def get(self): # Check for correct user fields authheader = request.headers.get("Authorization") if authheader == None: return {"Unauthorized": "No Authorization header found"}, 401 # Get user credentials credentials = authheader.split(' ') decode_creds = b64decode(credentials[1]).decode() user = decode_creds.split(':') username = user[0] password = user[1] # Find user in database document = collection.users.find_one({"username": username}) if document == None: return {"Unauthorized": "user not found"}, 401 # Check password if not verify_password(password, document['password']): return {"Unauthorized": "wrong password"}, 401 # Generate token token = generate_auth_token(expiration=1000) return {"token": token.decode(), "duration": 1000}, 200
def check_auth(username, my_pass): cur_user = username cur_pass = my_pass exists = False _items = db.user_db.find() for item in _items: if cur_user == item['username']: exists = True temp_pass = item['password'] break if not exists: return { 'message': "There is no user by this name, please try again.", 'auth': False } if password.verify_password(cur_pass, temp_pass): app.logger.debug("Matched Password!") return {'message': 'Hello, ' + str(cur_user) + '!', 'auth': True} else: return { 'message': 'Incorrect password, please try again.', 'auth': False }
def login(): form = LoginForm() username = form.username.data password = form.password.data remember = form.remember.data # Logging in if request.method == 'POST' and form.validate_on_submit(): # Find user in db user = collection.users.find_one({"username": username}) if user == None: flask.flash("Unauthorized, user not found") return render_template('login.html', form=form) # Check password if not verify_password(password, user['password']): flask.flash("Unauthorized, wrong password") return render_template('login.html', form=form) userID = str(user['_id']) user_obj = User(userID) login_user(user_obj, remember=remember) # Generate token token = generate_auth_token(expiration=1000) return flask.jsonify({"token": token.decode(), "duration": 1000}), 200 return render_template('login.html', form=form)
def log_in(email, password): user = getUserByEmail(email) result = verify_password(user["password_hash"], password) if not result: raise Exception("Wrong email/password combination") return True
def verifyPassword(username, passwordRAW): pwHASH = None data = usersCollection.find() for datum in data: if datum['username'] == username: pwHASH = datum['password'] if pwHASH == None: return False if password.verify_password(passwordRAW, pwHASH): return True else: return False
def verifyPassword(username, passwordRAW): if len(usersList) > 0 and session['token'] != None: # Using token auth verify_auth_token(session['token']) pwHASH = None data = usersCollection.find() for datum in data: if datum['username'] == username: pwHASH = datum['password'] if pwHASH == None: return False if password.verify_password(passwordRAW, pwHASH): return True else: return False
def get(self): username = request.args.get("username") passw = request.args.get("password") data = db_user.user.find_one({"user": username}) if username == None or passw == None: return "username or password wrong", 400 elif data is None: return "no such username.", 401 else: user_correct = password.verify_password(passw, data["password"]) if (user_correct): result = testToken.generate_auth_token( data["location"]).decode() return {"token": result, "duration": 600}, 201 else: return "bad password.", 401
def web_check_auth(): cur_user = request.form['username'] cur_pass = request.form['password'] exists = False temp_pass = None _items = db.user_db.find() for item in _items: if cur_user == item['username']: exists = True temp_pass = item['password'] break if not exists: app.logger.debug("There is no user by this name, try again.") return render_template("supaLogin.html") if password.verify_password(cur_pass, temp_pass): if request.form.get('rem') and request.form['rem']: app.logger.debug( "Matched Password && Infinite Token Authentication!") t = testToken.generate_auth_token(math.inf) if session.get('token'): session.pop('token') session['token'] = t return redirect(url_for('setup')) else: app.logger.debug("Matched Password!") session['token'] = 'bad_token' t = testToken.generate_auth_token(600) if session.get('token'): session.pop('token') session['token'] = t return redirect(url_for('setup')) else: session['token'] = 'bad_token' app.logger.debug("Authentication Failure, try again.") return render_template("supaLogin.html")
def login(): if request.method == 'POST': user_name = request.form['logUserName'] user_password = request.form['logPass'] # checking username in database isUserName = queries.check_username(user_name) if isUserName == []: return render_template('login.html', wrongpass=False) # checking password hashed_pass = queries.get_hashed_pass(user_name) check_password = password.verify_password(user_password, hashed_pass[0]['password']) if check_password: user_id = queries.get_userid_by_name(user_name) session['user_name'] = user_name session['userId'] = user_id return redirect(url_for('index')) else: return render_template('login.html', wrongpass=False) elif request.method == 'GET': return render_template('login.html')
def login(): form = LoginForm() if form.validate_on_submit(): # Login and validate the user. # user should be an instance of your `User` class username = form.username.data if Userdb.todouserdb.find({"username": username}).count() == 1: dbuser = Userdb.todouserdb.find_one({"username": username}) if verify_password(form.password.data, dbuser['password']): user = User(username, dbuser['id']) login_user(user, form.remember_me.data) token = generate_auth_token() Userdb.todouserdb.update_one(dbuser, {'$set': { 'token': token }}) flash('Logged in successfully.') return redirect('/') else: flash('incorrect Password.') else: flash('unregistered user') return render_template('login.html', title='Sign In', form=form)
def login(): form = LoginForm() username = request.form.get('username') password = request.form.get('password') #remember showed y or none, bool forces it to be true or false remember = bool(request.form.get('remember')) app.logger.debug(remember) if (request.method == 'POST' or request.method == 'GET') and form.validate(): user = usersdb.users.find_one({'username': form.username.data}) if user != None and verify_password(password, user['password']): login_user(User(user), remember=remember) token = generate_auth_token() decoded = token.decode() return jsonify({'token': decoded, 'duration': 600}), 201 else: flash("username or password is invalid"), 400 return render_template('login.html', form=form)
def is_password_valid(plain_text_password, hashed_password): return verify_password(plain_text_password, hashed_password)
def validate_password(FlaskForm, field): if FlaskForm.val.data == '1': for x in db.userdb.find({'username': FlaskForm.username.data}): hsval = x['password'] if not verify_password(field.data, hsval): raise ValidationError('Password is incorrect.')