def login(): # YOUR SOLUTION HERE if request.method == 'GET': return render_template('login.html', error=request.args.get('error')) elif request.method == 'POST': username = request.form['username'] password = request.form['password'] users = get_users() # Check if username in database if username in users: password_encripted = hash_password(password) password_db = users[username] # Check if password matches if password_encripted == password_db: session['logged_in'] = username print ('Ok') return render_template('dashboard.html', title='Dashboard') else: print ('Nok') return redirect(url_for('login', error=True)) else: return redirect(url_for('login', error=True)) return render_template('login.html', title='Login')
def signup(): ''' Sign up view for new users, redirecting to the RSS list page. ''' if not session.get('logged_in'): form = LoginForm(request.form) if request.method == 'POST': username = request.form['username'].lower() password = hash_password(request.form['password']) email = request.form['email'] if form.validate(): if not is_user_key_take(username): add_user(username, password, email) session['logged_in'] = True session['name'] = username return json.dumps({'status': 'Signup successful'}) return json.dumps({'status': 'Username taken'}) return json.dumps({'status': 'User/Pass required'}) return render_template('index.html', form=form) return redirect(url_for('login'))
def authenticate(cls, username, password, password_salt): """TODO Args: username (str) password (str) Returns: User """ user = cls.get_by_username(username) if user is None: return None if user.locked is True: return ( None ) # TODO: Let the API consumer know and allow them to reset. if hash_password(password, password_salt) != user.password: user.failed_login_attempts += 1 if user.failed_login_attempts >= 5: user.locked = True db.session.commit() return None else: user.failed_login_attempts = 0 db.session.commit() return user
def _login(username, password): salt_query = """SELECT salt FROM clients WHERE username = ? LIMIT 1""" cursor.execute(salt_query, (username,)) auth_result = cursor.fetchone() if auth_result is None: return False pwd_hash, _ = hash_password(password, salt=auth_result['salt']) select_query = """SELECT id, username, balance, message FROM clients WHERE username = ? AND password = ? LIMIT 1""" cursor.execute(select_query, (username, pwd_hash)) user = cursor.fetchone() if(user): return Client(user[0], user[1], user[2], user[3]) else: return False
def register(email, password): user = User() user.email = email user.name = email user.password = helpers.hash_password(password) user.put() return user
def _login(username, password): salt_query = """SELECT salt FROM clients WHERE username = ? LIMIT 1""" cursor.execute(salt_query, (username, )) auth_result = cursor.fetchone() if auth_result is None: return False pwd_hash, _ = hash_password(password, salt=auth_result['salt']) select_query = """SELECT id, username, balance, message FROM clients WHERE username = ? AND password = ? LIMIT 1""" cursor.execute(select_query, (username, pwd_hash)) user = cursor.fetchone() if (user): return Client(user[0], user[1], user[2], user[3]) else: return False
def change_pass(new_pass, logged_user): update_sql = session.query(Clients).update({"password": new_pass}) update_sql = """UPDATE clients SET password = ?, salt = ? WHERE id = ?""" pwd_hash, salt = hash_password(new_pass) cursor.execute(update_sql, (pwd_hash, salt, logged_user.get_id()))
def __init__(self, username, password, password_salt, config=None): self.username = username.lower() self.password = hash_password(password, password_salt) self.failed_login_attempts = 0 self.locked = False self.created = datetime.utcnow() db.session.add(self) db.session.commit()
def change_pass(new_pass, logged_user): update_sql = """UPDATE clients SET password = ?, salt = ? WHERE id = ?""" pwd_hash, salt = hash_password(new_pass) cursor.execute(update_sql, (pwd_hash, salt, logged_user.get_id())) conn.commit()
def find_or_create_user(self, request): user = Users.objects.filter(email=request.get('email')).first() if user: return user, 'invitation_email' user_details = UserDetails.objects.create(first_name=request.get('display_name')) data = {'id': generate_unique_code(), 'email': request.get('email'), 'display_name': request.get('display_name'), 'user_detail_id': user_details.id, 'password': hash_password('sync#125'), 'is_password_change_required': True, 'confirmation_code': get_confirmation_code(request.get('email')) } return Users.objects.create(**data), 'activation_email'
