def admin_index(self): bcrypt = Bcrypt(app) """For GET requests, display the login form. For POSTS, login the current user by processing the form.""" form = LoginForm() next = request.args.get('next') if form.validate(): user = User.query.filter( User.username == form.username.data).first() if user: a = bcrypt.generate_password_hash(form.password.data) if bcrypt.check_password_hash(user.password, form.password.data): user.authenticated = True db.session.add(user) db.session.commit() login_user(user, remember=True, force=True) next = request.args.get('next') print("You have successfully logged in") return redirect(next or url_for('admin.admin_index')) else: print "bad password" else: print "user mismatch" return self.render('admin/index.html', form=form)
def signup_post(): email = request.form.get('email') name = request.form.get('name') password = request.form.get('password') data_nascimento = request.form.get('text') numero = request.form.get('numero') user = User.query.filter_by(email=email).first( ) # if this returns a user, then the email already exists in database if user: # if a user is found, we want to redirect back to signup page so user can try again return redirect(url_for('Usuario_2.index')) # create a new user with the form data. Hash the password so the plaintext version isn't saved. new_user = User(email=email, name=name, data_nascimento=data_nascimento, numero=numero, password=Bcrypt.generate_password_hash(password, method='sha256')) auth_senha = Bcrypt new_user.check_password_hash(new_user.select(password), auth_senha) # add the new user to the database db.session.add(new_user) db.session.commit() return redirect(url_for('auth.base_2'))
def save(self, force_insert=False, validate=True, clean=True, write_concern=None, cascade=None, cascade_kwargs=None, _refs=None, **kwargs): crypt = Bcrypt() hash = crypt.generate_password_hash(self.passHash) self.passHash = hash super(User, self).save()
def create_admin(self): if not self.check_duplicate(): try: conn = Connect(host=HOST, user=USER, password=PASSWORD, database=DATABASE) except ConnectionError as e: print(e) return False cur = conn.cursor() bcrypt = Bcrypt() query = ("INSERT INTO " "`administrator`(name, user_name, password, street, city, state, zipcode, phone, email, join_date)" "VALUES ('{}', '{}', '{}', '{}', '{}', '{}', '{}', '{}', '{}', '{}')" "".format(self.name, self.user_name, bcrypt.generate_password_hash(self.password), self.address['street'], self.address['city'], self.address['state'], self.address['zipcode'], self.phone, self.email, self.join_date)) try: cur.execute(query) except errors.ProgrammingError as e: print(e) return False conn.commit() conn.close() return True return False
def signup(): if request.method == "POST": email = request.form.get("email", "") username = request.form.get("username", "") password = request.form.get("password", "") try: bc = Bcrypt(None) hashed_pw = bc.generate_password_hash(password) # Open a cursor to perform database operations conn = db.get_db() cur = conn.cursor() sql_query = "SELECT * FROM users WHERE email = %s;" sql_data = (email, ) cur.execute(sql_query, sql_data) old_email = cur.fetchone() if old_email: errs.append("Email already exists.") else: sql_query = "INSERT INTO users (email, password, username) VALUES (%s, %s, %s) RETURNING userid;" sql_data = (email, hashed_pw, username) cur.execute(sql_query, sql_data) userid = cur.fetchone()[0] # sql_query = "INSERT INTO email_confirmation (userid, token) VALUES (%s, %s);" # sql_data = (userid, token) # cur.execute( sql_query, sql_data ) conn.commit() cur.close() tools.setCookie(email, username, userid) except db.psycopg2.DatabaseError, e: # if I have a connection print e if conn: conn.rollback() return redirect("/welcome/")
