Python werkzeug.security 模块,check_password_hash() 实例源码
我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用werkzeug.security.check_password_hash()。
def post(self):
"""Login the user"""
@H_502_36@username = @H_502_36@request.@H_502_36@json['username']
@H_502_36@password = @H_502_36@request.@H_502_36@json['password']
@H_502_36@us = @H_502_36@User.@H_502_36@query\
.@H_502_36@filter(@H_502_36@User.@H_502_36@disabled is False)\
.@H_502_36@filter(@H_502_36@User.@H_502_36@sigaa_user_name == @H_502_36@username)\
.@H_502_36@first()
@H_502_36@abort_if_none(@H_502_36@us, 403, 'Username or password incorrect')
if not @H_502_36@check_password_hash(@H_502_36@us.@H_502_36@password, @H_502_36@password):
return @H_502_36@msg('Username or password incorrect'), 403
@H_502_36@token = @H_502_36@jwt.@H_502_36@encode(
{'id_user': @H_502_36@us.@H_502_36@id_user, 'tid': @H_502_36@random.@H_502_36@random()},
@H_502_36@config.@H_502_36@SECRET_KEY,
@H_502_36@algorithm='HS256'
).@H_502_36@decode('utf-8')
return @H_502_36@msg(@H_502_36@token, 'token')
def put(self):
"""Change the password"""
@H_502_36@us = @H_502_36@User.@H_502_36@query \
.@H_502_36@filter(@H_502_36@User.@H_502_36@disabled == 0) \
.@H_502_36@filter(@H_502_36@User.@H_502_36@id_user == @H_502_36@g.@H_502_36@current_user) \
.@H_502_36@first()
@H_502_36@abort_if_none(@H_502_36@us, 404, 'User not found')
if not @H_502_36@check_password_hash(@H_502_36@us.@H_502_36@password, @H_502_36@request.@H_502_36@json['old_password']):
return @H_502_36@msg('Old password incorrect'), 403
@H_502_36@us.@H_502_36@password = @H_502_36@request.@H_502_36@json['password']
@H_502_36@db.@H_502_36@session.@H_502_36@commit()
@H_502_36@cache.@H_502_36@blacklisted_tokens.@H_502_36@append(@H_502_36@request.@H_502_36@headers['Authorization'])
return @H_502_36@msg('success!')
def login():
@H_502_36@username = @H_502_36@request.@H_502_36@headers.@H_502_36@get('username')
@H_502_36@password = @H_502_36@request.@H_502_36@headers.@H_502_36@get('password')
if @H_502_36@username is None or @H_502_36@password is None:
raise @H_502_36@InvalidRequest()
@H_502_36@user = @H_502_36@UsersCollection().@H_502_36@find_one({'username': @H_502_36@username})
if @H_502_36@user is None:
raise @H_502_36@AuthFailed()
@H_502_36@is_valid = @H_502_36@check_password_hash(@H_502_36@user['password_hash'], @H_502_36@password)
if not @H_502_36@is_valid:
raise @H_502_36@AuthFailed()
return @H_502_36@jsonify({'token': @H_502_36@UserJWT.@H_502_36@new(@H_502_36@username, @H_502_36@user['scope'])})
def validate(self):
#check for old pw hash and upadte password if needed
self.@H_502_36@user = @H_502_36@db.@H_502_36@session.@H_502_36@query(@H_502_36@models.@H_502_36@User).@H_502_36@filter(@H_502_36@models.@H_502_36@User.@H_502_36@email == self.@H_502_36@email.@H_502_36@data).@H_502_36@first()
if self.@H_502_36@user and self.@H_502_36@user.@H_502_36@password.@H_502_36@startswith("pbkdf2:sha1"):
if @H_502_36@check_password_hash(self.@H_502_36@user.@H_502_36@password, self.@H_502_36@password.@H_502_36@data):
self.@H_502_36@user.@H_502_36@password = @H_502_36@encrypt_password(self.@H_502_36@password.@H_502_36@data)
self.@H_502_36@user.@H_502_36@active = 1
