def change_password(): token = get_param_or_default("token") userMail = db.get_email(token) if userMail != None: userMail = userMail[0] oldPassword = get_param_or_default("oldPassword") newPassword = get_param_or_default("newPassword") user = db.find_user(userMail) if user != None: user = json.loads(user) if user["password"] == oldPassword: if len(newPassword) > 5: db.change_password(userMail, newPassword) success(SUC_PASSWORD_CHANGED) else: err(ERR_PASSWORD_TOO_SHORT) else: err(ERR_INVALID_PASSWORD) else: err(ERR_USER_NOT_FOUND) else: err(ERR_USER_NOT_CONNECTED) return json.dumps(output)
def change_password(token, old_pwd, new_pwd): email = dh.email_from_token(token) old_password = dh.get_pwd(email) if old_password[0] != old_pwd: return json.dumps({"message": "Old Password incorrect"}), 501 dh.change_password(new_pwd, email[0]) return json.dumps({"message": "Password changed"}), 200
def change_password(token, old_password, new_password): if request.method == 'POST': m = hashlib.md5() m2 = hashlib.md5() m.update(old_password) pwd1 = m.hexdigest() m2.update(new_password) pwd2 = m2.hexdigest() database_helper.change_password(token, pwd1, pwd2) jsonfile = json.dumps({"success": True, "Message": "Password changed"}) return jsonfile
def change_password(): token = request.form['token'] old_password = request.form['password'] new_password = request.form['new_password'] if token not in logged_in_users: return jsonify({"success": False, "message": "Not logged in!"}) else: if database_helper.checkPassword(logged_in_users[token], old_password): database_helper.change_password(logged_in_users[token], new_password) return jsonify({"success": True, "message": "Password changed"}) else: return jsonify({"success": False, "message": "Wrong password, try again!"})
def change_password(): data = request.get_json() token = request.headers.get("token") if database_helper.get_loggedinuser(token) != None: email = database_helper.get_loggedinuser(token)['email'] if database_helper.get_user(email)['password'] == data['oldpassword']: database_helper.change_password(email, data['newpassword']) return jsonify({"success": True, "msg": "Password changed"}) else: return jsonify({"success": False, "msg": "Wrong password"}) else: return jsonify({"success": False, "msg": "User is not signed in"})
def change_password(): input_data = request.get_json() token = input_data['token'] email = database_helper.get_email_by_token(token) if email: # user logged in user_data = database_helper.get_user_by_email(email) if input_data['oldPassword'] == user_data['password']: database_helper.change_password(email, input_data['newPassword']) return json.dumps({"success": True, "message": "Password changed."}) else: return json.dumps({"success": False, "message": "Wrong password."}) else: return json.dumps({"success": False, "message": "You are not logged in."})
def change_password(token, old_password, new_password): if (database_helper.logged_in_users(token)): email = database_helper.token_to_email(token) if (verify_password(old_password, database_helper.get_password_by_email(email))): new_password = create_password(new_password) database_helper.change_password(email, new_password) #return {"success": "true", "message": "Password changed."} return "Password changed" else: #return {"success": "false", "message": "Wrong password."} return "Wrong password" else: #return {"success": "false", "message": "You are not logged in."} return "You are not signed in"
def change_password(): data = request.get_json() token = data['token'] old_password = data['old_password'] new_password = data['new_password'] if token != None: email = database_helper.get_email_by_token(token) email = email[0] exists = database_helper.check_user_password(email, old_password) if exists == False: return jsonify({'success': False, 'message': "Wrong password"}) password_changed = database_helper.change_password(email, new_password) if password_changed and exists: return jsonify({ 'success': True, 'message': "Password succesfully changed" }) else: return jsonify({ 'success': False, 'message': "Something went wrong changing the password" }) else: return jsonify({'success': False, 'message': "You are not signed in."})
def change_password(): token = request.values.get('token') old_pw = request.values.get('old_password') new_pw = request.values.get('new_password') user = database_helper.get_user_by_token(token) if len(user) <= 0: return jsonify(success = False, message = "You are not logged in") userpw = database_helper.get_user_by_email(user[0][0]) if old_pw == userpw[0][1]: database_helper.change_password(user[0][0], new_pw) return jsonify(success = True, message = "Password changed") else: return jsonify(success = False, message = "Wrong password")
