def test_create_check_password_hash(self):
self.assertRaises(TypeError, security.generate_password_hash, "foo",
"bar")
password = "******"
hashval = security.generate_password_hash(password, "sha1")
self.assertTrue(security.check_password_hash(password, hashval))
hashval = security.generate_password_hash(password,
"sha1",
pepper="bar")
self.assertTrue(
security.check_password_hash(password, hashval, pepper="bar"))
hashval = security.generate_password_hash(password, "md5")
self.assertTrue(security.check_password_hash(password, hashval))
hashval = security.generate_password_hash(password, "plain")
v = security.check_password_hash(password, hashval)
self.assertTrue(v)
hashval = security.generate_password_hash(password, "plain")
self.assertFalse(security.check_password_hash(password, ""))
hashval1 = security.hash_password(str(password), "sha1", "bar")
hashval2 = security.hash_password(str(password), "sha1", "bar")
self.assertTrue(hashval1 is not None)
self.assertEqual(hashval1, hashval2)
hashval1 = security.hash_password(str(password), "md5", None)
hashval2 = security.hash_password(str(password), "md5", None)
self.assertTrue(hashval1 is not None)
self.assertEqual(hashval1, hashval2)
def test_create_check_password_hash(self):
self.assertRaises(TypeError, security.generate_password_hash, 'foo',
'bar')
password = '******'
hashval = security.generate_password_hash(password, 'sha1')
self.assertTrue(security.check_password_hash(password, hashval))
hashval = security.generate_password_hash(password,
'sha1',
pepper='bar')
self.assertTrue(
security.check_password_hash(password, hashval, pepper='bar'))
hashval = security.generate_password_hash(password, 'md5')
self.assertTrue(security.check_password_hash(password, hashval))
hashval = security.generate_password_hash(password, 'plain')
self.assertTrue(security.check_password_hash(password, hashval))
hashval = security.generate_password_hash(password, 'plain')
self.assertFalse(security.check_password_hash(password, ''))
hashval1 = security.hash_password(unicode(password), 'sha1', u'bar')
hashval2 = security.hash_password(unicode(password), 'sha1', u'bar')
self.assertTrue(hashval1 is not None)
self.assertEqual(hashval1, hashval2)
hashval1 = security.hash_password(unicode(password), 'md5', None)
hashval2 = security.hash_password(unicode(password), 'md5', None)
self.assertTrue(hashval1 is not None)
self.assertEqual(hashval1, hashval2)
def test_create_check_password_hash(self):
self.assertRaises(TypeError, security.generate_password_hash, 'foo',
'bar')
password = '******'
hashval = security.generate_password_hash(password, 'sha1')
self.assertTrue(security.check_password_hash(password, hashval))
hashval = security.generate_password_hash(password, 'sha1', pepper='bar')
self.assertTrue(security.check_password_hash(password, hashval,
pepper='bar'))
hashval = security.generate_password_hash(password, 'md5')
self.assertTrue(security.check_password_hash(password, hashval))
hashval = security.generate_password_hash(password, 'plain')
self.assertTrue(security.check_password_hash(password, hashval))
hashval = security.generate_password_hash(password, 'plain')
self.assertFalse(security.check_password_hash(password, ''))
hashval1 = security.hash_password(unicode(password), 'sha1', u'bar')
hashval2 = security.hash_password(unicode(password), 'sha1', u'bar')
self.assertTrue(hashval1 is not None)
self.assertEqual(hashval1, hashval2)
hashval1 = security.hash_password(unicode(password), 'md5', None)
hashval2 = security.hash_password(unicode(password), 'md5', None)
self.assertTrue(hashval1 is not None)
self.assertEqual(hashval1, hashval2)
def get_by_auth_password(cls, auth_id, password):
user = cls.get_by_auth_id(auth_id)
if not user:
raise auth.InvalidAuthIdError()
if not security.check_password_hash(password, user.password):
raise auth.InvalidPasswordError()
return user
def callback(self, req):
token = req.GET['token']
email = req.GET['email']
timestamp = req.GET['ts']
if not token or not email:
self.raise_error('Invalid confirmation link, please validate.')
auth_id = models.User.generate_auth_id(req.provider, email)
profile = models.UserProfile.get_by_id(auth_id)
if not profile:
return self.raise_error('The information that you\'ve provided '
'doesn\'t match our records. '
'Please try again.')
if not security.check_password_hash(profile.password+timestamp, token):
return self.raise_error('The information that you\'ve provided '
'doesn\'t match our records. '
'Please try again.')