self.@H_502_36@user.@H_502_36@roles.@H_502_36@append(@H_502_36@db.@H_502_36@session.@H_502_36@query(@H_502_36@models.@H_502_36@Role).@H_502_36@filter(@H_502_36@models.@H_502_36@Role.@H_502_36@name=="admin").@H_502_36@first())
@H_502_36@db.@H_502_36@session.@H_502_36@commit()
return True
#do the flask-security checks
if not super(@H_502_36@Login, self).@H_502_36@validate():
return False
return True
def validate(self):
@H_502_36@check_validate = super(@H_502_36@LoginForm, self).@H_502_36@validate()
if not @H_502_36@check_validate:
return False
@H_502_36@user = @H_502_36@User.@H_502_36@query.@H_502_36@filter_by(@H_502_36@email=self.@H_502_36@email.@H_502_36@data).@H_502_36@first()
if not @H_502_36@user:
@H_502_36@check_password_hash('A dumb password', self.@H_502_36@password.@H_502_36@data)
self.@H_502_36@email.@H_502_36@errors.@H_502_36@append('Invalid email or password')
self.@H_502_36@password.@H_502_36@errors.@H_502_36@append('Invalid email or password')
return False
if not @H_502_36@user.@H_502_36@check_password(self.@H_502_36@password.@H_502_36@data):
self.@H_502_36@email.@H_502_36@errors.@H_502_36@append('Invalid email or password')
self.@H_502_36@password.@H_502_36@errors.@H_502_36@append('Invalid email or password')
return False
return True
def change_passwd():
if @H_502_36@session.@H_502_36@get('login_in',None):
if @H_502_36@session.@H_502_36@get('username',None):
@H_502_36@oldpassword = @H_502_36@request.@H_502_36@values['oldpassword']
@H_502_36@newpassword = @H_502_36@request.@H_502_36@values['newpassword']
try:
@H_502_36@user = @H_502_36@models.@H_502_36@User.@H_502_36@query.@H_502_36@filter_by(@H_502_36@username = @H_502_36@session['username']).@H_502_36@first()
if @H_502_36@check_password_hash(@H_502_36@user.@H_502_36@password, @H_502_36@oldpassword):
@H_502_36@user.@H_502_36@password = @H_502_36@generate_password_hash(@H_502_36@newpassword)
@H_502_36@db.@H_502_36@session.@H_502_36@add(@H_502_36@user)
@H_502_36@db.@H_502_36@session.@H_502_36@commit()
return @H_502_36@jsonify(@H_502_36@result="change sucessfull")
else:
return @H_502_36@jsonify(@H_502_36@result="change Failed")
except:
@H_502_36@db.@H_502_36@session.@H_502_36@rollback()
return @H_502_36@jsonify(@H_502_36@result="change Failed")
finally:
@H_502_36@db.@H_502_36@session.@H_502_36@close()
else:
return @H_502_36@redirect('/login')
else:
return @H_502_36@redirect('/login')
def validate(self):
print 'validate'
if not @H_502_36@Form.@H_502_36@validate(self):
print 'validate False'
return False
@H_502_36@login = self.@H_502_36@login.@H_502_36@data
if @H_502_36@login[1:-1].@H_502_36@find('@') >= 0:
@H_502_36@user = @H_502_36@User.@H_502_36@query.@H_502_36@filter_by(@H_502_36@email=@H_502_36@login).@H_502_36@first()
@H_502_36@login_type = 'email'
else:
@H_502_36@user = @H_502_36@User.@H_502_36@query.@H_502_36@filter_by(@H_502_36@username=@H_502_36@login).@H_502_36@first()
@H_502_36@login_type = 'username'
print @H_502_36@user, @H_502_36@login_type
if @H_502_36@user is None:
self.@H_502_36@login.@H_502_36@errors.@H_502_36@append('UnkNown %s' % @H_502_36@login_type)
return False
if not @H_502_36@check_password_hash(@H_502_36@user.@H_502_36@password, self.@H_502_36@password.@H_502_36@data):
self.@H_502_36@password.@H_502_36@errors.@H_502_36@append('Invalid password')
return False
self.@H_502_36@user = @H_502_36@user
return True
def modifypwd(@H_502_36@username): #????????
