Exemplo n.º 1
0
    def post(self):
        data_dict = json.loads(request.data)
        user = session.get("user")
        if not user:
            return abort(404)

        update_type = data_dict["type"]
        if update_type == "profile":
            userid = user["_id"]
            twitter = data_dict["twitter"]
            website = data_dict["website"]

            return cuser.update_profile_info(session, user, twitter, website)
        elif update_type == "password":
            userid = user["_id"]
            user = db.users.find_one({"email": unicode(user['email'])})

            if not user:
                return {'error': 'user not found'}, 404

            current_pwd = data_dict["current_pwd"]
            new_pwd = data_dict["new_pwd"]

            pwd_hash = user["password"]
            if bcrypt.hashpw(current_pwd, pwd_hash) != pwd_hash:
                return {'error': 'password is invalid'}, 404
            else:
                new_pwd_hash = bcrypt.hashpw(new_pwd, bcrypt.gensalt())
                db.users.update(
                    {"_id": ObjectId(userid)},
                    {"$set": {"password": new_pwd_hash}}
                )
                return 200

        return 402
Exemplo n.º 2
0
def change_password():
    require_current = True
    error = None
    form = PasswordResetForm()
    
    user = User.objects.filter(username=session.get('username')).first()
    
    if not user:
        abort(404)
        
    if request.method == 'POST':
        if form.validate_on_submit():
            if bcrypt.hashpw(form.current_password.data, user.password) == user.password:
                salt = bcrypt.gensalt()
                hashed_password = bcrypt.hashpw(form.password.data, salt)
                user.password = hashed_password
                user.save()
                # if user is logged in, log him out
                if session.get('username'):
                    session.pop('username')
                return redirect(url_for('user_app.password_reset_complete'))
            else:
                error = "Incorrect password"
    return render_template('user/password_reset.html',
        form=form,
        require_current=require_current,
        error=error
    )
Exemplo n.º 3
0
    def _digest(self, alg, password, salt=None):
        """
        Helper method to perform the password digest.

        :param alg: The hash algorithm to use.
        :type alg: str - 'sha512' | 'bcrypt'
        :param password: The password to digest.
        :type password: str
        :param salt: The salt to use. In the case of bcrypt,
                     when storing the password, pass None;
                     when testing the password, pass the hashed value.
        :type salt: None or str
        :returns: The hashed value as a string.
        """
        cur_config = config.getConfig()
        if alg == 'sha512':
            return hashlib.sha512((password + salt).encode('utf8')).hexdigest()
        elif alg == 'bcrypt':
            try:
                import bcrypt
            except ImportError:
                raise Exception(
                    'Bcrypt module is not installed. See girder.local.cfg.')

            password = password.encode('utf8')

            if salt is None:
                rounds = int(cur_config['auth']['bcrypt_rounds'])
                return bcrypt.hashpw(password, bcrypt.gensalt(rounds))
            else:
                if isinstance(salt, six.text_type):
                    salt = salt.encode('utf8')
                return bcrypt.hashpw(password, salt)
        else:
            raise Exception('Unsupported hash algorithm: %s' % alg)
Exemplo n.º 4
0
 def create(cls, db, graph, raw_view_pass, raw_edit_pass):
     if raw_view_pass is not None:
         view_pass = bcrypt.hashpw(
             raw_view_pass.encode(), bcrypt.gensalt()).decode()
     else:
         view_pass = None
     if raw_edit_pass is not None:
         edit_pass = bcrypt.hashpw(
             raw_edit_pass.encode(), bcrypt.gensalt()).decode()
     else:
         edit_pass = None
     result = db.execute('select count(*) from polycules where graph = ?',
                         [graph])
     existing = result.fetchone()[0]
     if existing != 0:
         raise Polycule.IdenticalGraph
     cur = db.cursor()
     result = cur.execute('''insert into polycules
         (graph, view_pass, delete_pass, hash) values (?, ?, ?, ?)''', [
             graph,
             view_pass,
             edit_pass,
             hashlib.sha1(graph.encode('utf-8')).hexdigest(),
         ])
     db.commit()
     new_hash = db.execute('select hash from polycules where id = ?', [
         result.lastrowid
     ]).fetchone()[0]
     return Polycule.get(db, new_hash, None, force=True)
Exemplo n.º 5
0
def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
    """
    Check to see if this password matches.

    Args:
    - raw_pass: user submitted password to check for authenticity.
    - stored_hash: The hash of the raw password (and possibly extra
      salt) to check against
    - extra_salt: (optional) If this password is with stored with a
      non-database extra salt (probably in the config file) for extra
      security, factor this into the check.

    Returns:
      True or False depending on success.
    """
    if extra_salt:
        raw_pass = u"%s:%s" % (extra_salt, raw_pass)

    hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)

    # Reduce risk of timing attacks by hashing again with a random
    # number (thx to zooko on this advice, which I hopefully
    # incorporated right.)
    #
    # See also:
    rand_salt = bcrypt.gensalt(5)
    randplus_stored_hash = bcrypt.hashpw(stored_hash, rand_salt)
    randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt)

    return randplus_stored_hash == randplus_hashed_pass
Exemplo n.º 6
0
def company_login_process():
    """Process company login."""