delta_time = datetime.date.fromtimestamp(float(timestamp)) - datetime.date.today()
if delta_time.days >= 1:
return self.raise_error('Expired validation link. '
'Please try again.')
profile.verified = True
profile.put()
req.load_user_by_profile(profile)
return req.get_redirect_uri()
def validate_password(self, new_raw_password):
testHash = security.check_password_hash(new_raw_password,
self.password)
if (testHash):
return True
else:
return False
def post(self):
changed = str(self.request.get('type'))
# Change the name
if changed == 'name':
logging.info("Changed Name")
self.user.name = str(self.request.get('newValue'))
self.user.put()
# Change the password
elif changed == 'password':
oldPass = str(self.request.get('oldValue'))
newPass = str(self.request.get('newValue'))
# logging.info("Passed Old Passwpord: " + oldPass)
if security.check_password_hash(oldPass, self.user.password) is False:
self.response.write('Failed')
return
self.user.set_password(newPass)
self.user.put()
# logging.info("Password Changed")
elif changed == 'picture':
logging.info("Chnagee picture")
elif changed == 'deactivate':
logging.info("Deactivated Account")
def get(self, create_by):
q = self.request.GET
if create_by not in ('uuid', 'password'):
return
new_userid = create_by +":"+str( q['userid'] )
a = AccountDB.get_by_id(new_userid)
if a: #IDの存在チェック
if security.check_password_hash(q['password'], a.password, pepper=PASSWORD_PEPPER):
#パスワードOK
p = PlayerDB.get_by_id(new_userid)
self.session = session(self.request)
self.session.start(new_userid, {"plkey":p.key})
#playerdb+ssid 返す
return webapp2.Response( json.dumps( {"result":p.to_dict()}, self.session) )
return webapp2.Response( json.dumps( {"code":1, "message":"ログインに失敗しました。"} ) )
passh = security.create_password_hash(q['password'], pepper=PASSWORD_PEPPER)
a = AccountDB(id = new_userid, userid = new_userid, password = passh, create_by = create_by)
p = PlayerDB(id = new_userid, userid = new_userid, namae=q['namae'])
ndb.put_multi( (a, p) )
self.session = session(self.request)
self.session.start(new_userid, {"plkey":p.key})
return webapp2.Response( json.dumps( {"result":p.to_dict()}, self.session ) )
def get_by_auth_password(cls, auth_id, password):
"""Returns a user object, validating password.
:param auth_id:
Authentication id. In this application, the email
:param password:
Password to be checked.
:returns:
A user object, if found and password matches.
:raises:
``auth.InvalidAuthIdError`` or ``auth.InvalidPasswordError``.
"""
myclient = pymongo.MongoClient(server_config.mongodbURL)
mydb = myclient[server_config.mongodbDB]
mycol = mydb["users"]
user_result = mycol.find_one({"email": auth_id})
if user_result is None:
raise auth.InvalidAuthIdError()
if not security.check_password_hash(password, user_result['password']):
raise auth.InvalidPasswordError()
return User(user_result['user_id'], auth_id,
user_result['friendly_name'], user_result['level'])
def update_password(self, password, new_password):
"""Update the password for the user if the existing password matches."""
if not security.check_password_hash(password, self.password):
raise auth.InvalidPasswordError()
self.password = security.generate_password_hash(new_password, length=12)
self.put()
def check_user_password(cls, login=None, raw_password=None):
"""
Check if user and password match whith user and password in DB
Method make a DB query and checking if password hashes is same
with security.check_user_password() method
:param login:
login
:param raw_password:
password
:return:
Login instance or None
"""
logging.info('LoginClass:check_user_password() => Strat check_user_password()')
if not raw_password:
logging.info('LoginClass:check_user_password() => raw_password is empty, return None')
return None
logging.info('LoginClass:check_user_password() => Making QUERY to DB to get user instance')
u = cls.query(Login.username == login).get()
if not u:
logging.error('LoginClass:check_user_password() => User NOT found. Return None')
return None
logging.info('LoginClass:check_user_password() => User FOUND')
# comment for production
# return u if security.check_password_hash(raw_password, u.pw_hash, pepper=PEPPER) else None
sec_check = security.check_password_hash(raw_password, u.pw_hash, pepper=PEPPER)
logging.info('LoginClass:check_user_password() => Result of security.check_password_hash() is %s' % sec_check)
logging.info('LoginClass:check_user_password() => Return user instance or if True and None otherwise')
return u if sec_check else None
def update_password(self, password, new_password):
"""Update the password for the user if the existing password matches."""
if not security.check_password_hash(password, self.password):
raise auth.InvalidPasswordError()
self.password = security.generate_password_hash(new_password,
length=12)
self.put()
def post(self):
'''
Corresponds to a possible attempt to change some account settings.
