def decorated_function(*args, **kwargs): if not request.authorization: return abort(400) auth = request.authorization # Check user user = User.query.filter(User.email == auth.username, User.password == auth.password).first() if not user: return abort(400) g.user = user # Device allowed? device = Device.query.filter(Device.user_id == user.id, Device.device == get_device()).first() if not device or not device.active: if not device: device = Device(user.id, get_device()) db.session.add(device) db.session.commit() if send_device_authentication(device): return Response(json.dumps({"device": device.device, "id": device.id}), 400, content_type='application/json') return Response(json.dumps({"message": "I'm a little tea pot."}), 404, content_type='application/json') # Log ip ip = get_ip() login = Login.query.filter(Login.user_id == user.id, Login.ip == ip).first() if not login: login = Login(user.id, ip) gi = pygeoip.GeoIP('GeoLiteCity.dat').record_by_addr(ip) if gi: login.latitude = gi.get('latitude', 0) login.longitude = gi.get('longitude', 0) db.session.add(login) else: login.time = datetime.now() db.session.commit() return f(*args, **kwargs)
def login(request): # if this is a POST request we need to process the form data if request.method == 'POST': # create a form instance and populate it with data from the request: form = Login(request.POST) # check whether it's valid: if form.is_valid(): email = form.cleaned_data['email'] wachtwoord = form.cleaned_data['wachtwoord'] print(email) try: selectedEerder=Users.objects.get(Email=email, Wachtwoord=wachtwoord) request.session['email'] = email; request.session['Rechten'] = selectedEerder.Rechten return HttpResponseRedirect('/') except Users.DoesNotExist: selectedEerder = None form.errors[""] = ErrorList([u"Email of wachtwoord komen niet overeen!"]) # process the data in form.cleaned_data as required # ... # redirect to a new URL: # if a GET (or any other method) we'll create a blank form else: form = Login() return render_to_response('login.html',{'form': form}, context_instance=RequestContext(request))
def index(): form = Login() if form.validate_on_submit(): session['username'] = form.username.data session['room'] = form.room.data return redirect(url_for('chat')) elif request.method == 'GET': form.username.data = session.get('username', '') form.room.data = session.get('room', '') return render_template('index.html', form=form, username=session.get('username'))
def dologin(request): try: uname = request.POST["username"] passw = request.POST["password"] u = User.objects.get(username=uname, password=passw) l = Login(user = u, loginlast = datetime.now()) l.save() request.session['logged_in'] = True request.session['uid'] = u.id return HttpResponseRedirect('profile') except (KeyError, User.DoesNotExist, User.MultipleObjectsReturned): return HttpResponseRedirect('/?err=true')
def post(self): account = self.get_body_argument('email') password = self.get_body_argument('password') login = Login(account, password) if login.login(): url = '/detail/' name = login.emailToname(account)[0][0] self.set_cookie("user", name) self.set_cookie('email', account) self.redirect(url) else: self.render('login.html', flag=True)
def login(request): form = Loginform() if request.method == 'POST': form = Loginform(request.POST) if form.is_valid(): Usr = request.POST.get('Username') pwd = request.POST.get('Password') p = Login(Username=Usr, Password=pwd) p.save() return HttpResponseRedirect(reverse('Done')) else: form = Loginform() return render(request, 'login/login.html', {'form': form})
def test_save_data_to_db(self, downloader_obj, modifier_obj): persons = len(Person.select()) contacts = len(Contact.select()) logins = len(Login.select()) localizations = len(Location.select()) modifier_obj.execute_modifications() save_obj = ApiDataSave(downloader_obj, 'results') save_obj.save_data_to_db() error = 'Incorrect number of objects saved in the database' assert len(Person.select()) == persons + API_PERSONS, error assert len(Contact.select()) == contacts + API_PERSONS, error assert len(Login.select()) == logins + API_PERSONS, error assert len(Location.select()) == localizations + API_PERSONS, error
