def decrypt_secret(secret_crypted, passphrase: str) -> Optional[dict]:
if verify_password(passphrase + secret_crypted['salt'], secret_crypted['hashed_passphrase']):
aes = AESCipher(passphrase)
secret_value = aes.decrypt(secret_crypted['crypted_secret'])
return {"secret": secret_value}
else:
return None
def login():
user = data_manager.get_user_by_name(request.form['username'])
if user and security.verify_password(request.form['password'],
user['password']):
session['username'] = user['username']
session['user_id'] = user['id']
return json.dumps({'redirect': True})
else:
return json.dumps({'error': 'username/password incorrect'})
def login(data: OAuth2PasswordRequestForm = Depends()):
email = data.username
password = data.password
user = get_user(
email) # we are using the same function to retrieve the user
if user is None:
raise InvalidCredentialsException # you can also use your own HTTPException
elif not verify_password(password, user.password):
raise InvalidCredentialsException
access_token = manager.create_access_token(data=dict(sub=user.email))
return {'access_token': access_token, 'token_type': 'Bearer'}
def check_credentials(username, raw_password):
#check credentials on db
db = connect()
curr = db.cursor()
sql = f'''
SELECT * FROM users WHERE userID = "{username}";'''
curr.execute(sql)
result = curr.fetchall()
for r in result:
return security.verify_password(raw_password, r[1])
return False
def verify_login(self, attempt_username, attempt_password):
"""Verfifies a user login completely"""
user_db = UserDatabase() # Defines the user database
user = user_db.get_user(attempt_username) # Gets the details of the user from the datatable
print()
if user != None: # Checks to see if the username is valid
if security.verify_password(user[2], user[3], attempt_password): # Verfies if the password is valid
container.user = {
"id": user[0],
"username": user[1],
"perm": user[4],
"name": user[5]} # Defines the user object for the window container
return True # Returns True if the login is verfified
else:
return False
else:
return False
def route_login():
if request.method == "POST":
username = request.form.get('username')
password_to_verify = request.form.get('password')
user_data = data_handler.get_data_by_username(username)
if not user_data:
response = make_response(redirect(url_for('route_list')))
response.set_cookie('usernotfound', "True", expires=3)
return response
verified = verify_password(password_to_verify,
user_data[0]["password"])
if verified:
return redirect(url_for('cookie_insertion', username=username))
else:
response = make_response(redirect(url_for('route_list')))
response.set_cookie('wrongpassword', "True", expires=3)
return response
return render_template('signup.html')
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
for user in db_session.query(User).all():
if username == user.username:
if verify_password(user.password, password):
login_user(user)
logging.info(f'{user.username} logged in')
return redirect(url_for('journal'))
else:
error = 'Невірно введений пароль'
logging.info(f'{user.username} failed to log in')
return render_template('login.html', error=error)
else:
error = 'Користувача з таким іменем не знайдено'
logging.info(f'{username} doesn\'t exist')
return render_template('login.html', error=error)
else:
return render_template('login.html')
def login():
try:
body = request.get_json()
email = extract_field_from_body('email', body)
password = extract_field_from_body('password', body)
data = {'email': email}
_, user = io_service.get('/users', data)
if not user['activated']:
return Response('User is not activated.',
status=400,
mimetype='application/json')
if not security.verify_password(user['password'], password):
return Response('Incorrect password.',
status=400,
mimetype='application/json')
data = {
'id': user['id'],
'email': user['email'],
'nickname': user['nickname']
}
jwt_token = security.jwt_encode(data)
data = {'token': jwt_token}
return Response(json.dumps(data),
status=200,
mimetype='application/json')
except Exception as e:
return Response(str(e), status=400, mimetype='application/json')
def verify_login(username, password):
pwdhash = SQL.users.find_hash(username)
return pwdhash and security.verify_password(pwdhash, password)