def change_password(): token = request.json['token'] oldpassword = request.json['oldpassword'] newpassword = request.json['newpassword'] try: email = database_helper.get_email_by_token(token) except: return json.dumps({ 'success': False, 'message': "Token does not exist", 'data': "" }) user = database_helper.get_user(email) if user[0]['password'] == oldpassword: result = database_helper.change_password(email, newpassword) if result: return json.dumps({ 'success': result, 'message': "Password successfully changed", 'data': "" }) else: return json.dumps({ 'success': result, 'message': "Password change failed", 'data': "" }) else: return json.dumps({ 'success': False, 'message': "Old passwords do not match", 'data': "" })
def change_password(token): email = request.json["email"] userToken = loggedInUsersE.get(email) if userToken is None: return jsonify({"success": False, "message": "No such user."}) newPassword = request.json['newPass'] oldPw = request.json['oldPass'] data = '/change-password/' + userToken if checkToken(data, token): return jsonify({"success": False, "message": "No such user."}) result = database_helper.fetch_account(email) # Hash and salt new password if result: hash_pw = result[0][0] salt = result[0][2] if checkHash(hash_pw, oldPw + salt): new_hash_pw = hashPassword(newPassword + salt) result = database_helper.change_password(email, new_hash_pw) if result: return jsonify({"success": True, "message": "Password successfully changed"}) else: return jsonify({"success": False, "message": "Could not change password"})
def change_password(): req = request.get_json(force=True) token = req['token'] old_password = req['old_password'] new_password = req['new_password'] # First see if passwords differ if old_password == new_password: return jsonify(success=False, message="Can't use the same password!") # Is the new password long enough? if not validate(new_password): return jsonify(success=False, message="Password has to be at least 5 characters!") # Use token to get email (also makes sure token is valid and that they are logged in) email = database_helper.get_email(token) if email is None: return jsonify(success=False, message="User is not logged in!") # Make sure old password is correct if not database_helper.find_user(email, old_password): return jsonify(success=False, message="Incorrect password!") # Try changing the password if not database_helper.change_password(new_password, email): return jsonify(success=False, message="Failed to change password!") return jsonify(success=True, message="Password successfully changed!")
def change_password(): token = request.form["token"] oldpass = request.form["oldpassword"] newpass = request.form["newpassword"] email = database_helper.get_active(token) print email if email == None: return json.dumps({ "success": False, "message": "You are not logged in." }) userdata = database_helper.get_user_by_email(email) if userdata[6] != oldpass: return json.dumps({"success": False, "message": "Wrong password."}) success = database_helper.change_password(email, newpass) if success == True: return json.dumps({"success": True, "message": "Password changed."}) else: return json.dumps({ "success": False, "message": "Password change failed." })
def change_password(): data = request.get_json() token = data['token'] old_password = data['old_password'] new_password = data['new_password'] if token != None and old_password != new_password and old_password != None and len( new_password) >= 5: email = database_helper.get_email_by_token(token) email = email[0] exists = database_helper.check_user_password(email, old_password) password_changed = database_helper.change_password(email, new_password) if password_changed and exists: return jsonify({ 'success': True, 'message': "Password succesfully changed" }) else: return jsonify({ 'success': False, 'message': "Something went wrong changing the password" }) else: return jsonify({ 'success': False, 'message': "Make sure that all fields are filled and new password has at least 5 letters" })
def change_password(): token = request.headers.get('Token') data = request.get_json() if 'oldpassword' in data and 'newpassword' in data: if 5 <= len(data['newpassword']) <= 30: user_email = database_helper.get_user_data_by_token( token)[0]['email'] user = find_user(user_email).get_json()[0] new_pw_hashed = bcrypt.generate_password_hash(data['newpassword']) if bcrypt.check_password_hash(user['password'], data['oldpassword']): result = database_helper.change_password( token, user['password'], new_pw_hashed) print(result) if result: return json.dumps({ "success": "true", "message": "Password changed!" }), 200 else: return json.dumps({ "success": "false", "message": "Something went wrong!" }), 500 else: return '', 400 else: return '', 400
def change_password(token): data = request.json if len(data['newPassword']) <= 7: return error_status(400, 'Password too short.') if dh.change_password(token, data['oldPassword'], data['newPassword']): return status('') return error_status(401, 'Wrong password.')
