def post(self, mID): username = self.request.get('username') password = self.request.get('password') message = [] if username and password: user = db.GqlQuery('select * from UserModel where username = :1 limit 1', username) user = list(user) if len(user) > 0: user = user[0] if utils.verify_password(username, password, user.hashedpw): userid = str(user.key().id()) self.response.headers.add_header('Set-Cookie', 'userid=%s; Path=/' % utils.securify_cookie(userid)) self.redirect('/adminpanel') else: logging.error('wrong password') message.append('wrong password') utils.assign_session_message(self, mID, message) self.redirect('/login') else: logging.error('no such user') message.append('no such user') utils.assign_session_message(self, mID, message) self.redirect('/login') else: message.append('fill both fields') utils.assign_session_message(self, mID, message) self.redirect('/login')
def login(): try: if request.is_json: content = request.get_json() else: content = request.form email = content["email"] password = content["password"] except Exception as e: log.error(e) return error("Bad form data") _target = db.users.find_one({"email": email}) if _target is None: return error(message="User not found", code=404) if verify_password(_target["password"], password) is False: return error(message="Wrong credentials") _jwt = jwt.encode({ "id": str(_target["_id"]) }, SECRET, algorithm='HS256').decode() return {"token": _jwt}, 200
def login(): if g.user is not None and g.user.is_authenticated: return redirect(url_for('index')) form = LoginForm() if form.validate_on_submit(): #flash('Login requested for username = %s, remember_me = %s' % #(form.username.data, str(form.remember_me.data)) #) user = models.User.query.filter_by(username = \ str(form.username.data)).first() if user is None: flash('username "%s" not registered. Please register' \ % str(form.username.data)) return render_template('login.html', title='Sign in', form=form, user=g.user) elif verify_password(form.password.data, user.password) is False: flash('Invalid password') return render_template('login.html', title='Sign in', form=form, user=g.user) else: session['remember_me'] = form.remember_me.data login_user(user, remember=form.remember_me.data) return redirect(request.args.get('next') or url_for('dashboard')) return render_template('login.html', title='Sign in', form=form, user=g.user)
def post(self): json_data = request.get_json() email = json_data.get('email') username = json_data.get('username') if (email): user = User.get_by_email(email=email) elif (username): user = User.get_by_username(username=username) password = json_data.get('password') if not user or not verify_password(password, user.password): return { 'message': 'email or password is incorrect' }, HTTPStatus.UNAUTHORIZED access_token = create_access_token(identity=user.id, fresh=True) refresh_token = create_refresh_token(identity=user.id) return { 'access_token': access_token, 'refresh_token': refresh_token, }, HTTPStatus.OK
def login(): if request.method == 'GET': return render_template('login.html', logged_user=session['user_id'], logged_user_name=session['user_name']) user_name_to_check = request.form['user_name'] password_to_check = request.form['password'] hash_to_check = datamanager.get_hash(user_name_to_check) try: is_verified = utils.verify_password(password_to_check, hash_to_check['hash']) except: error_message = "Wrong password or User Name" return render_template('login.html', error_message=error_message, logged_user=session['user_id'], logged_user_name=session['user_name']) if is_verified == True: session['user_id'] = datamanager.get_user_id(user_name_to_check)['user_id'] session['user_name'] = user_name_to_check questions = datamanager.get_questions() main_page = 0 return render_template("list.html", questions=questions, header=datamanager.list_header, main_page=main_page, logged_user=session['user_id'], logged_user_name=session['user_name']) else: error_message = "Wrong password or User Name" return render_template('login.html', error_message=error_message, logged_user=session['user_id'], logged_user_name=session['user_name'])
def post(self): #next_url = str(self.request.get('next_url')) #if not next_url or next_url.startswith('/login'): #next_url = '/' username = self.request.get('username') password = self.request.get('password') verify = self.request.get('verify') email = self.request.get('email') valid_user = utils.valid_username(username) valid_pass = utils.valid_password(password) passwords_match = utils.verify_password(password, verify) email_valid = utils.valid_email(email) params = dict(valid_user = valid_user, valid_pass = valid_pass, passwords_match = passwords_match, email_valid = email_valid) errors = set_errors(params) if not errors: user_exists = db.GqlQuery("SELECT * FROM User WHERE name = :1", username).get() if not user_exists: new_user = User(name = username, password = utils.make_pw_hash(username, password), email = email) new_user.put() self.login(new_user) self.redirect('/wiki') # CHANGE THIS!!! else: error_user = "******" self.render("signup.html", error_user = error_user) else: self.render("signup.html", username=username, email=email, **errors)
def verify_user(name, hashed_password): query = Query() import app res = app.db.search(query.username == name) if not res or not utils.verify_password(hashed_password, res[0]['password']): return False return True
def validate_user(db: Session, credentials): user = get_user_by_email(db, credentials.username) if user is None: raise ValueError("Wrong username. Use your email.") if not verify_password(user.password, credentials.password): raise WrongPasswordException("Password incorrect.") return user
def authenticate_user(self, username: str, password: str): user = self.__repository.find_by_username(username) if user: if verify_password(user.password, password): access_token = self.__login_manager.create_access_token( data={"sub": username}, expires=timedelta(hours=4)) return self.__presenter.respond(access_token) else: return self.__presenter.respond_with_error( f"Invalid password for user: {user.username}") else: return self.__presenter.respond_with_error("Invalid username")
