def edit_password():
if request.method == 'POST':
old_password = request.form.get('old_password')
new_password = bcrypt.generate_password_hash(request.form.get('new_password')).decode('utf-8')
new_password_verify = request.form.get('new_password_verify')
try:
username=session['username']
sprawdzanie_uzytkownika_haslo = User.query.filter_by(username=username).first()
if not bcrypt.check_password_hash(sprawdzanie_uzytkownika_haslo.password, old_password):
flash("Podaleś błędne stare hasło!", 'danger')
return render_template('edit_password.html')
if not bcrypt.check_password_hash(new_password, new_password_verify):
flash("Podane hasła się nie zgadzają!", 'danger')
return render_template('edit_password.html')
sprawdzanie_uzytkownika_haslo.password = new_password
db.session.commit()
flash("Hasło zmienione", 'success')
return redirect('/login')
except ServerError as err:
flash(str(err), 'danger')
return render_template('edit_password.html')
return render_template('edit_password.html')
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(email=post_data['email']).first()
if user and bcrypt.check_password_hash(user.password,
post_data['password']):
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'token': auth_token.decode(),
'profile': {
'id': user.id,
'username': user.fullname,
'email': user.email
}
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(responseObject)), 500
def validate_password(self, password):
subscriber = Subscriber.query.filter_by(email = self.email.data).first()
if subscriber:
check_password = bcrypt.check_password_hash(subscriber.password,
password.data)
if not check_password:
raise ValidationError('Wrong password')
def post(self):
args = self.parser.parse_args()
try:
student = StudentModel.query.get(args['id'])
if student:
password = student.password
correct = bcrypt.check_password_hash(
password, args['password'])
if correct:
acess_token = create_access_token(identity=student.id)
return {
'message': 'Logged successfully',
'acess_token': acess_token
}
return {'message': 'Invalid credencials'}
return {'message': 'Invalid credencials'}
except Exception as e:
print(e)
return {'message': 'Something got wrong'}
def login():
if current_user.is_authenticated:
flash("Already Logged In.", "success")
return redirect(url_for("home"))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user, remember=form.remember.data)
next_page = request.args.get("next")
flash(f"Login Successful. Welcome {user.username}", "success")
# Stored until user has logged out
session["username"] = user.username
session["email"] = user.email
if form.category.data == "Employer":
return (redirect(next_page) if next_page else redirect(
url_for("employer")))
elif form.category.data == "Employee":
return (
# redirect(next_page) if next_page else redirect(url_for("employee"))
plaid_authenticate())
else:
return redirect(next_page) if next_page else redirect(
url_for("home"))
else:
flash(
"Login Unsuccessful. Check your email and password and try again!",
"danger",
)
return render_template("login.html", title="Login", form=form)
def login():
if 'username' in session:
return redirect(url_for('info'))
if request.method == 'POST':
username_form = request.form.get('username')
password_form = request.form.get('password')
try:
szukany_uzytkownik = User.query.filter_by(username=username_form).first()
except ServerError as err:
flash(str(err), 'danger')
return render_template('login.html')
if szukany_uzytkownik is None:
flash("Zły login lub hasło!", 'danger')
return render_template('login.html')
if not bcrypt.check_password_hash(szukany_uzytkownik.password, password_form):
flash("Zły login lub hasło!", 'danger')
return render_template('login.html')
session['username'] = username_form
session.pop('adminMode', None)
if (szukany_uzytkownik.is_admin()):
session['admin'] = True
login_user(szukany_uzytkownik)
return redirect(url_for('info'))
return render_template('login.html')
def login():
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username_form = request.json.get('username', None)
password_form = request.json.get('password', None)
if not username_form or len(str(username_form).replace(" ", "")) == 0:
field = {'field': 'username'}
raise FormMissingParametersException(payload=field, program='login')
if not password_form or len(str(password_form).replace(" ", "")) == 0:
field = {'field': 'password'}
raise FormMissingParametersException(payload=field, program='login')
user = User.query.filter(User.username == username_form).first()
if user is None:
field = {'error': 'Usuario nao cadastrado'}
raise AuthException(payload=field, program='login')
if not bcrypt.check_password_hash(user.password, password_form):
field = {'error': 'Senha incorreta'}
raise AuthException(payload=field, program='login')
# Identity can be any data that is json serializable
access_token = create_access_token(identity=user.username)
return jsonify(access_token=access_token), 200
def login():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = login_form()
# print(request.args.get('next'))
if form.validate_on_submit():
print(form.password.data)
