str password: Password in plaintext :return: password match :rtype: bool """ from flask.ext.bcrypt import Bcrypt app.config['BCRYPT_LOG_ROUNDS'] = 12 bcrypt = Bcrypt(app) return bcrypt.check_password_hash(pwdhash, password)
def login(self): print '***** login' email = request.form['email'] password = request.form['password'] results = self.models['User'].get_user_by_email(email) if results == []: flash('Bad password or email', 'error') return redirect('/') app = Flask(__name__) bcrypt = Bcrypt(app) if bcrypt.check_password_hash(results[0]['pw_hash'], password): session['id'] = results[0]['id'] session['fname'] = results[0]['fname'] session['lname'] = results[0]['lname'] session['email'] = results[0]['email'] print '*** session id: {}'.format(session['id']) return redirect('/articles') else: flash('Bad password or email', 'error') return redirect('/')
def login(self): print '***** login ////////////////////////' email = request.form['email'] password = request.form['password'] results = self.models['User'].get_user_by_email(email) if results == []: flash('Bad password or email', 'error') return redirect('/') app = Flask(__name__) bcrypt = Bcrypt(app) if bcrypt.check_password_hash(results[0]['pw_hash'], password): session['id'] = results[0]['id'] session['fname'] = results[0]['fname'] session['lname'] = results[0]['lname'] session['email'] = results[0]['email'] print '*** session id: {}'.format(session['id']) print 'sending to show_stories//////////////////' return redirect('/show_stories') else: flash('Bad password or email', 'error') return redirect('/')
from pymongo import MongoClient from flask.ext.bcrypt import Bcrypt app = Flask(__name__, static_url_path='/static') mongo = MongoClient() bcrypt = Bcrypt(app) # new database db = mongo.tutorial db.users.insert_one({"name": "Devin"}) # bcrypt pw_hash = bcrypt.generate_password_hash('hunter2') print bcrypt.check_password_hash(pw_hash, 'hunter2') # db ''' db.users.find(json_data) db.users.insert_one(json_data) db.users.remove(json_data) db.users.update(json_data) ''' # getting post '''
def verify_password(self, password): bcrypt = Bcrypt() return bcrypt.check_password_hash(self.password, password)
class Auth: GHOST = 0 USER = 1 ADMIN = 2 SUPER_ADMIN = 3 class Anonymous(AnonymousUserMixin): def __init__(self): self._id = None def get_id(self): return unicode('') def __init__(self): self.__login_manager = LoginManager() self.config = {} def init_app(self, app, config): print 'Attaching LoginManager to app.' self.__login_manager.init_app(app) self.__login_manager.anonymous_user = Auth.Anonymous self.config = config def load_user(user_id): if user_id == '': return None Users = Database['Users'] try: return Users.User.find_one({'_id': ObjectId(user_id)}) except: return None def unauthorized(): return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED self.__login_manager.user_loader(load_user) self.__login_manager.unauthorized_handler(unauthorized) self.__bcrypt = Bcrypt(app) def login_manager(self): return self.__login_manager def require(self, user_level): def login_required(f): @wraps(f) def decorated_function(*args, **kwargs): if current_user.is_authenticated() and current_user.get_access_level() >= user_level: return f(*args, **kwargs) return self.__login_manager.unauthorized() return decorated_function return login_required def login(self, user_object, password): if user_object is not None: if self.__bcrypt.check_password_hash(user_object['password'], password): if not login_user(user_object): return resource_strings["USER_NOT_ACTIVATED"] else: return 'Invalid password' else: return 'Invalid email' return None def login_social(self, login_type, token): user_object = None try: user_object = SocialSignin.verify(login_type, token) except SocialSignin.Invalid as e: return str(e) login_user(user_object) def logout(self): logout_user() def hash_password(self, password): return self.__bcrypt.generate_password_hash(password) # decorator that protects other users from PUT/POST/DELETE on you stuff # user_id _must_ be passed in as 'user_id' def only_me(self, function): @wraps(function) def inner(*args, **kwargs): if kwargs['user_id'] != 'me': return '{}', HTTP_401_UNAUTHORIZED return function(*args, **kwargs) return inner
from flask import Flask from flask.ext.bcrypt import Bcrypt app = Flask(__name__) bcrypt = Bcrypt(app) # to generate bcrypt hash. pw_hash = bcrypt.generate_password_hash('idfumg') # to compare with an existing hash. bcrypt.check_password_hash(pw_hash, 'idfumg')