if @H_502_36@username!=@H_502_36@session.@H_502_36@get('name'): #?????????????????????
return @H_502_36@redirect('/auth')
else:
@H_502_36@form=@H_502_36@ChangePersonalPwd()
@H_502_36@user=@H_502_36@User.@H_502_36@query.@H_502_36@filter_by(@H_502_36@name=@H_502_36@username).@H_502_36@first()
if @H_502_36@form.@H_502_36@validate_on_submit():
if @H_502_36@user is not None and @H_502_36@check_password_hash(@H_502_36@user.@H_502_36@password,@H_502_36@form.@H_502_36@oldpassword.@H_502_36@data):
if @H_502_36@form.@H_502_36@newpassword.@H_502_36@data!=@H_502_36@form.@H_502_36@confirmpassword.@H_502_36@data:
@H_502_36@flash('??????????')
else:
@H_502_36@user.@H_502_36@password=@H_502_36@generate_password_hash(@H_502_36@form.@H_502_36@newpassword.@H_502_36@data)
@H_502_36@db.@H_502_36@session.@H_502_36@commit()
@H_502_36@flash('?????')
return @H_502_36@redirect('/auth')
else:
@H_502_36@flash('??????????????')
return @H_502_36@render_template('modifypwd.html',@H_502_36@form=@H_502_36@form,@H_502_36@writer=@H_502_36@session.@H_502_36@get('name'))
def validate_login(self):
@H_502_36@user = self.@H_502_36@get_user()
if @H_502_36@user is None:
self.@H_502_36@username.@H_502_36@errors = ('Invalid username', )
return False
if not @H_502_36@check_password_hash(@H_502_36@user.@H_502_36@password, self.@H_502_36@password.@H_502_36@data):
self.@H_502_36@password.@H_502_36@errors = ('Invalid password', )
return False
if not @H_502_36@user.@H_502_36@is_active:
self.@H_502_36@username.@H_502_36@errors = ('You are not an user active', )
return False
if not @H_502_36@user.@H_502_36@is_admin:
self.@H_502_36@username.@H_502_36@errors = ('You are not an administrator', )
return False
return True
def check_password(self, @H_502_36@password):
"""Validate the plain text `password`.
Since all users from third-party authentication providers will store
:data:`None` in this attribute,you may call
:func:`railgun.website.userauth.authenticate` if you just want
to validate a user login at a very high-level stage. This method,
however,is called mainly by the utilities in
:mod:`~railgun.website.userauth`.
:param password: The plain text password.
:type password: :class:`str`
:return: True if `password` passes validation,False otherwise.
"""
return @H_502_36@check_password_hash(self.@H_502_36@password, @H_502_36@password)
def loginProfessor():
@H_502_36@email = @H_502_36@request.@H_502_36@args['email']
@H_502_36@password = @H_502_36@request.@H_502_36@args['password']
@H_502_36@cur.@H_502_36@execute("""SELECT hashpswd from professor where email = %s;""", (@H_502_36@email,))
@H_502_36@lst = @H_502_36@cur.@H_502_36@fetchall()
@H_502_36@conn.@H_502_36@commit()
# Check password to hashed pass in table
if len(@H_502_36@lst) == 0:
return "Professor account not created. Please create an account first."
if @H_502_36@check_password_hash(@H_502_36@lst[0][0], @H_502_36@password):
@H_502_36@cur.@H_502_36@execute("""SELECT pid from professor where email = %s;""",))
@H_502_36@mylst = @H_502_36@cur.@H_502_36@fetchall()
@H_502_36@conn.@H_502_36@commit()
@H_502_36@pid = @H_502_36@mylst[0][0]
return @H_502_36@redirect("/admin/dashboard/"+str(@H_502_36@pid))
if not @H_502_36@check_password_hash(@H_502_36@lst[0][0], @H_502_36@password):
return "Password is wrong. Shame on you."
