def hash_password(password):
"""
Hashes a password using pbkdf2_sha512
:param password: The sha512 password from the login/register form
:return: A sha512->pbkdf2_sha512 encrypted password
"""
return pbkdf2_sha512.encrypt(password)
def hash_password(password):
"""
Hashes a password pbkdf2_sha512
:param password: The sha512 password from the Login/register form
:return: a sha512->pbkdf2_sha512 encrypted password (This is a double-encryption)
"""
return pbkdf2_sha512.encrypt(password)
def create(self, username = ""):
# self.openDB()
while True:
if username == "":
username = raw_input('Please enter new User Name. (0) to quit. > ')
elif username == "0":
print "Quitting..."
break
elif not self.checkname(username):
while True:
pass1 = raw_input('Please enter new password for %s. >' % (username))
pass2 = raw_input('Please re-enter new password for %s. >' % (username))
if pass1 == pass2:
pwdhash = pbkdf2_sha512.encrypt(pass1)
user_pass = username +" " + pwdhash + "\n"
self.userdb_append= open('userdb.udb', 'a')
self.userdb_append.write(user_pass)
self.userdb_append.close()
self.login = username
print "User created! %s now logged in." % (username)
break
elif pass1 != pass2:
print "Passwords did not match."
break
elif self.checkname(username):
print "User already exists."
username = ""
def signUp():
try:
_name = request.form['inputName']
_email = request.form['inputEmail']
_password = request.form['inputPassword']
# validate the received values
if _name and _email and _password:
# All Good, let's call MySQL
print("Fields Detected")
conn = mysql.connect()
print("DB Connected")
cursor = conn.cursor()
_hashed_password = pbkdf2_sha512.encrypt(_password)
query = ("insert into tbl_user(user_name, user_username, user_password)" \
"values ( %s , %s, %s)")
data = (_name, _email, _hashed_password)
cursor.execute(query, data)
data = cursor.fetchall()
if len(data) is 0:
conn.commit()
print("Success")
return json.dumps({'message':'User created successfully !'})
else:
print("Weird Failure")
return json.dumps({'error':str(data[0])})
else:
return json.dumps({'html':'<span>Enter the required fields</span>'})
except Exception as e:
return json.dumps({'error':str(e)})
def test_upgrade_from_pbkdf2_with_less_rounds(self):
'''set up a pbkdf key with less than the default rounds
If the number of default_rounds is increased in a later version of
passlib, ckan should upgrade the password hashes for people without
involvement from users'''
user = factories.User()
password = u'testpassword'
user_obj = model.User.by_name(user['name'])
# setup hash with salt/rounds less than the default
old_hash = pbkdf2_sha512.encrypt(password, salt_size=2, rounds=10)
user_obj._password = old_hash
user_obj.save()
nt.assert_true(user_obj.validate_password(password.encode('utf-8')))
# check that the hash has been updated
nt.assert_not_equals(old_hash, user_obj.password)
new_hash = pbkdf2_sha512.from_string(user_obj.password)
nt.assert_true(pbkdf2_sha512.default_rounds > 10)
nt.assert_equals(pbkdf2_sha512.default_rounds, new_hash.rounds)
nt.assert_true(pbkdf2_sha512.default_salt_size, 2)
nt.assert_equals(pbkdf2_sha512.default_salt_size,
len(new_hash.salt))
nt.assert_true(pbkdf2_sha512.verify(password, user_obj.password))
def reset_password(self, password=None): # generate a random password if not password: password = self.generate_password(length=25) self['pwhash'] = pbkdf2_sha512.encrypt(password) return password
def modify_user(self, userid, name, fullname, email, admin,
password=None):
# pylint: disable=too-many-arguments
with session_scope(self.session) as s:
try:
u = s.query(User).filter(User.id == userid).one()
except NoResultFound:
raise ElbeDBError("no user with id %i" % userid)
# If a user name change is requested, check for uniqueness
if name != u.name:
if s.query(User).filter(User.name == name).count() > 0:
raise ElbeDBError(
"user %s already exists in the database" % name)
u.name = name
u.fullname = fullname
u.email = email
u.admin = admin
# Update password only if given
if password is not None:
# encrypt is deprecated but hash is not available in jessie
try:
u.pwhash = pbkdf2_sha512.hash(password)
except AttributeError:
u.pwhash = pbkdf2_sha512.encrypt(password)
def hash(cleartext):
"""
Hash using PBKDF2 scheme over SHA-512
:param cleartext:
:return: hash string
"""
return pb.encrypt(cleartext,rounds=10001)
def reset_password_for_user(self, username, password=None):
# generate a random password
if not password:
password = self.generate_password(length=25)
pwhash = pbkdf2_sha512.encrypt(password)
self.users.update({"username":username}, {'$set':{'pwhash': pwhash}})
return self.get_user(username=username)
def createHash(self, password):
assert type(password) is str, "password is not a string"
pbkdf2 = pbkdf2_sha512.encrypt(password,
rounds = self.PBKDF2_ITERATIONS,
salt_size = self.SALT_BYTE_SIZE)
return pbkdf2
def set_password(self, raw_password):
"""
Kullanıcı şifresini encrypt ederek set eder.