    # Get form variables
    company_email = request.form["company_email"]
    password = request.form["password"]
    password_bytes = password.encode('utf-8')

    hashed = bcrypt.hashpw(password_bytes, bcrypt.gensalt())

    company = Company.query.filter_by(company_email=company_email).first()

    if not company:
        flash("Incorrect login credentials")
        return redirect("/company_login")

    if bcrypt.hashpw(password_bytes, hashed) == hashed:
        flash("Welcome")
    else:
        flash("Incorrect login credentials")
        return redirect("/company_login")

    session["company_id"] = company.company_id

    flash("Logged in")
    return redirect("/company_profile/%s" % company.company_id)
Exemplo n.º 7
0
def test_create_user():
    user = model.User()
    test_username = '******'
    test_password = '******'
    test_email = '*****@*****.**'
    
    user.create(test_username,test_password,test_email)

    passwd = user.user.password

    assert user.user.username == test_username

    assert bcrypt.hashpw(test_password,passwd) == passwd
    
    assert user.user.email == test_email
    
    auth_token = hashlib.sha224('%s%s' % (test_username,test_password))
    assert user.user.auth_token == auth_token.hexdigest()
    assert user.get_auth_token() == auth_token.hexdigest()
    
    db = MongoModel(project='internal',collection='user')
    
    test_result = db.query({'username':test_username}) 
    
    assert test_result['username'] == test_username
    assert test_result['email'] == test_email
    
    assert bcrypt.hashpw(test_password,test_result['password']) == test_result['password'] 
    assert test_result['auth_token'] == auth_token.hexdigest()

    db.delete({'username':test_username})
Exemplo n.º 8
0
def login_submit():
	try:
		user = dbhandler.col_members.find_one({"username": request.form['username']})
		if user['activated'] == False:
			session['activation_link'] = user['activation_link']
			session['activation_email'] = user['email']
			return newrender('title_login', '', 'login_err.html', 'login_err_email')
		if 'migrated' in user: #migrated from koistudy1
			if hashlib.md5("request.form['password']").hexdigest() == user['password']:
				session['username'] = request.form['username']
				session['nickname'] = user['nickname']
				session['locale'] = user['locale']
				log = {"date": datetime.datetime.now(), "type": "login_migrated", "result": "succeed", "username": request.form['username'], "ip": request.remote_addr}
				user['password'] = bcrypt.hashpw(request.form['password'].encode("UTF-8"), bcrypt.gensalt())
				del user['migrated']
				dbhandler.col_members.update({'_id': user['_id']}, {"$set": user}, upsert=False)
				dbhandler.col_logs.insert_one(log)
				return redirect('/')
		else:
			if bcrypt.hashpw(request.form['password'].encode("UTF-8"), user['password'].encode('utf-8')) == user['password']:
				session['username'] = request.form['username']
				session['nickname'] = user['nickname']
				session['locale'] = user['locale']
				log = {"date": datetime.datetime.now(), "type": "login", "result": "succeed", "username": request.form['username'], "ip": request.remote_addr}
				dbhandler.col_logs.insert_one(log)
				return redirect('/')
			else:
				log = {"date": datetime.datetime.now(), "type": "login", "result": "wrongpw", "username": request.form['username'], "ip": request.remote_addr}
				dbhandler.col_logs.insert_one(log)
				return newrender('title_login', '', 'login_err.html', 'login_err_pw')
	except (IndexError, TypeError):
		log = {"date": datetime.datetime.now(), "type": "login", "result": "wrongusername", "username": request.form['username'], "ip": request.remote_addr}
		dbhandler.col_logs.insert_one(log)
		return newrender('title_login', '', 'login_err.html', 'login_err_username')
Exemplo n.º 9
0
def user_login_process():
    """Process user login."""

    # Get form variables
    user_email = request.form["email"]
    password = request.form["password"]
    password_bytes = password.encode('utf-8')

    hashed = bcrypt.hashpw(password_bytes, bcrypt.gensalt())

    user = User.query.filter_by(user_email=user_email).first()

    if not user:
        flash("Incorrect login credentials")
        return redirect("/user_login")

    if bcrypt.hashpw(password_bytes, hashed) == hashed:
        flash("Welcome")
    else:
        flash("Incorrect login credentials")
        return redirect("/user_login")

    session["user_id"] = user.user_id

    flash("Logged in")
    return redirect("/user_profile/%s" % user.user_id)
Exemplo n.º 10
0
    def test(self):

        hash1 = bcrypt.hashpw("Jadda", bcrypt.gensalt())
        hash2 = bcrypt.hashpw("Jadda", hash1)


        self.assertEquals(hash1, hash2)
Exemplo n.º 11
0
def hash_plaintext():
    (db, cur) = util.get_dict_cursor()
    cur.execute("""
    SELECT
        name, password
    FROM
        users
    """)
    fetch = cur.fetchall()

    for account in fetch:

        password = account["password"]
        user = account["name"]
        print user
        print password
        try:
            hashpw("password", password)
        except:
            pw_hash = hashpw(password, gensalt())
            print pw_hash
            cur.execute("""
            UPDATE
                users
            SET
                name = %s, password = %s
            WHERE
                name = %s
            """, (user, pw_hash, user))
            fetch = cur.fetchall()
            db.commit()
Exemplo n.º 12
0
    def _digest(self, alg, password, salt=None):
        """
        Helper method to perform the password digest.