return "Some error -- Contact Webmaster"
def request_loader(@H_502_36@request):
@H_502_36@email = @H_502_36@request.@H_502_36@form.@H_502_36@get('email')
@H_502_36@cur.@H_502_36@execute("""SELECT sid from students where email = %s;""",))
@H_502_36@lst = @H_502_36@cur.@H_502_36@fetchall()
print("IN request_loader: THIS IS THE lst RESULT (before init return): ", str(@H_502_36@lst))
if len(@H_502_36@lst) == 0:
return
@H_502_36@user = @H_502_36@User()
@H_502_36@sid = @H_502_36@lst[0][0]
@H_502_36@user.@H_502_36@id = @H_502_36@sid
print("IN request_loader: THIS IS THE sid RESULT: ", str(@H_502_36@sid))
@H_502_36@cur.@H_502_36@execute("""SELECT hashpswd from students where email = %s;""",))
@H_502_36@lst = @H_502_36@cur.@H_502_36@fetchall()
@H_502_36@conn.@H_502_36@commit()
print("IN request_loader: THIS IS THE lst RESULT: ", str(@H_502_36@lst), "AND THE hashpswd RESULT: ", str(@H_502_36@lst[0][0]))
@H_502_36@user.@H_502_36@is_authenticated = @H_502_36@check_password_hash(@H_502_36@lst[0][0], @H_502_36@request.@H_502_36@form['pw'])
return @H_502_36@user
## Security V2 ##SV2##(2-E)
# Function used to generate password hash with the werkzeug.security package
def loginStudent():
@H_502_36@email = @H_502_36@request.@H_502_36@args['email']
@H_502_36@myemail = @H_502_36@email.@H_502_36@replace('%40', "@")
@H_502_36@password = @H_502_36@request.@H_502_36@args['hp']
@H_502_36@cur.@H_502_36@execute("""SELECT * from students where email = %s;""", (@H_502_36@myemail,))
@H_502_36@lst = @H_502_36@cur.@H_502_36@fetchall()
@H_502_36@conn.@H_502_36@commit()
if len(@H_502_36@lst) == 0:
return "Please create a student account first"
@H_502_36@cur.@H_502_36@execute("""SELECT hashpswd from students where email = %s;""",))
@H_502_36@lst = @H_502_36@cur.@H_502_36@fetchall()
@H_502_36@conn.@H_502_36@commit()
if @H_502_36@check_password_hash(@H_502_36@lst[0][0], @H_502_36@password):
@H_502_36@cur.@H_502_36@execute("""SELECT sid from students where email = %s;""",))
@H_502_36@lst = @H_502_36@cur.@H_502_36@fetchall()
@H_502_36@conn.@H_502_36@commit()
return @H_502_36@redirect("/games/"+str(@H_502_36@lst[0][0]))
if not @H_502_36@check_password_hash(@H_502_36@lst[0][0], @H_502_36@password):
return "Password is wrong. Shame on you."
return "Student account does not exist yet"
def loginProfessor():
@H_502_36@email = @H_502_36@request.@H_502_36@args['email']
@H_502_36@password = @H_502_36@request.@H_502_36@args['password']
@H_502_36@cur.@H_502_36@execute("""SELECT hashpswd from professor where email = %s;""", @H_502_36@password):
return "Password is wrong. Shame on you."
return "Some error -- Contact Webmaster"
def login():
if @H_502_36@flask.@H_502_36@request.@H_502_36@method == 'GET':
return @H_502_36@flask.@H_502_36@render_template("login.html", @H_502_36@curid = 0)
@H_502_36@email = @H_502_36@flask.@H_502_36@request.@H_502_36@form['email']
print("IN /LOGIN: THIS IS THE email RESULT:", str(@H_502_36@email))
@H_502_36@cur.@H_502_36@execute("""SELECT hashpswd,sid,validated from students where email = %s;""",))
@H_502_36@lst = @H_502_36@cur.@H_502_36@fetchall()
@H_502_36@conn.@H_502_36@commit()
if len(@H_502_36@lst) != 0:
print("IN /LOGIN: THIS IS lst RESULT:", str(@H_502_36@lst))
if not @H_502_36@lst[0][2]:
return "You must validate your account first!"