user = User.query.filter_by(email=form.email.data).first()
if user:
if bcrypt.check_password_hash(user.password, form.password.data):
login_user(user)
next_page = request.args.get('next')
if next_page:
return redirect(next_page)
else:
return redirect(url_for('home'))
else:
flash('Incorrect password', 'danger')
else:
flash('Email is not yet registered', 'danger')
return render_template('login.html',
title='HOME',
mssge='Random Message',
form=form,
header='Login')
def login():
auth = request.get_json()
print(auth)
if not auth or not auth['email'] or not auth['password']:
return make_response(
'Could not verify', 401,
{'WWW-Authenticate': 'Basic realm="Login required!"'})
user = User.query.filter_by(email=auth['email']).first()
if not user:
return make_response(
'Such user doesn\'t exist', 401,
{'WWW-Authenticate': 'Basic realm="Login required!"'})
if bcrypt.check_password_hash(user.password, auth['password']):
token = jwt.encode(
{
'id': user.id,
'exp':
datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
}, app.config['SECRET_KEY'])
result = user_schema.dump(user)
return jsonify({
'token': token.decode('UTF-8'),
'userId': result['id']
})
return make_response('Could not verify', 401,
{'WWW-Authenticate': 'Basic realm="Login required!"'})
def auth_login():
email = request.form.get('email')
password = request.form.get('password')
# if current_user.is_authenticated:
# return redirect(url_for('home'))
# form = LoginForm()
# if form.validate_on_submit():
# user = User.query.filter_by(email=form.email.data).first()
# if user and bcrypt.check_password_hash(user.password, form.password.data):
# login_user(user, remember=form.remember.data)
# next_page = request.args.get('next')
# expiry = timedelta(days=1)
# access_token = create_access_token(identity=str(user.id), expires_delta=expiry)
# return redirect(next_page) if next_page else redirect(url_for('home'))
# else:
# flash('Login Unsuccessful. Please check email and password', 'danger')
# return render_template('login.html', title='Login', form=form)
#user_fields = user_schema.load(request.json)
user = Users.query.filter_by(email=email).first()
if not user or not bcrypt.check_password_hash(user.password,
password): #changed
return abort(401, description="Incorrect username and password")
login_user(user)
print(current_user.email)
#expiry = timedelta(days=1)
#access_token = create_access_token(identity=str(user.id), expires_delta=expiry)
#return jsonify({ "token": access_token })
return redirect(url_for('post.post_index'))
def auth_login():
username = request.form.get('username')
#email = request.form.get('email')
password = request.form.get('password')
# print(username)
# print(password)
# user_fields = user_schema.load(request.json)
# user = User.query.filter_by(username=user_fields["username"]).first()
user = User.query.filter_by(username=username).first()
# don't login if the user doesn't exist
if not user:
return abort(401, description="Incorrect username")
if not bcrypt.check_password_hash(user.password, password):
return abort(401, description="Incorrect password")
#print(current_user.username)
login_user(user)
#print(current_user.username)
#expiry = timedelta(days=1)
#access_token = create_access_token(identity=str(user.id), expires_delta=expiry)
#return jsonify({"token": access_token})
return redirect(url_for('settlements.settlement_index'))
def login(domain_name):
tenant = Tenant.query.filter_by(domain_name=domain_name).first_or_404()
# try except so that failed validation returns 401 reponse rather than 500
try:
data = UserSchema(exclude=["is_admin", "name", "expires_in"]).load(flask.request.json)
except:
return flask.abort(401)
user = User.query.filter(
User.email==data["email"],
User.tenant_id==tenant.id
).first()
if not user or not bcrypt.check_password_hash(user.password, data["password"]) or datetime.datetime.utcnow() > user.expires_on:
return flask.abort(401)
token = jwt.create_access_token(
identity = user.id,
expires_delta=datetime.timedelta(days=1), # jwt token is invalidated after one day
additional_claims={
"is_admin":user.is_admin,
"is_owner":user.is_owner
}
# adds is_admin and is_owner claims to jwt token
)
return flask.jsonify(token)
def check_password(cls, email, password):
record = UserModel.query.filter_by(email=email).first()
if record and bcrypt.check_password_hash(record.password, password):
return True
else:
return False
def admin_login():
form = AdminLoginForm()
if form.validate_on_submit():
email = form.email.data
subscriber = Subscriber.query.filter_by(email=email).first()
if subscriber and bcrypt.check_password_hash(subscriber.password,
form.password.data):
login_user(subscriber, remember=form.remember.data)
print("after check password", subscriber)
flash('Welcome back, {}'.format(subscriber.first_name), 'success')
next_page = request.args.get('next')
if not is_safe_url(next_page):
print(current_user)
return abort(400)
print("From login form", current_user)
return redirect(next_page or url_for('adm.admin_home'))
else:
flash('Invalid Credentials', 'danger')
return render_template('admin_login.html', form=form)
def register():
if request.method == 'POST':