Args:
raw_password (str)
"""
self.password = pbkdf2_sha512.encrypt(raw_password, rounds=10000,
salt_size=10)
def create_usr(self, username = "", password = ""): if username == "" or password == "": print "Username or password blank" else: pwdhash = pbkdf2_sha512.encrypt(password) insert_cmd = "INSERT INTO users (username, password) VALUES (\'%s\', \'%s\')" % ( username, pwdhash) try; self.exec_DB(insert_cmd)
def check(self, password: str) -> bool:
"""
Checks the given password with the one stored
in the database
"""
return (
pbkdf2_sha512.verify(password, self.password) or
pbkdf2_sha512.verify(password,
pbkdf2_sha512.encrypt(self.api_key))
)
def add_user (self, name, fullname, password, email, admin):
u = User( name = name,
fullname = fullname,
pwhash = pbkdf2_sha512.encrypt( password ),
email = email,
admin = admin )
with session_scope(self.session) as s:
if s.query(User).filter(User.name == name).count() > 0:
raise ElbeDBError( "user %s already exists in the database" %
name )
s.add( u )
def reset_pw(username):
"""Reset a password"""
password_new = ''.join(random.SystemRandom().
choice(string.ascii_uppercase + string.digits)
for _ in range(6))
cursor, conn = db_sql.connect('users.db')
sql = ("UPDATE users SET password = ? WHERE username = ?")
cursor.execute(sql, (pbkdf2_sha512.encrypt(password_new), username, ))
conn.commit()
conn.close()
return password_new
def change_pw(username, password_old, password_new):
"""Change the user password"""
user = user_by_name(username)
if pbkdf2_sha512.verify(password_old, user['password']):
cursor, conn = db_sql.connect('users.db')
sql = ("UPDATE users SET password = ? WHERE username = ?")
cursor.execute(sql, (pbkdf2_sha512.encrypt(password_new), username, ))
conn.commit()
conn.close()
return "0"
else:
return _("Wrong password")
def register(self, username, password, acls=[]):
if username is None or password is None or username == "" or\
password == "":
return False
record = self._coll.find_one({"username": username})
if record is not None:
return False
password_hash = pbkdf2_sha512.encrypt(password, rounds=128000)
self._coll.insert({"username": username, "password": password_hash, "acl": acls})
return True
def create_test_users(self):
s = self.db()
self.test_users = []
for m in range(0, 3):
user = User()
user.username = u'test_user{}'.format(m)
user.nickname = u'Nickname {}'.format(m)
user.password = pbkdf2_sha512.encrypt(u'password_{}'.format(m))
user.level = m
s.add(user)
self.test_users.append(user)
s.commit()
def newDB(self):
self.userDB_clear= open('userdb.udb', 'w')
while True:
pass1 = raw_input('Please enter new Admin password. >')
pass2 = raw_input('Please re-enter new Admin password. >')
if pass1 == pass2:
pwdhash = pbkdf2_sha512.encrypt(pass1)
user_pass = "******" + pwdhash + "\n"
self.userDB_clear.write(user_pass)
self.userDB_clear.close()
break
else: print "Passwords did not match."