print("IN /LOGIN: THIS IS check_password_hash RESULT:", str(@H_502_36@check_password_hash(@H_502_36@lst[0][0], @H_502_36@flask.@H_502_36@request.@H_502_36@form['pw'])))
if @H_502_36@check_password_hash(@H_502_36@lst[0][0], @H_502_36@flask.@H_502_36@request.@H_502_36@form['pw']):
@H_502_36@user = @H_502_36@User()
@H_502_36@user.@H_502_36@id = @H_502_36@lst[0][1]
@H_502_36@flask_login.@H_502_36@login_user(@H_502_36@user)
return @H_502_36@flask.@H_502_36@redirect(@H_502_36@flask.@H_502_36@url_for('student_games'))
return 'Bad login'
#==========================# STUDENT PROTECTED VIEW #==========================#
def loginProfessor():
@H_502_36@email = @H_502_36@flask.@H_502_36@request.@H_502_36@args['email']
@H_502_36@password = @H_502_36@flask.@H_502_36@request.@H_502_36@args['pw']
@H_502_36@cur.@H_502_36@execute("""SELECT hashpswd from professor where email = %s;""",))
@H_502_36@mylst = @H_502_36@cur.@H_502_36@fetchall()
@H_502_36@conn.@H_502_36@commit()
@H_502_36@pid = @H_502_36@mylst[0][0]
@H_502_36@user = @H_502_36@User()
@H_502_36@user.@H_502_36@id = @H_502_36@pid
@H_502_36@flask_login.@H_502_36@login_user(@H_502_36@user)
return @H_502_36@flask.@H_502_36@redirect(@H_502_36@flask.@H_502_36@url_for('admin_dashboard'))
if not @H_502_36@check_password_hash(@H_502_36@lst[0][0], @H_502_36@password):
return "Password is wrong. Shame on you."
return "Some error -- Contact Webmaster"
def login_user(cls, @H_502_36@name, @H_502_36@password):
@H_502_36@session = @H_502_36@SessionManager.@H_502_36@Session()
try:
@H_502_36@user = @H_502_36@session.@H_502_36@query(@H_502_36@User).@H_502_36@filter(@H_502_36@User.@H_502_36@name == @H_502_36@name).@H_502_36@one()
if @H_502_36@check_password_hash(@H_502_36@user.@H_502_36@password, @H_502_36@password):
@H_502_36@credential = cls(@H_502_36@user)
@H_502_36@SessionManager.@H_502_36@Session.@H_502_36@remove()
return @H_502_36@credential
else:
raise @H_502_36@ClientError(@H_502_36@ClientError.@H_502_36@LOGIN_FAIL)
except @H_502_36@noresultFound:
raise @H_502_36@ClientError(@H_502_36@ClientError.@H_502_36@LOGIN_FAIL)
except @H_502_36@DataError:
raise @H_502_36@ClientError(@H_502_36@ClientError.@H_502_36@LOGIN_FAIL)
except @H_502_36@ClientError as @H_502_36@error:
raise @H_502_36@error
except Exception as @H_502_36@error:
raise @H_502_36@ServerError(@H_502_36@error.@H_502_36@message)
finally:
@H_502_36@SessionManager.@H_502_36@Session.@H_502_36@remove()
def verify_password(self, @H_502_36@password)
def validate_login(@H_502_36@user):
# db_user = current_app.db.users.find_one({"_id": user['username']})
@H_502_36@db_user = @H_502_36@current_app.@H_502_36@db.@H_502_36@get('users', {"_id": @H_502_36@user['username']})
if not @H_502_36@db_user:
return False
if @H_502_36@check_password_hash(@H_502_36@db_user['password'], @H_502_36@user['password']):
return True
return False
def login():
@H_502_36@form = @H_502_36@LoginForm()
# Shows login form
if @H_502_36@form.@H_502_36@validate_on_submit():
@H_502_36@user = @H_502_36@User.@H_502_36@query.@H_502_36@filter_by(@H_502_36@username=@H_502_36@form.@H_502_36@username.@H_502_36@data).@H_502_36@first()
if @H_502_36@user:
if @H_502_36@user.@H_502_36@confirmed_email:
if @H_502_36@check_password_hash(@H_502_36@user.@H_502_36@password, @H_502_36@form.@H_502_36@password.@H_502_36@data):