def signup(): if request.method == "POST": email = request.form.get("email", "") username = request.form.get("username", "") password = request.form.get("password", "") try: bc = Bcrypt(None) hashed_pw = bc.generate_password_hash( password ) # Open a cursor to perform database operations conn = db.get_db() cur = conn.cursor() sql_query = "SELECT * FROM users WHERE email = %s;" sql_data = ( email, ) cur.execute( sql_query, sql_data ) old_email = cur.fetchone() if old_email: errs.append("Email already exists.") else: sql_query = "INSERT INTO users (email, password, username) VALUES (%s, %s, %s) RETURNING userid;" sql_data = ( email, hashed_pw, username ) cur.execute( sql_query, sql_data ) userid = cur.fetchone()[0] # sql_query = "INSERT INTO email_confirmation (userid, token) VALUES (%s, %s);" # sql_data = (userid, token) # cur.execute( sql_query, sql_data ) conn.commit() cur.close() tools.setCookie( email, username, userid ) except db.psycopg2.DatabaseError, e: # if I have a connection print e if conn: conn.rollback() return redirect("/welcome/")
def main(): """Main entry point for script.""" with app.app_context(): bcrypt = Bcrypt(app) if User.query.all(): print('A user already exists! Create another? (y/n):'), create = input() if create == 'n': return print('Enter email address: '), email = input() password = getpass() assert password == getpass('Password (again):') user = User(email=email, password=bcrypt.generate_password_hash(password)) db_session.add(user) db_session.commit() print('User added.')
try: app.config.from_pyfile(app.config['CFG_FILE']) except IOError: pass from fileStore import * db = fileStore(app.config['CACHE_ROOT'] + '/db') # load config from the database conf = None try: conf = json.loads(db.get('conf/bradmin')) except IOError: # load default config conf = {'password': bcrypt.generate_password_hash('default')} db.store('conf/bradmin', json.dumps(conf, sort_keys=True, indent=4)) application = app import bradmin.login import bradmin.push #web pages import bradmin.frontpage import bradmin.radio import bradmin.mesh #API import bradmin.br import bradmin.coap
@app.route('/create_user', methods=['POST']) def create_user(): email = request.form['email'] username = request.form['username'] password = request.form['password'] # run validations and if they are successful we can create the password hash with bcrypt pw_hash = bcrypt.generate_password_hash(password) # now we insert the new user into the database insert_query = "INSERT INTO users (email, username, pw_hash, created_at) VALUES (:email, :username, :pw_hash, NOW())" query_data = { 'email': email, 'username': username, 'pw_hash': pw_hash } mysql.query_db(insert_query, query_data) # redirect to success page # check_password_hash password = '******' pw_hash = bcrypt.generate_password_hash(password) test_password_1 = 'thisiswrong' bcrypt.check_password_hash(pw_hash, test_password_1) # this will return false test_password_2 = 'password' bcrypt.check_password_hash(pw_hash, test_password_2) # this will return true # login @app.route('/login', methods=['POST']) def login(): email = request.form['email'] password = request.form['password'] user_query = "SELECT * FROM users WHERE email = :email LIMIT 1" query_data = { 'email': email } user = mysql.query_db(user_query, query_data) # user will be returned in a list if bcrypt.check_password_hash(user[0]['pw_hash'], password): # login user
etiquetadas=etiquetadas, numquerys=numquerys) if __name__ == '__main__': parser = argparse.ArgumentParser(description='consultas') parser.add_argument('--addUser', help='add user to the App', action='store_true') parser.add_argument('--name', help='the user name to add if --addUser') parser.add_argument('--pwd', help='the user name to add if --addUser') args = parser.parse_args() config = ConfigParser.ConfigParser() config.read('consultas.cfg') if args.addUser: consultas = DB(dbName=config.get('DB', 'dbname'), host=config.get('DB', 'host'), user=config.get('DB', 'user'), pwd=config.get('DB', 'pwd')) pw_hash = bcrypt.generate_password_hash(args.pwd) consultas.createUser(args.name, pw_hash) print 'usuario creado o actualizado' else: app.run(host=config.get('APP', 'host'), port=int(config.get('APP', 'port')))
