def reset(): status = Status() form = Form(request.forms) token = request.query.token s = URLSafeTimedSerializer(secret_key, max_age=3600, salt=salt) try: username = s.loads(token) except: return abort(500, 'bad signature') else: if request.method == 'POST' and form.validate(): new_pbkdf2 = to_bytes(pbkdf2_sha256.encrypt(form.password.data)) try: conn = db.engine.connect() conn.execute(users.update().values( pbkdf2=new_pbkdf2).where(users.c.id == username)) conn.close() except exc.SQLAlchemyError as message: status.danger = message else: status.success = 'Password Changed. Please log in.' return render_template('/status.html', status=status) return render_template('/action/reset.html', status=status, form=form, username=username, token=token)
def edit_account(): #allows users to update their acocunt info such as name, pword, email address user = mongo.db.users.find_one({"_id": session['username']}) if user and pbkdf2_sha256.verify(request.form.get('current-password'), user['password']): #check if password and repeat password match if request.form.get('new-password') == request.form.get('new-validate-password'): # check if user is changing email address if user['email'] == request.form.get('email'): mongo.db.users.update_one({'_id': session['username']}, {"$set": { 'name': request.form.get('name'), 'password': pbkdf2_sha256.encrypt(request.form.get('new-password'))}}, upsert=True) user = mongo.db.users.find_one({"_id": session['username']}) return start_session(user) # if you changing email address check its not already in use elif mongo.db.users.find_one({"email": request.form.get('email')}): return jsonify({"error": "Email address already in use"}), 400 else: mongo.db.users.update_one({'_id': session['username']}, {"$set": { 'name': request.form.get('name'), 'email': request.form.get('email'), 'password': pbkdf2_sha256.encrypt(request.form.get('new-password'))}}, upsert=True) return jsonify({"error": "Passwords must match"}), 400 return jsonify({"error": "Current password - Authentication failed"}), 401
def p(s, e): u, n = '', '' w = s.headers.get x = v(w('Cookie')) if 'a' in x and 'b' in x: n = x['a'].value u = j.get(n, [[]]) u[1] = [s for s in u[1] if s[1] > l()] u = x['b'].value in [s[0] for s in u[1]] and u if e and u: return r( s, c('<`>[:checked~z{A}z{WY}[{A}ul{@:0}</`$label>EWYqcheckbox"/$h2_Z:0"jh2$pHF8px;B!⚙</p$z>Cl!EF0JLogoutI>Cr!PGEQb!New pGEQc!EJReset pGIz$/label$ul>' ) + ''.join( c('<liHA*-top:1px solid black;!CetX"_!EBώXI$p_V100%% - 100px);overflow-wrap:break-word;text-decoration:X!X</p>CedX"_F16px!EBxIli>' ) % (k, 4 + int(e[1]), e[1] and 'line-through', e[0], k) for k, e in u[2].items()) + c('</ul>Cn!EAk;V100%);Z-?:-45px;@-?:45px]l!EAk;B+I>')) o, p = urllib.parse.parse_qs(s.rfile.read(int(w('Content-Length') or '0'))), s.path a, b, i = [o.get(y, [b''])[0].decode(d) for y in [b'a', b'b', b'c']] a, x = a.replace('.', '').replace('/', ''), p[1:2] y = None if p[1:3] == 'uL': if not (a in j and q.verify(b, j[a][0])): e = c('K or p^') elif x == 'u': if a in j: e = c('K X already taken') % (a) else: j[a] = [q.encrypt(b, rounds=k, salt_size=16), [], {}] elif not u: e = ' ' f = c('CuM"Hfloat:left!KEA]a!PGEAQb!EJMI>') if e: return r( s, c('<h2jh2$p>X</p>XX') % (e, f, f.replace('left', c('?')).replace(c('M'), 'Login'))) if x == 'u': t = secrets.token_urlsafe() j[a][1].append((t, l() + 7**8)) y, y['a'], y['b'], u = v(), a, t, j[a] if x == 'l': y, y['a'], y['b'] = v(), '', '' if x == 'r': if q.verify(b, u[0]) < 1: return r(s, c('<p>P^</p>'), 401) u[0:2] = [q.encrypt(i, rounds=k, salt_size=16), []] m = u[2] if x == 'n': m[str(uuid.uuid4())] = [o[b'l'][0].decode(d), False] i = p[3:] if x == 'e': if i not in m: return r(s, '', 404) m[i][1] = m[i][1] < 1 if p[2:3] == 'd': del m[i] f = open((a or n) + '.u', 'w+') f.write(u[0] + '\n') f.write( c('X\nXX\nX') % (len(u[1]), ''.join( '%s,%s\n' % (s[0].replace('\n', '\a'), s[1]) for s in u[1]), len(m.values()), ''.join('%s,%s,%s\n' % (e[1], k, e[0]) for k, e in m.items()))) r(s, '', 301, y)
def reset_password(request): print("reset_password") if request.method == 'GET': try: jwt.decode(request.GET['token'], settings.JWT_SECRET_KEY)['email'] return render(request, 'user/reset_password.html') except Exception as e: return redirect('users:index') elif request.method == 'POST': data = request.POST.dict() token = request.GET['token'] email = jwt.decode(token, settings.JWT_SECRET_KEY)['email'] try: agent = Agent.objects.get(email=email) agent.password = pbkdf2_sha256.encrypt(data['password'], rounds=12000, salt_size=32) agent.save() except Agent.DoesNotExist as e: print(e) try: focal = EmpresaFocal.objects.get(email=email) focal.password = pbkdf2_sha256.encrypt(data['password'], rounds=12000, salt_size=32) focal.save() except EmpresaFocal.DoesNotExist as e: print(e) args = {"message": "Tu contraseña ha sido actualizada"} return render(request, 'user/reset_password.html', args) else: return HttpResponse(status=405)