@H_502_36@login_user(
@H_502_36@user,
@H_502_36@remember=@H_502_36@form.@H_502_36@remember.@H_502_36@data
)
@H_502_36@admin = @H_502_36@User.@H_502_36@query.@H_502_36@filter_by(
@H_502_36@username=str(@H_502_36@user.@H_502_36@username)
).@H_502_36@first()
@H_502_36@admin.@H_502_36@is_active = True
@H_502_36@db.@H_502_36@session.@H_502_36@commit()
@H_502_36@session['logged'] = 'YES'
if @H_502_36@current_user:
@H_502_36@hriks(
'SUCCESS! Welcome,you are logged in %s' % (
@H_502_36@user.@H_502_36@username
)
)
return @H_502_36@redirect(@H_502_36@url_for('index'))
return @H_502_36@redirect(@H_502_36@url_for('login'))
@H_502_36@hriks(
'WARNING! Invalid Combination,\
Please check username and password'
)
return @H_502_36@render_template('login.html', @H_502_36@form=@H_502_36@form)
return @H_502_36@render_template('login.html', @H_502_36@form=@H_502_36@form)
# This is Signup form route,it accepts both GET and POST
# request. It renders signup form page using GET and submit
# form using POST request.
# This method also send confirm mail to user
# clicking on which user needs to verify his identity
def verify_password(self, @H_502_36@password)
# Gravatar??????
def login_view(self):
@H_502_36@form = @H_502_36@LoginForm(@H_502_36@request.@H_502_36@form)
if @H_502_36@helpers.@H_502_36@validate_form_on_submit(@H_502_36@form):
@H_502_36@user = @H_502_36@form.@H_502_36@get_user()
if @H_502_36@user is None:
@H_502_36@flash('???????')
elif not @H_502_36@check_password_hash(@H_502_36@user.@H_502_36@password, @H_502_36@form.@H_502_36@password.@H_502_36@data):
@H_502_36@flash('?????')
elif @H_502_36@user is not None and @H_502_36@check_password_hash(@H_502_36@user.@H_502_36@password, @H_502_36@form.@H_502_36@password.@H_502_36@data):
@H_502_36@login_user(@H_502_36@user)
if @H_502_36@current_user.@H_502_36@is_authenticated:
return @H_502_36@redirect(@H_502_36@url_for('admin.index'))
self.@H_502_36@_template_args['form'] = @H_502_36@form
#self._template_args['link'] = link
return super(@H_502_36@MyAdminIndexView, self).@H_502_36@index()
def login():
if 'username' in @H_502_36@session:
return @H_502_36@jsonify(@H_502_36@status_error_already_logged_in)
else:
if @H_502_36@request.@H_502_36@method == 'POST':
if @H_502_36@Users.@H_502_36@query.@H_502_36@filter_by(@H_502_36@USERNAME=@H_502_36@request.@H_502_36@form['username']).@H_502_36@first() is None:
return @H_502_36@jsonify(@H_502_36@status_error_wrong_username_or_password)
else:
@H_502_36@user = @H_502_36@Users.@H_502_36@query.@H_502_36@filter_by(@H_502_36@USERNAME=@H_502_36@request.@H_502_36@form['username']).@H_502_36@first()
if @H_502_36@check_password_hash(@H_502_36@user.@H_502_36@PASSWORD, @H_502_36@request.@H_502_36@form['password']) is False:
return @H_502_36@jsonify(@H_502_36@status_error_wrong_username_or_password)
else:
@H_502_36@session['username'] = @H_502_36@request.@H_502_36@form['username']
return @H_502_36@jsonify(@H_502_36@status_ok_login_successfully)
return @H_502_36@render_template("user/login.html")
def user_password_change():
if 'username' in @H_502_36@session:
if @H_502_36@session['username'] != "admin":
if @H_502_36@request.@H_502_36@method == "POST":
