def _check_cookie(self): session_id = request.get_cookie('session_id') if session_id: self.user = self.db_engine.validate_session(session_id) if self.user: response.set_cookie( 'session_id', session_id, expires=datetime.now() + timedelta( days=int(self.web_settings['session_expire_days'])))
def user_login(): body = request.json email = body["email"] password = body["password"] user = get_user_by_email(email) if user is not None: response.set_cookie("auth", user.id, secret=COOKIE_SECRET, path="/", max_age=7776000) else: response.status = 400 return "Invalid login"
def do_login(self): username = request.forms.get('username') password = request.forms.get('password') session_id = self.db_engine.validate_user(username, password) if session_id: self.user = username response.set_cookie( 'session_id', session_id, expires=datetime.now() + timedelta(days=int(self.web_settings['session_expire_days']))) else: self.user = None return template('login_result', user=self.user)
def do_login(): # This post function will check if the user log-in credentials are correct. # Get the user details from the login form. username = request.forms.get('username') password = request.forms.get('password') try: # Connect to the database. conn = sqlite3.connect(config["paths"]["file_auth_database"]) c = conn.cursor() c.execute("SELECT Password FROM secure_login WHERE Username = ?", (str(username),)) rows = c.fetchall() c.close() except OperationalError: # If the user is not found in the database and we don't know the password, exit authentication. abort(403, "Authentication failed.") if len(rows) == 0: abort(403, "Authentication failed.") # Check if the password from the user matches the passwored stored in the database. for row in rows: for col in row: check = sha512_crypt.verify(password, col) if check == True: # Password and username checks passed. Now proceeding for setting authenticated session cookie. # Generate unique session ID. session_start_time = str(datetime.datetime.now()) secret = sha512_crypt.encrypt(session_start_time) # Save cookie secret and session start time to the db. conn = sqlite3.connect(config["paths"]["file_auth_database"]) c = conn.cursor() c.execute("UPDATE secure_login SET SessionID = (?) WHERE Username = (?)", (secret, username)) c.execute("UPDATE secure_login SET SessionStartTime = (?) WHERE Username = (?)", (session_start_time, username)) conn.commit() c.close() response.set_cookie("username", username, secret=secret) response.status = 303 response.set_header('Location', '/dashboard') else: abort(403, "Authentication failed.")
def login_auth(): bad = "Failed login from %s" % request.remote_addr good = "Successful login from %s" % request.remote_addr if request.json: post_data = request.json else: post_data = request.forms if not post_data: output.error(bad, "WEBSERVER") return {'success': False} isauthed = verify(post_data['passwd'], raw=True) if isauthed: response.set_cookie("auth", isauthed, max_age=2419200, path="/") output.success(good, "WEBSERVER") return {'success': True} else: output.error(bad, "WEBSERVER") return {'success': False}
def set_cookie(name,value): response.set_cookie(name,value,secret=SECRET_KEY,path='/',max_age=30*24*60*60)
def addValInCookie(name,val): response.set_cookie(name,val,secret=SECRET_KEY,path='/',max_age=30*24*60*60)
def addUidInCookie(uid): response.set_cookie(UID,uid,secret=SECRET_KEY,path='/',max_age=30*24*60*60)
def addValInCookie(name,val): response.set_cookie(name,val,secret=SECRET_KEY,path='/')