        :param alg: The hash algorithm to use.
        :type alg: str - 'sha512' | 'bcrypt'
        :param password: The password to digest.
        :type password: str
        :param salt: The salt to use. In the case of bcrypt,
                     when storing the password, pass None;
                     when testing the password, pass the hashed value.
        :type salt: None or str
        :returns: The hashed value as a string.
        """
        if alg == 'sha512':
            return hashlib.sha512(password + salt).hexdigest()
        elif alg == 'bcrypt':
            try:
                import bcrypt
            except ImportError:
                raise Exception('Bcrypt module is not installed. '
                                'See local.auth.cfg.')

            if salt is None:
                rounds = cherrypy.config['auth']['bcrypt_rounds']
                assert type(rounds) is int
                return bcrypt.hashpw(password, bcrypt.gensalt(rounds))
            else:
                if type(salt) is unicode:
                    salt = salt.encode('utf-8')
                return bcrypt.hashpw(password, salt)
        else:
            raise Exception('Unsupported hash algorithm: %s' % alg)
Exemplo n.º 13
0
    def isValidRegistration(self, userInfo, request):
        passFlag = True
        if not userInfo['first_name'].isalpha():
            passFlag = False
        if len(userInfo['first_name']) < 2:
            passFlag = False
        if not userInfo['last_name'].isalpha():
            passFlag = False
        if len(userInfo['last_name']) < 2:
            passFlag = False
        if not EMAIL_REGEX.match(userInfo['email']):
            passFlag = False
        if len(userInfo['password']) < 7:
            passFlag = False
        if userInfo['password'] != userInfo['confirm_password']:
            passFlag = False
        if User.objects.filter(email = userInfo['email']):
			passFlag = False

        if passFlag:
            if User.userManager.all:
                status = 1
                hashed = bcrypt.hashpw(userInfo['password'].encode(), bcrypt.gensalt())
                self.create(first_name = userInfo['first_name'], last_name = userInfo['last_name'], email = userInfo['email'], password = hashed, status=status)
            else:
                status = 9
                hashed = bcrypt.hashpw(userInfo['password'].encode(), bcrypt.gensalt())
                self.create(first_name = userInfo['first_name'], last_name = userInfo['last_name'], email = userInfo['email'], password = hashed, status=status)
        else:
            messages.error(request, "Invalid Registration. Please try again.")
        return passFlag
Exemplo n.º 14
0
 def post(self):
     email = self.get_argument("email", None)
     old_password = self.get_argument("oldpassword", None)
     password = self.get_argument("password", None)
     confirm_password = self.get_argument("confirm_password", None)
     errors = []
     if not email:
         errors.append("Email cannot be blank")
     elif not re.match(r"^[^\s@]+@[^\s@]+\.[^\s@]{2,}$", email):
         errors.append("Email must be of the format '*****@*****.**'.")
     if not old_password:
         if password or confirm_password:
             errors.append("Current password must be supplied to change passwords.")
     elif (password and not confirm_password) or (confirm_password and not password):
         errors.append("New Password and Confirm New Password are required in order to change the current password.")
     elif password and confirm_password and password != confirm_password:
         errors.append("New password and new password confirmation must match.")
     elif password and confirm_password and password == confirm_password:
         if bcrypt.hashpw(old_password, self.current_user["password"]) != self.current_user["password"]:
             errors.append("The old password supplied is not correct, no updates were made to the user.")
     if len(errors) == 0:
         user = self.current_user
         self.db.users.update({"_id": user["_id"]}, {"$set": {"email": email}})
         if password:
             self.db.users.update(
                 {"_id": user["_id"]}, {"$set": {"password": bcrypt.hashpw(password, bcrypt.gensalt())}}
             )
         self.render("myaccount.html", email=email, notifications=["Account successfully updated"])
     else:
         self.render("myaccount.html", errors=errors, email=email if email else "")
Exemplo n.º 15
0
def signin():
    signin_name = request.form['username']
    signin_password = request.form['password'].encode('utf-8')
    hashed = bcrypt.hashpw(signin_password, bcrypt.gensalt())
    print 'password: %r' % hashed
    query_string = "select chirper.username as name, chirper.password as password, chirper.id as id from chirper where chirper.username = $1"
    query = db.query(query_string, signin_name)
    if query.namedresult():
        name = query.namedresult()[0].name
        password = query.namedresult()[0].password
        user_id = query.namedresult()[0].id
    else:
        return redirect('/login')
    print 'name: ' + name


    if query:
        if signin_name == name and bcrypt.hashpw(signin_password, password) == password:
            session['username'] = signin_name
            session['id'] = user_id
            return redirect('/timeline')
        elif signin_name == name and bcrypt.hashpw(signin_password, password) != password:
            return redirect('/login')
        elif signin_name != name and bcryptpw(signin_password, password) != password:
            return redirect('/signup')
        else:
            pass
    else:
        return redirect('/login')
Exemplo n.º 16
0
def bcrypt_check_password(self, raw_password):
    """
    Returns a boolean of whether the *raw_password* was correct.

    Attempts to validate with bcrypt, but falls back to Django's
    ``User.check_password()`` if the hash is incorrect.

    If ``BCRYPT_MIGRATE`` is set, attempts to convert sha1 password to bcrypt
    or converts between different bcrypt rounds values.