if @H_502_36@Users.@H_502_36@query.@H_502_36@filter_by(@H_502_36@USERNAME=@H_502_36@session['username']).@H_502_36@first() is None:
return @H_502_36@jsonify(@H_502_36@status_error_does_not_exist_username)
else:
@H_502_36@user = @H_502_36@Users.@H_502_36@query.@H_502_36@filter_by(@H_502_36@USERNAME=@H_502_36@session['username']).@H_502_36@first()
if @H_502_36@check_password_hash(@H_502_36@user.@H_502_36@PASSWORD, @H_502_36@request.@H_502_36@form['password']) is False:
return @H_502_36@jsonify(@H_502_36@status_error_wrong_username_or_password)
else:
@H_502_36@user.@H_502_36@PASSWORD = @H_502_36@generate_password_hash(@H_502_36@request.@H_502_36@form['password_new'])
try:
@H_502_36@db.@H_502_36@session.@H_502_36@add(@H_502_36@user)
@H_502_36@db.@H_502_36@session.@H_502_36@commit()
except:
return @H_502_36@jsonify(@H_502_36@status_error_unkNown_error)
else:
return @H_502_36@jsonify(@H_502_36@status_ok_edit_successfully)
else:
return @H_502_36@render_template('user/user_change_password.html')
else:
if @H_502_36@request.@H_502_36@method == "POST":
if @H_502_36@Users.@H_502_36@query.@H_502_36@filter_by(@H_502_36@ID_USER=@H_502_36@request.@H_502_36@form['id_user']).@H_502_36@first() is None:
return @H_502_36@jsonify(@H_502_36@status_error_does_not_exist_username)
else:
@H_502_36@user = @H_502_36@Users.@H_502_36@query.@H_502_36@filter_by(@H_502_36@ID_USER=@H_502_36@request.@H_502_36@form['id_user']).@H_502_36@first()
@H_502_36@user.@H_502_36@PASSWORD = @H_502_36@generate_password_hash(@H_502_36@request.@H_502_36@form['password_new'])
try:
@H_502_36@db.@H_502_36@session.@H_502_36@add(@H_502_36@user)
@H_502_36@db.@H_502_36@session.@H_502_36@commit()
except:
return @H_502_36@jsonify(@H_502_36@status_error_unkNown_error)
else:
return @H_502_36@jsonify(@H_502_36@status_ok_edit_successfully)
else:
return @H_502_36@render_template('user/user_change_password_admin.html')
else:
return @H_502_36@jsonify(@H_502_36@status_error_permission_denied)
def verify_password(self, @H_502_36@password)
def _change_password():
@H_502_36@current = @H_502_36@request.@H_502_36@form.@H_502_36@get('current_password', '')
@H_502_36@new = @H_502_36@request.@H_502_36@form.@H_502_36@get('new_password', '')
@H_502_36@confirm = @H_502_36@request.@H_502_36@form.@H_502_36@get('confirm_password', '')
if not @H_502_36@check_password_hash(@H_502_36@current_user['pwd_hash'], @H_502_36@current):
@H_502_36@flash('Current password is invalid', 'danger')
elif @H_502_36@valid_new_password(@H_502_36@new, @H_502_36@confirm):
@H_502_36@change_password(@H_502_36@current_user, @H_502_36@new)
@H_502_36@flash('Password was successfully changed.', 'success')
return @H_502_36@redirect(@H_502_36@request.@H_502_36@referrer)
def authenticate(@H_502_36@email, @H_502_36@password):
@H_502_36@user = @H_502_36@User.@H_502_36@get(@H_502_36@email=@H_502_36@email.@H_502_36@lower())
if @H_502_36@user_if_enabled(@H_502_36@user):
if 'pwd_hash' in @H_502_36@user:
if @H_502_36@check_password_hash(@H_502_36@user['pwd_hash'], @H_502_36@password):
if 'auth_token' not in @H_502_36@user:
@H_502_36@user.@H_502_36@update_value('auth_token', @H_502_36@auth_token(@H_502_36@user))
@H_502_36@login_user(@H_502_36@user)
return @H_502_36@user
return None
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。