def user_verification(): attempt_email = request.form["email"] user_hash = data_manager.get_password_hash_by_email(attempt_email) attempt_password = request.form["plain_text_password"] verified = utils.verify_password(attempt_password, user_hash) if verified: session["user"] = attempt_email # could be a dictionary instead session[attempt_email] = data_manager.get_user_data_by_email(attempt_email) data_manager.save_login_time(session[session["user"]]["id"]) return redirect(url_for("index")) else: form_action = url_for("user_verification") user_action = "Sign in" return render_template("new_user.html", form_action=form_action, user_action=user_action, verification_failed=True)
def post(self): password_ok = False try: password_ok = utils.verify_password(self.config.password_hash, self.get_argument("password")) if password_ok: self.set_secure_cookie(USER_COOKIE_NAME, self.get_argument("username")) except utils.VerificationError: pass if password_ok: next_url = self.get_argument("next_url") self.redirect(next_url) else: self.get()
def get_from_defuser(self, username, password): try: o = DefUser.objects.get(name=username) m = o.defusername_set.get(id=o) if m is None: return None, False if utils.verify_password(password, m.password): return o, True else: return o, False except DefUser.DoesNotExist: return None, False return None, False
def post(self): user_username = self.request.get("username") user_password = self.request.get("password") user_verify = self.request.get("verify") user_email = self.request.get("email") uname = user_username email = user_email uname_err = utils.check_username(user_username) pw_err="" vpw_err="" email_err="" Success= True if uname_err != "": Success= False if utils.check_password(user_password)==False: pw_err="That's not a valid password." Success= False if utils.verify_password(user_password, user_verify)==False: vpw_err="Your passwords didn't match." Success= False if len(email) != 0: if utils.check_email(user_email)==False: email_err="That's not a valid email." Success= False if Success: x = utils.make_pw_hash(uname, user_password) saltedPass = x.split("|")[0] salt = x.split("|")[1] if len(email) != 0: newUser = User(key_name = uname, username = uname, email=email, password = saltedPass, salt = salt) else: newUser = User(key_name = uname, username = uname, password = saltedPass, salt = salt) newUser.put() setUser = "******" + uname self.response.headers.add_header('Set-Cookie', setUser.encode()) self.redirect("/") else: self.render_signup(uname, email,uname_err, pw_err, vpw_err,email_err)
def sign_in(): if current_user.is_authenticated: return redirect(url_for('doctor.questions')) from utils import verify_email, verify_password form = SignInForm() if form.validate_on_submit(): doctor = verify_email(form.email.data) if doctor is not None and verify_password(doctor, form.password.data): login_user(doctor, form.remember_me.data) flash('Welcome, Dr. %s' % doctor.first_name) return redirect( request.args.get('next') or url_for('doctor.questions')) else: flash('Invalid username or password!') redirect(url_for(request.endpoint)) form.email.data = request.form.get('email') return render_template('doctor/signin.html', form=form)
def retrieve_password(conn): cur = conn.cursor() account_name = input('Please enter account to retrieve password...: ') try: query = cur.mogrify('''SELECT * FROM vault WHERE account = %s''', (account_name, )) cur.execute(query, account_name) return_row = cur.fetchone() raw_passwd = verify_password(return_row[2]) logger.info('Password decryption successful') cur.close() return account_name, raw_passwd.decode('utf-8') except LookupError: logger.exception('Lookup error on database, account provided by user not in database') print('account matching query does not exist') sys.exit()
def login(): if request.method == 'POST': user_data = request.form.to_dict() if data_handler.check_if_user_exist_in_database(user_data['username']): password = data_handler.check_if_user_exist_in_database( user_data['username'])['password'] user_id = data_handler.check_if_user_exist_in_database( user_data['username'])['id'] if utils.verify_password(user_data['password'], password): utils.save_user_session([user_id, request.form['username']]) return render_template('index.html', user_name=session['username']) else: message = "Invalid data" return render_template('index.html', message=message) else: message = "Invalid data" return render_template('index.html', message=message) else: return render_template('index.html')
def update_password(conn): cur = conn.cursor() account = input('Account name to be changed: ') try: query = cur.mogrify('''SELECT * FROM vault WHERE account = %s''', (account, )) cur.execute(query, account) return_row = cur.fetchone() raw_passwd = verify_password(return_row[2]) chance = 0 while chance <= 2: old_password = getpass('Old password: '******'utf-8') != old_password: logger.warning('Password given by user does not match existing password in database') print('Incorrect password!') if chance == 2: print('You have tried the wrong password 3 times!') logger.fatal('User entered incorrect password 3 times') sys.exit() else: break chance += 1 except LookupError: print('account matching query does not exist') sys.exit() key = Fernet.generate_key() new_password = getpass('New password') token = generate_token(new_password, key) with open(os.path.join(KEY_STORE_DIR, 'secrets.txt'), 'ab') as secret: secret.write(key) args = (base64.urlsafe_b64encode(token), account) query = cur.mogrify('''UPDATE vault SET password = %s WHERE account = %s''', args) cur.execute(query) conn.commit() cur.close()
def check_password(username, password): """ Check the validity of a username-password pair :param username: :param password: :return: DB document of user if valid """ user = db.users.find_one( {"$or": [{ "username": username }, { "email": username }]}) if not user or not verify_password(password, user["pwhash"], user["salt"]): raise AuthError("用户名/密码错误") else: db.logs.insert_one({ "timestamp": time(), "action": "login", "username": username }) user.pop("_id") return user
def recheck_password(user_id, password): user = db.users.find_one({"id": user_id}) return user and verify_password(password, user["pwhash"], user["salt"])
def validate_password(self, field): password = field.data verify_password(password)
def verify_password(self, password): return verify_password(password, self.password)