def post(self, request): form = RegisterForm(request.POST) login_form = LoginForm(request.POST) if request.method == 'POST' and 'register' in request.POST: if form.is_valid(): first = form.cleaned_data['firstname'] last = form.cleaned_data['lastname'] nickname = form.cleaned_data['nickname'] password = form.cleaned_data['password'] password_hashed = pbkdf2_sha256.encrypt(password, rounds=1200, salt_size=10) email = form.cleaned_data['email'] terms = form.cleaned_data['aggrewithterm'] user = User(nickname=nickname, firstname=first, lastname=last, password=password_hashed, email=email) user.save() return HttpResponseRedirect('') if request.method == 'POST' and 'login' in request.POST: if login_form.is_valid(): nickname = login_form.cleaned_data['nickname'] ent_password = login_form.cleaned_data['password'] try: user = User.objects.get(nickname=nickname) except (KeyError, User.DoesNotExist): context = { 'form': form, 'app_name': "my_Link", "login_form": login_form, "err_msg": "The username you entered doesn't belong to an account." } return render(request, self.template_name, context) user_pass = user.password if pbkdf2_sha256.verify(ent_password, user_pass): response = HttpResponseRedirect( reverse('polls:userdetail', args=(user.id, ))) auth = "auth" auth_hased = pbkdf2_sha256.encrypt(auth, rounds=1200, salt_size=10) response.set_cookie("auth", auth_hased) return response else: context = { 'form': form, 'app_name': "my_Link", "login_form": login_form, "err_msg": "Your password was incorrect." } return render(request, self.template_name, context)
def generate_password_and_salt(password): salt = pbkdf2_sha256.encrypt( faker.password(), rounds=20000, salt_size=16) binary_salt = bytes(salt, 'utf-8') password = pbkdf2_sha256.encrypt( password, rounds=20000, salt_size=22, salt=binary_salt) return password, salt
def password(): status = Status() form = Form(request.forms) username = open_session()['u'] if request.method == 'POST' and form.validate(): conn = db.engine.connect() result = conn.execute( select([ users.c.pbkdf2]).where( users.c.id == username)) conn.close() row = result.fetchone() verify = pbkdf2_sha256.verify( form.current_password.data, row['pbkdf2']) if verify: new_pbkdf2 = to_bytes(pbkdf2_sha256.encrypt( form.new_password.data)) conn = db.engine.connect() conn.execute( users.update().values( pbkdf2=new_pbkdf2).where( users.c.id == username)) conn.close() status.success = "Changed password" else: status.warning = "Wrong password for this account" return dict(status=status, form=form)
def create_user(username, password): # check for nd.edu email address = username[-6:-1] + username[len(username) - 1] if address == "nd.edu": # check for existence of username already conn = sqlite3.connect(db_path) with conn: c = conn.cursor() sql = "select * from userInfo where username = "******"'" + username + "'" c.execute(sql) user = c.fetchone() if user: return False, "User already exists" else: # add user to the db pass_hash = pbkdf2_sha256.encrypt(password, rounds=200, salt_size=16) #sql = 'insert into userInfo values("' + username + '", "' + pass_hash + '")' data = [username, pass_hash] c.executemany('INSERT INTO userInfo VALUES(?,?)',(data,)) #c.execute(sql) return True, "User created successfully" else: return False, "Please register with a valid nd.edu email address"
def change_password(username, password): pass_hash = pbkdf2_sha256.encrypt(password, rounds=200, salt_size=16) conn = sqlite3.connect(db_path) with conn: c = conn.cursor() sql = "update userInfo set password = '******' where username = '******'" c.execute(sql)
def user_erase_password(self, new): """ Method that erase password with a new one when we forgot the former one. """ self.password = pbkdf2_sha256.encrypt(new, rounds=200000, salt_size=16) self.save() return True
def hash_passwords(self, data): """Change the content of the users database""" import time #TODO: remove printing passwords into log _log.debug("hash_passwords\n\tdata={}".format(data)) updates_made = False start = time.time() for username in data: user_data = data[username] try: is_pbkdf2 = pbkdf2_sha256.identify(user_data['password']) except Exception as err: _log.error("Failed to identify if password is PBKDF2 or not:" "\n\tusername={}" "\n\tuser_data={}" "\n\terr={}".format(username, user_data, err)) raise #If the password is in clear, let's hash it with a salt and store that instead if ('password' in user_data) and not (is_pbkdf2): try: hash = pbkdf2_sha256.encrypt(user_data['password'], rounds=200000, salt_size=16) except Exception as err: _log.error("Failed to calculate PBKDF2 of password, err={}".format(err)) raise user_data['password']=hash updates_made = True _log.debug("hashed_passwords" "\n\tdata={}" "\n\ttime it took to hash passwords={}".format(data, time.time()-start)) return updates_made
def form_valid(self, form): self.object = form.save(commit=False) self.object.Password = e.encrypt(self.object.Password, rounds=12000, salt_size=32) self.object.save() return super().form_valid(form)
def submitUser(self): """ inserts user info into the database """ returnObj = {"user_id": 0} query = ("INSERT INTO users" "(first_name , last_name , email , username , password ," "paypal_account) VALUES (%(first_name)s, %(last_name)s," "%(email)s,%(username)s, %(password)s, %(paypal_account)s)") # extract only user info from class __dict__ query_params = self.sanitizeParams() # hash password query_params['password'] = pbkdf2_sha256.encrypt( query_params['password'], rounds=200000, salt_size=16) try: uid = self.executeModifyQuery(query, query_params) uid = uid['id'] # add user_id to current instance setattr(self, "user_user_id", uid) obj = {'user_id': uid, 'data': 'redmond', 'meta_name': 'theme'} # insert default theme for user query = ("INSERT INTO users_metadata (user_id, meta_name, data) " " VALUES (%(user_id)s, %(meta_name)s, %(data)s)") self.executeModifyQuery(query, obj) returnObj = self.getUserByID() except self.db2._connector.IntegrityError as err: returnObj['message'] = "Error: {}".format(err) return returnObj