Possible fields to change:
- name
- email_address
- password
'''
should_update_user = False
new_name = self.request.POST['name']
try:
new_email = self.request.POST['email']
except KeyError:
new_email = self.user.email_address
if self.user.name != new_name:
self.user.name = new_name
should_update_user = True
if self.user.email_address != new_email:
if self.user.change_auth_id(new_email):
self.user.email_address = new_email
should_update_user = True
else:
context = {
'name': self.user.name,
'email_address': self.user.email_address,
'error_alert': 'A user with that email address already exists.'
}
return self.render_response('account_settings.html', **context)
try:
new_password = self.request.POST["password"]
current_password = self.request.POST["current_password"]
except KeyError:
new_password = None
if new_password not in [None, '']:
# Check that correct current password was entered
if security.check_password_hash(current_password, self.user.password):
# Correct
self.user.set_password(new_password)
should_update_user = True
else:
# Incorrect
context = {
'name': self.user.name,
'email_address': self.user.email_address,
'error_alert': 'Incorrect password.'
}
return self.render_response('account_settings.html', **context)
if should_update_user:
self.user.put()
context = {
'name': self.user.name,
'email_address': self.user.email_address,
'success_alert': 'Successfully updated account settings!'
}
return self.render_response('account_settings.html', **context)
def authenticate(cls, username, password):
user = cls.query().filter(cls.username == username).get()
if user is None:
return None
if check_password_hash(password, user.password_hash):
return user
return None
def get_by_auth_password(cls, auth_id, password):
user = cls.get_by_auth_id(auth_id)
if user == None:
raise auth.InvalidAuthIdError()
if not security.check_password_hash(password, user.password):
raise auth.InvalidPasswordError()
return user
def get_by_auth_password(cls, email, password):
user = cls.get_by_email(email)
if not user:
raise auth.InvalidAuthIdError("No user with email '%s'." % (email))
if not security.check_password_hash(password, user.password_hash):
raise auth.InvalidPasswordError("Bad password for user '%s'." % (email))
return user
def post(self, *args, **kwargs):
if not 'u' in self.session:
email = self.request.POST['email']
password = self.request.POST['password']
user = User.query(ndb.AND(User.email == email), namespace='_x_')
if user.get() is None:
self.render_user_login(is_loggedin=False,
error='Email or Password is wrong!.')
return
if user.get().is_admin:
self.render_user_login(is_loggedin=False,
error='Email or Password is wrong!.')
return
else:
if check_password_hash(password, user.get().password):
self.delete_session()
self.set_current_user(user)
else:
self.render_user_login(
is_loggedin=False,
error='Email or Password is wrong!.')
return
user_key = self.session.get('u')
user = ndb.Key(urlsafe=user_key).get()
school_length = len(user.schools)
#check schools that user was asigned
if school_length == 1:
school_key = user.schools[0]
school_key = school_key.get().key.urlsafe()
self.set_current_school(school_key)
self.redirect("/")
return
if school_length == 0:
self.render_user_login(
is_loggedin=False,
error=
"You don't have any schools!. Please contact with admin for this reason."
)
self.delete_session()
return
if school_length > 1 and 'school' not in self.request.POST:
schools = [school_key.get() for school_key in user.schools]
self.render_user_login(is_loggedin=True, schools=schools)
return
school_key = self.request.POST['school']
self.set_current_school(school_key)
self.redirect("/")
def _check_password(self, password):
# TODO switch password encryption to bcrypt
"""
Validate that the user supplied password matches the the hashed
password saved to the datastore.
:param password: string representing the password
:return: boolean True if match False if not.
"""
return security.check_password_hash(password, self.password)
def validate_username_and_password(cls, username, password):
"""Returns (user, reason-if-not-valid)."""
# TODO: check if user.status != 0 here?
user = cls.get_by_username(username)
if not user:
return None, 'invalid-username'
if not security.check_password_hash(password, user.password):
return None, 'invalid-password'
return user, None
def check_password( self, password ):
""" Checks that password is valid.
:param password:
The password to check
:returns:
True if password matches database, False otherwise
"""
if password is not None and self.password is not None:
return security.check_password_hash( password, self.password )
else:
return False
def check_password( self, password ):
""" Checks that password is valid.
