def login():
""" Endpoint for authentication
*Requires some sort of database
"""
if request.method == 'POST':
# Get the user information
name = request.form['username']
passwd = request.form['userpass']
#TODO remove this when you get a database up
#return early so the code below doesn't break everything
return redirect('/home')
# Find a user with that username an compare passwords
res = db.users.find({'name': name})
if res.count() > 0:
# user = <find a user with your db>
if user:
salt = user['salt']
thehash = pbkdf2_hex(passwd.encode('utf-8'),
salt.encode('utf-8'))
else:
error = 'Invalid Credentials'
return render_template('home.html', error=error)
if thehash == user['hash']:
# store user id in the session
session['user'] = user['name']
return redirect('/home')
else:
error = 'Invalid Credentials'
return render_template('home.html', error=error)
else:
error = 'Invalid Credentials'
return render_template('home.html', error=error)
def login():
"""Handler for anything related to login
GET -- render the login page
:return html
POST -- Authenticate the user, return Invalid Credentials on error.
Set session user.
:return html
"""
if request.method == 'GET':
return render_template('login.html')
if request.method == 'POST':
# Get the user information
name = request.form['username']
passwd = request.form['userpass']
# Find a user with that username an compare passwords
user = auth.db.query(User).filter(User.name == name).one()
if user:
thehash = pbkdf2_hex(passwd.encode('utf-8'),
user.salt.encode('utf-8'))
# password matches
if thehash == user.hash:
session['user'] = user.id
return redirect('/')
else:
error = 'Invalid Credentials'
return render_template('login.html', error=error)
else:
error = 'Invalid Credentials'
return render_template('login.html', error=error)
def signup():
""" End Point for signups
*Requires some sort of database
"""
if request.method == 'GET':
return render_template('signup.html')
if request.method == 'POST':
if request.form['userpass'] != request.form['userpass2']:
error = 'Passwords do not match'
return render_template('signup.html', error=error)
salt = getRandomSalt(16)
thehash = pbkdf2_hex(request.form['userpass'].encode('utf-8'),
salt.encode('utf-8'))
# Make a new user out of the info
new_user = {
'name': request.form['username'],
'salt': unicode(salt),
'hash': unicode(thehash)
}
# You'll need a database to save it to
# user_id = db.users.save(new_user)
# store user id in the session
session['user'] = new_user['name']
return redirect('/home')
def login():
""" Endpoint for authentication
*Requires some sort of database
"""
if request.method == 'POST':
# Get the user information
name = request.form['username']
passwd = request.form['userpass']
#TODO remove this when you get a database up
#return early so the code below doesn't break everything
return redirect('/home')
# Find a user with that username an compare passwords
res = db.users.find({'name': name})
if res.count() > 0:
# user = <find a user with your db>
if user:
salt = user['salt']
thehash = pbkdf2_hex(passwd.encode('utf-8'),
salt.encode('utf-8'))
else:
error = 'Invalid Credentials'
return render_template('home.html', error=error)
if thehash == user['hash']:
# store user id in the session
session['user'] = user['name']
return redirect('/home')
else:
error = 'Invalid Credentials'
return render_template('home.html', error=error)
else:
error = 'Invalid Credentials'
return render_template('home.html', error=error)
def signup():
""" End Point for signups
*Requires some sort of database
"""
if request.method == 'GET':
return render_template('signup.html')
if request.method == 'POST':
if request.form['userpass'] != request.form['userpass2']:
error = 'Passwords do not match'
return render_template('signup.html', error=error)
salt = getRandomSalt(16)
thehash = pbkdf2_hex(request.form['userpass'].encode('utf-8'),
salt.encode('utf-8'))
# Make a new user out of the info
new_user = {
'name': request.form['username'],
'salt': unicode(salt),
'hash': unicode(thehash)
}
# You'll need a database to save it to
# user_id = db.users.save(new_user)
# store user id in the session
session['user'] = new_user['name']
return redirect('/home')
def login():
"""
GET: Render the login form
POST: try to verify the user
"""
if request.method == 'POST':
# Get the user information
name = request.form['username']
passwd = request.form['password']
# Find a user with that username and compare passwords
user = store.find(User, User.username == unicode(name)).one()
salt = user.salt
thehash = pbkdf2_hex(passwd.encode('utf-8'), salt.encode('utf-8'))
# store user id in the session
session['userid'] = user.id
if thehash == user.hash:
return redirect('/home')
else:
return 'login failed'
def signup():
"""Handler realted to anything signup
GET -- render the signup page
:return html
POST -- If user passwords match, create a user. Create session
:return html
@TODO - check username uniqueness
"""
if request.method == 'GET':
return render_template('signup.html')
if request.method == 'POST':
name = request.form['username']
pass1 = request.form['userpass']
pass2 = request.form['userpass2']
# do they match?
if pass1 != pass2:
error = 'Passwords do not match'
return render_template('signup.html', error=error)
# do we already have a user under that name?
if auth.db.query(User).filter(User.name == name).one():
error = 'User already taken'
return render_template('signup.html', error=error)
salt = get_random_salt(16)
thehash = pbkdf2_hex(pass1.encode('utf-8'), salt.encode('utf-8'))
# Make a new user out of the info
new_user = User(name, unicode(thehash), salt)
auth.db.add(new_user)
auth.db.commit()
# store user id in the session
session['user'] = new_user.id
return redirect('/')
def creatuser():
"""
GET: Render the create account form
POST: Create the user
"""
if request.method == 'GET':
return render('index.html')
elif request.method == 'POST':
salt = getRandomSalt(16)
thehash = pbkdf2_hex(request.form['password'].encode('utf-8'), salt.encode('utf-8'))
# Make a new user out of the info
new_user = store.add(User())
new_user.username = request.form['username']
new_user.salt = unicode(salt)
new_user.hash = unicode(thehash)
store.commit()
# store user id in the session
session['userid'] = new_user.id
return redirect('/home')