def post(self): """ Post a new user to the database. Make a dictionary to pass to the db_handler.""" try: validate(request.json, user_schema) except Exception as e: error_msg = str(e).split("\n") return {"msg": "error with input data:" + str(error_msg[0])}, 400 user_data = {} data = request.get_json() user_data["username"] = data.get("username") user_data["password"] = pbkdf2_sha256.encrypt(saslprep( data.get("password")), rounds=200000, salt_size=16) user_data["preferred_channel"] = data.get("preferred_channel") user_data["channels"] = data.get("channels") user_data["admin"] = False response = self.db_handler.create_user(user_data) if response == "used": return {'msg': "Username already in use"}, 400 elif response is None: return {"msg": "Error during data handling"} else: return {"msg": "User created", "user_id": response}, 200
def update(self, ID, name, email, password): self.ID = ID self.name = name self.email = email self.password = password user = db.users.find_one({"_id": self.ID}) if not name: name = user["name"] if not email: email = user["email"] if not password: password = user["password"] if password: password = pbkdf2_sha256.encrypt(password) db.users.update_one( {"_id": self.ID}, {"$set": { "name": name, "email": email, "password": password, }})
def post(self): """ Function responsible to create a new user, with all the parameters being requires """ try: id = uuid.uuid4().hex name = request.json['name'] username = request.json['username'] email = request.json['email'] password = request.json['password'] except: return jsonify({'error': 'Incorrect parameters'}), 400 # Chek if all the parameters are in the request if name and username and email and password and request.method == 'POST': # Check for existing email addres and username if collection.find_one({'username': username}): return jsonify({"error": "Username already in use"}), 400 if collection.find_one({'email': email}): return jsonify({"error": "Email already in use"}), 400 password = pbkdf2_sha256.encrypt(password) collection.insert({ '_id': id, 'name': name, 'username': username, 'email': email, 'password': password }) return jsonify({'success': 'user added'}), 200 return jsonify({'error': 'Incorrect parameters'}), 400
def admin_user_detail(user): if not is_admin(session): abort(403) db_session = db.get_session() try: user_obj = db_session.query(db.Users).filter_by(username=user).one() except NoResultFound: abort(404) raise if request.method == "GET": return render_template("admin_user_detail.html", user=user_obj) else: username = request.form['username'] password = request.form['password'] make_admin = False try: make_admin = request.form['admin'] make_admin = make_admin == "on" except KeyError: pass if password != "": # If the password is empty it has not been changed pwhash = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16) user_obj.password = pwhash if username != user: # If the username has been changed user_obj.username = username if make_admin != user_obj.admin: user_obj.admin = make_admin db_session.commit() # TODO add a success message return redirect(url_for('.admin_user_detail', user=username))
async def do_update(self, id, data): """ Update API Key `id`. Specify `reset: true` to reset this API Key. """ reset = data.pop("reset", False) old = await self._get_instance(id) new = old.copy() new.update(data) await self._validate("api_key_update", new, id) key = None if reset: key = self._generate() new["key"] = pbkdf2_sha256.encrypt(key) await self.middleware.call( "datastore.update", self._config.datastore, id, new, ) return self._serve(await self._get_instance(id), key)
def user_create(): if not request.json: abort(400) if not all(k in request.json for k in ("name", "console", "email", "password", "timezone")): abort(400) c = g.db.cursor() print request.json["name"] c.execute("select * from users where name=?", (request.json["name"],)) print c.rowcount if c.rowcount > 0: abort(400) # hash password hashedpwd = pbkdf2_sha256.encrypt(request.json["password"], rounds=100000, salt_size=14) c.execute("insert into users (name, email, console, password, timezone) values (?, ?, ?, ?, ?)", (request.json["name"], request.json["email"], int(request.json["console"]), hashedpwd, request.json["timezone"])) g.db.commit() return "OK"
def register(): if g.user is not None and g.user.is_authenticated: return redirect(url_for('index')) form = RegistrationForm() if form.validate_on_submit(): session['remember_me'] = form.remember.data user = User.query.filter_by(username = form.username.data).first() if user is None and form.accept.data == True: pw_hash = pbkdf2_sha256.encrypt(form.password.data, rounds=200000) user = User( username = form.username.data, email = form.email.data, password = pw_hash, level = 1, banned = False ) db.session.add(user) db.session.commit() return redirect(url_for('login')) #Creation success else: return redirect(url_for('register')) #Duplicate username return render_template( 'register.html', title = 'Register', form = form )