:param password:
The password to check
:returns:
True if password matches database, False otherwise
"""
if password is not None and self.password is not None:
return security.check_password_hash( password, self.password )
else:
return False
def post(self):
"""Update user info"""
first_name = self.request.POST['first_name']
last_name = self.request.POST['last_name']
email = self.request.POST['email']
phone = self.request.POST['phone']
current_password = self.request.POST['current_password']
new_password = self.request.POST['new_password']
confirm_password = self.request.POST['confirm_password']
errors = {
'wrong': 'Current password is wrong.',
'required': 'Field current password is required.',
'not_correct': 'Confirm password is not correct.',
'success': 'Account updated successfully.'
}
user_key = self.session.get('u')
user = ndb.Key(urlsafe=user_key).get()
if not current_password:
self.render_account(error=errors['required'],
user=user,
school_name=self.school_name,
schools=self.list_school)
else:
if check_password_hash(current_password, user.password):
if new_password:
if new_password != confirm_password:
self.render_account(error=errors['not_correct'],
user=user,
school_name=self.school_name,
schools=self.list_school)
else:
self.update_user(user, first_name, last_name, phone,
email, new_password)
self.render_account(error=errors['success'],
user=user,
school_name=self.school_name,
schools=self.list_school)
else:
self.update_user(user, first_name, last_name, phone, email,
user.password)
self.render_account(error=errors['success'],
user=user,
school_name=self.school_name,
schools=self.list_school)
else:
self.render_account(error=errors['wrong'],
user=user,
school_name=self.school_name,
schools=self.list_school)
def post(self):
'''
Corresponds to a possible attempt to change some account settings.
Possible fields to change:
- name
- email_address
- password
'''
should_update_user = False
new_name = self.request.POST['name']
# new_email = self.request.POST['email']
if self.user.name != new_name:
self.user.name = new_name
should_update_user = True
# if self.user.email_address != new_email:
# if self.user.change_auth_id(new_email):
# self.user.email_address = new_email
# should_update_user = True
# else:
# context = {
# 'name': self.user.name,
# 'email_address': self.user.email_address,
# 'error_alert': 'A user with that email address already exists.'
# }
# return self.render_response('account_settings.html', **context)
context = {
'name': self.user.name,
'email_address': self.user.email_address
}
try:
new_password = self.request.POST["password"]
current_password = self.request.POST["current_password"]
except KeyError:
new_password = None
if new_password not in [None, '']:
# Check that correct current password was entered
if security.check_password_hash(current_password,
self.user.password):
# Correct
self.user.set_password(new_password)
should_update_user = True
else:
# Incorrect
context['error_alert'] = 'Incorrect password.'
return self.render_response('account_settings.html', **context)
# Was anything updated?
if should_update_user:
self.user.put()
context['success_alert'] = 'Successfully updated account settings!'
else:
context['error_alert'] = "You didn't request any changes."
return self.render_response('account_settings.html', **context)
def post(self):
redirect_url = util.get_redirect_url_from_session()
email = self['email']
user = User.get_by_key_name(email)
if check_password_hash(self['password'], user.password):
create_tpld(email, self['network'])
modify_session(email)
self.redirect(redirect_url)
else:
session = get_current_session()
session.terminate()
self.redirect('/member/verification_failed')
def post(self):
old_password = self.request.get('oldpwd')
new_password = self.request.get('newpwd')
user = self.user
if not security.check_password_hash(old_password, user.password):
self.abort(501)
user.set_password(new_password)
user.put()
self.response.out.write("OK")
def post(self):
redirect_url = util.get_redirect_url_from_session()
email = self['email']
user = User.get_by_key_name(email)
if check_password_hash(self['password'], user.password):
create_tpld(email, self['network'])
modify_session(email)
self.redirect(redirect_url)
else:
session = get_current_session()
session.terminate()
self.redirect('/member/verification_failed')
def post(self):
"""Update user info"""
first_name = self.request.POST['first_name']
last_name = self.request.POST['last_name']
email = self.request.POST['email']
phone = self.request.POST['phone']
current_password = self.request.POST['current_password']
new_password = self.request.POST['new_password']
confirm_password = self.request.POST['confirm_password']
errors = {
'wrong' : 'Current password is wrong.',
'required' : 'Field current password is required.',
'not_correct' : 'Confirm password is not correct.',
'success' : 'Account updated successfully.'