new_username = request.form.get('username')
new_password = bcrypt.generate_password_hash(request.form.get('password')).decode('utf-8')
new_password_verify = request.form.get('password_verify')
new_email = request.form.get('email')
try:
sprawdzanie_uzytkownika_login = User.query.filter_by(username=new_username).first()
if sprawdzanie_uzytkownika_login is not None:
flash("Podany login już istnieje", 'danger')
return render_template('register.html',username=new_username,email=new_email)
sprawdzanie_uzytkownika_email = User.query.filter_by(email=new_email).first()
if sprawdzanie_uzytkownika_email is not None:
flash("Podany przez Ciebie adres e-mail już istnieje", 'danger')
return render_template('register.html',username=new_username,email=new_email)
if not bcrypt.check_password_hash(new_password, new_password_verify):
flash("Podane hasła się nie zgadzają!", 'danger')
return render_template('register.html',username=new_username,email=new_email)
new_user = User(username=new_username, password=new_password, email=new_email)
db.session.add(new_user)
db.session.commit()
return redirect('/login')
except ServerError as err:
flash(str(err), 'danger')
return render_template('register.html')
return render_template('register.html')
def userpass(cls,email,password):
print(password)
record = AuthenticationModel.query.filter_by(email=email).first()
if record and bcrypt.check_password_hash(record.password,password):
return True
else:
return False
def auth(self):
user = db.query(User).filter(
and_(User.username == self.username)).one_or_none()
if user is None or not bcrypt.check_password_hash(
user.password, self.password):
self.error = _(u'Niepoprawne parametry logowania')
return False
Application.authorize_user(user)
return True
def auth_login():
user_fields = user_schema.load(request.json)
user = User.query.filter_by(email=user_fields["email"]).first()
if not user or not bcrypt.check_password_hash(user.password, user_fields["password"]):
return abort(401, description="Incorrect username and password")
expiry = timedelta(days=1) # set the access cookies in the browser that sent the request
access_token = create_access_token(identity=str(user.id), expires_delta=expiry) # set_access_cookies(resp, access_token)
return jsonify({ "token": access_token })
def index():
lform = login_form()
rform = register_form()
nform = newpost_form()
if lform.lsubmit.data and lform.validate_on_submit():
user = User.query.filter_by(email=lform.lemail.data).first()
if user and bcrypt.check_password_hash(user.password,
lform.lpassword.data):
login_user(user)
nextpage = request.args.get("next")
flash("شما وارد شدید", category="success")
if nextpage:
return redirect(nextpage)
else:
return redirect(url_for("index"))
else:
flash("ایمیل و پسورد را دوباره چک کنید", category="danger")
return redirect(url_for("index"))
if rform.rsubmit.data and rform.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(rform.rpassword.data)
user = User(firstname=rform.firstname.data,
lastname=rform.lastname.data,
email=rform.remail.data,
password=hashed_password)
db.session.add(user)
db.session.commit()
# send_email(user)
flash("ثبت نام شما با موفقیت انجام شد.", category="success")
return redirect(url_for("index"))
if current_user.is_authenticated == True:
postslen = len(current_user.posts)
page = request.args.get("page", 1, int)
posts = Post.query.filter_by(author=current_user).order_by(
Post.id.desc()).paginate(page=page, per_page=5)
else:
postslen = 0
posts = None
if nform.nsubmit.data and nform.validate_on_submit():
post = Post(title=nform.title.data,
date=nform.date.data,
time=nform.time.data,
user_id=current_user.id)
db.session.add(post)
db.session.commit()
flash("پست شما افزوده شد", category="success")
return redirect(url_for("index"))
return render_template("index.html",
lform=lform,
rform=rform,
nform=nform,
title="صفحه اصلی",
posts=posts,
postslen=postslen)
def login_post():
username=request.form.get("username")
password=request.form.get('password')
user = User.query.filter_by(username=username).first()
if not user or not bcrypt.check_password_hash(user.password, password):
return abort(401, description="Incorrect username or password")
login_user(user)
return redirect(url_for("home.home_page"))
def user_login():
user_fields = user_schema.load(request.json) # Getting the fields from the User Schema
user = User.query.filter_by(email=user_fields["email"]).first() # Query the user table with the email and return the first user
if not user or not bcrypt.check_password_hash(user.password, user_fields["password"]): # If there is no user or the password is wrong
return abort(401, description="Incorrect username or password") # Return the error "Incorrect username or password"
expiry = timedelta(days=1) # Time for the token to expire
access_token = create_access_token(identity=str(user.id), expires_delta=expiry) # The access token, with the user id and the expiration date
return jsonify({ "token": access_token }) # Return the token
def user_login():
user_fields = user_schema.load(request.json)
user = User.query.filter_by(email=user_fields["email"]).first()
if not user or not bcrypt.check_password_hash(user.password,