def new_user(): username = request.json.get('username') password = request.json.get('password') email = request.json.get('email') first_name = request.json.get('fname') last_name = request.json.get('lname') if not username or not password or not email: return error(400, 1010,'Some login information was not provided') hash = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16) if db.session.query(db.Users).filter_by(username = username).first() is not None: return error(400, 1020,'This username is not available') # existing user if db.session.query(db.Users).filter_by(email = email).first() is not None: return error(400, 1040,'A user with this email already exists') # existing user user = db.Users(username = username) user.password = hash user.email = email user.first_name = first_name user.last_name = last_name db.session.begin() db.session.add(user) db.session.commit() return jsonify({'redirectUrl':'/',"params":"successful=true"})
def add_users(): """ Seed the users table with fake users """ # add 20 fake users to the database for i in range(7, 28): # securely store password password_hash = pbkdf2_sha256.encrypt( str(i), rounds=200000, salt_size=16) email = str(i) + "@danielleyasso.com" user = model.User( username=str(i), email=email, password=password_hash, preferences={}) model.db.session.add(user) model.db.session.commit() # set average rating (requires user id, so user must be in DB) user.set_average_rating() model.db.session.commit()
def admin_user_create(): if not is_admin(session): abort(403) if request.method == "GET": return render_template("admin_create_user.html") else: try: username = request.form['username'] password = request.form['password'] make_admin = False try: make_admin = request.form['admin'] make_admin = make_admin == "on" except KeyError: pass db_session = db.get_session() pwhash = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16) user_obj = db.Users(username=username, password=pwhash, admin=make_admin) db_session.add(user_obj) db_session.commit() return redirect(url_for('.admin_user_detail', user=username)) except KeyError: abort(400)
def signup(request): """Sign up in the server""" if request.method != "POST": return HttpResponseBadRequest("Error: Send your data via POST.") post = request.POST.dict() # Check data validity. if (set(post.keys()) != {"name", "username", "password"} or not _is_name_valid(post["name"]) or not _is_username_valid(post["username"].lower()) or not _is_password_valid(post["password"]) ): return HttpResponseBadRequest("Error: Your POST data is corrupted.") # Check if user already exists. if User.objects.filter(username=post["username"].lower()): return HttpResponseBadRequest("This user already exists.") # Hash password. password_hash = pbkdf2_sha256.encrypt(post["password"], rounds=100000, salt_size=16) # Register. date = datetime.datetime.now() User.objects.create(name=post['name'], username=post['username'].lower(), password_hash=password_hash, date_registered=date, two_player_wins=0, two_player_losses=0, four_player_wins=0, four_player_losses=0, total_score=0) return HttpResponse("Registration has been completed.")
def signup_user(): """ This function requests information from the signup form, then returns the user to the welcome page via redirect after storing user_id and user_email in session. """ user_email = request.form['email'] user_password = request.form['password'] user_first_name = request.form['first_name'] user_last_name = request.form['last_name'] already_registered = model.session.query(model.User).filter_by(email = user_email).first() if already_registered: flash("Looks like you already have an account. Want to try signing in?") secure_password = pbkdf2_sha256.encrypt(user_password, rounds=200000, salt_size=16) new_user = model.User(email = user_email, password = secure_password, first_name = user_first_name, last_name = user_last_name) model.session.add(new_user) model.session.commit() current_user = model.session.query(model.User).filter_by(email = user_email).first() current_user_profile = model.User_Profile(user_id=current_user.id) model.session.add(current_user_profile) model.session.commit() session['user_id'] = current_user.id session['user_email'] = current_user.email return redirect("/welcome")
def post(self): """ create a new user grab the arguments from the request using a parser """ parser = reqparse.RequestParser() parser.add_argument("firstname") parser.add_argument("lastname") parser.add_argument("email") parser.add_argument("password") args = parser.parse_args() firstname = args["firstname"] lastname = args["lastname"] email = args["email"] password = args["password"] # verify the information being passed through the request if firstname is "" or lastname is "" or email is "" or password is "": return "Bad user data", 400 user = query_db('SELECT email FROM user WHERE email == ?', (email, )) if user is None: # encrypt the password before storing it in the db passhash = pbkdf2_sha256.encrypt(password, rounds=10000, salt_size=16) user_id = query_db('INSERT into user (firstname,lastname,email,password) \ VALUES (?, ?, ?, ?)' , (firstname, lastname, email, passhash), \ commit=True) return user_id, 201 else: return "User already exists", 400
def add_account(self, username, password): if self.already_used(username): return False, 'this username is used' password = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16) self.db.users.insert({'username': username, 'password': password}) return True, 'Successfully Insert'