def create_mock_teams(): conn = sqlite3.connect(db.DATABASE_NAME) c = conn.cursor() c.execute("INSERT INTO teams VALUES (?, ?, ?, ?)", ("test team 1", "test1", helpers.hash_password("test1"), "*****@*****.**")) c.execute("INSERT INTO teams VALUES (?, ?, ?, ?)", ("test team 2", "test2", helpers.hash_password("test2"), "*****@*****.**")) c.execute("INSERT INTO team_scores VALUES (?, ?, ?)", ("test team 1", 0, time.time())) c.execute("INSERT INTO team_scores VALUES (?, ?, ?)", ("test team 2", 0, time.time())) c.execute("INSERT INTO team_puzzles VALUES (?, ?, ?)", ("test team 1", False, False)) c.execute("INSERT INTO team_puzzles VALUES (?, ?, ?)", ("test team 2", False, False)) conn.commit() conn.close()
def add_user_to_db(self, request): Users.params['firstName'] = request.get("firstName") Users.params['lastName'] = request.get("lastName") Users.params['userEmail'] = request.get("userEmail") password = hash_password(request.get("password")) Users.params['password'] = password query = "INSERT INTO users (firstName, lastName, userEmail, password) \ VALUES (%(firstName)s, %(lastName)s, %(userEmail)s, %(password)s)" connect_db(query, Users.params)
def register(self, username, password): if self.__is_registered(username) is not None: return False client = Client(username=username, password=hash_password(password), is_blocked=False, blocked_until = None) self.__commit_changes([client]) return True
def register(username, password): validator = get_validator(username) if not validator.is_valid(password): raise StrongPasswordException(messages.STRONG_PASSWORD) hashed_password, salt = hash_password(password) insert_sql = """INSERT INTO clients (username, password, salt) VALUES (?, ?, ?)""" cursor.execute(insert_sql, (username, hashed_password, salt)) conn.commit()
def settings(): if session.get('logged_in'): if request.method == 'POST': password = request.form['password'] if password != "": password = helpers.hash_password(password) email = request.form['email'] helpers.change_user(password=password, email=email) return json.dumps({'status': 'Saved'}) user = helpers.get_user() return render_template('settings.html', user=user) return redirect(url_for('login'))
def register(self, username, password): if self.__is_registered(username) is not None: return False client = Client(username=username, password=hash_password(password), is_blocked=False, blocked_until=None) self.__commit_changes([client]) return True
def valid_login(username, password): # username = request.form['username'] # password = request.form['password'] user_db = get_users() hsd_enterd_pw = hash_password(password) # check if user in db result = False if username in list(user_db.keys()): # check if hashed pw matches with db_pw if user_db[username] == hsd_enterd_pw: result = True return result
def reset_pass(): form = ResetPasswordForm() email = session.get('email') if request.method == 'GET': return render_template('reset_password.html', title='Reset Password', form=form) else: response = table.get_item(Key={'email': email}) user = response['Item'] user['password'] = hash_password(form.password.data) table.put_item(Item=user) return redirect('/Prod/login')
def bootstrap(): cleanup() """ Adding bootstrap model objects to the database """ # Seed an admin user, which equivalent to a normal user as for now user = Player(username="******", password_hash=hash_password("default")) user.put() # Seed 10 users and a game player_ids = [] for i in range(0, 10): player = Player(username="******" + str(i), password_hash=hash_password("p" + str(i))) player_ids.append(player.put().id()) player_names = player_ids[0:5] game_title = "Java" shuffle(player_names) players_to_join = [Player.get_by_id(player_id) for player_id in player_names] new_game = Game(title=game_title, num_player=len(players_to_join)) new_game.put() for i in range(-1, len(players_to_join) - 1): killer = players_to_join[i] target = players_to_join[i + 1] if killer is not None and target is not None: GamePlayer(game=new_game, player=killer).put() GameHistory(killer=killer, target=target, game=new_game, is_complete=False, confirm_msg=msg_generator()).put() else: cleanup() print("Error in seeding!") names = ["Ken", "Rebecca", "Paul", "Sam", "Yulun"] for name in names: player = Player(username=name, password_hash=hash_password("p" + string.lower(name[0]))) player.put()
def request_loader(request): username = request.form.get('username') #################### # FOR SUPER USER # #################### if username == "admin" and request.form['password'] == "admin": return User(username) tm = team.get_team_by_username(username) if not tm: return user = User(username, tm) if helpers.hash_password(request.form['password']) == tm.code: return user return
def register(self, user, password): validator = get_validator(user) if not validator.is_valid(password): raise StrongPasswordException("Your password is not strong enough") hashed_password, salt = hash_password(password) current_user = self.session.query(Clients.username).\ filter(Clients.username == user).first() if current_user is not None: raise ClientAlreadyRegistered('Client already registered') client = Clients(username=user, password=hashed_password, salt=salt) self.__commit_object(client)