def changepwd():
old_pwd, new_pwd, conf_pwd = map(request.form.get, ["old_pwd", "new_pwd", "conf_pwd"])
user = json.load(open("./data/User/" + User.cu() + ".json"))
if pbkdf2_sha512.verify(old_pwd, user["password_digest"]):
if new_pwd == conf_pwd:
user["password_digest"] = pbkdf2_sha512.encrypt(new_pwd)
with open("./data/User/" + User.cu() + ".json","w") as outFile:
json.dump(user, outFile, indent=4)
return "Success"
else:
return "not_match"
else:
return "not_auth"
def test_upgrade_from_pbkdf2_fails_with_wrong_password(self):
user = factories.User()
password = u"testpassword"
user_obj = model.User.by_name(user["name"])
# setup hash with salt/rounds less than the default
old_hash = pbkdf2_sha512.encrypt(password, salt_size=2, rounds=10)
user_obj._password = old_hash
user_obj.save()
assert not user_obj.validate_password("wrong_pass")
# check that the hash has _not_ been updated
assert old_hash == user_obj.password
def test_upgrade_from_pbkdf2_fails_with_wrong_password(self):
user = factories.User()
password = u'testpassword'
user_obj = model.User.by_name(user['name'])
# setup hash with salt/rounds less than the default
old_hash = pbkdf2_sha512.encrypt(password, salt_size=2, rounds=10)
user_obj._password = old_hash
user_obj.save()
nt.assert_false(user_obj.validate_password('wrong_pass'))
# check that the hash has _not_ been updated
nt.assert_equals(old_hash, user_obj.password)
def test_upgrade_from_pbkdf2_fails_with_wrong_password(self):
user = factories.User()
password = u'testpassword'
user_obj = model.User.by_name(user['name'])
# setup hash with salt/rounds less than the default
old_hash = pbkdf2_sha512.encrypt(password, salt_size=2, rounds=10)
user_obj._password = old_hash
user_obj.save()
nt.assert_false(user_obj.validate_password('wrong_pass'))
# check that the hash has _not_ been updated
nt.assert_equals(old_hash, user_obj.password)
def _set_password(self, password):
'''Hash using pbkdf2
Use passlib to hash the password using pkbdf2, upgrading
passlib will also upgrade the number of rounds and salt of the
hash as the user logs in automatically. Changing hashing
algorithm will require this code to be changed (perhaps using
passlib's CryptContext)
'''
hashed_password = pbkdf2_sha512.encrypt(password)
if not isinstance(hashed_password, text_type):
hashed_password = six.ensure_text(hashed_password)
self._password = hashed_password
def _set_password(self, password):
'''Hash using pbkdf2
Use passlib to hash the password using pkbdf2, upgrading
passlib will also upgrade the number of rounds and salt of the
hash as the user logs in automatically. Changing hashing
algorithm will require this code to be changed (perhaps using
passlib's CryptContext)
'''
hashed_password = pbkdf2_sha512.encrypt(password)
if not isinstance(hashed_password, text_type):
hashed_password = hashed_password.decode('utf-8')
self._password = hashed_password
def user_add(session, user, password, superuser=False, permission=None):
pass_hash = pbkdf2_sha512.encrypt(password)
if superuser:
superuser = 1
else:
superuser = 0
user = db.models.User(login=user,
password=pass_hash,
is_superuser=superuser,
permission=permission)
session.add(user)
session.commit()
def create(self, user):
request_id = request.environ.get("REQUEST_ID", None)
self.log.info("{0} creating new session for user {1}".format(request_id, user))
session = {}
_id = uuid.uuid4()
token = self._create_token()
session["_id"] = Binary(_id.bytes, STANDARD)
session["token"] = pbkdf2_sha512.encrypt(str(token), rounds=1000, salt_size=32)
session["lastused"] = datetime.datetime.utcnow()
session["user"] = user
self._coll.insert_one(session)
result = {"_id": str(_id), "token": str(token)}
self.log.info("{0} success creating new session for user {1}".format(request_id, user))
return result
def users(request):
path = [{'name': 'Home', 'url': request.route_url('admin')}, {'name': 'Users', 'url': request.route_url('admin/users')}]
if(has_permission('root', Donate, request)):
permission = 'root'
else:
permission = 'admin'
error = None
if 'del' in request.params and validateCSRF(request):
if permission != 'root':
error = 'You do not have permission to remove users'
user = Settings.Session.query(User).filter(User.id == request.params['del']).scalar()
if not user:
error = 'Invalid user specified'
if user and user.user == authenticated_userid(request):
error = 'You can not delete yourself'
if not error:
Settings.Session.delete(user)
try:
Settings.Session.commit()
except:
Settings.Session.rollback()
error = 'There was an error removing the user'
if 'form.submitted' in request.params and validateCSRF(request):
if request.params['password'] != request.params['repeatpass']:
error = 'Passwords entered do not match'
if request.params['usergroup'] == 'superadmin' and not permission == 'root':
error = 'Request invalid'
