def login_password(user_id, password): passwd_hash = cursor.execute( "select password_hash from users where user_id = ?", [user_id]).fetchone() if not passwd_hash: return False check = passwords.check_password(password, passwd_hash[0]) return bool(check)
def login(self): """ login user function """ print "Login...." self.send(actions.USERNAME_ACTION) username = self.receive() # get username print username password_hash = None salt = None hash_and_salt = database.get_password( username) # get salt and hashed password from database if hash_and_salt: password_hash = hash_and_salt[0] salt = hash_and_salt[1] if not salt: # user does not exist in database salt = passwords.get_salt( ) # to not reveal if username exist or not # behave naturally with newly generated salt nonce = passwords.get_salt() self.send(actions.NONCE_ACTION + ":" + salt + ":" + nonce) self.send(actions.PASSWORD_ACTION) password = self.receive() # get password if password_hash is not None and passwords.check_password( password, nonce, password_hash): self.send("Successfully login") # passwords matched self.loggedin(username) # access granted else: self.send("User or password incorrect") # passwords mismatch
def test_authenticate(): p.uid = uid p.pwd = pwd logger.info('UID = %s, PWD = %s.', p.uid, p.pwd) assert uid.encode(options.args.default_encoding) == p.uid.encode(options.args.default_encoding) assert passwords.check_password(pwd, p.pwd) assert p.authenticate(uid, pwd) assert p.pwd != pwd
def testPossibleToSignIn(self): """ It should be possible to sign in with the password provided during sign up. """ password = '******' password_for_db = get_password_for_database(password) self.assertTrue(check_password(password, password_for_db))
def login(): username = request.form['username'] password = request.form['password'] sql = GET_PASSWORD % { 'username': username, } cursor = g.db.cursor() cursor.execute(sql) result = cursor.fetchone() if result: user_id, password_from_db = result if check_password(password, password_from_db): return login_user(user_id) abort(401)
parser.print_help() # u p t s l parser.add_argument("-u", "--username", help="username") parser.add_argument("-p", "--password", help="password") parser.add_argument("-t", "--to", help="send to user") parser.add_argument("-s", "--send", help="test to send in a message") parser.add_argument("-l", "--list", help="list all users", action="store_true") args = parser.parse_args() print(args) #przeczytaj wiadomości -u -p -l if args.username and args.password and not args.to and args.list and not args.send: cur = conn.cursor() user = models.users.load_user_by_username(cur, str(args.username)) if user and check_password(args.password, user.hashed_password): msg = models.messages.load_all_messages_to(cur, user.id) for i in msg: print( f"User {i.from_id} send a message: {i.m_text}; on {i.creation_date}" ) else: print("User not authorise") #nowe hasło -u -p -s -t if args.username and args.password and args.to and not args.list and args.send: cur = conn.cursor() user = models.users.load_user_by_username(cur, str(args.username)) if user and check_password(args.password, user.hashed_password): user_to = models.users.load_user_by_username(cur, str(args.to)) if user_to:
def testPasswordsLongerThanMaxDontWork(self): "Make sure password field limit doesn't affect the system." password = '******' + 'A' * self.MAX_PASSWORD_LENGTH password_for_db = get_password_for_database(password) short_password = password[:self.MAX_PASSWORD_LENGTH] self.assertFalse(check_password(short_password, password_for_db))
def testAppendingToPasswordDoesntWork(self): "Appending data to good password doesn't work." password = '******' password_for_db = get_password_for_database(password) self.assertFalse(check_password(password + 'Extra', password_for_db))
def testWrongPasswordDoesntWork(self): "Wrong passwords don't work." password_good = 'This Is Some Password' password_bad = 'This is Some Other Password' password_for_db = get_password_for_database(password_good) self.assertFalse(check_password(password_bad, password_for_db))
def authenticate(self, uid, pwd): return bytes(uid.encode(options.args.default_encoding) if type(uid) != bytes else uid) == self.uid.encode(options.args.default_encoding) and passwords.check_password(pwd, self.pwd)
def test_check_password(): pwd = 'test' assert passwords.check_password(pwd, passwords.to_password(pwd))