    .. note::

        In case of a password migration this method calls ``User.save()`` to
        persist the changes.
    """
    pwd_ok = False
    should_change = False
    if self.password.startswith('bc$'):
        salt_and_hash = self.password[3:]
        pwd_ok = bcrypt.hashpw(smart_str(raw_password), salt_and_hash) == salt_and_hash
        if pwd_ok:
            rounds = int(salt_and_hash.split('$')[2])
            should_change = rounds != get_rounds()
    elif _check_password(self, raw_password):
        pwd_ok = True
        should_change = True

    if pwd_ok and should_change and is_enabled() and migrate_to_bcrypt():
        self.set_password(raw_password)
        salt_and_hash = self.password[3:]
        assert bcrypt.hashpw(raw_password, salt_and_hash) == salt_and_hash
        self.save()

    return pwd_ok
Exemplo n.º 17
0
def changepass():
	form = ChangePassForm()
	error = None
	if form.validate_on_submit():
		user = User.query.filter_by(username=session.get('username')).first()
		hashed_password = bcrypt.hashpw(form.old_password.data, user.password)
		if form.old_password.data == form.password.data:
			error = "New password can't be the same as the old one"
		else:
			if hashed_password == user.password:
				salt = bcrypt.gensalt()
				new_hashed_password = bcrypt.hashpw(form.password.data, salt)
				user.password = new_hashed_password
				db.session.commit()
				current_ip = socket.gethostbyname(socket.gethostname())
				email_subj = "Password change - GandhiWeb"
				email_body = "You just changed your password on GandhiWeb, if this is not the case please contact Kishen. IP address used to change password: "******"Password changed succesfully, please login again with new password")
				session.pop('username')
				session.pop('fullname')
				session.pop('is_admin')
				return redirect(url_for('index'))

			else:
				error = "Incorrect old password"
	return render_template('user/changepass.html', form=form, error=error)
Exemplo n.º 18
0
Arquivo: auth.py Projeto: dariusk/ffo
 def post(self):
     user = self.get_argument('name', '')
     pw = self.get_argument('pw', '')
     next = self.get_argument('next', '/')
     if not next.startswith('/'):
         next = '/'
     u = self.db.get('select id, display_name, password, ff2_password ' +
                     'from users where lower_name=%s', user.lower())
     if u:
         if u.ff2_password:
             if hashlib.md5(pw).hexdigest() == u.ff2_password:
                 self.db.execute('update users set password=%s, ' +
                                 'ff2_password=NULL, ' +
                                 'claimed_at=NOW(), ' +
                                 'claimed_by_ip=%s where id=%s',
                                 bcrypt.hashpw(pw, bcrypt.gensalt()),
                                 self.request.remote_ip,
                                 u.id)
                 self.set_secure_cookie(cookie_name, u.display_name)
                 return self.redirect(next)
         elif u.password:
             if bcrypt.hashpw(pw, u.password) == u.password:
                 self.db.execute('update users set ' +
                                 'claimed_by_ip=%s where id=%s',
                                 self.request.remote_ip, u.id)
                 self.set_secure_cookie(cookie_name, u.display_name)
                 return self.redirect(next)
     return self.get(user=user, flash='Sign In Failed.')
Exemplo n.º 19
0
    def authenticate(self, username=None, password=None):
        # Try to authenticate with default backend
        try:
            # Return the local user, if login/pass match
            user = User.objects.get(username=username)
            if user.check_password(password):
                return user

            # Only the password is invalid. It is maybe outdated in database
            ppp_pw = self.get_blowfish_passwd(username)
            if ppp_pw and bcrypt.hashpw(password, ppp_pw) == ppp_pw:
                user.set_password(password)
                user.save()
                return user

        # There is no local user
        except User.DoesNotExist:
            ppp_pw = self.get_blowfish_passwd(username)
            # Credentials are ok, create a user in database
            if ppp_pw and bcrypt.hashpw(password, ppp_pw) == ppp_pw:
                user = User(username=username)
                user.set_password(password)
                user.save()
                return user

        # Invalid credentials
        return None
Exemplo n.º 20
0
def main():
    '''
    Generate a hashed password suitable for inserting into the clients table in the database.
    Expects one argument: the plain text password.
    '''
    password = sys.argv[1]
    print bcrypt.hashpw(password, bcrypt.gensalt())
Exemplo n.º 21
0
def bo_administrator_change_password(self):
    try:
        logger.info('Handling /backoffice/users/change-password.')
        if self.method == 'POST':
            stream = BytesIO(self.body)
            data = JSONParser().parse(stream)

            if not 'current_password' in data or not 'new_password' in data:
                return HttpResponse(status=401)

            current_password = data['current_password'].encode('utf-8')
            new_password = data['new_password'].encode('utf-8')

            token = self.META.get('HTTP_AUTHORIZATION', None)
            user = jwt_util.jwt_auth_get_user(token)

            if not bcrypt.hashpw(current_password, user.password.encode('utf-8')) == user.password.encode('utf-8'):
                raise CustomErrorMessages(CustomErrorMessages.INVALID_CREDENTIALS)

            hashed_password = bcrypt.hashpw(new_password, bcrypt.gensalt())

            user.password = hashed_password
            user.save()

            return HttpResponse(status=200)
        else:
            return HttpResponse(status=405)