}
user_key = self.session.get('u')
user = ndb.Key(urlsafe = user_key).get()
if not current_password:
self.render_account(error = errors['required'],
user = user,
school_name = self.school_name,
schools = self.list_school)
else:
if check_password_hash(current_password, user.password):
if new_password:
if new_password != confirm_password:
self.render_account(error = errors['not_correct'],
user = user,
school_name = self.school_name,
schools = self.list_school)
else:
self.update_user(user, first_name, last_name, phone, email, new_password)
self.render_account(error = errors['success'],
user = user,
school_name = self.school_name,
schools = self.list_school)
else:
self.update_user(user, first_name, last_name, phone, email, user.password)
self.render_account(error = errors['success'],
user = user,
school_name = self.school_name,
schools = self.list_school)
else:
self.render_account(error = errors['wrong'],
user = user,
school_name = self.school_name,
schools = self.list_school)
def getUser(email, pw):
result = list()
secure_pw = security.generate_password_hash(pw, 'sha1')
query = Users.query(Users.email==email)
user = query.fetch(1)
if len(user) > 0:
if security.check_password_hash(pw, user[0].pw):
user[0].user_id = user[0].key.id()
result.append(user[0])
return result
def get_by_auth_password(cls, auth_id, password):
"""Returns user, validating password.
:raises:
``auth.InvalidAuthIdError`` or ``auth.InvalidPasswordError``.
"""
user = cls.get_by_auth_id(auth_id)
if not user:
raise auth.InvalidAuthIdError()
if not security.check_password_hash(password, user.password):
raise auth.InvalidPasswordError()
return user
def get_by_auth_password(cls, auth_id, password):
"""Returns user, validating password.
:raises:
``auth.InvalidAuthIdError`` or ``auth.InvalidPasswordError``.
"""
user = cls.get_by_auth_id(auth_id)
if not user:
raise auth.InvalidAuthIdError()
if not security.check_password_hash(password, user.password):
raise auth.InvalidPasswordError()
return user
def post(self):
form = forms.JoinGameForm(self.request.POST)
try:
game_id = int(form.game.data)
game = models.game.get_by_id(game_id)
except:
game = None
auth_error = None
if game:
form.game.value = form.game.data
form.color1.choices = [(key, key) for key in _primaryColors.keys() if key not in game.primaryColorsChosen]
form.color2.choices = [(key, key) for key in _bonusColors.keys() if key not in game.bonusColorsChosen]
# to do: validate game exists
# to do: validate colors are valid (i.e., not chosen allready)
# to do: validate password?
# to do: validate user cannot join game twice
if form.validate:
if security.check_password_hash(form.password.data, game.password):
#player
p = models.player()
p.isAdmin = False
p.score = 0
p.primaryColor = form.color1.data
p.bonusColor = form.color2.data
p.put()
#user
self.user.players.append(p.key)
self.user.put()
#game
game.players.append(p.key)
game.primaryColorsChosen.append(form.color1.data)
game.bonusColorsChosen.append(form.color2.data)
game.put()
self.redirect(self.uri_for('game', game_id=game.key.id()))
else:
auth_error = "Invalid game password"
context = {
'game': game,
'form': form,
'auth_error': auth_error
}
self.render_response('joingame.html', **context)
def post(self, *args, **kwargs):
if not 'u' in self.session:
email = self.request.POST['email']
password = self.request.POST['password']
user = User.query(ndb.AND(User.email == email),
namespace = '_x_')
if user.get() is None:
self.render_user_login(is_loggedin = False, error='Email or Password is wrong!.')
return
if user.get().is_admin:
self.render_user_login(is_loggedin = False, error='Email or Password is wrong!.')
return
else:
if check_password_hash(password, user.get().password):
self.delete_session()
self.set_current_user(user)
else:
self.render_user_login(is_loggedin = False, error='Email or Password is wrong!.')
return
user_key = self.session.get('u')
user = ndb.Key(urlsafe=user_key).get()
school_length = len(user.schools)
#check schools that user was asigned
if school_length == 1:
school_key = user.schools[0]
school_key = school_key.get().key.urlsafe()
self.set_current_school(school_key)
self.redirect("/")
return
if school_length == 0:
self.render_user_login(is_loggedin = False, error="You don't have any schools!. Please contact with admin for this reason.")
self.delete_session()
return
if school_length > 1 and 'school' not in self.request.POST:
schools = [school_key.get() for school_key in user.schools]
self.render_user_login(is_loggedin = True, schools=schools)
return
school_key = self.request.POST['school']
self.set_current_school(school_key)
self.redirect("/")
def post(self):
email = self['email']
user = util.get_user(email)
if not user:
rd_url = '/member/check_email'
else:
rd_url = util.get_redirect_url_from_session()
if check_password_hash(self['password'], user.password):
self.login_user()
util.add_user_to_memcache(email)
else:
session = get_current_session()
session.terminate()
rd_url = '/member/verification_failed'
self.redirect(rd_url)
def post(self):
email = self['email']
password = self['password'] if self['password'] else None
redirect_url = str(self['redirect_url']) if self['redirect_url'] else '/community'
member = Member.get_by_email(email)
if 'member' in self.session and not email is self.session['member']:
self.response.out.write('another user already logged in')
return
if not email or not member:
self.response.out.write('user not in db')
return
if not check_password_hash(password, member.password):
self.response.out.write('wrong password')
return
self.session['member'] = email
self.redirect(redirect_url)
def login(self, request):
"""Exposes an API endpoint to query for an upload URL.