def NewUserLogin(request): if request.method == "POST": userid = request.POST['userid'] passwd = request.POST['passwd'] loginType = request.POST['oAuthType'] try: res = Login.objects.get(userId=userid) return render(request, 'oAuthSignup.html', { "error": "userId Already Exists...", "loginType": loginType }) except: if loginType == "fbLogin": ins = Login(userId=userid, password=passwd, username=request.session['fbName'], fbId=request.session['fbId']) ins.save() res = Login.objects.get(fbId=request.session['fbId']) request.session['uID'] = res.id request.session['uName'] = res.username return viewDetails(request) else: ins = Login(userId=userid, password=passwd, username=request.session['goggleName'], email=request.session['gId']) ins.save() res = Login.objects.get(email=request.session['gId']) request.session['uID'] = res.id request.session['uName'] = res.username return viewDetails(request) else: return viewDetails(request)
def login(): """Login a user: recieve JSON form data and authenticate username/password.""" success = {'user':{}} form = LoginForm() if form.validate_on_submit(): username = request.json["username"] password = request.json["password"] user = User.authenticate(username, password) if user: session['username'] = user.username session['user_id'] = user.id log = Login.record_login(user.id) db.session.commit() success['user']['login'] = True success['user']['username'] = session['username'] success['user']['userId'] = session['user_id'] return jsonify(success) else: success['login'] = False success['message'] = "The username/password is incorrect" return jsonify(success), 401 else: success['login'] = False success['message'] = "The username/password is incorrect" return jsonify(success), 401
def MainMenu(): print("1. Register") print("2. Login") print("3. Exit") #code option = int(input("Enter Your Choice: ")) if (option == 1): username = input("Enter Username: "******"Enter password: "******"Enter Type (L/T/S): ") login = Login(username=username, password=password, usertype=usertype) dl.AddLogin(login) elif (option == 2): username = input("Username: "******"Password: "******"Invalid Usename or password") return False
def signup(): error = None successful = None if request.method == 'POST': userN = request.form['username'] passwN = request.form['password'] keyN = request.form['key'] try: # check errors - duplicate user if userN == (Login.query.filter( Login.users == userN).first()).users: # print(test.users) error = 'duplicate user name' # check errors - invalid secret key except: if keyN == (Login.query.filter( Login.users == 'secretkey').first()).password: # newUser = Login(users=userN, password=passwN) harshpass = bcrypt.generate_password_hash(passwN).decode( 'utf-8') newUser = Login(users=userN, password=harshpass) db.session.add(newUser) db.session.commit() successful = 'user created' else: error = 'invalid secret key' return render_template('createUser.html', error=error, successful=successful)
def studentRegistration(): if(session['logged_in'] == True): #if user login if(request.method == 'GET'): return render_template('studentRegistration.html') elif(request.method == 'POST'): try: userId = request.json['user_id'] name = request.json['name'] grade = request.json['grade'] student = Student(userId, name, grade) newUser = Login(userId, userId,"student") #Create new user DataPipelineObj.insert_data(newUser) #Add details to the database (Into login table) DataPipelineObj.insert_data(student)#Add details to the database(Into Student table return jsonify({'status':"Student successfully registered"}) except: return jsonify({'status':"Fill the required details"}) else: abort(405) else: #if user not login return render_template('showSignIn.html')
def login(): if current_user.is_authenticated: return redirect(url_for('index')) form = LoginForm(meta={'csrf_context': session}) user = User.query.filter_by(login=form.login.data).first() if user and form.password.data: # A login attempt ip = request.remote_addr login = Login(successful=form.validate(), ip=ip, user=user) db.session.add(login) db.session.commit() # Slow down brute force attempts time_boundary = datetime.utcnow() - timedelta(minutes=5) recent_login_attempts = len( [a for a in user.login_attempts if a.timestamp > time_boundary and not a.successful]) sleep(calculate_login_delay(recent_login_attempts)) if form.validate_on_submit(): login_user(user) next_page = session.get('next', None) session['next'] = None if not next_page: next_page = url_for('notes.view_notes') return redirect(next_page) return render_template('login.html', form=form)