def create_user(data): create_user_rule(data) repo = AuthRepository() inputs = { 'id': helpers.generate_unique_code().__str__(), 'email': data['email'], 'age': str(data['age']), 'weight': str(data['weight']), 'height': str(data['height']), 'activity': data['activity'], 'gendar': data['gendar'], 'password': helpers.hash_password(data['password']), 'name': data['name'], } user = repo.store(User, inputs) return user
def register(): """Let users register""" if request.method == "POST": #Check if all fields were filled in if not request.form.get("username"): return render_template("sorry.html", error="Username field not filled in") elif not request.form.get("password"): return render_template("sorry.html", error="Password field not filled in") elif not request.form.get("passwordConfirm"): return render_template("sorry.html", error="Password confirmation field not filled in") #Get all fields from the form username = request.form.get("username") password = request.form.get("password") passwordConfirm = request.form.get("passwordConfirm") ## DEBUG: print(username, file=sys.stderr) print(password, file=sys.stderr) print(passwordConfirm, file=sys.stderr) #Check form for correctness if not password == passwordConfirm: return render_template("sorry.html", error="Passwords did not match") # Check whether we have an entry with that username userrow = db.execute("SELECT * FROM users WHERE username = :username", {"username": username}) user_exists = userrow.first() if not user_exists: # If we do not have an entry with that username, store the username and hashed password in the database hashedPassword = hash_password(password) db.execute("INSERT INTO users (username, passwordhash) VALUES (:username, :hashedPassword)", {"username": username, "hashedPassword": hashedPassword}) db.commit() return render_template("registercomplete.html") # If a row with that username was found, apologize to user else: return render_template("sorry.html", error="That username is taken.") # GET-method for register: present register form else: return render_template("register.html")
def login(self, username, password): user = self.__is_registered(username) if user is None: return "USER_NOT_EXISTS" if not self.__can_login(user): return "USER_BLOCKED" password = hash_password(password) if user.password == password: self.__success_login_attempt(user) return user self.__failed_login_attempt(user) return "FAILED_LOGIN"
def signup(): if not session.get('logged_in'): form = LoginForm(request.form) if request.method == 'POST': username = request.form['username'].lower() password = helpers.hash_password(request.form['password']) email = request.form['email'] if form.validate(): if not helpers.username_taken(username): helpers.add_user(username, password, email) session['logged_in'] = True session['username'] = username return json.dumps({'status': 'Signup successful'}) return json.dumps({'status': 'Username taken'}) return json.dumps({'status': 'User/Pass required'}) return render_template('login.html', form=form) return redirect(url_for('login'))
def register(): """ Registers a user """ if request.method == "GET": return render_template("register.html") username = request.form.get("username").lower() row = DB.execute("SELECT username FROM users WHERE username=:username", { "username": username }).fetchone() if row: message = "Username already exists" return render_template("error.html", message=message) password = request.form.get("password") confirm_password = request.form.get("confirm-password") if password != confirm_password: message = "The two password fields don't match" return render_template("error.html", message=message) if is_invalid(password): message = "Not a valid password" detailed_message = """ A password is valid if it is at Least 8 character long, contains atleast 1 lowercase character, contains atleast 1 uppercase character, contains atleast 1 special character """ return render_template("error.html", message=message, detailed_message=detailed_message) password = hash_password(password) DB.execute( "INSERT INTO users(username, password) VALUES(:username, :password)", { "username": username, "password": password }) DB.commit() session["username"] = username return redirect("/")
def post(self): args_list = ['email', 'password'] data = request.get_json() if not check_request(data, args_list): return error_response user = users.find_one({ 'email': data['email'], 'password': hash_password(data['password']) }) if not user: return 'Invalid email/password', 401 _id = user['_id'] session['id'] = _id.binary return '', 200