def post(self, request, reset): try: user = Users.objects.get(reset=reset) if user.reset: message = f"""\ <html> <head></head> <body style="text-align:left;"> <header><img src="https://i.imgur.com/gIpGJRb.png" height="200px" width="200px"></header><br><br> <div style="text-align:left; font-size:20px;"> Hi {user.name},<br><br> Greetings from Bingo Creator!<br><br> This email has been sent because you just changed your password<br><br> If it wasn't done by you,<br> contact us immediately at [email protected]<br><br> </div> <p style="font-size:20px;"> Thank you,<br> Bingo Creator </p><br><br> If you face any problems, feel free to send your queries at [email protected] </body> </html> """ send_email(user, message) user.password = pbkdf2_sha256.encrypt(request.POST['password'], rounds=12000, salt_size=32) user.reset = secrets.token_hex(4) user.save() return redirect('login') except: return redirect('login')
def register_create(request, template_name='login/register_form.html'): form = RegisterForm(request.POST or None) if request.method == 'POST': user_id =request.POST['user_id'] password = request.POST['password'] confirm_password = request.POST['confirm_password'] email = request.POST['email'] is_active = request.POST['is_active'] if password == confirm_password: enc_password = pbkdf2_sha256.encrypt('password',rounds=29000,salt_size=32) User.objects.create( user_id = user_id, password = enc_password, confirm_password = enc_password, email = email, is_active = is_active ) # form.save() return redirect('register_list') else: # messages.error(request,'Password and Confirm Password is not match') return render(request, template_name, { 'form': form, 'error_message':'Password and Confirm Password is not matchsss', }) return render(request, template_name, {'form': form})
def tryregister(request): login_name = request.POST['login_name'] login_password = request.POST['login_password'] try: user_data = User.objects.get(username=login_name) except (KeyError, User.DoesNotExist): if len(login_name) > 0 and len(login_password) > 0: enc_password = pbkdf2_sha256.encrypt(login_password, rounds=12000, salt_size=32) new_entry = User(username=login_name, password=enc_password) new_entry.save() return HttpResponseRedirect(reverse('login:login')) else: return render( request, 'login.html', { 'error_message': "Please give in a username and password", 'hasAccount': 0, 'login_name': login_name, 'login_password': login_password }) else: return render( request, 'login.html', { 'error_message': "That username already exists", 'hasAccount': 0, 'login_name': login_name, 'login_password': login_password })
def conf_sign_in(): """Conf sign-in""" fname = request.form.get('fname') lname = request.form.get('lname') email = request.form.get('email') password = request.form.get('password') hashing = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16) age = request.form.get('age') zipcode = request.form.get('zipcode') q1 = User.query.filter_by(email=email).first() if q1 == None: if age: u1 = User(first_name=fname, last_name=lname, email=email, password=hashing, age=int(age), zipcode=int(zipcode)) else: u1 = User(first_name=fname, last_name=lname, email=email, password=password, zipcode=int(zipcode)) db.session.add(u1) db.session.commit() return render_template('conf_sign_in.html', email=email, passw=password) else: flash("It is already taken, please choose something else") return redirect('/sign_in')
def createUser(self, user): password = user.get('password') try: user['password'] = pbkdf2_sha256.hash(password) except AttributeError: user['password'] = pbkdf2_sha256.encrypt(password) recovery = user.get('recovery') if recovery: try: user['recovery'] = pbkdf2_sha256.hash(recovery) except AttributeError: user['recovery'] = pbkdf2_sha256.encrypt(recovery) return self.dbInsertObject('user', user, ['username', 'password', 'email'])
def register(request): ########## REGISTER ######## if request.POST: username = request.POST.get('user') password = request.POST.get('password') Repassword = request.POST.get('passwordRepeat') email = request.POST.get('email') if (password == Repassword): if (Usuario.objects.filter(nombre=username)): messages.info(request, 'El usuario ya existe') return HttpResponseRedirect("/register") if (Usuario.objects.filter(email=email)): messages.info(request, 'El email ya existe') return HttpResponseRedirect("/register") enc_password = pbkdf2_sha256.encrypt(password, rounds=12000, salt_size=32) user = Usuario(nombre=username, contraseña=enc_password, email=email) user.save() return HttpResponseRedirect("/") else: messages.info(request, 'Las contraseñas no coinciden') return HttpResponseRedirect("/register") return render(request, 'social/register.html')
def _create_admin(self): admin_data = { "username": "******", "password": pbkdf2_sha256.encrypt(saslprep("admin")), "admin": True, "preferred_channel": "email", "channels": { "email": { "address": "*****@*****.**" }, "facebook": { "user_id": "user" }, "telegram": { "user_id": "user" }, "irc": { "nickname": "user", "network": "user" }, "slack": { "channel": "user", "username": "******" } } } cursor = self.user_collection.find({'username': '******'}) if cursor.count() == 0: self.user_collection.insert_one(admin_data) return else: return