Args:
Returns:
"""
salt=config.get('salt')
aes_key=config.get('aes_key')
if not request.username:
LoginResponse(message="Provide a username")
username = request.username.lower()
# try:
if utils.is_email_valid(username):
user = User.get_by_email(username)
if user:
auth_id = user.auth_ids[0]
else:
raise InvalidAuthIdError
else:
auth_id = "own:%s" % username
user = User.get_by_auth_id(auth_id)
password = request.password.strip()
remember_me=False
# Password to SHA512
password = utils.hashing(password, salt)
# Try to login user with password
# Raises InvalidAuthIdError if user is not found
# Raises InvalidPasswordError if provided password
# doesn't match with specified user
user = User.get_by_auth_id(auth_id)
if not user:
raise endpoints.BadRequestException('Password/Username Do Not Match')
if not security.check_password_hash(password, user.password):
raise endpoints.BadRequestException('Password/Username Do Not Match')
else:
self.user_apikey = ApiKeys.get_apikey_by_user_id(user.key.id()).key.id()
return LoginResponse(apikey=self.user_apikey)
def change_password(self):
password_form = ProfilePasswordForm(self.request.POST)
contact_form = ProfileContactForm(None, self.user_complete)
dev = self.user_complete
if password_form.validate():
if security.check_password_hash(password_form.current_password.data, dev.password):
dev.password = security.generate_password_hash(
password_form.new_password.data, length=12)
dev.put()
self.session.add_flash("Password successfully changed.", "local")
return self.redirect_to("profile_settings")
else:
password_form.current_password.errors.append("Current password was invalid.")
self.render_response("auth/profile/settings.html",
contact_form=contact_form,
password_form=password_form)
def get(self):
timestamp = self.request.get('ts')
email = self.request.get('email')
token = self.request.get('token')
# validate url token
auth_id = models.User.generate_auth_id('email', email)
profile = models.UserProfile.get_by_auth_id(auth_id)
if not security.check_password_hash(profile.password+timestamp, token):
self.add_message('The information that you\'ve provided '
'doesn\'t match our records. '
'Please try again.')
return self.redirect_to('password-reset')
# show update password form
return self.render_template('auth/password_reset_complete.html', {'form':self.form})
def post(self):
email = self['email']
password = self['password'] if self['password'] else None
redirect_url = str(
self['redirect_url']) if self['redirect_url'] else '/community'
member = Member.get_by_email(email)
if 'member' in self.session and not email is self.session['member']:
self.response.out.write('another user already logged in')
return
if not email or not member:
self.response.out.write('user not in db')
return
if not check_password_hash(password, member.password):
self.response.out.write('wrong password')
return
self.session['member'] = email
self.redirect(redirect_url)
def get_by_password(self, firstname, lastname, password):
u"""
@param str firstname 名前
@param str lastname 苗字
@param str password パスワード
@return User
@raises auth.InvalidAuthIdError() | auth.InvalidPasswordError()
"""
user = cls.query(firstname == firstname and lastname == lastname).get()
if not user:
raise auth.InvalidAuthIdError()
if not security.check_password_hash(password, user.password):
raise auth.InvalidPasswordError()
return user
def get_by_auth_password(cls, auth_id, password):
"""Returns a user object, validating password.
:param auth_id:
Authentication id.
:param password:
Password to be checked.
:returns:
A user object, if found and password matches.
:raises:
``auth.InvalidAuthIdError`` or ``auth.InvalidPasswordError``.
"""
user = cls.get_by_auth_id(auth_id)
if not user:
raise auth.InvalidAuthIdError()
if not security.check_password_hash(password, user.password):
raise auth.InvalidPasswordError()
return user
def get_by_auth_password(cls, auth_id, password):
"""Returns a user object, validating password.
:param auth_id:
Authentication id.
:param password:
Password to be checked.
:returns:
A user object, if found and password matches.
:raises:
``auth.InvalidAuthIdError`` or ``auth.InvalidPasswordError``.