email = request.form['email'] username = request.form['username'] password = request.form['password'] # run validations and if they are successful we can create the password hash with bcrypt pw_hash = bcrypt.generate_password_hash(password) # now we insert the new user into the database insert_query = "INSERT INTO users (email, username, pw_hash, created_at) VALUES (:email, :username, :pw_hash, NOW())" query_data = { 'email': email, 'username': username, 'pw_hash': pw_hash } mysql.query_db(insert_query, query_data) # redirect to success page # check_password_hash password = '******' pw_hash = bcrypt.generate_password_hash(password) test_password_1 = 'thisiswrong' bcrypt.check_password_hash(pw_hash, test_password_1) # this will return false test_password_2 = 'password' bcrypt.check_password_hash(pw_hash, test_password_2) # this will return true # login @app.route('/login', methods=['POST']) def login(): email = request.form['email'] password = request.form['password'] user_query = "SELECT * FROM users WHERE email = :email LIMIT 1" query_data = { 'email': email } user = mysql.query_db(user_query, query_data) # user will be returned in a list if bcrypt.check_password_hash(user[0]['pw_hash'], password): # login user else: # set flash error message and redirect to login page
from flask import Flask from flask.ext.bcrypt import Bcrypt app = Flask(__name__) bcrypt = Bcrypt(app) pw_hash = bcrypt.generate_password_hash('insert awesome password here') print pw_hash print bcrypt.check_password_hash(pw_hash, 'insert awesome password here') # returns True
def verify_password(self, password): bcrypt = Bcrypt() return bcrypt.check_password_hash(self.password, password)
class Auth: GHOST = 0 USER = 1 ADMIN = 2 SUPER_ADMIN = 3 class Anonymous(AnonymousUserMixin): def __init__(self): self._id = None def get_id(self): return unicode('') def __init__(self): self.__login_manager = LoginManager() self.config = {} def init_app(self, app, config): print 'Attaching LoginManager to app.' self.__login_manager.init_app(app) self.__login_manager.anonymous_user = Auth.Anonymous self.config = config def load_user(user_id): if user_id == '': return None Users = Database['Users'] try: return Users.User.find_one({'_id': ObjectId(user_id)}) except: return None def unauthorized(): return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED self.__login_manager.user_loader(load_user) self.__login_manager.unauthorized_handler(unauthorized) self.__bcrypt = Bcrypt(app) def login_manager(self): return self.__login_manager def require(self, user_level): def login_required(f): @wraps(f) def decorated_function(*args, **kwargs): if current_user.is_authenticated( ) and current_user.get_access_level() >= user_level: return f(*args, **kwargs) return self.__login_manager.unauthorized() return decorated_function return login_required def login(self, user_object, password): if user_object is not None: if self.__bcrypt.check_password_hash(user_object['password'], password): if not login_user(user_object): return resource_strings["USER_NOT_ACTIVATED"] else: return 'Invalid password' else: return 'Invalid email' return None def login_social(self, login_type, token): user_object = None try: user_object = SocialSignin.verify(login_type, token) except SocialSignin.Invalid as e: return str(e) login_user(user_object) def logout(self): logout_user() def hash_password(self, password): return self.__bcrypt.generate_password_hash(password) # decorator that protects other users from PUT/POST/DELETE on you stuff # user_id _must_ be passed in as 'user_id' def only_me(self, function): @wraps(function) def inner(*args, **kwargs): if kwargs['user_id'] != 'me': return '{}', HTTP_401_UNAUTHORIZED return function(*args, **kwargs) return inner
from flask import Flask from flask.ext.sqlalchemy import SQLAlchemy from flask.ext.bcrypt import Bcrypt from momentjs import momentjs from rendering_options import options app = Flask(__name__) app.config.from_object('config') app.jinja_env.globals[ 'momentjs'] = momentjs #Allow Jinja templates to use momentjs for key, value in options.iteritems(): app.jinja_env.globals[key] = value # Tell Jinja to strip whitespace app.jinja_env.trim_blocks = True app.jinja_env.lstrip_blocks = True db = SQLAlchemy(app) #Generate an encrypter bcrypt = Bcrypt(app) ''' bcrypt has two essential functions: pw_hash = bcrypt.generate_password_hash('some_string') bcrypt.check_password_hash(pw_hash, 'some_string) returns True ''' from app import views, models
from flask import Flask from flask.ext.sqlalchemy import SQLAlchemy from flask.ext.bcrypt import Bcrypt from momentjs import momentjs from rendering_options import options app = Flask(__name__) app.config.from_object('config') app.jinja_env.globals['momentjs'] = momentjs #Allow Jinja templates to use momentjs for key, value in options.iteritems(): app.jinja_env.globals[key] = value # Tell Jinja to strip whitespace app.jinja_env.trim_blocks = True app.jinja_env.lstrip_blocks = True db = SQLAlchemy(app) #Generate an encrypter bcrypt = Bcrypt(app) ''' bcrypt has two essential functions: pw_hash = bcrypt.generate_password_hash('some_string') bcrypt.check_password_hash(pw_hash, 'some_string) returns True ''' from app import views, models