def login(): """ Endpoint for authentication *Requires some sort of database """ if request.method == 'POST': # Get the user information name = request.form['username'] passwd = request.form['userpass'] #TODO remove this when you get a database up #return early so the code below doesn't break everything return redirect('/home') # Find a user with that username an compare passwords res = db.users.find({'name': name}) if res.count() > 0: # user = <find a user with your db> if user: salt = user['salt'] thehash = pbkdf2_hex(passwd.encode('utf-8'), salt.encode('utf-8')) else: error = 'Invalid Credentials' return render_template('home.html', error=error) if thehash == user['hash']: # store user id in the session session['user'] = user['name'] return redirect('/home') else: error = 'Invalid Credentials' return render_template('home.html', error=error) else: error = 'Invalid Credentials' return render_template('home.html', error=error)
def login(): """Handler for anything related to login GET -- render the login page :return html POST -- Authenticate the user, return Invalid Credentials on error. Set session user. :return html """ if request.method == 'GET': return render_template('login.html') if request.method == 'POST': # Get the user information name = request.form['username'] passwd = request.form['userpass'] # Find a user with that username an compare passwords user = auth.db.query(User).filter(User.name == name).one() if user: thehash = pbkdf2_hex(passwd.encode('utf-8'), user.salt.encode('utf-8')) # password matches if thehash == user.hash: session['user'] = user.id return redirect('/') else: error = 'Invalid Credentials' return render_template('login.html', error=error) else: error = 'Invalid Credentials' return render_template('login.html', error=error)
def signup(): """ End Point for signups *Requires some sort of database """ if request.method == 'GET': return render_template('signup.html') if request.method == 'POST': if request.form['userpass'] != request.form['userpass2']: error = 'Passwords do not match' return render_template('signup.html', error=error) salt = getRandomSalt(16) thehash = pbkdf2_hex(request.form['userpass'].encode('utf-8'), salt.encode('utf-8')) # Make a new user out of the info new_user = { 'name': request.form['username'], 'salt': unicode(salt), 'hash': unicode(thehash) } # You'll need a database to save it to # user_id = db.users.save(new_user) # store user id in the session session['user'] = new_user['name'] return redirect('/home')
def login(): """ GET: Render the login form POST: try to verify the user """ if request.method == 'POST': # Get the user information name = request.form['username'] passwd = request.form['password'] # Find a user with that username and compare passwords user = store.find(User, User.username == unicode(name)).one() salt = user.salt thehash = pbkdf2_hex(passwd.encode('utf-8'), salt.encode('utf-8')) # store user id in the session session['userid'] = user.id if thehash == user.hash: return redirect('/home') else: return 'login failed'
def signup(): """Handler realted to anything signup GET -- render the signup page :return html POST -- If user passwords match, create a user. Create session :return html @TODO - check username uniqueness """ if request.method == 'GET': return render_template('signup.html') if request.method == 'POST': name = request.form['username'] pass1 = request.form['userpass'] pass2 = request.form['userpass2'] # do they match? if pass1 != pass2: error = 'Passwords do not match' return render_template('signup.html', error=error) # do we already have a user under that name? if auth.db.query(User).filter(User.name == name).one(): error = 'User already taken' return render_template('signup.html', error=error) salt = get_random_salt(16) thehash = pbkdf2_hex(pass1.encode('utf-8'), salt.encode('utf-8')) # Make a new user out of the info new_user = User(name, unicode(thehash), salt) auth.db.add(new_user) auth.db.commit() # store user id in the session session['user'] = new_user.id return redirect('/')
def creatuser(): """ GET: Render the create account form POST: Create the user """ if request.method == 'GET': return render('index.html') elif request.method == 'POST': salt = getRandomSalt(16) thehash = pbkdf2_hex(request.form['password'].encode('utf-8'), salt.encode('utf-8')) # Make a new user out of the info new_user = store.add(User()) new_user.username = request.form['username'] new_user.salt = unicode(salt) new_user.hash = unicode(thehash) store.commit() # store user id in the session session['userid'] = new_user.id return redirect('/home')