def signup(username, password, password_verify, email):
"""
Signs up the user
:param username:
:param password:
:param password_verify:
:param email:
:return:
"""
# username and password are filled
if username and password:
if password == password_verify:
# username exists
if User.by_username(username):
raise Exception(
"This username already exists,"
" please try a diferent one")
else:
hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
user = User(username=username, password=hashed_password,
email=email)
user.put()
return str(user.key().id())
else:
raise Exception("Both passwords must match.")
else:
raise Exception("Username and Password are required to Sign Up.")
def make_secure_cookie(cls, user_id):
"""
Makes a secure cookie hash based on user id
:param user_id:
:return: user_id|securehash
"""
return "%s|%s" % (user_id, bcrypt.hashpw(user_id, bcrypt.gensalt()))
def check_cookie(cookie_hash):
"""
Check if cookie hash is valid
:param cookie_hash:
:return: True or False
"""
if cookie_hash:
hashed = cookie_hash.split("|")[1]
uid = cookie_hash.split("|")[0]
# if hashes match
if bcrypt.hashpw(uid, hashed) == hashed:
return True
else:
return False
def signup():
if request.method == 'GET':
return send_from_directory('static', 'signup.html')
elif request.method == 'POST':
request_json = request.get_json()
username = request_json['username']
password = request_json['password']
hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
user = fetch_user_by_username(username)
if user:
return {'data': 'user already exists!'}, 409
else:
user_id = add_user(username, hashed_password)
status_response = jsonify({'data': 'user signed up'})
response = make_response(status_response)
session_id = str(random.randint(100000000000,999999999999))
store_session_id_for_user(user_id, session_id)
response.set_cookie('session_id', session_id, max_age = 3600) #setting session cookie expiry in 1 hour
return response
def login():
if request.method == 'GET':
res = make_response(send_from_directory('static', 'login.html'))
res.set_cookie('oidc_state', str(uuid.uuid4()))
return res
elif request.method == 'POST':
request_json = request.get_json()
username = request_json['username']
password = request_json['password']
user = fetch_user_by_username(username)
if user:
hashed_password = user['password']
input_hashed = bcrypt.hashpw(password, hashed_password)
if input_hashed == hashed_password:
response = make_response(redirect('/'), 302)
session_id = str(random.randint(100000000000,999999999999))
store_session_id_for_user(user.key.id, session_id)
response.set_cookie('session_id', session_id, max_age = 3600) #setting session cookie expiry in 1 hour
return response
else:
return {'data': 'failure'}, 401
else:
return {'data': 'user does not exist!!'}, 401
def login(username, password):
"""
Authenticate the user
:param username:
:param password:
:return:
"""
# username and password are filled
if username and password:
# verify if user exists
user = User.by_username(username)
# exits
if user:
hashed_password = user.password
# if password matches
if bcrypt.hashpw(password, hashed_password) == hashed_password:
return str(user.key().id())
else:
# generalizes the message to prevent username tumpering
raise Exception("Username or password invalid")
else:
raise Exception("Username or password invalid.")
else:
raise Exception("Username and Password are required to login")
def gen_hash_password(username, password, salt = None):
if not salt:
salt = gen_salt()
h = hashpw(username + password, salt)
return "%s, %s" % (salt, h)