"""
user = cls.get_by_auth_id(auth_id)
if not user:
raise auth.InvalidAuthIdError()
if not security.check_password_hash(password, user.password):
raise auth.InvalidPasswordError()
return user
def change_password(self):
password_form = ProfilePasswordForm(self.request.POST)
contact_form = ProfileContactForm(None, self.user_complete)
dev = self.user_complete
if password_form.validate():
if security.check_password_hash(
password_form.current_password.data, dev.password):
dev.password = security.generate_password_hash(
password_form.new_password.data, length=12)
dev.put()
self.session.add_flash("Password successfully changed.",
"local")
return self.redirect_to("profile_settings")
else:
password_form.current_password.errors.append(
"Current password was invalid.")
self.render_response("auth/profile/settings.html",
contact_form=contact_form,
password_form=password_form)
def post(self, *args, **kwargs):
if not 'ad' in self.session:
email = self.request.POST['email']
password = self.request.POST['password']
user = User.query(ndb.AND(User.email == email,
User.is_admin == True),
namespace = '_x_')
if user.get() is None:
self.render_admin_login(error='Email or Password is wrong!.')
return
else:
if check_password_hash(password, user.get().password):
self.setup_admin_session(user)
else:
self.render_admin_login(error='Email or Password is wrong!.')
return
self.redirect("/admin")
def post(self):
'''
Corresponds to a possible attempt to change some account settings.
Possible fields to change:
- name
- email_address
- password
'''
should_update_user = False
new_name = self.request.POST['name']
# new_email = self.request.POST['email']
if self.user.name != new_name:
self.user.name = new_name
should_update_user = True
context = {
'name': self.user.name,
'email_address': self.user.email_address
}
try:
new_password = self.request.POST["password"]
current_password = self.request.POST["current_password"]
except KeyError:
new_password = None
if new_password not in [None, '']:
# Check that correct current password was entered
if security.check_password_hash(current_password, self.user.password):
# Correct
self.user.set_password(new_password)
should_update_user = True
else:
# Incorrect
context['error_alert'] = 'Incorrect password.'
return self.render_response('account_settings.html', **context)
# Was anything updated?
if should_update_user:
self.user.put()
context['success_alert'] = 'Successfully updated account settings!'
else:
context['error_alert'] = "You didn't request any changes."
return self.render_response('account_settings.html', **context)
def get_or_create_profile(self, auth_id, user_info, **kwargs):
"""
Overrides to provide logic for checking and encrypting passwords.
:param auth_id:
:param user_info:
:param kwargs:
:return:
:raise:
"""
password = kwargs.pop('password')
profile = models.UserProfile.get_by_id(auth_id)
if profile is None:
# Create profile
profile = models.UserProfile.get_or_create(auth_id, user_info,
password=security.generate_password_hash(password, length=12))
# Check password
if not security.check_password_hash(password, profile.password):
return self.raise_error('The password that you\'ve provided '
'doesn\'t match our records. '
'Please try again.')
return profile
def post(self, *args, **kwargs):
if not 'ad' in self.session:
email = self.request.POST['email']
password = self.request.POST['password']
user = User.query(ndb.AND(User.email == email,
User.is_admin == True),
namespace='_x_')
if user.get() is None:
self.render_admin_login(error='Email or Password is wrong!.')
return
else:
if check_password_hash(password, user.get().password):
self.setup_admin_session(user)
else:
self.render_admin_login(
error='Email or Password is wrong!.')
return
self.redirect("/admin")
def get_by_auth_password(cls, auth_id, password):
"""Return a user object, validating password.
If the user exists and has no password, then it will match only an empty password.
Raise webapp2_extras.auth.InvalidAuthIdError or webapp2_extras.auth.InvalidPasswordError if
the username or password is wrong.
"""
user = ndb.Key(flat=auth_id).get()
if not user:
raise webapp2_extras.auth.InvalidAuthIdError()
# no password check if both password and user.password are unspecified
if user.password and password:
if not security.check_password_hash(password, user.password):
raise webapp2_extras.auth.InvalidPasswordError()
elif user.password or password:
raise webapp2_extras.auth.InvalidPasswordError()
return user
def get_or_create_profile(self, auth_id, user_info, **kwargs):
"""
Overrides to provide logic for checking and encrypting passwords.
:param auth_id:
:param user_info:
:param kwargs:
:return:
:raise:
"""
password = kwargs.pop('password')
profile = models.UserProfile.get_by_id(auth_id)
if profile is None:
# Create profile
profile = models.UserProfile.get_or_create(auth_id, user_info,
password=security.generate_password_hash(password, length=12))
# Check password
if not security.check_password_hash(password, profile.password):
return self.raise_error('The password that you\'ve provided '
'doesn\'t match our records. '
'Please try again.')
return profile
def post(self):
#temp!
email = self.request.get('email').encode('utf-8')
password = self.request.get('password').encode('utf-8')
user = my_db.get(email)
if not user:
self.response.write("nope")
return
if not security.check_password_hash(password, user.password):
self.response.write('nope')
return
if not user.txn_id:
self.response.write('nope')
return
user.login_attempts += 1
self.response.write(user.login_attempts)
user.put()
def get_by_auth_password(cls, auth_id, password):
"""Return a user object, validating password.