if Settings.Session.query(User).filter(User.name == request.params['username']).count() > 0:
error = 'User already exists'
if not error:
user = User(request.params['username'], password_hash.encrypt(request.params['password'], rounds=16000, salt_size=32), None, request.params['usergroup'])
Settings.Session.add(user)
try:
Settings.Session.commit()
except:
Settings.Session.rollback()
error = 'There was an error adding the user'
users = list()
if 'offset' in request.params:
offset = request.params['offset']
else:
offset = 0
for user in Settings.Session.query(User).offset(offset):
users.append(user)
return {'permission': permission, 'community': Settings.Community, 'users': users, 'path': path, 'error': error}
def client():
"""
Logging in with the test client works, but only if the tests are run from the inner omf directory. This is due to how web.py relies on relative
paths to open important files. web.py must be refactored first before $ pytest $ can be run from anywhere
"""
app.config['TESTING'] = True
client = app.test_client()
model_name = 'test_voltageDrop'
# Log the test user in as the user named 'test'
rv = client.post('/login', data={'username': '******', 'password': '******'})
assert rv.headers.get("Location") == "http://localhost/"
assert rv.status_code == 302
# Create two test models that belong to the 'test' user
with client as c:
model_name = 'test_voltageDrop'
rv = c.get('/newModel/voltageDrop/' + model_name)
assert rv.status_code == 302
assert rv.headers.get("Location") == "http://localhost" + url_for(
'showModel', owner="test", modelName=model_name)
with client as c:
model_name = 'test_cvrDyn'
rv = c.get('/newModel/cvrDynamic/' + model_name)
assert rv.status_code == 302
assert rv.headers.get("Location") == "http://localhost" + url_for(
'showModel', owner="test", modelName=model_name)
# Create two new test users
test_users = ['first-test-user', 'second-test-user']
for username in test_users:
filepath = os.path.join(omfDir, 'data/User', username + '.json')
data = json.dumps({
'username': username,
'password_digest': pbkdf2_sha512.encrypt(username)
})
with open(filepath, 'w') as f:
f.write(data)
# Send client to test
yield client
# Cleanup
#Posting to /delete provides 'nicer' cleanup, but I should use shutil instead
#client.post('/delete/Model/test/test_voltageDrop')
#client.post('/delete/Model/test/test_cvrDyn')
for model_name in ['test_voltageDrop', 'test_cvrDyn']:
model_path = os.path.join(omfDir, 'data', 'Model', 'test', model_name)
if os.path.isdir(model_path):
shutil.rmtree(model_path)
for username in test_users:
filepath = os.path.join(omfDir, 'data/User', username + '.json')
if os.path.isfile(filepath):
os.remove(filepath)
def update_profile(self, track_route, message):
new_password = message['data'].get('new_password')
old_password = message['data'].get('old_password')
nickname = message['data']['nickname']
profile_data = ujson.dumps(message['data']['profile_data'], ensure_ascii=False)
errors_list = ErrorList()
# If user wants to change password, handle the checks
if new_password:
validate_str_length('new_password', new_password, errors_list, 8)
validate_required_field('old_password', old_password, errors_list)
# Only run this check if no other errors were detected
if not errors_list.get_list():
validate_password_field('old_password', self.session.user.password, old_password, errors_list)
# Don't change anything if there are errors
if not errors_list.get_list():
self.session.user.password = pbkdf2_sha512.encrypt(new_password)
self.db.add(self.session.user)
# Nickname is mandatory
nickname = bleach.clean(nickname)
validate_str_length('nickname', nickname, errors_list, 2, 32)
# Make sure the nickname is not yet reserved
# Only run if the previous checks didn't fail
if not errors_list.get_list():
try:
user = User.get_one(self.db, nickname=nickname)
if user.id != self.session.user.id:
errors_list.add_error(u"Nickname is already reserved!", 'nickname')
except NoResultFound:
pass
# got validation errors, fail here
if errors_list.get_list():
self.send_error(450, errors_list)
return
# Save changes
self.session.user.nickname = nickname
self.session.user.profile_data = profile_data
self.db.add(self.session.user)
# On success, return the current user object
self.send_message({
'user': self.session.user.serialize(include_profile=True)
})
def changepwd(self, username = ""):
# self.openDB()
print "Change Password..."
userDB_formatted = {}
for key,value in self.userDB.iteritems():
userDB_formatted[key] = value + "\n"
while True:
if self.login == "":
print "Not logged in."
self.usrlogin()
# break
continue
elif self.login != "admin":
username = self.login
print "username: "******"admin":
while not self.checkname(username):
username = raw_input('Please enter a user currently in the db. (0) to quit: ')
if username == '0':
print "Quitting..."
