def login(): if request.method == 'GET': return render_template('login.html') if request.method == 'POST': form_username = request.form.get('username', "") form_password = request.form.get('password', "") if form_username == "" or form_password == "": return "Error! You have to pass username and password! \n" result, success = database.get_user(form_username) if not success: return "Login failed! \n" if result is None: return "Login failed! \n" password = Password(form_password, form_username, result[2]) if not password.validate_password(result[0]): return "Login failed! \n" cookie_dic = {"permissao": result[1], "username": form_username} cookie = json.dumps(cookie_dic) hash_cookie = hashlib.sha256(cookie.encode('utf-8')).hexdigest() cookie_done = '.'.join([cookie, hash_cookie]) cookie_done = base64.b64encode(str(cookie_done).encode("utf-8")) resp = make_response("Logged in!") resp.set_cookie("sessionId", cookie_done) return resp
def newuser(): if request.method == 'POST': username = request.form.get('username') psw1 = request.form.get('password1') psw2 = request.form.get('password2') if username == '' or psw1 == '' or psw2 == '': flash('All fields are required', 'danger') return redirect('/register') # username = username.encode('utf-8') psw1 = psw1.encode('utf-8') psw2 = psw2.encode('utf-8') if psw1 == psw2: psw = Password(psw1) hashed_psw = psw.get_hashed_password() message, success = database.insert_user(username, hashed_psw) if success == 1: flash('New user added!', 'primary') return redirect('/login') else: error('newuser', message, session.get('username')) flash('Internal error!', 'danger') return redirect('/register') flash('Passwords must be the same!', 'danger') return redirect('/register') else: return render_template('register.html')
def post(handler): # pragma: no cover password = handler.request.get('password') if not password: handler.response.write('"password" field missing.') return Password.get_or_insert(CQ_BOT_PASSWORD_KEY, sha1=utils.password_sha1(password)).put() handler.response.write('Bot password successfully updated.')
def post(handler): # pragma: no cover password = handler.request.get('password') if not password: handler.response.write('"password" field missing.') return Password.get_or_insert( CQ_BOT_PASSWORD_KEY, sha1=utils.password_sha1(password) ).put() handler.response.write('Bot password successfully updated.')
def login(): if request.method == 'POST': username = request.form.get('username').encode('utf-8') psw = Password(request.form.get('password').encode('utf-8')) user_password, success = database.get_user_password(username) if not success or user_password == None or not psw.validate_password(str(user_password[0])): flash("Usuario ou senha incorretos", "danger") return render_template('login.html') session['username'] = username return redirect('/home') else: return render_template('login.html')
def register(): if request.method == 'POST': form_username = request.form.get('username') form_password = request.form.get('password') guid = str(uuid.uuid4()) password = Password(form_password, form_username, guid) hashed_password = password.get_hashed_password() message, success = database.insert_user(guid, form_username, hashed_password) # return render_template('login.html') if success: return "Registrado com sucesso" return "Registro falhou!" else: return "register"
def login(): if request.method == 'POST': username = request.form.get('username') psw = Password(request.form.get('password').encode('utf-8')) user_password, success = database.get_user_password(username) if not success or user_password == None or not psw.validate_password( user_password[0]): error('gossip', 'User not found or wrong password', session.get('username')) flash('User not found or wrong password', 'danger') return render_template('login.html') session['username'] = username return redirect('/gossip') else: return render_template('login.html')
def newuser(): if request.method == 'POST': username = request.form.get('username') psw1 = request.form.get('password1') psw2 = request.form.get('password2') if psw1 == psw2: psw = Password(str(psw1)) hashed_psw = psw.get_hashed_password() message, success = database.insert_user(str(username), hashed_psw) if success == 1: flash("Novo usuario adicionado!", "primary") return redirect('/login') else: return redirect('/register') flash("Passwords must be the same!", "danger") return redirect('/register') else: return render_template('register.html')
def register(): if request.method == 'GET': return render_template('register.html') if request.method == 'POST': form_username = request.form.get('username', "") form_password = request.form.get('password', "") form_password2 = request.form.get('password2', "") if form_username == "" or form_password == "": return "Error! You have to pass username and password! \n" elif form_password != form_password2: return "Error! Passwords must be the same! \n" guid = str(uuid.uuid4()) password = Password(form_password, form_username, guid) hashed_password = password.get_hashed_password() message, success = database.insert_user(guid, form_username, hashed_password) if success: return render_template('login.html') return "Error: account creation failed \n"
def login(): if request.method == 'POST': form_username = request.form.get('username') form_password = request.form.get('password') result, success = database.get_user(form_username) if not success: return "Login falhou!" if result == None: return "Login falhou!" password = Password(form_password, form_username, result[2]) if not password.validate_password(result[0]): return "Login falhou!" cookie_dic = {"permissao": result[1], "username": form_username} cookie = json.dumps(cookie_dic) hash_cookie = hashlib.sha256(cookie.encode('utf-8')).hexdigest() cookie_done = '.'.join([cookie, hash_cookie]) cookie_done = base64.b64encode(str(cookie_done).encode("utf-8")) resp = make_response(redirect("/user")) resp.set_cookie("sessionId", cookie_done) return resp
def test_post_multiple_empty(self): self.mock_current_user(is_admin=False) password = '******' Password(id=CQ_BOT_PASSWORD_KEY, sha1=utils.password_sha1(password)).put() old_count = Record.query().count() response = self.test_app.post('/post', params={'password': password}) self.assertEquals('', response.body) self.assertEquals(old_count, Record.query().count()) response = self.test_app.post('/post', params={ 'p': '{}', 'password': password }) self.assertEquals('Empty record entries disallowed', response.body) self.assertEquals(old_count, Record.query().count())
def _is_cq_bot(self): password = self.request.get('password') if not password: return False sha1 = utils.password_sha1(password) return sha1 == Password.get_by_id(CQ_BOT_PASSWORD_KEY).sha1