示例#1
0
    def login(self):
        """
        login user function
        """
        print "Login...."

        self.send(actions.USERNAME_ACTION)
        username = self.receive()  # get username

        print username

        password_hash = None
        salt = None
        hash_and_salt = database.get_password(
            username)  # get salt and hashed password from database
        if hash_and_salt:
            password_hash = hash_and_salt[0]
            salt = hash_and_salt[1]

        if not salt:  # user does not exist in database
            salt = passwords.get_salt(
            )  # to not reveal if username exist or not
            # behave naturally with newly generated salt
        nonce = passwords.get_salt()
        self.send(actions.NONCE_ACTION + ":" + salt + ":" + nonce)
        self.send(actions.PASSWORD_ACTION)
        password = self.receive()  # get password

        if password_hash is not None and passwords.check_password(
                password, nonce, password_hash):
            self.send("Successfully login")  # passwords matched
            self.loggedin(username)  # access granted
        else:
            self.send("User or password incorrect")  # passwords mismatch
示例#2
0
文件: app.py 项目: julianaong/ITMLT2
def changepassword():
    #    if request.method == "POST":
    oldpassword = request.form.get("oldpass")
    newpassword1 = request.form.get("newpass1")
    newpassword2 = request.form.get("newpass2")

    print("oldpass")
    print("newpass1")
    print("newpass2")
    user = session["user"]
    username = user["username"]

    password = db.get_password(username)

    if oldpassword == password and newpassword1 == newpassword2:
        db.change_db(username, newpassword1)
        change_error = "Password has been updated"
        return render_template("changepassword.html",
                               change_error=change_error)
        print(customer)
        print(newpassword)

    elif oldpassword != password:
        change_error = "Wrong current Password"
        return render_template("changepassword.html",
                               change_error=change_error)

    else:
        change_error = "New Passwords do not Match"
        return render_template("changepassword.html",
                               change_error=change_error)

    return render_template('changepassword.html')
示例#3
0
def post_sign_in():
    next_url = request.args['next']
    email = request.form['email']
    password = request.form['password']

    # Check if the fields were filled.
    email_valid = email is not None and email != ''
    email_feedback = 'Please enter your email address'

    password_valid = password is not None and password != ''
    password_feedback = 'Please enter your password'

    # Check if the fields match our simple regex.
    #if email_valid:
    #email_valid = re.match(r'[^@]+@[^@]+\.[^@]+', email)
    #email_feedback = 'The value you’ve entered is not a valid email address'

    if password_valid:
        password_valid = len(password) >= 6
        password_feedback = 'The password you’ve entered is too short to be valid'

    # Check if the user exists in the DB.
    if email_valid:
        email_valid = database.user_exists(email)
        email_feedback = 'The email you’ve entered doesn’t match any account'

    # Check if the password is correct. Do not run this check if the email is incorrect, since we can't tell if the user
    # inputted a correct password or not until they input a correct email.
    if email_valid and password_valid:
        salt, password_hash = database.get_password(email)
        password_valid = password_hash == scrypt.hash(password, salt)
        password_feedback = 'The password you’ve entered is incorrect'

    if email_valid and password_valid:
        # Set the login cookie.
        session['user_id'] = database.get_user_id(email)
        session['email'] = email

        return redirect(next_url)
    else:
        return render_template('sign_in.html',
                               next=next_url,
                               email=email,
                               email_valid=email_valid,
                               email_feedback=email_feedback,
                               password=password,
                               password_valid=password_valid,
                               password_feedback=password_feedback)
示例#4
0
def check_password():
    #get password from db
    pass_from_db = database.get_password()

    #gets hashed and salt
    hashed_pass, salt = pass_from_db[0][0].split(':')

    #get Post var of raw password
    if request.method == 'POST':
        password = request.form['password']
    else:
        return 'No password supplied'

    #hash and check with salt
    if hashed_pass == hashlib.sha256(salt.encode() +
                                     password.encode()).hexdigest():
        session['successful_load'] = 'true'
        return 'correct password'
    else:
        return 'incorrect password'
示例#5
0
def step_impl(context, user_mail, password):
    """Check confirmed_at is updated"""

    current_password = get_password(context.vls['db_file'], user_mail)
    assert_that(BCRYPT.check_password_hash(current_password, password),
                equal_to(1))