def post(self): try: data = request.json login = Login(username=data['username'], password=data['password']) login.save() response = {'message': 'User {} was created successfully'.format(login.id), 'id': login.id, 'username': login.username, 'password': login.password } except KeyError: response = { 'status': 'error', 'message': 'API error, consult the administrator' } return response
def signUp(): if(request.method == 'GET'): return render_template('showSignUp.html') elif(request.method == 'POST'): DataPipelineSignUpObj = DataPipeline() # DataPipeline object try: username = request.json['username'] userPassword = request.json['userPassword'] userNIC = request.json['userNIC'] userType = request.json['userType'] user = DataPipelineSignUpObj.fetch_data(userType,userNIC) #fetch data newLoginUser = Login(username, userPassword,userType) #Create new user if(user.count() != 0): result = DataPipelineSignUpObj.isUsernameExists(userType, username) #fetch login data from the database if(result.count() != 0): #if usernae alredy exists return jsonify({'status':"Username already exists"}) DataPipelineSignUpObj.insert_data(newLoginUser) #if new user insert data to the database for u in user: DataPipelineSignUpObj.update_table(u,username) #update the user tables(teacher and admin) return jsonify({'status':"Sign up successfully"}) return jsonify({'status':"You are not a registered user"}) # if not registred person except: return jsonify({'status':"Fill the required details"}) #if required details are not filled else: abort(405)
def save_login(self, dict_obj, person): """Save login data to the database""" dataset = { 'uuid': ('login', 'uuid'), 'username': ('login', 'username'), 'password': ('login', 'password'), 'salt': ('login', 'salt'), 'md5': ('login', 'md5'), 'sha1': ('login', 'sha1'), 'sha256': ('login', 'sha256'), 'registration_date': ('registered', 'date'), 'years_since_registration': ('registered', 'age') } self.collect_data(dataset, dict_obj) dataset['person'] = person with db: Login.create(**dataset)
def user(): provider = SimpleResourceProvider() auth = provider.get_authorization() if not auth.is_valid: abort(401) login = Login.find_by_id(auth.login_id) if login == None: abort(404) return jsonify(username=login.login, is_active=login.is_active, id=login.id)
def test_save_login(self, downloader_obj, modifier_obj): modifier_obj.execute_modifications() dict_obj = modifier_obj._data[0] save_obj = ApiDataSave(downloader_obj, 'results') p = save_obj.save_person(dict_obj) save_obj.save_login(dict_obj, p) assert len(Login.select()) == 1, 'The Login object has not been saved' login = Login.select()[0] error = 'Invalid data has been written' assert login.uuid == dict_obj['login']['uuid'], error assert login.username == dict_obj['login']['username'], error assert login.password == dict_obj['login']['password'], error assert login.salt == dict_obj['login']['salt'], error assert login.md5 == dict_obj['login']['md5'], error assert login.sha1 == dict_obj['login']['sha1'], error assert login.sha256 == dict_obj['login']['sha256'], error assert login.registration_date == dict_obj['registered']['date'], error assert login.years_since_registration == dict_obj['registered'][ 'age'], error assert login.person == p, error
def NewUserLogin(request): if request.method == "POST": userid = request.POST['userid'] passwd = request.POST['passwd'] loginType = request.POST['oAuthType'] try: res = Login.objects.get(userId = userid) return render(request, 'oAuthSignup.html', {"error" : "userId Already Exists...", "loginType" : loginType}) except: if loginType == "fbLogin": ins = Login(userId = userid, password = passwd, username = request.session['fbName'], fbId = request.session['fbId']) ins.save() res = Login.objects.get(fbId = request.session['fbId']) request.session['uID'] = res.id request.session['uName'] = res.username return viewDetails(request) else: ins = Login(userId = userid, password = passwd, username = request.session['goggleName'], email = request.session['gId']) ins.save() res = Login.objects.get(email = request.session['gId']) request.session['uID'] = res.id request.session['uName'] = res.username return viewDetails(request) else: return viewDetails(request)
