Skip to content

Commit

Permalink
[AdminTL#83] Login: remove user_password and email_password.
Browse files Browse the repository at this point in the history 
- Replace it with single password
  • Loading branch information
@mathben
mathben committed Mar 25, 2018
1 parent 1a7f9bf commit 3277d97
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 29 deletions.
18 changes: 7 additions & 11 deletions src/web/handlers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,9 +101,9 @@ def post(self):
return

# Login
if self.get_argument("username_or_email", ""):
if self.get_argument("username_or_email", default=""):

username_or_email = self.get_argument("username_or_email", "")
username_or_email = self.get_argument("username_or_email", default="")
if not username_or_email:
print("Email or Username is empty.", file=sys.stderr)
self.redirect("/login?invalid=username_or_email")
Expand All @@ -127,28 +127,24 @@ def post(self):
return

# Sign Up
elif self.get_argument("username"):
name = self.get_argument("username")
elif self.get_argument("username", default=""):
name = self.get_argument("username", default="")
if not name:
print("Username is empty from %s" % self.request.remote_ip, file=sys.stderr)
self.redirect("/login?invalid=username")
return

email = self.get_argument("email", default=None)

password_mail = self.get_argument("pwconfirm")
if not password_mail:
print("Password is empty from %s" % self.request.remote_ip, file=sys.stderr)
self.redirect("/login?invalid=password")
return

if self._db.create_user(name, email, password, password_mail):
if self._db.create_user(name, email=email, password=password):
self.redirect("/login")
return
else:
self.redirect("/login?invalid=signup")
return

self.redirect("/login")


class GoogleOAuth2LoginHandler(base_handler.BaseHandler, tornado.auth.GoogleOAuth2Mixin):
@tornado.gen.coroutine
Expand Down
8 changes: 6 additions & 2 deletions src/web/partials/login.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,9 @@ <h3 class="omb_authTitle"><b>Connexion</b> ou <a href="#" ng-click="show_login=f

<!-- TODO need to be binded in angularjs model -->
<button class="btn btn-lg btn-primary btn-block" type="submit"
onclick="if(username_or_email.value && loginForm.password.value){password.value=hashSha256(password.value, username_or_email.value);};">
onclick="if(username_or_email.value && loginForm.password.value) {
password.value=hashSha256(password.value);
};">
Se connecter
</button>
</form>
Expand Down Expand Up @@ -161,7 +163,9 @@ <h3 class="omb_authTitle"><a href="#" ng-click="show_login=true;" style="text-de
<br/>

<button class="btn btn-lg btn-primary btn-block" type="submit" ng-disabled="signUpForm.$invalid || signUpForm.$pending"
onclick="var tempPW=password.value; password.value=hashSha256(tempPW, username.value);pwconfirm.value=hashSha256(tempPW, email.value);">Créer un compte
onclick="password.value=hashSha256(password.value);
// TODO empty pwconfirm
pwconfirm.value=password.value;">Créer un compte
</button>
</form>
</div>
Expand Down
25 changes: 9 additions & 16 deletions src/web/py_class/db.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,10 @@ def compare_password(user_password, hash_password):
return False
return bcrypt.checkpw(user_password.encode('utf-8'), hash_password.encode('utf-8'))

def create_user(self, name, email=None, password_name=None, password_mail=None, google_id=None, facebook_id=None,
twitter_id=None, permission="Joueur"):
def create_user(self, name, email=None, password=None, google_id=None, facebook_id=None, twitter_id=None,
permission="Joueur"):

# Validate no duplicate user
if self._db_user.contains(self._query_user.name == name):
print("Cannot create user %s, already exist." % name, file=sys.stderr)
return
Expand All @@ -48,19 +50,10 @@ def create_user(self, name, email=None, password_name=None, password_mail=None,
while self._db_user.contains(self._query_user.user_id == user_id):
user_id = uuid.uuid4().hex

if password_name:
secure_pass_name = self.generate_password(password_name)
else:
secure_pass_name = None

if password_mail:
secure_pass_mail = self.generate_password(password_mail)
else:
secure_pass_mail = None
secure_pass = self.generate_password(password) if password else None

data = {"email": email, "name": name, "password_name": secure_pass_name, "password_mail": secure_pass_mail,
"user_id": user_id, "google_id": google_id, "facebook_id": facebook_id, "twitter_id": twitter_id,
"permission": permission}
data = {"email": email, "name": name, "password": secure_pass, "user_id": user_id, "google_id": google_id,
"facebook_id": facebook_id, "twitter_id": twitter_id, "permission": permission}

eid = self._db_user.insert(data)
return self._db_user.get(eid=eid)
Expand All @@ -78,7 +71,7 @@ def get_user(self, name=None, email=None, password=None, id_type="user", user_id
_user = self._db_user.get(self._query_user.name == name)
if _user:
# Validate password
ddb_password = _user.get("password_name")
ddb_password = _user.get("password")
if password and ddb_password and self.compare_password(password, ddb_password):
return _user

Expand All @@ -88,7 +81,7 @@ def get_user(self, name=None, email=None, password=None, id_type="user", user_id
if _user:
if not force_email_no_password:
# Validate password
ddb_password = _user.get("password_mail")
ddb_password = _user.get("password")
if password and ddb_password and self.compare_password(password, ddb_password):
return _user
else:
Expand Down

0 comments on commit 3277d97

Please sign in to comment.