break
elif self.checkname(username) and username != "admin":
print "User %s selected." % (username)
break
elif not self.checkname(username):
print "Account doesn't exist."
username = ""
break
newpass1 = raw_input('Please enter new password for user %s> ' % (username))
newpass2 = raw_input('Please re-enter new password for user %s> ' % (username))
if newpass1 == newpass2:
userDB_formatted[username] = pbkdf2_sha512.encrypt(newpass1) + "\n"
# print "formatted after delete: \n", userDB_formatted
userDB_raw = ""
for key, value in userDB_formatted.iteritems():
userDB_raw = userDB_raw + key + " " + value
# print "userDB_raw", userDB_raw
self.userdb_overwrite = open('userdb.udb', 'w')
self.userdb_overwrite.write(userDB_raw)
self.userdb_overwrite.close()
print "Password for %s changed." % (username)
elif newpass1 != newpass2:
print "Passwords don't match. Cancelling operation..."
# break
else:
print "Invalid input. Cancelling operation..."
def register():
if current_user.is_authenticated:
return redirect(url_for('main.home'))
form = RegistrationForm()
if form.validate_on_submit():
hashed_password = pbkdf2_sha512.encrypt(form.password.data)
user = User(name=form.name.data,
email=form.email.data,
password=hashed_password)
db.session.add(user)
db.session.commit()
flash("your account has been created! you are now able to log in",
'success')
return redirect(url_for('users.login'))
return render_template('register.html', form=form)
def register(self, user):
print "register=", user
if not user.get('mobile', None) or not user.get('passwd', None):
return -1
record = self._coll.find_one({"mobile": user['mobile']})
print record
if record:
return 1
password_hash = pbkdf2_sha512.encrypt(user['passwd'])
user['passwd'] = password_hash
self._coll.insert(user)
return 0
def change_pwd(self):
if self.login['name'] != None:
username = self.login['name']
oldpass = raw_input('Please enter your current password: '******'Please enter new password for %s. >' % (username))
pass2 = raw_input('Please re-enter new password for %s. >' % (username))
if pass1 == pass2:
pwdhash = pbkdf2_sha512.encrypt(pass1)
exec_cmd = "UPDATE users SET password= (\'%s\')" % (pwdhash)
self.exec_DB(exec_cmd)
print "Password for user %s updated." % (username)
else: print "Passwords do not match."
else: print "Wrong username or password."
else: print "Not logged in."
def hash_password(password: str) -> str:
"""
Encrypts the provided password.
Parameters
----------
password : str
The password to be encrypted.
Returns
-------
str
The encrypted password.
"""
return pbkdf2_sha512.encrypt(password)
def signup(self, pwd):
if not self.uid:
return False
conn = get_db()
cur = conn.cursor()
passwd = pbkdf2_sha512.encrypt(pwd) if pwd else None
self.pwd = passwd
cur.execute(
"UPDATE users SET tier = 1, password = %s, signup_at = now() WHERE uid = %s ",
(passwd, self.uid))
conn.commit()
ok = bool(cur.rowcount)
conn.close()
if ok:
self.tier = 1
return ok
def create(self, user):
session = {}
_id = uuid.uuid4()
token = uuid.uuid4()
session['_id'] = Binary(_id.bytes, STANDARD)
session['token'] = pbkdf2_sha512.encrypt(str(token),
rounds=1000,
salt_size=32)
session['lastused'] = datetime.datetime.utcnow()
session['user'] = user
try:
self._coll.insert_one(session)
except pymongo.errors.ConnectionFailure as err:
raise MongoConnError(err)
result = {'_id': str(_id), 'token': str(token)}
return result
def encrypt_sha512(password, rounds, salt):
"""Devuelve un string cifrado.
Argumentos:
password - String a cifrar
rounds - Número de iteraciones a utilizar, default(12000) max(999999999).
salt - Salto criptográfica valor en bytes entre 0 y 1024.
