def test_create_check_password_hash(self): self.assertRaises(TypeError, security.create_password_hash, 'foo', 'bar') password = '******' hashval = security.create_password_hash(password, 'sha1') self.assertTrue(security.check_password_hash(password, hashval)) hashval = security.create_password_hash(password, 'sha1', pepper='bar') self.assertTrue(security.check_password_hash(password, hashval, pepper='bar')) hashval = security.create_password_hash(password, 'md5') self.assertTrue(security.check_password_hash(password, hashval)) hashval = security.create_password_hash(password, 'plain') self.assertTrue(security.check_password_hash(password, hashval)) hashval = security.create_password_hash(password, 'plain') self.assertFalse(security.check_password_hash(password, '')) hashval1 = security.hash_password(unicode(password), 'sha1', u'bar') hashval2 = security.hash_password(unicode(password), 'sha1', u'bar') self.assertTrue(hashval1 is not None) self.assertEqual(hashval1, hashval2) hashval1 = security.hash_password(unicode(password), 'md5', None) hashval2 = security.hash_password(unicode(password), 'md5', None) self.assertTrue(hashval1 is not None) self.assertEqual(hashval1, hashval2)
def register(cls, **user_values): """Registers a new user.""" if 'password_raw' in user_values: user_values['password'] = security.create_password_hash( user_values.pop('password_raw'), bit_strength=12) user_values['username'] = username = user_values['name'].lower() user = User(key=cls.get_key(username), **user_values) # Unique auth id and email. unique_auth_id = 'User.auth_id:%s' % user_values['auth_id'] unique_email = 'User.email:%s' % user_values['email'] uniques = [unique_auth_id, unique_email] success, existing = unique_model.Unique.create_multi(uniques) if success: txn = lambda: user.put() if not user.key.get() else None if model.transaction(txn): return True, user else: unique_model.Unique.delete_multi(uniques) return False, ['username'] else: properties = [] if unique_auth_id in uniques: properties.append('auth_id') if unique_email in uniques: properties.append('email') return False, properties
def get(self, create_by): q = self.request.GET if create_by not in ('uuid', 'password'): return new_userid = create_by +":"+str( q['userid'] ) a = AccountDB.get_by_id(new_userid) if a: #IDの存在チェック if security.check_password_hash(q['password'], a.password, pepper=PASSWORD_PEPPER): #パスワードOK p = PlayerDB.get_by_id(new_userid) self.session = session(self.request) self.session.start(new_userid, {"plkey":p.key}) #playerdb+ssid 返す return webapp2.Response( json.dumps( {"result":p.to_dict()}, self.session) ) return webapp2.Response( json.dumps( {"code":1, "message":"ログインに失敗しました。"} ) ) passh = security.create_password_hash(q['password'], pepper=PASSWORD_PEPPER) a = AccountDB(id = new_userid, userid = new_userid, password = passh, create_by = create_by) p = PlayerDB(id = new_userid, userid = new_userid, namae=q['namae']) ndb.put_multi( (a, p) ) self.session = session(self.request) self.session.start(new_userid, {"plkey":p.key}) return webapp2.Response( json.dumps( {"result":p.to_dict()}, self.session ) )