If the user exists and has no password, then it will match only an empty password.
Raise webapp2_extras.auth.InvalidAuthIdError or webapp2_extras.auth.InvalidPasswordError if
the username or password is wrong.
"""
user = ndb.Key(flat=auth_id).get()
if not user:
raise webapp2_extras.auth.InvalidAuthIdError()
# no password check if both password and user.password are unspecified
if user.password and password:
if not security.check_password_hash(password, user.password):
raise webapp2_extras.auth.InvalidPasswordError()
elif user.password or password:
raise webapp2_extras.auth.InvalidPasswordError()
return user
def post(self):
result_json = {
'redirect_url': str(self['redirect_url'])
if self['redirect_url'] else '/community',
'error': False
}
email = self['email']
password = self['password'] if self['password'] else None
member = Member.get_by_email(email)
if 'member' in self.session and not email is self.session['member']:
del self.session['member']
if not email or not member:
result_json['error'] = True
result_json['errormsg'] = 'Member not found'
elif not check_password_hash(password, member.password):
result_json['error'] = True
result_json['errormsg'] = 'Incorrect password'
else:
self.session['member'] = email
redirect_url = '/tracks'
result_json['redirect_url'] = redirect_url
self.write(json.dumps(result_json), 200, 'application/json')
def get_or_create_profile(self, auth_id, user_info, user, **kwargs):
"""
Overrides to provide logic for checking and encrypting passwords.
:param auth_id:
:param user_info:
:param kwargs:
:return:
:raise:
"""
password = kwargs.pop('password')
profile = models.UserProfile.get_by_id(auth_id)
if profile is None:
if user:
# Create profile
profile = models.UserProfile.get_or_create(auth_id, user_info,
password=security.generate_password_hash(password, length=12))
else:
return self.raise_error("Non e' stato trovato un profilo associato all'email indicata.")
# Check password
if not security.check_password_hash(password, profile.password):
return self.raise_error("La password non e' corretta.")
return profile
def post(self):
result_json = {'redirect_url': str(self['redirect_url']) if self['redirect_url'] else '/community', 'error': False}
email = self['email']
password = self['password'] if self['password'] else None
member = Member.get_by_email(email)
if 'member' in self.session and not email is self.session['member']:
del self.session['member']
if not email or not member:
result_json['error'] = True
result_json['errormsg'] = 'Member not found'
elif not check_password_hash(password, member.password):
result_json['error'] = True
result_json['errormsg'] = 'Incorrect password'
else:
self.session['member'] = email
redirect_url = '/tracks'
result_json['redirect_url'] = redirect_url
self.write(
json.dumps(
result_json
),200,'application/json'
)
def start(self):
error_msg = 'We were unable to log you on using the supplied email address and password. Do you need to reset your password?'
password = self.request.POST.get('password',None)
email = self.request.POST.get('email',None)
if not password or not email:
return self.generic_error(title='Error logging in',message="We're sorry, you didn't supply all the required login credentials.")
auth_id = authprovider.AuthProvider.generate_auth_id('password',email)
auth_token = authprovider.AuthProvider._get_by_auth_id(auth_id)
if auth_token is None or not security.check_password_hash(password=password,pwhash=auth_token.password_hash,pepper=password_pepper):
return self.generic_error(title='Error logging in',message=error_msg,action='Password reset »',
action_link="""#login" data-toggle="modal" onclick="$('#password-reset').click();" """)
self.request.session.upgrade_to_user_session(auth_token.user_id)
if self.request.POST.get('dont_persist') == "True":
self.response.set_cookie('_eauth', self.request.session.serialize(),expires=None)
return self.redirect('/')
def check_password(self, password):
return security.check_password_hash(password, self.password)
def validate_password(self, password):
if not self.password:
return True
pwhash = '$'.join([self.password, self.hash_method, self.salt])
return security.check_password_hash(password, pwhash, pepper=PEPPER)
def authenticate(cls, user_id, password):
user = User.get_by_id(user_id)
return user and security.check_password_hash(password, user.password)
def check_password(self, guess):
return check_password_hash(guess, self.password, pepper=config.pepper)
def auth_password(self, raw_password):
return security.check_password_hash(raw_password,
self.password,
pepper=self.Pepper)