"""
rounds = rounds if rounds is not None else 12000
salt = salt if salt is not None else 12
if password is None:
password_encrypt = "Password field empty"
else:
password_encrypt = pbkdf2_sha512.encrypt(
password, rounds=rounds, salt_size=salt
)
return password_encrypt
def register(self, track_route, message):
username = message['data']['username']
password = message['data']['password']
nickname = bleach.clean(message['data']['nickname'])
profile_data = ujson.dumps(message['data']['profile_data'], ensure_ascii=False)
errors_list = ErrorList()
validate_str_length('username', username, errors_list, 4, 32)
validate_str_length('password', password, errors_list, 8)
validate_str_length('nickname', nickname, errors_list, 2, 32)
# got validation errors, fail here. Only hit DB checks if everything else is fine
if errors_list.get_list():
self.send_error(450, errors_list)
return
# Make sure the username is not yet reserved
try:
User.get_one(self.db, username=username)
errors_list.add_error(u"Username is already reserved!", 'username')
except NoResultFound:
pass
# Make sure the nickname is not yet reserved
try:
User.get_one(self.db, nickname=nickname)
errors_list.add_error(u"Nickname is already reserved!", 'nickname')
except NoResultFound:
pass
# got validation errors, fail here
if errors_list.get_list():
self.send_error(450, errors_list)
return
user = User()
user.username = username
user.nickname = nickname
user.profile_data = profile_data
user.level = LEVEL_GUEST
user.active = True
user.password = pbkdf2_sha512.encrypt(password)
self.db.add(user)
self.send_message({})
log.info(u"New user '%s' registered!", username)
def create(self, user):
session = {}
_id = uuid.uuid4()
token = uuid.uuid4()
session['_id'] = Binary(_id.bytes, STANDARD)
session['token'] = pbkdf2_sha512.encrypt(str(token), rounds=1000, salt_size=32)
session['lastused'] = datetime.datetime.utcnow()
session['user'] = user
try:
self._coll.insert_one(session)
except pymongo.errors.ConnectionFailure as err:
raise MongoConnError(err)
result = {
'_id': str(_id),
'token': str(token)
}
return result
def create(cls, name='', email='', phone='', fb_uid='', pwd=None):
conn = get_db()
cur = conn.cursor()
uid = gen_uid()
passwd = pbkdf2_sha512.encrypt(pwd) if pwd else None
user = User(uid=uid,
tier=1,
name=name,
email=email,
phone=phone,
fb_uid=fb_uid,
pwd=pwd)
user.email_status = 'unverified' if email else ''
user.phone_status = 'unverified' if phone else ''
cur.execute(
"""INSERT INTO users
(uid
, tier
, name
, email
, phone
, email_status
, phone_status
, fb_uid
, signup_at
, created_at
, password
)
VALUES (%s
, %s
, %s
, %s
, %s
, %s
, %s
, %s
, now()
, now()
, %s
)""",
(uid, user.tier, name, email, phone, user.email_status,
user.phone_status, fb_uid, passwd))
conn.commit()
conn.close()
return user
def add_user(self, name, fullname, password, email, admin):
# encrypt is deprecated but hash is not available in jessie
try:
hash = pbkdf2_sha512.hash(password)
except AttributeError:
hash = pbkdf2_sha512.encrypt(password)
u = User(name=name,
fullname=fullname,
pwhash=hash,
email=email,
admin=admin)
with session_scope(self.session) as s:
if s.query(User).filter(User.name == name).count() > 0:
raise ElbeDBError("user %s already exists in the database" %
name)
s.add(u)
def register(self, user):
print "register=", user, self._field
if not user.get(self._field, None) or not user.get('passwd', None):
return -1
print user.get(self._field)
cond = {self._field: user.get(self._field)}
print cond
record = self._coll.find_one(cond)
print record
if record:
return 1
password_hash = pbkdf2_sha512.encrypt(user.get('passwd', None))
user['passwd'] = password_hash
self._coll.insert(user)
return 0
def create(self, user):
request_id = request.environ.get('REQUEST_ID', None)
self.log.info('{0} creating new session for user {1}'.format(
request_id, user))
session = {}
_id = uuid.uuid4()
token = self._create_token()
session['_id'] = Binary(_id.bytes, STANDARD)
session['token'] = pbkdf2_sha512.encrypt(str(token),
rounds=1000,
salt_size=32)
session['lastused'] = datetime.datetime.utcnow()
session['user'] = user
self._coll.insert_one(session)
result = {'_id': str(_id), 'token': str(token)}
self.log.info('{0} success creating new session for user {1}'.format(
request_id, user))
return result
def user_add():
u = user(user_id=session['uid']).get()
if 'Password' in u: del u['Password']
if len(request.form) > 0 and request.form.get("user-new-password") == request.form.get("user-new-verify") and len(request.form.get("user-new-password")) > 0:
u = user().new()
u["Username"] = request.form.get("user-new-username")
u["Password"] = crypt.encrypt(request.form.get("user-new-password"))
u["Company"] = request.form.get("user-new-company")
u["status"] = 1
u["date_created"] = datetime.datetime.now()
u["date_modified"] = datetime.datetime.now()
retid = u.insert()
u.invalidate_cache()
if retid is not False: flash("User added")
elif len(request.form) > 0: flash("Passwords did not match")
return redirect(flask.url_for("user_index"))
def post(self):
datas = self.request.arguments
pass3 = self.get_argument("password3", None)
pass4 = self.get_argument("password4", None)
if pass3 != pass4:
return self.write(
json.dumps({
"status": 'error',
"msg": "确认密码跟新密码不一致!"