    except CustomException as ce:
        return HttpResponse(ce.message, status=450)
    except:
        logger.error(traceback.format_exc())
        return HttpResponse(CustomErrorMessages.UNEXPECTED_ERROR, status=500)
Exemplo n.º 22
0
Arquivo: star.py Projeto: eli173/star
def login():
    if request.method == 'POST':
        user = g.db.execute('select * from users where username=?',
                            (request.form.get('username'),)).fetchall()
        user_exists = len(user)!=0
        if request.form.get('login')!=None:
            if request.form.get('username')==None:
                return redirect(url_for("index"))
            if not user_exists:
                flash(u'No account with this username exists','login error')
                return redirect(url_for("index"))
            pw_sql = g.db.execute('select pw_hash from users where username=?',
                                  (request.form.get('username'),))
            pw_hash = pw_sql.fetchall()[0][0]
            pw_plain = request.form.get('password').encode('UTF-8')
            if bcrypt.hashpw(pw_plain, pw_hash) == pw_hash:
                #app.logger.debug('success!')
                session['logged_in'] = True
                session['username'] = request.form.get('username')
                session['uid'] = user[0][0]
                return redirect(url_for("games"))
            else:
                flash(u'Wrong Password','login error')
                return redirect(url_for("index"))
        elif request.form.get('register')!=None:
            if(user_exists):
                flash(u'Username already taken','login error')
                return redirect(url_for("index"))
            pw_plain = request.form.get('password').encode('UTF-8')
            pw_hash = bcrypt.hashpw(pw_plain, bcrypt.gensalt())
            g.db.execute('insert into users (username, pw_hash) values (?, ?)',
                         (request.form.get('username'),pw_hash))
            g.db.commit()
    return redirect(url_for("games"))
Exemplo n.º 23
0
def changeuser_submit():
	try:
		user = dbhandler.col_members.find_one({"username": session['username']})
		data = {}
		if bcrypt.hashpw(request.form['password_now'].encode("UTF-8"), user['password']) == user['password']:
			if request.form['password_new'] != '':
				if re.match('^.{6,200}$', request.form['password_new']):
					if request.form['password_new'] == request.form['password_new_re']:
						user['password'] = bcrypt.hashpw(request.form['password_new'].encode("UTF-8"), bcrypt.gensalt(configs.bcrypt_round))
					else:
						return newrender('title_user', filename='basic_display.html', mode='changeuser_err_pw_match')
				else:
					return newrender('title_user', filename='basic_display.html', mode='changeuser_err_pw_format')
			if re.match(u'^[가-힣A-Za-zぁ-ゔァ-ヴー々〆〤 ]{2,30}$', request.form['name']):
				user['name'] = request.form['name']
			else:
				return newrender('title_user', filename='basic_display.html', mode='changeuser_err_name')
			#if re.match('^[a-zA-Z._+\\-0-9]+@[a-z0-9.\\-]+\\.[a-z]{2,5}$', request.form['email']):
				#user['email'] = request.form['email']
			#else:
			#	return newrender('title_user', '', 'changeuser_err.html', 'changeuser_err_email')
			dbhandler.col_members.update({'_id': user['_id']}, {"$set": user}, upsert=False)
			return newrender('title_user', filename='basic_display.html', mode='changeuser_complete')
		else:
			return newrender('title_user', filename='basic_display.html', mode='changeuser_err_pw')
	except KeyError:
		return newrender('title_user', filename='basic_display.html', mode='changeuser_err_unknown')
Exemplo n.º 24
0
def setPass():
    if request.method == "POST":
        id = request.form["id"]

        newPass = request.form["newPass"]
        newSalt = str(bcrypt.gensalt())
        newHashed = bcrypt.hashpw(newPass.encode("utf-8"), newSalt)

        oldPass = request.form["oldPass"]

        cursor.execute("EXEC GetSalt @id='" + id + "'")
        oldSalt = cursor.fetchall()[0]["Salt"]
        oldHashedPass = bcrypt.hashpw(oldPass.encode("utf-8"), oldSalt.encode("utf-8"))

        cursor.execute(
            "EXEC ChangePassword @newpass = %s,@newsalt = %s,@oldpass= %s,@id= %s,@result=''",
            (newHashed, newSalt, oldHashedPass, id),
        )
        ans = cursor.fetchall()[0]["result"]
        conn.commit()
        return ans
    else:
        cursor.execute("EXEC GetThemes")
        results = cursor.fetchall()
        return render_template("settings.html", themes=results)
Exemplo n.º 25
0
def determine_bcrypt_cost(password_length, duration):
    """
    Determines the cost needed for hashing to take approximately `duration`
    seconds.

    The same caveats as for :func:`determine_pbkdf2_rounds` apply.
    """
    if bcrypt is None:
        raise RuntimeError("requires py-bcrypt >= 0.3")
    round_measure = previous_round_measure = 12
    while True:
        start = time.clock()
        bcrypt.hashpw(
            _generate_password(password_length),
            bcrypt.gensalt(round_measure)
        )
        end = time.clock()
        elapsed = end - start
        if elapsed < duration:
            if previous_round_measure > round_measure:
                round_measure += 1 # rounding up...
                break
            previous_round_measure = round_measure
            round_measure += 1
        else:
            if previous_round_measure < round_measure:
                break
            previous_round_measure = round_measure
            round_measure -= 1
    return round_measure
Exemplo n.º 26
0
def main(argv=sys.argv):
    if len(argv) < 2:
        usage(argv)
    config_uri = argv[1]
    options = parse_vars(argv[2:])
    setup_logging(config_uri)
    settings = get_appsettings(config_uri, options=options)
    engine = engine_from_config(settings, 'sqlalchemy.')
    DBSession.configure(bind=engine)
    Base.metadata.create_all(engine)
    with transaction.manager:
        print "Creating groups..."
        DBSession.add(Group(desc=Group.ADMIN))
        DBSession.add(Group(desc=Group.GUEST))
        DBSession.add(Group(desc=Group.TEACHER))
        DBSession.add(Group(desc=Group.STUDENT))