def register_route(): if request.method == 'POST': username = request.form.get('username') email = request.form.get('email') password = request.form.get('password') user = User(name=username, email=email) db.session.add(user) db.session.commit() login = Login(user_id=user.id, password=password) db.session.add(login) db.session.commit() flash('User created') return redirect(url_for('login_route')) return render_template('register.html', hide_logout=True)
def login_post(client_id): login = request.form['login'] password = request.form['password'] login = Login.find(login) if login == None: flash('User not found!', 'error') return redirect(url_for('.login_get', client_id=client_id)) p_ok = sha256_crypt.verify(password, login.password) if not p_ok: flash('Incorect password!', 'error') return redirect(url_for('.login_get', client_id=client_id)) session['user'] = login app = Application.find(client_id) return redirect(url_for('.authorization_code', client_id=client_id, redirect_uri=app.redirect_uri, response_type='code'))
def login(): if not 'nonce' in session: session['nonce'] = hashlib.sha256( str(random.randint(0, 0xFFFFFFF)).encode('ascii')).hexdigest() csrf_token = hashlib.sha256(session['nonce'].encode('ascii')).hexdigest() if request.method == 'GET': return render_template("login.html", csrf_token=csrf_token) csrf = request.form['csrf'] if csrf != csrf_token: return render_template("login.html", message="Incorrect", csrf_token=csrf_token) uname = request.form['uname'] pw = request.form['pword'].encode('utf-8') phone = request.form['2fa'].encode('utf-8') hash = hashlib.sha256(phone + pw[::-1]).hexdigest()[::-1] u = User.query.filter_by(uname=uname).first() if not u: return render_template("login.html", message="Incorrect", csrf_token=csrf_token) u = User.query.filter_by(uname=uname).filter_by( phone=request.form['2fa']).first() if not u: return render_template("login.html", message="Two-factor failure", csrf_token=csrf_token) u = User.query.filter_by(uname=uname).filter_by( phone=request.form['2fa']).filter_by(hash=hash).first() if not u: return render_template("login.html", message="Incorrect", csrf_token=csrf_token) ses_num = hashlib.sha256( str(random.randint(0, 0xFFFFFFF)).encode('ascii')).hexdigest() l = Login(u, ses_num + session['nonce']) session['token'] = ses_num db.session.add(l) db.session.commit() db.session.refresh(l) return render_template("login.html", message="success", csrf_token=csrf_token)
def register(): """Register a user: receive JSON form data and submit to DB""" success = {'user':{}} form = RegisterForm() if form.validate_on_submit(): username = request.json["username"] password = request.json["password"] try: user = User.register(username, password) db.session.add(user) db.session.commit() prefs = Preference(user_id=user.id) log = Login.record_login(user.id) db.session.add(prefs) db.session.commit() session['username'] = user.username session['user_id'] = user.id success['user']['login'] = True success['user']['username'] = session['username'] success['user']['userId'] = session['user_id'] return jsonify(success), 201 except exc.IntegrityError: db.session.rollback() success['login'] = False success['message'] = "taken" return jsonify(success), 400 else: success['login'] = False success['message'] = "invalid" return jsonify(success), 400
def login(): if current_user.is_authenticated: return redirect(url_for('index')) form = LoginForm(meta={'csrf_context': session}) user = User.query.filter_by(login=form.login.data).first() if user and form.password.data: # podejście do logowania ip = request.remote_addr login = Login(successful=form.validate(), ip=ip, user=user) db.session.add(login) db.session.commit() # opóźnienie w przypadku brute force time_boundary = datetime.utcnow() - timedelta(minutes=5) tries = len([ a for a in user.login_attempts if a.timestamp > time_boundary and not a.successful ]) delay = 0 if tries > 3: delay = 3 if tries > 10: delay = 5 if tries > 30: delay = 15 sleep(delay) if form.validate_on_submit(): login_user(user) next_page = session.get('next', None) session['next'] = None if not next_page: next_page = url_for('view_notes') return redirect(next_page) return render_template('login.html', form=form)
