def signupuser(request): if request.method == 'POST': try: user = User.objects.get(email=request.data["email"]) except User.DoesNotExist: encryptpassword = pbkdf2_sha256.using( rounds=1000, salt_size=20).hash(request.data["password"]) newUser = User(email=request.data["email"], nickname=request.data["nickname"], password=encryptpassword, state=True, typeuser=False) newUser.save() return Response({ "message": "USER CREATED", "user": { "email": request.data["email"], "nickname": request.data["nickname"] }, "isLogged": True, "signupCorrect": True }) return Response({ "message": "USER ALREADY EXISTS", "user": {}, "isLogged": False, "signupCorrect": False })
def _generate_hash(cls, secret_key, master_key): pair = pbkdf2_sha256.using(rounds=250_000, salt_size=32).hash(master_key) salt = pair.split("$")[3] hashed = pair.split("$")[4] key = cls._combine_keys(secret_key, hashed) return key, salt
def register(): form = RegistrationForm(request.form) if request.method == 'POST' and form.validate( ) and not query.user.get_userLogin( form.username.data) and not query.user.get_userLogin( form.email.data): username = html_escape(form.username.data) email = html_escape(form.email.data) password = pbkdf2_sha256.using(rounds=10000, salt_size=16).hash( html_escape(form.password.data)) query.user.register_user(username, email, password) return redirect(url_for('Page.login')) return render_template("register.html", form=form)
def reset(): form = PassResetForm(request.form) if request.method == 'POST' and form.validate(): username = getSessionUsername() user = query.user.get_userLogin(username) try: if user and pbkdf2_sha256.verify( form.password.data, user["password"]) and user["is_active"] == 1: new_password = pbkdf2_sha256.using( rounds=10000, salt_size=16).hash(html_escape(form.new_password.data)) query.user.Updatepassword(username, new_password) flash('Your password has been change.') else: flash('Please check your password and try again.') except: flash('Please check your password and try again.') return render_template("password_reset.html", form=form)
def create_user(user): #user = body user["api_key"] = uuid.uuid4() user["pwd"] = pbkdf2_sha256.using(rounds=200000, salt_size=16).hash(user["pwd"]) if ("username" in user and len(user["username"]) == 0) or not "username" in user and "email" in user: user["username"] = user["email"].split("@")[0] print(user) created_user, code = model.post(Model, user) if 'X-Api-Key' in request.headers and request.headers[ 'X-Api-Key'] is not None: from_anon = request.headers['X-Api-Key'] anon_user = db_session.query(User).filter( User.api_key == from_anon).one_or_none() if anon_user: print('deleting user') db_session.execute( "update submissions set user_id='{1}' where user_id='{0}'". format(anon_user.id, created_user.id)) db_session.query(User).filter(User.id == anon_user.id).delete() db_session.commit() if code == 201: if (created_user.info is not None and created_user.info['anonymous'] is False): user_project = { 'name': created_user.username, 'description': 'Default space for {}'.format(created_user.username), 'active': True, 'owned_by': created_user.id } p = Project(**user_project) created_user.member_of.append(p) db_session.add(created_user) db_session.commit() db_session.refresh(created_user) return created_user.dump(), code else: return created_user, 409
def register_post(): username = request.form.get('username') password = request.form.get('password') firstname = request.form.get('firstname') lastname = request.form.get('lastname') company = request.form.get('company') # constraints on usernames and other inputs would go here # check if username is taken with oursql.connect(**config.get('mysql')) as c: c.execute("SELECT username FROM users WHERE username = ?", (username,)) r = c.fetchall() if r: return render_template('registerusername.html', error="Username is taken", username=username, lastname=lastname, firstname=firstname, company=company) # passed checks - hash password and insert user into database pw_crypt = pbkdf2_sha256.using(rounds=8000, salt_size=10).hash(password) with oursql.connect(**config.get('mysql')) as c: c.execute("INSERT INTO users VALUES (NULL, ?, ?, ?, ?, ?)", (username, pw_crypt, firstname, lastname, company,)) return redirect('/')
def get_password(cls, password): return pbkdf2_sha256.using(rounds=config.password_iterations).hash(password)