def change_password(): token = request.form['token'] old_pw = request.form['old_pw'] new_pw = request.form['new_pw'] result = database_helper.change_password(token, old_pw, new_pw) database_helper.close() if result: return jsonify({"status": 200}) else: return jsonify({"status": 400})
def change_password(): if request.method == 'POST' : token = request.form['token'] oldpwd = request.form['oldPassword'] newpwd = request.form['newPassword'] if database_helper.get_password(database_helper.get_username_from_token(token))==oldpwd: if len(newpwd) >=10 : database_helper.change_password(token,newpwd) answer = {"success" : "True", "message" : "Sucessfully changed password !" , "data": "" } return json.dumps(answer), 200 else: answer = {"success" : "False", "message" : "New password is too short" , "data": "" } return json.dumps(answer), 200 else: answer = {"success" : "False", "message" : "Old passwords don't match" , "data": "" } return json.dumps(answer), 200 else: abort(404)
def change_password(): token1 = request.form.get('token') oldPassword = request.form.get('oldPassword') newPassword = request.form.get('newPassword') oldPassword = create_hash(oldPassword) newPassword = create_hash(newPassword) err = dh.change_password(token1, oldPassword, newPassword) if err == "passwchanged": return json.dumps({"success": "true", "message": "Password changed."}) else: return json.dumps({"success": "false", "message": "Wrong password."})
def change_password(): if request.method == 'POST': token = request.form['token'] old_password = request.form['old_password'] new_password = request.form['new_password'] email = database_helper.get_email(token) if email == False: return json.dumps({'success': False, 'message': "Invalid token"}) if len(new_password) < 7: return json.dumps({ 'success': False, 'message': '''Password is too short''' }) db_current_hashed_password = database_helper.get_password(email) hashed_old_password = hashlib.sha256(old_password).hexdigest() if hashed_old_password == db_current_hashed_password: hashed_new_password = hashlib.sha256(new_password).hexdigest() database_helper.change_password(email, hashed_new_password) return json.dumps({'success': True, 'message': "Password changed"}) return json.dumps({'success': False, 'message': "Wrong password"})
def change_password(): token1 = request.form.get('token') oldPassword = request.form.get('oldPassword') newPassword = request.form.get('newPassword') oldPassword = create_hash(oldPassword) newPassword = create_hash(newPassword) err= dh.change_password(token1, oldPassword, newPassword) if err == "passwchanged": return json.dumps({"success": "true", "message":"Password changed."}) else: return json.dumps({"success": "false", "message":"Wrong password."})
def change_password(): # check if the user is logged token = request.json['token'] old = request.json['old'] new = request.json['new'] logged = database_helper.user_logged_by_token(token=token) if logged: return database_helper.change_password(token=token, old_password=old, new_password=new) else: return json.dumps({'success' : False, 'message': 'User not logged'})
def change_password(): token1 = request.args.get('token') oldPassword = request.args.get('oldPassword') newPassword = request.args.get('newPassword') #oldPassword = create_hash(oldPassword) #newPassword = create_hash(newPassword) err= dh.change_password(token1, oldPassword, newPassword) if err == "error": return "You wrote wrong old password" else: return "You have now changed password"
def change_password(): token = request.form['token'] if list_token_id.has_key(token): password = request.form['password'] new_password = request.form['new_password'] result = database_helper.change_password(list_token_id.get(token),password,new_password,bcrypt) if result == True: return return_json(200,True,'password change') else: return return_json(401,False,'password incorrect') else: return return_json(403,False,'user not connected')
def change_password(): """Change password Changes password of currently logged in user given old and new password """ data = request.get_json() hashed_token = request.headers.get('token') oldPwd = data['oldPwd'] newPwd = data['newPwd'] email = data['email'] url = '/change_password' token = database_helper.get_token_from_email(email) hashed_old_password = bcrypt.generate_password_hash(oldPwd).decode('utf-8') hashed_password = database_helper.get_hashed_password(email) #print('hashed_password for this email is: ', hashed_password) correct_password = bcrypt.check_password_hash(hashed_password, oldPwd) hashed_new_password = bcrypt.generate_password_hash(newPwd).decode('utf-8') #print('hashed_new_password: '******'correct_password: '******'utf-8')).hexdigest() #print('CHANGEPWD: server_hash is:', server_hash, ' and hashed_token is: ', hashed_token) if (len(newPwd) < 5): res = jsonify({'success': False, 'message': 'Too short password'}) return res if (oldPwd != newPwd) and correct_password and server_hash == hashed_token: result = database_helper.change_password(token[0], str(hashed_password), str(hashed_new_password)) print('result in changepassword', result) if (result == True): res = jsonify({'success': True, 'message': 'Password changed'}) print('changed user password from: ', str(hashed_password), ' to: ', str(hashed_new_password)) return res else: res = jsonify({ 'success': False, 'message': 'Something went wrong!' }) return res else: res = jsonify({ 'success': False, 'message': 'Old and new password are the same' }) return res return jsonify({'success': False, 'message': 'end'})
