def authenticate(cls, email, password):
user = cls.query.filter_by(email=email.lower()).first()
if user is not None:
salt, hsh = user.password.split('$')
if hsh == get_hexdigest(salt, password):
return user
return user
def create_token(self):
""" creates a unique token based on user last login time and
urlsafe encoded user key
"""
ts_datetime = self.logged_at or self.created_at
ts = int(mktime(ts_datetime.timetuple()))
key = base64.encodestring(self.email)
base = "{}{}".format(key, ts)
salt, hsh = self.password.split('$')
return "{}$${}".format(key, get_hexdigest(salt, base))
def set_password(self, raw_password):
rand_str = lambda: str(random.random())
salt = get_hexdigest(rand_str(), rand_str())[:5]
hsh = get_hexdigest(salt, raw_password)
self.password = '******'.format(salt, hsh)
return self