def on_post(self,req,resp): """ Handle POST requests. """ username = req.media.get('username') password = req.media.get('password') # Check if parameters not empty if None in (username, password): raise falcon.HTTPBadRequest('Bad Request', 'Invalid Parameters') # Hash user password hashed = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16) # Now create main user for account user = User(username=username, password=hashed) self.db_conn.add(user) # Attempt database changes commit try: # Create User self.db_conn.commit() except SQLAlchemyError as e: # Rollback Changes self.db_conn.rollback() # Send error logger.error(f'Database Error: (Code: {e.orig.args[0]} Message: {e.orig.args[1]})') raise falcon.HTTPInternalServerError('Internal Server Error', 'An error ocurred while communicating with the database.') resp.media = {'success': 'user_created'} resp.status = falcon.HTTP_201
def register(request): if request.method == "POST": enroll = request.POST.get('enroll') email = request.POST.get('email') password = request.POST.get('pass') cpassword = request.POST.get('cpass') user_enroll = UserRegister.objects.filter(enroll=enroll) user_email = UserRegister.objects.filter(email=email) if user_enroll and not user_email: messages.info(request, "Enrollment is already exist!") return redirect('register') if user_email and not user_enroll: messages.info(request, "Email is already exist!") return redirect('register') if user_enroll and user_email: messages.info(request, "Enrollment & Email is already exist!") return redirect('register') if password != cpassword: messages.info(request, "Please Enter the same password") return redirect('register') if password == cpassword: enc_password = pbkdf2_sha256.encrypt(password, rounds=12000, salt_size=32) user = UserRegister(enroll=enroll, email=email, password=enc_password) user.save() request.session['enroll'] = enroll return redirect('profile') return render(request, 'register.html')
def register(): if request.method == 'GET': return render_template("register.html") elif request.method == 'POST': #add testcase if data is not stored in the database then we have to render the registerpage with error #Get all the parameter from the request #Check password and repassword before storing the data # Encrypt the password before stroing username = request.form.get("username") userpassword = request.form.get("password") repassword = request.form.get("repassword") mobile = request.form.get("mobile") if userpassword == repassword: userpassword = pbkdf2_sha256.encrypt(userpassword, rounds=20000, salt_size=20) db.execute( "INSERT into users(user_name,user_password,mobile) values (:username, :userpassword, :mobile)", { "username": username, "userpassword": userpassword, "mobile": mobile }) db.commit() # Add validation if the password and repassword doesn't match return render_template("register.html")
def startRecovery(self): key = str(uuid.uuid4().hex.upper()[:32]) try: self.recovery = pbkdf2_sha256.hash(key) except AttributeError: self.recovery = pbkdf2_sha256.encrypt(key) return key
def _form_view_one(request, template_name='index.html', form_class=ContactForm): if request.method == 'POST': form = form_class(request.POST) if form.is_valid(): # Open database connection db = pymysql.connect("localhost", "root", "", "djangoproject") # prepare a cursor object using cursor() method cursor = db.cursor() # catch form field data username = request.POST.get('username') password = request.POST.get('password1') hashpassword = pbkdf2_sha256.encrypt(password, rounds=200000, salt_size=16) # Prepare SQL query to INSERT a record into the database. sql = "insert into users VALUES('', '%s', '%s')" % \ (username, hashpassword) try: # Execute the SQL command cursor.execute(sql) # Commit your changes in the database db.commit() except: # Rollback in case there is any error db.rollback() # disconnect from server db.close() pass # does nothing, just trigger the validation else: form = form_class() return render(request, template_name, {'form': form})
def verify_password(password, db_password, salt): binary_salt = bytes(salt, 'utf-8') password = pbkdf2_sha256.encrypt( password, rounds=20000, salt_size=16, salt=binary_salt) return password == db_password
def EncryptPassword(password): userPassword = password userPassword = pbkdf2_sha256.encrypt(userPassword, rounds=12000, salt_size=32) password = userPassword return password
def submitEmailPassword(): for k in request.forms.keys(): print k, request.forms[k] username = request.forms.get('email') password = request.forms.get('password') password_hashed = base64.urlsafe_b64encode(pbkdf2_sha256.encrypt(password, rounds=NOF_HASH_ROUNDS, salt_size=16)) username_encrypted = base64.urlsafe_b64encode(encrypt(ENCRYPTION_PASSWORD, username)) usersTable = db.table('users') existingUser = usersTable.search(where('key') == username_encrypted) if existingUser: if pbkdf2_sha256.verify(existingUser['values']['password'],password_hashed): pass else: print "wrong login" else: usersTable.insert({'key':username_encrypted, 'values':{'password':password_hashed}}) videosTable = db.table('videos') existing_cookie = request.get_cookie('sebifyme',secret=GLOBAL_COOKIE_SECRET) uid = existing_cookie['uid'] elements = videosTable.search((where('values').has('uploaded_by_uid') == uid) & (where('values').has('uploaded_by_user') == None)) for el in elements: currentValues = el['values'] currentValues['uploaded_by_user'] = username_encrypted videosTable.update({'values':currentValues}, eids=[el.eid]) website_content = template('video',video_name='joke.mp4') return website_content