def change_password(): oldPassword = request.form["oldpass"] newPassword = request.form["newpass"] time_stamp = request.form["time"] email = request.form["email"] blob = oldPassword + newPassword + email if check_hash(blob, email, request.form["hash"], time_stamp): return json.dumps({ 'success': False, 'message': 'You are trying to hack a user. You should be ashamed of yourself!' }) if len(newPassword) < 8: return json.dumps({ 'success': False, 'message': 'The password is too short' }) token = database_helper.get_token(email) if token is None: return json.dumps({ 'success': False, 'message': 'User is not logged in' }) else: if bcrypt.check_password_hash(database_helper.get_password(email), oldPassword): database_helper.change_password( email, bcrypt.generate_password_hash(newPassword)) return json.dumps({ 'success': True, 'message': 'Password was changed successfully' }) else: return json.dumps({'success': False, 'message': 'Wrong password'})
def change_password(token, oldpass, newpass): email = database_helper.get_active(token) print email if email == None : return json.dumps({"success": False, "message": "You are not logged in."}) userdata = database_helper.get_user_by_email(email) if userdata[6] != oldpass : return json.dumps({"success": False, "message": "Wrong password."}) success = database_helper.change_password(email, newpass) if success == True : return json.dumps({"success": True, "message": "Password changed."}) else : return json.dumps({"success": False, "message": "Password change failed."})
def change_password(): data = request.get_json() token = request.headers.get('token') try: #token = data['token'] old_password = data['old_password'] new_password = data['new_password'] except: return jsonify({"success":False, "message":"Could not get JSON-input"}) status = database_helper.change_password(token, old_password, new_password) if(status["success"]): return jsonify({"success":True, "message":status["message"]}) else: return jsonify({"success":False, "message":status["message"]})
def change_password(): content = request.get_json() try: header = request.headers token = header["token"] old_password = content["old_password"] new_password = content["new_password"] content["username"] = loggedInUsers[token] except KeyError as e: response = jsonify({"success": False, "message": "Missing data."}) return response if (len(new_password) < 5): return jsonify({"success": False, "message": "To short password."}) return database_helper.change_password(content )
def change_password(): """Change password Changes password of currently logged in user given old and new password """ token = request.headers.get('token') data = request.get_json() oldPwd = data['oldPwd'] newPwd = data['newPwd'] if(len(newPwd) < 5): res = jsonify({'success': False, 'message': 'Too short password'}) return res result = database_helper.change_password(token, oldPwd, newPwd) print(result) if(result == True): res = jsonify({'success': True, 'message': 'Password changed!'}) return res res = jsonify({'success': False, 'message': 'Something went wrong!'}) return res
def change_password(token): email = loggedInUsers.get(token) if email is None: return jsonify({"success": False, "message": "No such token."}) newPassword = request.form['Password'] oldPw = request.form['oldPassword'] result = database_helper.change_password(email, newPassword, oldPw) print(result) if result: return jsonify({ "success": True, "message": "Password successfully changed", "data": "" }) else: return jsonify({ "success": False, "message": "Could not change password", "data": "" }) #TODO: better output
def change_password(): params = request.json return json.dumps(database_helper.change_password(params))
def change_password(): # Get data from form token = request.json['token'] hashvalue = request.json['hashvalue'] old_password = request.json['oldPassword'] new_password = request.json['newPassword'] repeatNewPsw = request.json['repeatNewPsw'] # Create empty dictionary for storing return data data = {} # Validation: Check if password is long enough if (len(new_password) < password_length): # Pass error data to dictionary data['success'] = False data['message'] = 'Password must have at least ' + str(password_length) + ' characters.' # return the dataset as json data return json.dumps(data) # Check if user is logged in if (is_logged_in(token) == True): # Get user logged_in_user = get_user_by_token(token) email = logged_in_user['email'] privatekey = logged_in_user['privatekey'] # Compare hash values if (hashvalue != hash_data(privatekey + token + old_password + new_password + repeatNewPsw)): data['success'] = False data['message'] = 'Error in hash value' return json.dumps(data) # Get current password and salt from database result = database_helper.get_user(email) db_password = result[2] salt = result[8] # Hash old password old_password = hash_password(salt + old_password) # Validate user input with database data if (db_password != old_password): # Pass error data to dictionary data['success'] = False data['message'] = 'Old password is not correct' # return the dataset as json data return json.dumps(data) # Change password new_password = hash_password(salt + new_password) database_helper.change_password(email, new_password) # Pass success data to dictionary data['success'] = True data['message'] = 'Successfully updated password' else: # Pass error data to dictionary data['success'] = False data['message'] = 'Not able to update password' # return the dataset as json data return json.dumps(data)
