def users_put_view(request): """ Used for forgotten password requests """ # TODO Make tests for this # TODO Make this a temporary reset link thing instead of actually resetting passwords to random if request.user is not None: request.response.status = 400 return { 'd': error_dict('api_errors', 'you are already logged in, ignoring') } username = request.json_body.get('username') email = request.json_body.get('email') if not isinstance(username, basestring) or not isinstance( email, basestring): request.response.status = 400 return { 'd': error_dict('api_errors', 'username and email are required string fields') } user = request.dbsession.query(User).filter( User.username == username.lower()).one_or_none() if user is None or user.email != email.lower(): request.response.status = 400 return {'d': error_dict('api_errors', 'invalid state found')} uid = uuid4() newpass = uid.hex user.salt = os.urandom(256) user.password = hash_password(newpass, user.salt) # This needs to be written to whatever queues/sends an email out. # send_email.apply_async((user.email, "pyrapostbin password recovery", recovery_template %(username, newpass))) return {'d': 'recovery email sent'}
def do_login(self): """handle tasserver login""" if self.tasclient.flags.register: Log.notice("Not logging in because a registration is in progress") return if self.verbose: Log.notice("Logging in...") phash = utilities.hash_password(self.config.get('tasbot', "password")) self.tasclient.login(self.config.get('tasbot', "nick"), phash, "Newbot", 2400, self.config.get('tasbot', "lanip", "*"))
def user_id_put_view(request): if request.user is None: request.response.status = 400 return { 'd': error_dict('api_errors', 'not authenticated for this request') } if not request.matchdict.get('user_id') or int( request.matchdict.get('user_id')) != request.user.id: request.response.status = 400 return { 'd': error_dict('api_errors', 'not authenticated for this request') } valid_types = { 'email': basestring, 'pin': basestring, 'timezone': datetime, 'infoemails': bool, } email = request.json_body.get('email') authpin = request.json_body.get('authpin') timezone = request.json_body.get('timezone') infoemails = request.json_body.get('infoemails') if not isinstance(email, basestring): request.response.status = 400 return { 'd': error_dict('api_errors', 'email invalid: must be a string') } try: v = validate_email(email) # validate and get info email = v["email"] # replace with normalized form except EmailNotValidError as e: # email is not valid, exception message is human-readable request.response.status = 400 return {'d': error_dict('api_errors', 'email invalid: %s' % e)} password = request.json_body.get('password') # Password must be optional, since they don't know the old value if password is not None: if not isinstance(password, basestring): request.response.status = 400 return {'d': error_dict('api_errors', 'password must be a string')} if len(password) < 8: request.response.status = 400 return { 'd': error_dict('api_errors', 'password must be at least 8 characters') } request.user.password = hash_password(password, request.user.salt) request.user.email = email request.dbsession.flush() request.dbsession.refresh(request.user) return {'d': dict_from_row(request.user, remove_fields=removals)}
def users_post_view(request): username = request.json_body.get('username') if not isinstance(username, basestring): request.response.status = 400 return { 'd': error_dict( 'api_errors', 'username, email, and password are all required string fields') } if username_in_use(request.json_body['username'], request.dbsession): request.response.status = 400 return { 'd': error_dict( 'verification_error', 'username already in use: %s' % request.json_body['username']) } requires = ['email', 'password'] if not all(field in request.json_body for field in requires) \ or not all(isinstance(request.json_body.get(field), basestring) for field in request.json_body): request.response.status = 400 return { 'd': error_dict( 'api_errors', 'username, email, and password are all required string fields') } user = User() user.salt = os.urandom(256) user.password = hash_password(request.json_body['password'], user.salt) user.username = request.json_body['username'].lower() user.email = request.json_body['email'].lower() user.origin = request.json_body.get('origin', None) user.authpin = '123456' request.dbsession.add(user) request.dbsession.flush() request.dbsession.refresh(user) s = Session() s.owner = user.id s.token = str(uuid4()) request.dbsession.add(s) request.dbsession.flush() request.dbsession.refresh(s) result = dict_from_row(user, remove_fields=removals) result['session'] = dict_from_row(s, remove_fields=removals) return {'d': result}
def register(username,password): host = 'lobby.springrts.com' port = 8200 phash = hash_password(password) reg = 'REGISTER %s %s\n'%(username, phash) sock = socket.socket() sock.connect((host, port)) sock.send(reg) resp = receive(sock) login='******'%(username,phash) sock.send(login) while 'AGREEMENTEND' not in resp[0]: resp = receive(sock) sock.send('CONFIRMAGREEMENT\n') sock.send(login) sock.send('EXIT\n') sock.close()
def login_helper(): # function login_helper allows the user to try to enter # their password a maximum of three times before exiting number_of_password_login_attempts = 0 bool = False global USER_EMAIL email = check_email() utilities.USER_EMAIL = email # if email is None then the user mis-entered their email three times, # so exit json_data = open(USER_LIST) jdata = json.load(json_data) user_data = jdata["Users"] # case where email exists in JSON file if email in user_data[0]: print("Email exists, you may proceed!") while number_of_password_login_attempts < MAX_TIMES_ALLOWED_TO_ENTER: password = get_password() # get the user's password attempt old_pass = "" salt = "" with open(USER_LIST) as f: data = json.load(f) for p in data["Users"]: salt = p[email]["salt"] old_pass = p[email]["password"] new_pass = hash_password(password, salt) if old_pass == new_pass: print("password is correct") bool = True number_of_password_login_attempts = 4 else: print("password is incorrect") bool = False number_of_password_login_attempts += 1 elif email not in user_data[0]: print("\nUser with that email not registered!") print("Exiting\n") return bool
def log_in(codecool): """ Checks is login and password belong to one same user Args: codecool (obj): School object - aggregate all users and assignments Returns: User (obj) """ login = school_view.get_login() password = school_view.get_password() password = utilities.hash_password(password) users = codecool.managers_list + codecool.administrators_list + codecool.mentors_list + codecool.students_list for user in users: if user.login == login and user.password == password: return user
def add_user(school, kind='student'): """ Appends users_list in school object by new created user object Prints error message if login is not unique Args: school (obj): school object - aggregate all users and assignments kind (str): information lets add object to proper list Returns: None """ try: name = create_data_for_user('name', is_name_alpha) surname = create_data_for_user('surname', is_name_alpha) login = create_login(school) password = create_data_for_user('password', is_password_sufficient) email = create_data_for_user('email', is_email) phone = create_data_for_user('phone', is_phone_number) id_ = user_model.User.last_id + 1 password = utilities.hash_password(password) if kind == 'mentor': users_list = school.mentors_list else: users_list = school.students_list if kind == 'student': new_user = student_model.Student(name, surname, login, password, email, phone, id_) else: new_user = mentor_model.Mentor(name, surname, login, password, email, phone, id_) users_list.append(new_user) except ValueError: ui.print_error_message('Adding user was interrupted')
def register(self, username, password): """register new account on tasserver""" phash = utilities.hash_password(self.config.get('tasbot', "password")) self.tasclient.register(self.config.get('tasbot', "nick"), phash)