user_fields["password"]):
return abort(401, description="Incorrect username or password")
expiry = timedelta(days=1)
access_token = create_access_token(identity=str(user.id),
expires_delta=expiry)
return jsonify({"token": access_token})
def login():
if current_user.is_authenticated:
return redirect(url_for('decks.all_decks'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user is None or not bcrypt.check_password_hash(
user.password, form.password.data):
flash('Invalid credentials', 'danger')
return redirect(url_for('users.login'))
login_user(user)
return redirect(url_for('decks.all_decks'))
return render_template('login.html', title='Login', form=form)
def auth_login():
username = request.form.get('username')
password = request.form.get('password')
user_username = Users.query.filter_by(username=username).first()
if not (user_username
and bcrypt.check_password_hash(user_username.password, password)):
flash("Incorrect Login", "info")
return redirect(url_for('auth.login'))
login_user(user_username)
return redirect(url_for('users.profile', id=user_username.id))
def login():
form=LoginForm()
if form.validate_on_submit() :
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,form.password.data):
login_user(user,remember=form.remember_me.data)
flash("Login successfully ","success")
return redirect(url_for("home"))
else :
flash("Username or password is incorrect","danger")
return render_template("user/login.html",title="Login",form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(
url_for('home'))
return render_template('login.html', title='Login', form=form)
def auth_login():
username = request.form.get('username')
password = request.form.get('password')
user = User.query.filter_by(username=username).first()
# don't login if the user doesn't exist
if not user:
return abort(401, description="Incorrect username")
if not bcrypt.check_password_hash(user.password, password):
return abort(401, description="Incorrect password")
login_user(user)
return redirect(url_for('bookings.booking_index'))
def login():
if request.method == "GET":
return render_template('login.html', title="Register")
else:
auth = request.authorization
username = request.form.get("u")
password = request.form.get("p")
if (not username or not password):
flash("Missing at least one input fields", "danger")
return make_response(
render_template('login.html', inputError="Login"), 422)
if (User.query.filter_by(username=username).first() is None):
flash("User " + username + " not found in DB", "danger")
return make_response(
render_template('login.html', inputError="Login"), 404)
user = User.query.filter_by(username=username).first()
fname = user.fname
lname = user.lname
if (not bcrypt.check_password_hash(
user.password, password)): # user.password != password
flash("Incorrect password", "danger")
return make_response(
render_template('login.html', inputError="Login"),
401) # unauthorize status code
# Create token conditions passed #payload
token = jwt.encode(
{
'iss': "http://localhost:9000/authenticate",
'id': user.id,
'username': username,
'status': "success",
'iat': datetime.datetime.utcnow(),
'exp':
datetime.datetime.utcnow() + datetime.timedelta(minutes=1)
}, app.config["SECRET_KEY"])
session["token"] = token.decode(
'UTF-8'
) # causes problems {'authentication': {'message': 'Unrecognized Token', 'payload': 'None', 'status': 'fail'}}
session["username"] = username
session["fname"] = fname
session["lname"] = lname
# return jsonify({'token' : token.decode('UTF-8')})
return make_response(
render_template('homepage.html',
fname=fname,
lname=lname,
username=username), 200)
def auth_login():
account_fields = account_schema.load(request.json)
account = Accounts.query.filter_by(email=account_fields["email"]).first()
if not account or not bcrypt.check_password_hash(
account.password, account_fields["password"]):
return abort(401, description="Incorrect username and password")
expiry = timedelta(days=1)
access_token = create_access_token(identity=str(account.id),
expires_delta=expiry)
return jsonify({"token": access_token})
def admin_login():
admin_fields = admin_schema.load(request.json)
admin = Admin.query.filter_by(username=admin_fields["username"]).first()
if not admin or not bcrypt.check_password_hash(admin.password,
admin_fields["password"]):
return abort(401, description="Incorrect username and password")
expiry = timedelta(hours=2)
access_token = create_access_token(identity=str(admin.admin_id),
expires_delta=expiry)
return jsonify({"token": access_token})
def login():
if current_user.is_authenticated():
return redirect(url_for('index'))
login = Login(request.form)
if request.method == 'POST' and login.validate():
user = User.get_by_name(login.name.data)
if not user or not bcrypt.check_password_hash(user.h, login.password.data):
login.name.errors.append('Invalid username or password specified.')
return render_template('login.html', title='Log In', form=login)
login_user(user)
flash('You are now logged in as ' + user.username + '.')
return redirect(url_for('index'))
return render_template('login.html', title='Log In', form=login)