def change_password(): data = request.get_json() token = data['token'] old_password = data['old_password'] new_password = data['new_password'] if token != None: public_key = data['publicKey'] loggedUserData = database_helper.get_email_logged_user_new(public_key) email = loggedUserData['email'] stored_token = loggedUserData['token'] equal_hashed_token = False ########################## Token verification ########################## # 1. Recreate the blob using the stored token blob = "" i = 0 while i < len(old_password): blob = blob + old_password[i] i = i + 3 print("blob oldPswd: " + blob) i = 0 while i < len(new_password): blob = blob + new_password[i] i = i + 3 print("blob newPswd: " + blob) blob = stored_token + blob print("blob: " + blob) # 2. Hash it hash = hashlib.sha256(blob.encode()).hexdigest() print(hash) # 3. Compare the two hashes if token == hash: equal_hashed_token = True print("Equal hashes change_password") print(equal_hashed_token) ######################################################################## if equal_hashed_token: inputed_password = old_password ####################### Old password validation ######################## # 1. Retrive user's salt from the database authentication_data = database_helper.get_users_salt(email) # 2. Append salt to the inputed password inputed_password = inputed_password + authentication_data['salt'] # 3. Compare the hash generated from the inputed password with the one in # the database exists = False if (bcrypt.check_password_hash(authentication_data['password'], inputed_password)): exists = True ######################################################################## if exists == False: return jsonify({'success': False, 'message': "Wrong password"}) ######################## New password hashing ########################## # 1. Generate salt salt = os.urandom(32) salt = (binascii.hexlify(salt)).decode('utf-8') # 2. Append salt to the password password = new_password password = password + salt # 3. Hash the password and storing password = bcrypt.generate_password_hash(password).decode('utf-8') password_changed = database_helper.change_password( email, password, salt) ######################################################################## if password_changed and exists: return jsonify({ 'success': True, 'message': "Password succesfully changed" }) else: return jsonify({ 'success': False, 'message': "Something went wrong changing the password" }) else: print("hashes are not the same") return jsonify({ 'success': False, 'message': "The hashes is not the same" }) else: return jsonify({'success': False, 'message': "You are not signed in."})
def resetPswd(): form = EmailForm() if form.validate_on_submit(): emailDest = form.email.data if database_helper.check_if_email_exists(emailDest): #create a new secure password# stringSource = string.ascii_letters + string.digits + string.punctuation password = secrets.choice(string.ascii_lowercase) password += secrets.choice(string.ascii_uppercase) password += secrets.choice(string.digits) for i in range(6): password += secrets.choice(stringSource) char_list = list(password) secrets.SystemRandom().shuffle(char_list) password = ''.join(char_list) ######################## New password hashing ########################## # 1. Find the salt resultSalt = database_helper.get_users_salt(emailDest) salt = resultSalt['salt'] # 2. Append salt to the password passwordSecure = password + salt # 3. Hash the password and storing passwordSecure = bcrypt.generate_password_hash( passwordSecure).decode('utf-8') password_changed = database_helper.change_password( emailDest, passwordSecure, salt) ######################################################################## if password_changed: message = """\ Dear user, Your new password is : """ + password + """ The Twidder team""" msg = MIMEText(message) msg['To'] = email.utils.formataddr((emailDest, emailDest)) msg['From'] = email.utils.formataddr( ('Twidder team', '*****@*****.**')) msg['Subject'] = 'New Twidder password' try: # --- send the email --- server = smtplib.SMTP('smtp.gmail.com', 587) server.starttls() #enable security server.login( '*****@*****.**', 'liuTDDD97!') #login and pswd of the email account server.set_debuglevel( True ) # Dump communication with the receiving server straight to the console. server.sendmail('*****@*****.**', [emailDest], msg.as_string()) flash("An email has been sending to you.", 'success') #return redirect(url_for('root')) except smtplib.SMTPException: flash("Error: unable to send email", 'error') finally: server.quit() else: flash("Something went wrong changing the password", 'error') else: flash("Your email does not exist in our database.", 'error') return render_template('reset_pswd.html', form=form)