def add_user(username, email): """Create a user""" __p1 = getpass.getpass() __p2 = getpass.getpass("Confirm password:"******"Error: passwords do not match"
def adduser(username, email): rval = False __p1 = getpass.getpass() __p2 = getpass.getpass("Confirm password:"******"Error: password do not match"
def change_password(user_id): """Change a user password""" try: _user = Users.get(user_id) except: print ("Not User found for ID: " + str(user_id)) print ("Changing Password for User: "******"Confirm password:"******"Error: passwords do not match")
def login(): if (request.method == 'POST' and 'username' in request.form and 'password' in request.form): app_user = None username = request.form['username'] password = request.form['password'] if 'username' in request.form and len(request.form['username']): app_users = Users.find(username=username) if len(app_users) != 1: flash("login failed: check username and password") app_user = None else: app_user = app_users[0] if app_user and app_user.credentials_valid(password): login_user(app_user) return redirect(request.args.get("next") or url_for("nmap.nmap_index")) return render_template("nmap_login.html")
def login(): if (request.method == 'POST' and 'username' in request.form and 'password' in request.form): app_user = None username = request.form['username'] password = request.form['password'] if 'username' in request.form and len(request.form['username']): app_users = Users.find(username=username) if len(app_users) != 1: flash("login failed: check username and password") app_user = None else: app_user = app_users[0] if app_user and app_user.credentials_valid(password): login_user(app_user) return redirect( request.args.get("next") or url_for("nmap.nmap_index")) return render_template("nmap_login.html")
def add_user(): """add user""" if not current_user.has_permission("admin"): abort(403) if request.method == 'POST': # validate data if ('username' in request.form and len(request.form['username']) and 'password' in request.form and len(request.form['password']) and 'email' in request.form and len(request.form['email'])): # TODO is das hier fies?! hart nach str konvertieren? _username = str(request.form['username']) _password = str(request.form['password']) _email = str(request.form['email']) if 'inactive' in request.form: inactive = 1 else: inactive = 0 try: new_user = Users.add(username=_username, email=_email, clear_pw=_password, inactive=inactive) flash("Successfully created " + _username + " with ID " + str(new_user.id), 'success') return redirect("/admin/users/1") except ValueError as ve: flash("Failed to add User: Username already in use.", "danger") return redirect("/admin/users/1") except Exception as e: flash("Something went wrong.", "danger") return redirect("/admin/users/1") else: return render_template("admin_add_user.html")
def login(): """login route that either shows login or evaluates POSTed data""" if (request.method == 'POST' and 'username' in request.form and 'password' in request.form): app_user = None username = request.form['username'] password = request.form['password'] if 'username' in request.form and len(request.form['username']): app_users = Users.find(username=username) if len(app_users) != 1: # this should make time based user enumeration difficult bcrypt.hashpw("faked calculation", bcrypt.gensalt()) flash("Login failed: Check Username and Password", "danger") return render_template("login.html") else: app_user = app_users[0] if app_user and app_user.credentials_valid(password): # refresh last_login in DB as this is a fresh login app_user.update_last_login() if request.form.getlist("remember-me"): login_user(app_user, remember=True) else: login_user(app_user) try: next_page = request.form['next_page'] return redirect(next_page) except: return redirect(url_for("nmap.nmap_index")) else: flash("Login failed: Check Username and Password", "danger") next_page = request.args.get('next') return render_template("login.html", next_page=next_page)
def load_user(user_id): return Users.get(user_id)
on the users computer it also has a exipry date, but could be changed by the user, so this feature allows us to enforce the exipry date of the token server side and not rely on the users cookie to exipre. """ max_age = app.config["REMEMBER_COOKIE_DURATION"].total_seconds() #Decrypt the Security Token, data = [username, hashpass] try: data = login_serializer.loads(token, max_age=max_age) # This payload is decoded and safe except BadSignature, e: print("Cookie has been tampered: " + str(e)) return None #Find the User user = Users.get(data[0]) #Check Password and return user or None if user and data[1] == user.password: return user return None @login_manager.user_loader def load_user(user_id): return Users.get(user_id) @appmodule.route("/login", methods=["GET", "POST"]) def login(): """login route that either shows login or evaluates POSTed data""" if (request.method == 'POST' and 'username' in request.form and 'password' in request.form):