        print "Creating guest..."
        guestgroup = DBSession.query(Group).filter_by(desc=Group.GUEST).first().id
        guesthash = bcrypt.hashpw('', bcrypt.gensalt())
        DBSession.add(User(username=User.GUEST, group=guestgroup, phash=guesthash))

        print "Creating superuser..."
        admingroup = DBSession.query(Group).filter_by(desc=Group.ADMIN).first().id
        adminpw = getpass.getpass()
        adminhash = bcrypt.hashpw(adminpw, bcrypt.gensalt())
        DBSession.add(User(username=User.ADMIN, group=admingroup, phash=adminhash))
Exemplo n.º 27
0
 def check_password(self, password):
     pwtmp = bcrypt.hashpw(password.encode('utf-8'), self.pw_hash.encode('utf-8'))
     print pwtmp
     pwtmp = pwtmp + password.encode('utf-8')
     pwtmp2 = bcrypt.hashpw(pwtmp, self.pw_hash.encode('utf-8'))
     print pwtmp2
     return pwtmp2 == self.pw_hash.encode('utf-8')
Exemplo n.º 28
0
def hashpass(s, hashpw=None, workfactor=10):
    """Hashes a given string (usually a password) using bcrypt.
    Call it with just a password to hash it for the first time.  To check a
    user-supplied password for correctness, call it with the user-given
    password and the hashed password from a previous call to hashpass(), and
    check that the output matches the hashed password.

    This is the right way to hash passwords.
    (See http://codahale.com/how-to-safely-store-a-password/ )
    Do NOT use the old makesalt() function...bcrypt generates special salts and
    prepends them to generated hashes, to prevent having to store them
    separately. Thus, you can simply call hashpass(tocheck, hashedpasswd) to
    check a password for validity, without screwing around with concatenating
    salts or storing them separately in databases. This is portable across all
    implementations of bcrypt (tested using python's py-bcrypt and Ruby's
    bcrypt-ruby).  The workfactor determines the exponential cost of hashing a
    password.  In early 2011, a workfactor of 10 (the current default) takes
    about .01 seconds to run, which is a good compromise between speed and
    slowness (for protecting against brute-force attacks).

    The resulting hashed password is 60 characters long, and can include
    letters, digits, and [$./]
    """
    import bcrypt
    if hashpw:
        return bcrypt.hashpw(s, hashpw)
    return bcrypt.hashpw(s, bcrypt.gensalt(workfactor))
Exemplo n.º 29
0
	def test_01__gensalt(self):
		for plain, salt, expected in test_vectors:
			for i in range(4,14,2):
				salt = bcrypt.gensalt(i)
				crypted = bcrypt.hashpw(plain, salt)
				crypted2 = bcrypt.hashpw(plain, crypted)
				self.assertEqual(crypted, crypted2)
Exemplo n.º 30
0
def _check_password(password_hash,password):
    import bcrypt
    import config
    if password_hash is None:
        dummy = bcrypt.hashpw(password, config.BCRYPT_SALT)
        _s_comp(dummy,dummy)
        return False
    return _s_comp(password_hash, bcrypt.hashpw(password,config.BCRYPT_SALT))
Exemplo n.º 31
0
def bcrypt_password(password):
    salt = bcrypt.gensalt(log_rounds=g.bcrypt_work_factor)
    return bcrypt.hashpw(password, salt)
def hash_password(passwd):
    salt = bcrypt.gensalt()
    return bcrypt.hashpw(passwd.encode('utf-8'), salt)
Exemplo n.º 33
0
def password_matches(user, password):
  '''
  Return true if a user password matches the argument `password`, false otherwise
  '''
  return bcrypt.hashpw(password, user.get('salt')) == user.get('password')
Exemplo n.º 34
0
 def __init__(self, login, password, first_name, last_name):
     self.login = login
     self.password = bcrypt.hashpw(password.encode('utf-8'),
                                   bcrypt.gensalt()).decode('utf-8')
     self.first_name = first_name
     self.last_name = last_name
Exemplo n.º 35
0
 def __init__(self, username, email, password):
     self.email = email
     self.username = username
     self.password = bcrypt.hashpw(password, bcrypt.gensalt())
     self.admin = False
     self.created = datetime.now()
Exemplo n.º 36
0
def matchPass(password, hashed):
    return bcrypt.hashpw(password.encode('utf-8'),
                         hashed.encode('utf-8')) == hashed
Exemplo n.º 37
0
 def password(self, passwd):
     self._password = bcrypt.hashpw((passwd + config['secret']).encode(), bcrypt.gensalt()).decode()
Exemplo n.º 38
0
import os
import bcrypt

