-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsecurity.py
101 lines (81 loc) · 3.35 KB
/
security.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
import sqlite3
from flask import flash, redirect, url_for, g
from flask_login import login_user
from flask_login._compat import unicode
from passlib.context import CryptContext
from dataAccess import addUser, usernameExists, emailExists, findPassword, initialiseSettings, findID
# -- All work in this security.py is done by Dylan H --
# Password encryption taken from https://blog.tecladocode.com/learn-python-password-encryption-with-flask/
pwd_context = CryptContext(
schemes=["pbkdf2_sha256"],
default="pbkdf2_sha256",
pbkdf2_sha256__default_rounds=30000
)
def encrypt_password(password):
return pwd_context.encrypt(password)
def check_encrypted_password(password, hashed): # Checks a string against a stored hashed password returns boolean
return pwd_context.verify(password, hashed)
def registerUser(form):
# Assign a new id
fName = form.fName.data.lower()
sName = form.sName.data.lower()
num = 1
done = False
while not done:
assignedID = (fName[0] + "." + sName + str(num)) # Adds 1 to the end of the id
if usernameExists(assignedID):
num += 1
else:
done = True
print(assignedID)
if form.year.data == "None":
year = null
else:
year = form.year.data
school = form.school.data
email = form.email.data
password = form.password.data
hashedPassword = encrypt_password(password)
addUser(assignedID, fName, sName, school, email, hashedPassword,year)
initialiseSettings(assignedID)
def validateLogin(form): #takes a submitted form and checks if the username exsists in the database that has a matching password.
#Settings defaults
usernameError = False
passwordError = False
#Check if input is a username or email that exists in the database
if not usernameExists(form.username.data) and not emailExists(form.username.data):
usernameError = True
else:
password = form.password.data
hashedPassword = findPassword(form.username.data) #Check if password matches
if not check_encrypted_password(password, hashedPassword):
passwordError = True
return usernameError, passwordError
# Note the UserMixin class could also be implemented here
class User():
def __init__(self,username, active = True):
self.username = username
self.active = active
conn = sqlite3.connect('PARS.db')
c = conn.cursor()
c.execute('SELECT * FROM users WHERE username=?', (username,))
result = c.fetchone()
self.fName = result[2][0].upper() + result[2][1:] #Adds capitalisation to each name
self.sName = result[3][0].upper() + result[3][1:] #Adds capitalisation to each name
self.school = result[4]
self.email = result[5]
self.admin = result[9]
def is_authenticated(self):
return True
#return true if user is authenticated, provided credentials
def is_active(self):
return True
#return true if user is activte and authenticated
def is_annonymous(self):
return False
#return true if annon, actual user return false
def get_id(self):
return unicode(self.username)
# we are using the username as the ID for this project.
# get_id defines an id for a user and is used by the user_loader function in app.py
# to load a user based off their username.