from flask import Flask from flask.ext.bcrypt import Bcrypt app = Flask(__name__) bcrypt = Bcrypt(app) # to generate bcrypt hash. pw_hash = bcrypt.generate_password_hash('idfumg') # to compare with an existing hash. bcrypt.check_password_hash(pw_hash, 'idfumg')
def create_user(self, newuser): EMAIL_REGEX = re.compile( r'^[a-zA-Z0-9\.\+_-]+@[a-zA-Z0-9\._-]+\.[a-zA-Z]+$') any_nonletter_regex = re.compile('[^a-z A-Z]') error = False fname = newuser['fname'] lname = newuser['lname'] email = newuser['email'] password = newuser['password'] password2 = newuser['password2'] print '***** create_user' print fname print lname print email print password print password2 if len(fname) < 1: error = True flash('First name cannot be blank', 'error') if len(lname) < 1: error = True flash('Last name cannot be blank', 'error') if len(email) < 1: error = True flash('Email cannot be blank', 'error') elif not EMAIL_REGEX.match(email): error = True flash('Invalid email address', 'error') #***************************************** # check if email is already registered #***************************************** results = self.db.query_db( "SELECT * FROM users WHERE email = '{}' LIMIT 1".format(email)) if results != []: error = True flash('Email is already registered', 'error') if len(password) < 4: error = True flash('Password must be at least 4 chars', 'error') if len(password2) < 4: error = True flash('Password confirmation must be at least 4 chars', 'error') if password != password2: error = True flash('Password and password confirmation must be the same', 'error') if not error: # encrypt password app = Flask(__name__) app.secret_key = 'KeepItSecretKeepItSafe' bcrypt = Bcrypt(app) pw_hash = bcrypt.generate_password_hash(password) query = "INSERT INTO users (fname, lname, email, pw_hash, created_at, updated_at) VALUES ('{}', '{}', '{}', '{}', NOW(), NOW() )".format( fname, lname, email, pw_hash) print query self.db.query_db(query) # registration was successful, so let's automatically # log in the user session['fname'] = fname session['lname'] = lname session['email'] = email # get user_id (since this is a new user it will be the largest id) query = "select * from users order by id desc limit 1" result = self.db.query_db(query) print '*** get session id' print result[0]['id'] session['id'] = result[0]['id'] # flash('Successful registration', 'success') return True else: return False
from flask import Flask from flask.ext.bcrypt import Bcrypt app = Flask(__name__) bcrypt = Bcrypt(app) pw_hash = bcrypt.generate_password_hash('insert awesome password here') print pw_hash print bcrypt.check_password_hash(pw_hash, 'insert awesome password here') # returns True
from flask import Flask, url_for, render_template, redirect, abort, session, request from pymongo import MongoClient from flask.ext.bcrypt import Bcrypt app = Flask(__name__, static_url_path='/static') mongo = MongoClient() bcrypt = Bcrypt(app) # new database db = mongo.tutorial db.users.insert_one({"name": "Devin"}) # bcrypt pw_hash = bcrypt.generate_password_hash('hunter2') print bcrypt.check_password_hash(pw_hash, 'hunter2') # db ''' db.users.find(json_data) db.users.insert_one(json_data) db.users.remove(json_data) db.users.update(json_data) ''' # getting post
class Auth: GHOST = 0 USER = 1 ADMIN = 2 SUPER_ADMIN = 3 class Anonymous(AnonymousUserMixin): def __init__(self): self._id = None def get_id(self): return unicode('') def __init__(self): self.__login_manager = LoginManager() self.config = {} def init_app(self, app, config): print 'Attaching LoginManager to app.' self.__login_manager.init_app(app) self.__login_manager.anonymous_user = Auth.Anonymous self.config = config def load_user(user_id): if user_id == '': return None Users = Database['Users'] try: return Users.User.find_one({'_id': ObjectId(user_id)}) except: return None def unauthorized(): return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED self.__login_manager.user_loader(load_user) self.__login_manager.unauthorized_handler(unauthorized) self.__bcrypt = Bcrypt(app) def login_manager(self): return self.