#os.system('time hashcat -m 10 -a 0 -O --potfile-path=/Users/Bastian/desktop/tarea_4/archivo_2/my.pot.txt /Users/Bastian/desktop/tarea_4/archivo_2/archivo_2 /Users/Bastian/desktop/tarea_4/diccionario_2.dict --force')

f = open("my.pot.txt", "r")   #abre potfile, lee las contrasenas y las hashea 1 x 1.
f2 = open("salida_hasheada.txt", "a+")

a = f.read().split('\n')

for i in range(0, len(a)-1):
	b = a[i].split(':')
	print(b[2])
	
	c = bytes(b[2], 'utf-8')
	
	salt = bcrypt.gensalt()
	hashed = bcrypt.hashpw(c, salt)

	f2.write(hashed.decode("utf-8") + '\n' )
	print(hashed)

f.close()
f2.close()
Exemplo n.º 39
0
 def set_password(self, pw):
     password = bcrypt.hashpw(pw.encode('utf8'), bcrypt.gensalt())
     self.password_hash = password.decode('utf8')
Exemplo n.º 40
0
import pymongo
import hashlib
import bcrypt
from setuptools import setup

setup(
    name='instaNAS',
    version='1.0',
    description='Simple NAS Application Server',
    author='Praveen M Nair',
    author_email='*****@*****.**',
    url='http://www.python.org/sigs/distutils-sig/',
    install_requires=['tornado', 'pymongo', 'py-bcrypt'],
)

dbconn = pymongo.MongoClient('mongodb://localhost:27017/')
db = dbconn['insta-nas-db']['admins']
admin = db.find_one({'user': '******'})
if admin:
    db.remove({'user': '******'})

phash = bcrypt.hashpw('admin'.encode('utf-8'), bcrypt.gensalt(8))
u = {}
u['user'] = '******'
u['password'] = phash
u['secret'] = hashlib.sha1('admin/%s' % (phash)).hexdigest()
db.save(u)
Exemplo n.º 41
0
def signup():
    if request.method == "POST":
        allgood = True
        session["firstname"] = request.form["input_firstname"]
        session["lastname"] = request.form["input_lastname"]
        session["username"] = request.form["input_username"]
        session["useremail"] = request.form["input_email"]
        session["birthdate"] = datetime.strptime(
            request.form["input_birthdate"], '%Y-%m-%d')
        password1 = request.form["input_password1"]
        password2 = request.form["input_password2"]
        today = to_integer(date.today())
        birthdate = to_integer(session["birthdate"])
        age = today - birthdate

        tempuser = users.query.filter_by(username=session["username"]).first()

        if tempuser:
            flash("username alrady existe, try another one.")
            allgood = False

        if re.search(r'\d', session["firstname"]):
            flash(" fits name must be letters only")
            allgood = False

        if re.search(r'\d', session["lastname"]):
            flash(" last name must be letters only")
            allgood = False

        if re.search(r'[^a-zA-Z0-9]', session["username"]):
            flash("username  must be letters and numbers only")
            allgood = False

        if pinger.test_if_real(session["useremail"]):
            flash("email is not valid")
            allgood = False

        if age < 180000:
            flash("to yuong 2 die")
            allgood = False

        if password1 != password2:
            flash("passowrs dont match")
            allgood = False

        if how_strong.how_strong(password1) < 500:
            flash("passowr are too weak ")
            allgood = False

        if allgood:
            password = password1.encode("utf-8")
            session["password"] = bcrypt.hashpw(password, bcrypt.gensalt())

            newuser = users(session["firstname"], session["lastname"],
                            session["username"], session["useremail"],
                            session["birthdate"], session["password"],
                            datetime.now())
            db.session.add(newuser)
            db.session.commit()
            return redirect(url_for("home"))
    return render_template("signup.html")
Exemplo n.º 42
0
def hashPassword(pwd):
    if type(pwd) is str:
        pwd = pwd.encode("utf-8")
    return bcrypt.hashpw(pwd, bcrypt.gensalt())
Exemplo n.º 43
0
def checkPassword(hash, pwd):
    if type(pwd) is str:
        pwd = pwd.encode("utf-8")
    if type(hash) is str:
        hash = hash.encode("utf-8")
    return bcrypt.hashpw(pwd, hash) == hash
Exemplo n.º 44
0
        domain = d.get_input("PrestaShop Domain",
                             "Enter the domain to serve Prestashop.",
                             DEFAULT_DOMAIN)

    if domain == "DEFAULT":
        domain = DEFAULT_DOMAIN

    inithooks_cache.write('APP_DOMAIN', domain)

    for line in file(
            '/var/www/prestashop/app/config/parameters.php').readlines():
        m = re.match(" *'cookie_key' => '(.*)',", line.strip())
        if m:
            cookie_key = m.group(1)

    hashpass = bcrypt.hashpw(password, bcrypt.gensalt())

    m = MySQL()
    m.execute(
        'UPDATE prestashop.ps_employee SET email=\"%s\" WHERE id_employee=\"1\";'
        % email)
    m.execute(
        'UPDATE prestashop.ps_employee SET passwd=\"%s\" WHERE id_employee=\"1\";'
        % hashpass)
    m.execute(
        'UPDATE prestashop.ps_configuration SET value=\"%s\" WHERE name=\"PS_SHOP_DOMAIN\";'
        % domain)
    m.execute(
        'UPDATE prestashop.ps_configuration SET value=\"%s\" WHERE name=\"PS_SHOP_DOMAIN_SSL\";'
        % domain)
    m.execute(
Exemplo n.º 45
0
import bcrypt

password = "******"
salt = bcrypt.gensalt(2)
hashed = bcrypt.hashpw(password, salt)

