Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def init_admin():
a = raw_input('Generate database? (y/n): ')
if a == 'y':
generate_admin()
print('done')
b = raw_input('Add user? (y/n): ')
if b == 'y':
connection = connect_db()
c = connection.cursor()
user = raw_input('Username: ')
password = raw_input('Password: ')
d = raw_input('Username: "'+str(user)+'", password: "'+str(password)+'", correct? (y/n): ')
if d == 'y':
c.execute("INSERT INTO admin (username, password) VALUES ("+sqlesc+","+sqlesc+")",(user, generate_password_hash(password)))
connection.commit()
default_limits=["24000 per day", "1000 per hour", "100 per minute"])
secretKey = os.urandom(24)
app.secret_key = secretKey
app.config['CORS_HEADERS'] = 'Content-Type'
cors = CORS(app)
testuser1 = 'admin'
testuser1hashedpass = generate_password_hash('admin')
cursor, conn = connection()
cursor.execute("INSERT INTO users(Username, Password, TotalVids, DateCreated) VALUES \
('{}', '{}', 0, '{}')".format(testuser1, testuser1hashedpass, datetime.datetime.now().strftime('%Y-%m-%d')))
testuser2 = 'test'
testuser2hashedpass = generate_password_hash('test')
#cursor, conn = connection()
cursor.execute("INSERT INTO users(Username, Password, TotalVids, DateCreated) VALUES \
('{}', '{}', 0, '{}')".format(testuser2, testuser2hashedpass, datetime.datetime.now().strftime('%Y-%m-%d')))
cursor.close()
conn.commit()
conn.close()
@app.route("/")
def home():
return render_template('login.html')
@app.route("/homepage", methods=['GET','POST'])
def mainpage():
cursor, conn = connection()
def add_user(self, username, password, user_type, nickname=''):
session = database_setup.get_session()
userid = username
pw_hash = generate_password_hash(password)
u = User(id=userid, nickname=nickname, password=pw_hash, utype=user_type)
session.add(u)
session.commit()
def set_password(self, password):
self.password_hash = generate_password_hash(password)
try:
# Note: The validate_username_in_header decorator will verify the
# username and record. The api_key_restricted_resource will validate
# the username as well as a valid API key
record = Interactions.query(DEFAULT_ACCOUNTS_TABLE,
filters={"username": username})
endpoint = record[0]['endpoint']
if not endpoint:
return make_response(
jsonify({'Error': 'Endpoint not found'}),
client.NOT_FOUND
)
new_key = common.generate_key()
salted_new_key = generate_password_hash(new_key)
if not client_reset_key(endpoint, key_type, new_key):
return make_response(
jsonify({'Error': 'Failed to contact the endpoint or wrong '
'HTTP status code returned'}),
client.BAD_REQUEST
)
if key_type == 'api_key':
update = {key_type: salted_new_key}
else:
update = {key_type: new_key}
Interactions.update(DEFAULT_ACCOUNTS_TABLE,
filters={"username": username},
updates=update)
def password(self, password):
self.password_hash = generate_password_hash(password)
self.token = None # if user is changing passwords, also revoke token
authentication, using secure hashed passwords.
After running this example, visit http://localhost:5000 in your browser. To
gain access, you can use (username=john, password=hello) or
(username=susan, password=bye).
"""
from flask import Flask
from flask_httpauth import HTTPBasicAuth
from werkzeug.security import generate_password_hash, check_password_hash
app = Flask(__name__)
auth = HTTPBasicAuth()
users = {
"john": generate_password_hash("hello"),
"susan": generate_password_hash("bye")
}
@auth.verify_password
def verify_password(username, password):
if username in users:
return check_password_hash(users.get(username), password)
return False
@app.route('/')
@auth.login_required
def index():
return "Hello, %s!" % auth.username()
def create_password(raw):
pwd = '{old}{new}'.format(old=raw, new='secret_for_ensure_password_security')
return security.generate_password_hash(pwd)
@password.setter # 设置password属性的值时,赋值函数会调用generate_password_hash函数
def password(self, password):
self.password_hash = generate_password_hash(password)
from werkzeug.security import generate_password_hash, check_password_hash
from itsdangerous import TimedJSONWebSignatureSerializer as JWS
app = Flask(__name__)
app.config['SECRET_KEY'] = 'top secret!'
jws = JWS(app.config['SECRET_KEY'], expires_in=3600)
basic_auth = HTTPBasicAuth()
token_auth = HTTPTokenAuth('Bearer')
multi_auth = MultiAuth(basic_auth, token_auth)
users = {
"john": generate_password_hash("hello"),
"susan": generate_password_hash("bye")
}
for user in users.keys():
token = jws.dumps({'username': user})
print('*** token for {}: {}\n'.format(user, token))
@basic_auth.verify_password
def verify_password(username, password):
g.user = None
if username in users:
if check_password_hash(users.get(username), password):
g.user = username
return True
return False