def login(request): if request.POST.get('usr') and request.POST.get('pswrd'): PstUsrnme = request.POST.get('usr').lower().replace(" ", "") ChckUsr = Users.objects.filter(usrnme=PstUsrnme) if ChckUsr: pss = Users.objects.get(usrnme=PstUsrnme).psswrd if pbkdf2_sha256.verify(request.POST.get('pswrd'), pss): request.session['usrnme'] = PstUsrnme return redirect('/userKey') else: return HttpResponse( "<script>alert('Wrong username or password');window.location.href = '/';</script>" ) else: post = Users() post.usrnme = request.POST.get('usr') post.psswrd = pbkdf2_sha256.encrypt(request.POST.get('pswrd'), rounds=12000, salt_size=32) post.save() request.session['usrnme'] = PstUsrnme return HttpResponse( "<script>alert('User created');window.location.href = '/userKey';</script>" ) else: return redirect("/")
def changed(request): if request.session.get('usn') != None: if request.method == 'POST': uid = User.objects.get(usn=request.session['usn']) if not pbkdf2_sha256.verify(request.POST.get('password0'), uid.password): return render( request, "nie_hub/changed.html", {"msg": "The Current Password you entered is wrong"}) else: if request.POST.get('password1') == request.POST.get( 'password2'): uid.password = pbkdf2_sha256.encrypt( request.POST.get('password1'), rounds=12000, salt_size=32) uid.save() return render(request, "nie_hub/changed.html", {"msg": "Password changed successfully!"}) else: return render( request, "nie_hub/changed.html", {"msg": "The Passwords you entered don't match!"}) else: return HttpResponse("<h2>You are not logged in<h2>")
def new_register(): insert_user(request.form['username'], pbkdf2_sha256.encrypt(request.form['password']), request.form['email']) user_data = get_login_user(request.form['username']) do_login(user_data[0]['user_passwd'], user_data[0]['user_id'], request.form['username'], request.form['password'])
def main(): parser = argparse.ArgumentParser() parser.add_argument( "-c", "--config", default="config.json", metavar="FILE", dest="config_path", help="Path to the config.json to be used") parser.add_argument( "-d", "--default", default="config_default.json", dest="config_default_path", help="Path to the config_default.json to be used") parser.add_argument( "--only-mail", dest="only_mail", action="store_true", help="Run the mail collecting server, but not the web server") parser.add_argument( "--only-web", dest="only_web", action="store_true", help="Run the web server, but not the mail collecting server") parser.add_argument( "-p", "--make-passhash", dest="make_passhash", action="store_true", help="Create a password hash to include in the configuration") args = parser.parse_args() config = Config.read(args.config_default_path, args.config_path) config.module_path = os.path.dirname(os.path.dirname(__file__)) helper.setup_logging(config) logging.debug('Starting with command line %r' % sys.argv) if args.make_passhash: pw = getpass.getpass() if len(pw) < 10: raise ValueError('Password too short') pw2 = getpass.getpass('Repeat password: '******'Passwords are not equal!') from passlib.hash import pbkdf2_sha256 print(pbkdf2_sha256.encrypt(pw)) return 0 if args.only_mail: mail_handler.mail_main(config) assert False, 'mail_main should never terminate' if args.only_web: korrekturserver.web_main(config) assert False, 'webserver should never terminate' mail_thread = threading.Thread( target=mail_handler.mail_main, args=(config,)) mail_thread.daemon = True mail_thread.start() web_thread = threading.Thread( target=korrekturserver.web_main, args=(config,)) web_thread.daemon = True web_thread.start() mail_thread.join() assert False, 'mail server should never terminate'
def handle(self, packet_msg): username = packet_msg.get('username') password = packet_msg.get('password') password2 = packet_msg.get('password2') email = packet_msg.get('email', '') nickname = packet_msg.get('nickname') if not username or not password or not nickname or not password2: self.send_error('Fill all fields', 400) return if len(username) < 5 or len(username) > 32: self.send_error('Username should be between 5 and 32 characters long', 400) return if len(nickname) < 5 or len(nickname) > 32: self.send_error('Nickname should be between 5 and 32 characters long', 400) return if email and (len(email) < 3 or len(email) > 128): self.send_error('Email should be between 3 and 128 characters long', 400) return if len(password) < 8: self.send_error('Password should be at least 8 characters long', 400) return if password != password2: self.send_error('Passwords don\'t match!', 400) return # Make sure the nickname is not yet reserved s = db_session() try: s.query(User).filter_by(nickname=nickname).one() self.send_error('Nickname is already reserved', 405) s.close() return except NoResultFound: pass # Make sure the username is not yet reserved try: s.query(User).filter_by(username=username).one() self.send_error('Username is already reserved', 405) s.close() return except NoResultFound: pass pw_hash = pbkdf2_sha256.encrypt(password) user = User(username=username, password=pw_hash, email=email, nickname=nickname, level=USERLEVELS['user']) s.add(user) s.commit() s.close() # Send simple notification log.info(u"Registered new user %s.", username) self.send_message({})