__login_manager def require(self, user_level): def login_required(f): @wraps(f) def decorated_function(*args, **kwargs): if current_user.is_authenticated() and current_user.get_access_level() >= user_level: return f(*args, **kwargs) return self.__login_manager.unauthorized() return decorated_function return login_required def login(self, user_object, password): if user_object is not None: if self.__bcrypt.check_password_hash(user_object['password'], password): if not login_user(user_object): return resource_strings["USER_NOT_ACTIVATED"] else: return 'Invalid password' else: return 'Invalid email' return None def login_social(self, login_type, token): user_object = None try: user_object = SocialSignin.verify(login_type, token) except SocialSignin.Invalid as e: return str(e) login_user(user_object) def logout(self): logout_user() def hash_password(self, password): return self.__bcrypt.generate_password_hash(password) # decorator that protects other users from PUT/POST/DELETE on you stuff # user_id _must_ be passed in as 'user_id' def only_me(self, function): @wraps(function) def inner(*args, **kwargs): if kwargs['user_id'] != 'me': return '{}', HTTP_401_UNAUTHORIZED return function(*args, **kwargs) return inner
class Auth: GHOST = 0 USER = 1 ADMIN = 2 SUPER_ADMIN = 3 class Anonymous(AnonymousUserMixin): def __init__(self): self._id = None def get_id(self): return unicode('') def __init__(self): self.__login_manager = LoginManager() self.config = {} def init_app(self, app, config): print 'Attaching LoginManager to app.' self.__login_manager.init_app(app) self.__login_manager.anonymous_user = Auth.Anonymous self.config = config def load_user(user_id): if user_id == '': return None Users = Database['Users'] try: return Users.User.find_one({'_id': ObjectId(user_id)}) except: return None def unauthorized(): return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED self.__login_manager.user_loader(load_user) self.__login_manager.unauthorized_handler(unauthorized) self.__bcrypt = Bcrypt(app) def login_manager(self): return self.__login_manager def require(self, user_level): def login_required(f): @wraps(f) def decorated_function(*args, **kwargs): if current_user.is_authenticated( ) and current_user.get_access_level() >= user_level: return f(*args, **kwargs) return self.__login_manager.unauthorized() return decorated_function return login_required def login(self, user_object, password): if user_object is not None: if self.__bcrypt.check_password_hash(user_object['password'], password): if not login_user(user_object): return resource_strings["USER_NOT_ACTIVATED"] else: return 'Invalid password' else: return 'Invalid email' return None def login_social(self, login_type, token): user_object = None try: user_object = SocialSignin.verify(login_type, token) except SocialSignin.Invalid as e: return str(e) login_user(user_object) def logout(self): logout_user() def hash_password(self, password): return self.__bcrypt.generate_password_hash(password) # decorator that protects other users from PUT/POST/DELETE on you stuff # user_id _must_ be passed in as 'user_id' def only_me(self, function): @wraps(function) def inner(*args, **kwargs): if kwargs['user_id'] != 'me': return '{}', HTTP_401_UNAUTHORIZED return function(*args, **kwargs) return inner
def set_password(self, password): bcrypt = Bcrypt() self.password = bcrypt.generate_password_hash(password, 12)
def set_password(self, clear): bcrypt = Bcrypt(current_app) self.password = bcrypt.generate_password_hash(clear.encode('utf-8'))
def set_password(self, password): bcrypt = Bcrypt() self.password = bcrypt.generate_password_hash(password, 12)