}))
userid = self.get_argument("storeid", None)
pass3 = pbkdf2_sha512.encrypt(pass3)
m = self.db.tb_system_user.update_one({"_id": ObjectId(userid)},
{"$set": {
"passwd": pass3
}})
self.write(json.dumps({"status": 'ok', "msg": u'修改密码成功'}))
def post(self):
request.get_json()
args = register_parser.parse_args()
first_name = str(args['firstName'])
last_name = str(args['lastName'])
email = str(args['email'])
pwd = str(args['password'])
user_type = str(args['userType'])
if not database.UserModel.query.filter_by(email=email).first():
pwd_hash = pbkdf2_sha512.encrypt(pwd)
user = database.UserModel(
first_name=first_name,
last_name=last_name,
email=email,
user_type=user_type,
password=pwd_hash
)
save_to_db(user)
return 201
else:
return 204
def post(self):
datas = self.request.arguments
ip_infp = self.request.remote_ip
pass3 = self.get_argument("password3", None)
pass4 = self.get_argument("password4", None)
if pass3 != pass4:
return self.write(
json.dumps({
"status": 'error',
"msg": "确认密码跟新密码不一致!"
}))
pass3 = pbkdf2_sha512.encrypt(pass3)
userid = self.get_argument("uid", None)
flag = self.application.dbutil.updatePassWord(userid, pass3, ip_infp)
if not flag:
logger().info("修改用户密码失败:===>")
self.write(json.dumps({"status": 'ok', "msg": u'修改密码失败'}))
logger().info("修改用户密码成功:===>")
self.write(json.dumps({"status": 'ok', "msg": u'修改密码成功'}))
def modify_user(self, userid, name, fullname, email, admin, password=None):
with session_scope(self.session) as s:
try:
u = s.query(User).filter(User.id == userid).one()
except NoResultFound:
raise ElbeDBError("no user with id %i" % userid)
# If a user name change is requested, check for uniqueness
if name != u.name:
if s.query(User).filter(User.name == name).count() > 0:
raise ElbeDBError(
"user %s already exists in the database" % name)
u.name = name
u.fullname = fullname
u.email = email
u.admin = admin
# Update password only if given
if not password is None:
u.pwhash = pbkdf2_sha512.encrypt(password)
def getParams(param1, param2, param3, param4):
password = param1
password_hash = param2
mode = param3
action = param4
if (mode == '256' and action == 'validate'):
try:
return pbkdf2_sha256.verify(password, password_hash)
except:
return "Not able to validate the password, make sure all the params are correct"
if (mode == '256' and action == 'create'):
try:
return pbkdf2_sha256.encrypt(password,
rounds=200000,
salt_size=16)
except:
return "Not able to create the password, make sure all the params are correct"
if (mode == '512' and action == 'validate'):
try:
return pbkdf2_sha512.verify(password, password_hash)
except:
return "Not able to validate the password, make sure all the params are correct"
if (mode == '512' and action == 'create'):
try:
return pbkdf2_sha512.encrypt(password,
rounds=200000,
salt_size=16)
except:
return "Not able to create the password, make sure all the params are correct"
return "Please check the params, was not able to find what you need"
def register(email, reg_key):
if flask_login.current_user.is_authenticated():
return redirect("/")
try:
user = json.load(open("data/User/" + email + ".json"))
except Exception:
user = None
if not (user and
reg_key == user.get("reg_key") and
user.get("timestamp") and
dt.timedelta(1) > dt.datetime.now() - dt.datetime.strptime(user.get("timestamp"), "%c")):
return "This page either expired, or you are not supposed to access it. It might not even exist"
if request.method == "GET":
return render_template("register.html", email=email)
password, confirm_password = map(request.form.get, ["password", "confirm_password"])
if password == confirm_password:
user["username"] = email
user["password_digest"] = pbkdf2_sha512.encrypt(password)
flask_login.login_user(User(user))
with open("data/User/"+user["username"]+".json","w") as outFile:
json.dump(user, outFile, indent=4)
return redirect("/")
def set_pwd(self, new_pwd, old_pwd=None, token=None):
if not new_pwd:
return "No new password provided"
if old_pwd:
if not self.check_pwd(old_pwd):
return 'Wrong old password.'