def __init__(self, user, passwd, email): self.username = user self.email = email self.password = pbkdf2_sha256.encrypt(passwd, rounds=200000, salt_size=16) self.created = datetime.now() self.admin = False self.rating_mu = 25.000 self.rating_sigma = 8.333
def create_pass_thread(uuid, pw): pw = crypt.encrypt(pw, rounds=200000, salt_size=16) conn = zxJDBC.connect(mysql_database, mysql_user, mysql_pass, "com.mysql.jdbc.Driver") curs = conn.cursor() curs.execute("INSERT INTO secret VALUES (?,?)", (uuid,pw,)) conn.commit() curs.close() conn.close()
def addUser(cur, user): # TODO all user stuff u=user.getDict(); pwd=pbkdf2_sha256.encrypt(u["password"], rounds=rounds, salt_size=saltLength) try: groupID=cur.execute("""INSERT INTO Users VALUES(DEFAULT, %s, first_name, last_name, password);""" , (u['userID'], u['notes'], j['team'])) return True except: return False
def createUser(info, group = None, code = None): userExist = db.users.find_one({'email' : info['email']}) if userExist: return False #user previously exists if not code: #new group must be created vaultID = vault.createClinic(group) if not vaultID: return False newClinic = db.clinics.insert_one({ 'name' : group, 'vault' : vaultID}) if not newClinic: return False code = str(newClinic.inserted_id) #you created it info['owner'] = True info['approved'] = True else: #verify that desired clinic exists if not ObjectId.is_valid(code): return false oldClinic = db.clinics.find_one({ '_id' : ObjectId(code)}) if not oldClinic: return False #joining something info['owner'] = False info['approved'] = False info['confirmed'] = False info['clinic'] = ObjectId(code) hash = pbkdf2_sha256.encrypt(info['password'], rounds = 100000, salt_size = 10) info['password'] = hash #store password in an encrypted, salted form user = db.users.insert_one(info) if not user: return False userMsg = Message('Your ' + title + ' Account', #app title sender = ('Example Administrator', '*****@*****.**'), recipients = [(info['first'] + ' ' + info['last'], info['email'])]) userMsg.body = template('newUser.txt', user = info, ID = user.inserted_id) userMsg.html = template('newUser.html', user = info, ID = user.inserted_id) mail.send(userMsg) if not info['owner']: owner = db.users.find_one({'clinic' : ObjectId(code)}) appMsg = Message('Signup Notification', #approval queue sender = ('Example Administrator', '*****@*****.**'), recipients = [(owner['first'] + ' ' + owner['last'], owner['email'])]) appMsg.body = template('approveUser.txt', owner = owner, user = info) appMsg.html = template('approveUser.html', owner = owner, user = info) mail.send(appMsg) #email validation? return True
def generate_hash(password): """ Static function that generate a hashed password @param string password: password to be hashed @return string: hashed password """ return pbkdf2_sha256.encrypt(password, rounds=100, salt_size=16)
def create_user(username, password): pass_hash = pbkdf2_sha256.encrypt(password, rounds=200, salt_size=16) conn = sqlite3.connect(db_path) with conn: c = conn.cursor() sql = 'insert into passwords values("' + username + '", "' + pass_hash + '")' c.execute(sql)
def create_user(user_info): filename = "./databases/users/" + str(user_info["username"]).encode('ascii', 'ignore') + ".json" user_info["user_level"] = int(user_info["user_level"]) if os.path.isfile(filename): return False else: open(filename, "w+").write("{}") user_info["password"] = pbkdf2_sha256.encrypt(user_info["password"]) json.dump(user_info, open(filename, "w")) return True
def user_set_password(self, old, new): """ This method must be used to set the password of a user Return True if the password have be changed, False otherwise """ if (old == None and user.password == None) or pbkdf2_sha256.verify(old, user.password): self.password = pbkdf2_sha256.encrypt(new, rounds=200000, salt_size=16) self.save() return True return False
def hash_password(password): """ Hashes a string according to Meerkat's password hashing policy. Args: password (str) The unhashed password Returns: str The hashed password """ return pbkdf2_sha256.encrypt(password)
def change_pass(): current_pass = request.args.get('current_pass') new_pass = request.args.get('new_pass') if pbkdf2_sha256.verify(current_pass, current_user.password): if new_pass: new_pass = pbkdf2_sha256.encrypt(new_pass, rounds=8000, salt_size=10) db.changePassword(current_user.id , new_pass) return jsonify({"status": "password_changed"}) return jsonfiy({"status": "no_password"}) else: return jsonify({"status": "wrong_user_pass"})
def create_admin(_username, _password): database_init(settings.DATABASE_CONFIG) pw_hash = pbkdf2_sha256.encrypt(_password) s = session_get() user = User(username=_username, password=pw_hash, level=USERLEVELS['admin']) s.add(user) try: s.commit() print("User '{}' created.".format(_username)) except IntegrityError: print("User {} already exists.".format(_username))
def setup_class(self): # Creates a new database for the unit test to use self.app = Flask(__name__) db.init_db() self.test_email = "*****@*****.**" self.test_psw = "test_pass" self.test_hashed_psw = pbkdf2_sha256.encrypt(self.test_psw, rounds=200000, salt_size=16) with self.app.app_context(): self.populate_db() # add test data.