def create_user(): form = RegistrationForm() if request.method == 'GET': return render_template('register.html', title='Register', form=form) else: if form.validate_on_submit(): user_data = {'id': generate_uid(), 'fullname': form.username.data, 'email': form.email.data, 'password': hash_password(form.password.data)} if table.get_item(Key={'email': form.email.data}): flash('User with email address already exists', 'danger') return redirect('/Prod/register') table.put_item(Item=user_data) flash('user has been created', 'success') return redirect('/Prod/login') return render_template('register.html', title='Register', form=form)
def login(): if request.method == "GET": print(request.args.get("error")) return render_template("login.html", error=request.args.get("error")) elif request.method == "POST": users = get_users() attempted_password = hash_password(request.form["password"]) try: username = request.form["username"] stored_password = users[username] except KeyError: return redirect(url_for("login", error=True)) if stored_password == attempted_password: session["username"] = request.form["username"] return redirect(url_for("dashboard")) else: return redirect(url_for("login", error=True))
def register(): if not session.get('logged_in'): form = LoginForm(request.form) if request.method == 'POST': username = request.form['username'].lower() password = helpers.hash_password(request.form['password']) email = request.form['email'] c1 = "#360033" c2 = "#0b8793" if form.validate(): if not helpers.username_taken(username): helpers.add_user(username, password, email, c1, c2) session['logged_in'] = True session['username'] = username return json.dumps({'status': 'Register successful'}) return json.dumps({'status': 'Username taken'}) return json.dumps({'status': 'Both fields required'}) return render_template('login.html', form=form) return redirect(url_for('login'))
def login(): """ Facilitates login for a user """ if request.method == "GET": return render_template("login.html") username = request.form.get("username").lower() password = hash_password(request.form.get("password")) user = DB.execute("SELECT * FROM users WHERE username=:username", { "username": username }).fetchone() if user is None or user["password"] != password: message = "Invalid username/password" return render_template("error.html", message=message) session["username"] = user["username"] return redirect("/")
def post(self): ''' Submit a account creation request, to be reviewed by an admin to verify whether the requester is a student ''' args_list = [ 'first_name', 'last_name', 'email', 'serial_number', 'description', 'password' ] data = request.get_json() if not check_request(data, args_list): return error_response if 'student_id' not in request.files: return error_response student_id = request.files['student_id'] if not student_id.filename or student_id.filename[-4:] not in [ '.png', '.jpg' ]: return error_response for arg in ['email', 'serial_number']: if users.find_one({arg: data[arg]}): return f'An account with the same {arg} exists', 400 if requests.find_one({arg: data[arg]}): return f'An account creation request with the same {arg} exists', 400 student_id.filename = urandom(16).hex() + student_id.filename[-4:] student_id.save(f'student_ids/{student_id.filename}') data['student_id'] = student_id.filename data['password'] = hash_password(data['password']) data['status'] = 'pending' data['type'] = 'account' requests.insert_one(data) return 'Account creation request submitted succesfully, an admin will contact you soon', 200
def user_seeder(): user_data = { 'id': '1b3b4f40-2e7c-4a66-b1f1-0f19ff113369', 'display_name': 'AahhoDev', 'email': '*****@*****.**', 'password': helpers.hash_password('feedr123'), 'created_at': datetime.datetime.now(), 'is_god': True, 'is_active': True, 'created_at': datetime.datetime.now(), 'updated_at': datetime.datetime.now(), } user_details = { 'id': 1, 'user_id': '1b3b4f40-2e7c-4a66-b1f1-0f19ff113369', 'first_name': 'AahhoDev', 'last_name': None, 'created_at': datetime.datetime.now(), 'updated_at': datetime.datetime.now(), } store(User, user_data) store(UserDetail, user_details)
def login(): form = forms.LoginForm(request.form) if request.method == 'GET': return render_template("login.html", form=form) if request.method == 'POST' and form.validate(): username = form.username.data #################### # FOR SUPER USER # #################### if username == "admin" and form.password.data == "admin": flask_login.login_user(User(username)) return redirect(url_for('index')) tm = team.get_team_by_username(username) if tm and helpers.hash_password(form.password.data) == tm.code: user = User(username, tm) flask_login.login_user(user) return redirect(url_for('index')) return render_template("login.html", form=form, error="Invalid username/password!")