elif token:
conn = get_db()
cur = conn.cursor()
cur.execute(
"SELECT uid FROM tokens WHERE token = %s AND last_consumed_at > now() - interval '10 minutes'",
(sha512(token).hexdigest(), ))
print(sha512(token).hexdigest())
uid = cur.fetchone()
print uid
conn.close()
if not uid or uid[0] != self.uid:
return 'Invalid token provideed'
else:
return 'Either token or Old Password needed to set new password'
self.pwd = pbkdf2_sha512.encrypt(new_pwd)
self.update(password=self.pwd)
return None
def hash_secret(self, rounds=12000, salt=None, salt_size=16):
"""
Hashes user's secret if it is not already hashed.
**Example usage**
>>> user = User(first_name='D.', last_name='F.', mail='*****@*****.**', secret='Secr4taB', admin_platform=True)
>>> user.is_secret_hashed
False
>>> len(user.secret)
8
>>> user.hash_secret()
>>> user.is_secret_hashed
True
>>> len(user.secret)
130
>>> secret = user.secret
>>> user.hash_secret()
>>> assert(user.secret == secret)
"""
if not self.is_secret_hashed:
self.secret = pbkdf2_sha512.encrypt(
self.secret, rounds=rounds, salt=salt, salt_size=salt_size)
def process_acct():
form = CreateForm(request.form)
print "$$$$", form.validate_on_submit()
if form.validate_on_submit():
email = request.form["email"]
password = request.form["password"]
hashed_password = pbkdf2_sha512.encrypt(
password, salt=b'64', rounds=100000, salt_size=16)
# Checks that user isn't creating a duplicate account
user = m_session.query(model.User).filter_by(email=email).first()
if user is not None:
flash("That account already exists. Please log in.")
return redirect("/login")
else:
new_user_acct = model.User(email=email, password=hashed_password)
m_session.add(new_user_acct)
m_session.commit()
flash("Your account has been succesfully added.")
f_session["email"] = email
return redirect("/input/banking")
else:
flash("Please enter a valid email and password.")
return redirect("/create")
def _password(password):
return pbkdf2_sha512.encrypt(password, rounds=100000, salt_size=32)
def post(self):
"""
Adds a new user to the database with default permissions.
:Input: JSON object representing the new user account
.. code-block:: javascript
{
'email': String,
'password': String,
'firstName': String,
'lastName': String
}
:return: The user object that was created
.. code-block:: javascript
{
'teamName': String,
'leagueID': Integer,
'colour': String (Hex Colour Code)
}
Success gives status code 201
"""
parser = reqparse.RequestParser()
parser.add_argument('email', type=str)
parser.add_argument('password', type=str)
parser.add_argument('firstName', type=str)
parser.add_argument('lastName', type=str)
args = parser.parse_args()
first_name = args['firstName']
last_name = args['lastName']
email = args['email']
hash_pw = pbkdf2_sha512.encrypt(args['password'],
rounds=30000,
salt_size=32)
db_connector = DatabaseConnector()
if db_connector.cursor.execute(
'CALL get_user("{}");'.format(email)) != 0:
abort(409,
error='email entered is already registered',
email=email)
# using create_user sp to store new user
db_connector.cursor.callproc('create_user',
[first_name, last_name, email, hash_pw])
db_connector.conn.commit()
# getting user_id to return to the frontend
db_connector.cursor.execute('CALL get_user("{}");'.format(email))
db_response = db_connector.cursor.fetchone()
user_data = {
'userID': db_response[0],
'userType': db_response[2],
'firstName': db_response[3],
'lastName': db_response[4],
'email': db_response[5],
'lastLogin': db_response[7]
}
db_connector.conn.close()
return {"user": user_data}, 201
def hashed_password(password):
return pbkdf2_sha512.encrypt(password)
def _create_secret(token):
return pbkdf2_sha512.encrypt(str(token), rounds=10, salt_size=32)
def hash_password(password: str) -> str:
return pbkdf2_sha512.encrypt(password)
def encrypt_password(password):
rounds = 10 if settings.DEBUG else 100_000
return pbkdf2_sha512.encrypt(password, rounds=rounds)