def login2(request): m = Login.objects.all() if request.method == "POST": form = LoginForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] password1 = form.cleaned_data['password1'] password2 = form.cleaned_data['password2'] name = form.cleaned_data['name'] email = form.cleaned_data['email'] idnumber = form.cleaned_data['idnumber'] home = form.cleaned_data['home'] if password1 != password2: return render(request, 'login2.html') else: login = Login() login.username = username login.password1 = password1 login.password2 = password2 login.name = name login.email = email login.idnumber = idnumber login.home = home login.save() #return render(request, 'login2.html') return render_to_response('login2.html', {'m': m}) else: return HttpResponse("error!") else: form = LoginForm() return render_to_response('login2.html', {'m': m})
def authorization_class(self): return AdverbResourceAuthorization def get_authorization_header(self): if 'Authorization' in request.headers: return request.headers['Authorization'] def validate_access_token(self, access_token, authorization): access_key = 'oauth2.access_token:%s' % access_token data = self.redis.get(access_key) if data is not None: data = json.loads(data) authorization.is_valid = data.get('scope') == '' authorization.client_id = data['client_id'] authorization.expires_in = self.redis.ttl(access_key) authorization.login_id = data['user_id'] if __name__ == '__main__': from flask import Flask, request from models import Login import logging logging.basicConfig(filename='example.log',level=logging.DEBUG) app = Flask(__name__) app.secret_key = 'secret' with app.test_request_context('/hello', method='POST'): session['user'] = Login.find('*****@*****.**') p = AdverbAuthorizationProvider() r = p.get_authorization_code_from_uri('http://localhost:5000/oauth2/auth?client_id=51051fa6d00cf2206b0d7db3&response_type=code&redirect_uri=http://localhost:5000/oauth/redirect') for k, v in r.headers.iteritems(): print k, v
def sign_up(request): name = request.POST.get('txt_name') email = request.POST.get('txt_email') password = request.POST.get('txt_password') confirm_pwd = request.POST.get('txt_confirm_pwd') me = "*****@*****.**" you = email msg = MIMEMultipart('alternative') msg['Subject'] = "Confirmation Email" msg['From'] = me msg['To'] = you text = "Hi!\nHow are you?\nHere is the link you wanted:\nhttps://www.python.org" html = """\ <html> <head> </head> <body> <p><font color="Blue"><h1>Hello !!!<h1></font><br> <h2><font color="Blue">This is the verification message....</font</h2><br> <h2><font color="Black">Click to verify :</font></h2> <button type="submit"><a href="http://127.0.0.1:8000/single_photon/email/">VERIFY</a></button></p> </body> </html> """ part1 = MIMEText(text, 'plain') part2 = MIMEText(html, 'html') msg.attach(part1) msg.attach(part2) s = smtplib.SMTP('smtp.gmail.com', 587) s.starttls() s.login(me, 'dingu@123') s.sendmail(me, you, msg.as_string()) s.quit() try: check_email_exist = Login.objects.filter(login_username=email).exists() if check_email_exist == False: a = Login(login_username=email, login_password=password) a.save() fk_id = a.id #----c is the object created here------ c = Login.objects.get(id=fk_id) request.session['loginid'] = fk_id b = Signup(name=name, login=c) b.save() template = loader.get_template('login.html') context = {"Email": "PLEASE VERIFY YOUR EMAIL !!!"} else: template = loader.get_template('sign_up.html') context = {"email_err": "Email already Exists"} except Exception, e: template = loader.get_template('sign_up.html') context = {"error": "Invalid Login Credentials"} print("########## This is the error ############") print e
def sync(): Login.sync_all()
def acceptlogin(request): if request.method=='POST': print request.POST['userName'] a=Login(username=request.POST['userName']) a.save() return HttpResponse("Ur Login!!!!")