def create_user(self, newuser): EMAIL_REGEX = re.compile(r"^[a-zA-Z0-9\.\+_-]+@[a-zA-Z0-9\._-]+\.[a-zA-Z]+$") any_nonletter_regex = re.compile("[^a-z A-Z]") error = False fname = newuser["fname"] lname = newuser["lname"] email = newuser["email"] password = newuser["password"] password2 = newuser["password2"] print "***** create_user" print fname print lname print email print password print password2 if len(fname) < 1: error = True flash("First name cannot be blank", "error") if len(lname) < 1: error = True flash("Last name cannot be blank", "error") if len(email) < 1: error = True flash("Email cannot be blank", "error") elif not EMAIL_REGEX.match(email): error = True flash("Invalid email address", "error") # ***************************************** # check if email is already registered # ***************************************** results = self.db.query_db("SELECT * FROM users WHERE email = '{}' LIMIT 1".format(email)) if results != []: error = True flash("Email is already registered", "error") if len(password) < 4: error = True flash("Password must be at least 4 chars", "error") if len(password2) < 4: error = True flash("Password confirmation must be at least 4 chars", "error") if password != password2: error = True flash("Password and password confirmation must be the same", "error") if not error: # encrypt password app = Flask(__name__) app.secret_key = "KeepItSecretKeepItSafe" bcrypt = Bcrypt(app) pw_hash = bcrypt.generate_password_hash(password) query = "INSERT INTO users (fname, lname, email, pw_hash, created_at, updated_at) VALUES ('{}', '{}', '{}', '{}', NOW(), NOW() )".format( fname, lname, email, pw_hash ) print query self.db.query_db(query) # registration was successful, so let's automatically # log in the user session["fname"] = fname session["lname"] = lname session["email"] = email # get user_id (since this is a new user it will be the largest id) query = "select * from users order by id desc limit 1" result = self.db.query_db(query) print "*** get session id" print result[0]["id"] session["id"] = result[0]["id"] # flash('Successful registration', 'success') return True else: return False
app.config.from_pyfile(app.config['CFG_FILE']) except IOError: pass from fileStore import * db = fileStore(app.config['CACHE_ROOT'] + '/db') # load config from the database conf = None try: conf = json.loads(db.get('conf/bradmin')) except IOError: # load default config conf = { 'password': bcrypt.generate_password_hash('default') } db.store('conf/bradmin', json.dumps(conf, sort_keys=True, indent=4)) application = app import bradmin.login import bradmin.push #web pages import bradmin.frontpage import bradmin.radio import bradmin.mesh #API import bradmin.br
def hash_result(user): bcrypt = Bcrypt(None) password_hash = bcrypt.generate_password_hash(user["password"]) user["password"] = password_hash return user
# make sure admin account is setup from models import User, Role, Permission """ @app.context_processor def inject_permissions(): return dict(Permission=Permission) """ # will throw an error if database or the table doesnt exist yet try: # initialize roles Role.insert_roles() # add admin if not yet added admin_email = ADMINS[0] # this returns result object admin_user = User.query.filter_by(email=admin_email).first() # this returns object values admin_role = db.session.query(Role).filter(Role.permissions==Permission.ADMINISTER).first() if not admin_user: defaultpassword = bcrypt.generate_password_hash('1234') user = User(username='******', email=admin_email, role=admin_role, password = defaultpassword) db.session.add(user) db.session.commit() # follow yourself db.session.add(user.follow(user)) db.session.commit() except: pass
from inspect import stack from flask import Flask, render_template, request, redirect, url_for, flash, make_response from flask.ext.bcrypt import Bcrypt from flask.ext.mail import Mail, Message from mysql.connector import errors from models import Item, Costumer, Business, Invoice, Employee, Admin, Security from tools import prepare_items app = Flask(__name__) b = Bcrypt() SK = 'F*CM)@_!($":.@!#$E++)_-_;A"S;' SK_hash = b.generate_password_hash(SK) app.secret_key = SK sec = Security() app.config["MAIL_SERVER"] = "smtp.gmail.com" app.config["MAIL_PORT"] = 465 app.config["MAIL_USE_SSL"] = True app.config["MAIL_USERNAME"] = '******' app.config["MAIL_PASSWORD"] = '******' mail = Mail() mail.init_app(app) @app.route('/') def home():