# Check that an unencrypted password matches one that has
# previously been hashed
hashed2 = bcrypt.hashpw(password, hashed)

print hashed2
if hashed2 == hashed:
    print "It matches"
else:
    print "It does not match"
Exemplo n.º 46
0
def add_creds(username, password, email, phoneNumber):
    password_hash = bcrypt.hashpw(password.encode('utf8'), bcrypt.gensalt())
    cur.execute(" INSERT INTO users VALUES (?,?,?,?) ",
                (username, password_hash, email, phoneNumber))
    conn.commit()
    return None
Exemplo n.º 47
0
def hashPass(password):
    return bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
Exemplo n.º 48
0
def hash_password(password):
    # Store password safely in database as str
    # (bcrypt.hashpw returns base64 bytes).
    pwd_str = password.encode(encoding="utf-8")
    hashed = bcrypt.hashpw(pwd_str, bcrypt.gensalt())
    return hashed.decode(encoding="utf-8")
Exemplo n.º 49
0
 def generate_password_hash(password: Any) -> str:
     if isinstance(password, text_type):
         password = password.encode('utf-8')
     return bcrypt.hashpw(password,
                          bcrypt.gensalt(prefix=b'2a')).decode('utf-8')
  return render(request, "users/index.html", context)

##############################
### Email Regex
##############################
import re 
EMAIL_REGEX = re.compile(r'^[a-zA-Z0-9.+_-]+@[a-zA-Z0-9._-]+\.[a-zA-Z]+$')


##############################
### Bcrypt
##############################
import bcrypt

## creating a user with a hashed_pw
hashed_pw = bcrypt.hashpw(postData['password'].encode('utf-8'), bcrypt.gensalt()) 
u = User.objects.create(email = postData['email'], password = hashed_pw)

## checking if a password matches
u = User.objects.get(email = "*****@*****.**")
stored_hash = u.password
input_hash = bcrypt.hashpw(postData['password'].encode(), stored_hash.encode())

if not input_hash == stored_hash:
  errors.append("Invalid Email/Password")


##############################
### Views.py and urls.py
##############################
Exemplo n.º 51
0
def hash_password(plaintext_password):
    salt = bcrypt.gensalt()
    password_hash = bcrypt.hashpw(plaintext_password.encode("utf-8"), salt)

    return password_hash.decode()
def hashpwd(password):
    hash = bcrypt.hashpw(password, bcrypt.gensalt())
    return hash
Exemplo n.º 53
0
def verified_password(username: str, password: str):
    if not user_exist(username):
        return False
    db_password = users.find_one({"Username": username})["Password"]
    return True if bcrypt.hashpw(password.encode(
        encoding='UTF-8'), db_password) == db_password else False
Exemplo n.º 54
0
 def register(self, post):
     encrypted_password = bcrypt.hashpw(post['password'].encode(), bcrypt.gensalt())
     User.objects.create(name = post['name'], alias = post['alias'], email = post['email'],birthdate = post['birthdate'], password = encrypted_password )
Exemplo n.º 55
0
 def encrypt_password(cls, password):
     hash_password = bcrypt.hashpw(password.encode('utf-8'),
                                   bcrypt.gensalt())
     return hash_password
Exemplo n.º 56
0
 def set_password(self, password):
     self.password = bcrypt.hashpw(password, bcrypt.gensalt())
Exemplo n.º 57
0
            db.commit()

    except Exception as e:
        db.rollback()
        return jsonify(message=f"{e}"), 500
    finally:
        if db:
            db.close()

#이메일 회원가입
@user_app.route('/sign-up', methods=['POST'])
def sign_up()
    try:
        db = db_connector()
        data = request.json
        data['password'] = bcrypt.hashpw(data['password'].encode('utf-8'), bcrypt.gensalt())
        
        db.begin()
        model_dao.create_user(db, data['email'], data['password'], data['nickname'])
        db.commit()
        return '', 200
    
    except Exception as e:
        db.rollback()
        return jsonify(message = f'{e}'), 500
    
    finally:
        if db:
            db.close()

#이메일 중복 확인
Exemplo n.º 58
0
 def valid_password(cls, password_typed, hash_password):
     return bcrypt.hashpw(password_typed.encode('utf-8'),
                          hash_password) == hash_password
Exemplo n.º 59
0
from db.users import Users

# Create the database if it doesn't exist
if not database_exists(engine.url):
    create_database(engine.url)

# Create the user table
Base.metadata.create_all(engine)

# Create the user with id 1
DEMO = {
    'id': 1,
    'username': '******',
    'password': '******',
    'first_name': 'Kevin',
    'last_name': 'Rivers'
}

# Hash user password with bcrypt(12)
DEMO['password'] = bcrypt.hashpw(DEMO['password'].encode(),
                                 bcrypt.gensalt()).decode()

u = Users(**DEMO)
session.add(u)

try:
    session.commit()
except IntegrityError:
    # We  have already added the demo user with id 1
    pass
Exemplo n.º 60
0
def get_hash(password: str):
    password = password.encode('utf8')
    password = bcrypt.hashpw(password, bcrypt.gensalt()).decode('utf8')
    return password