aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam2013-09-27 01:48:06 -0500
committerSam2013-09-27 01:48:06 -0500
commita5cd9ac66277b0eb87cad874e21967ae928797b1 (patch)
tree6de80a7418ad98f4e56d9d230d3942e28426171e
parentfaaa4f0a7b08d5a07c2a5a403774942e374ce0a3 (diff)
downloadgenenetwork2-a5cd9ac66277b0eb87cad874e21967ae928797b1.tar.gz
User registration beginning to work (at least the first stage)
-rw-r--r--wqflask/wqflask/database.py5
-rw-r--r--wqflask/wqflask/model.py68
-rw-r--r--wqflask/wqflask/pbkdf2.py12
-rw-r--r--wqflask/wqflask/user_manager.py15
4 files changed, 62 insertions, 38 deletions
diff --git a/wqflask/wqflask/database.py b/wqflask/wqflask/database.py
index d93987bc..65ca7d0c 100644
--- a/wqflask/wqflask/database.py
+++ b/wqflask/wqflask/database.py
@@ -19,4 +19,7 @@ def init_db():
# you will have to import them first before calling init_db()
#import yourapplication.models
import wqflask.model
- Base.metadata.create_all(bind=engine) \ No newline at end of file
+ Base.metadata.create_all(bind=engine)
+
+
+init_db() \ No newline at end of file
diff --git a/wqflask/wqflask/model.py b/wqflask/wqflask/model.py
index 603cfbc4..1f7297a2 100644
--- a/wqflask/wqflask/model.py
+++ b/wqflask/wqflask/model.py
@@ -10,8 +10,14 @@ from flask.ext.sqlalchemy import SQLAlchemy
from wqflask import app
+from sqlalchemy import Column, Integer, String, Table, ForeignKey, Unicode, Boolean, DateTime
+from sqlalchemy.orm import relationship, backref
+
+from wqflask.database import Base
+
# Create database connection object
-db = SQLAlchemy(app)
+#db = SQLAlchemy(app)
+
# Is this right? -Sam
#from sqlalchemy.ext.declarative import declarative_base
@@ -28,47 +34,48 @@ db = SQLAlchemy(app)
# """
# print("in get cls is:", cls)
# print(" key is {} : {}".format(type(key), key))
-# query = db.Model.query(cls)
+# query = Model.query(cls)
# print("query is: ", query)
# record = query.get(key)
# return record
#
#
-#print("db.Model is:", vars(db.Model))
-#db.Model.get = get
+#print("Model is:", vars(Model))
+#Model.get = get
# Define models
-roles_users = db.Table('roles_users',
- db.Column('user_id', db.Integer(), db.ForeignKey('user.the_id')),
- db.Column('role_id', db.Integer(), db.ForeignKey('role.the_id')))
-
-class Role(db.Model):
- the_id = db.Column(db.Unicode(36), primary_key=True, default=lambda: unicode(uuid.uuid4()))
- name = db.Column(db.Unicode(80), unique=True, nullable=False)
- description = db.Column(db.Unicode(255))
-
-class User(db.Model):
- the_id = db.Column(db.Unicode(36), primary_key=True, default=lambda: unicode(uuid.uuid4()))
- email_address = db.Column(db.Unicode(50), unique=True, nullable=False)
+#roles_users = Table('roles_users',
+# Column('user_id', Integer(), ForeignKey('user.the_id')),
+# Column('role_id', Integer(), ForeignKey('role.the_id')))
+
+class Role(Base):
+ __tablename__ = "role"
+ the_id = Column(Unicode(36), primary_key=True, default=lambda: unicode(uuid.uuid4()))
+ name = Column(Unicode(80), unique=True, nullable=False)
+ description = Column(Unicode(255))
+
+class User(Base):
+ __tablename__ = "user"
+ the_id = Column(Unicode(36), primary_key=True, default=lambda: unicode(uuid.uuid4()))
+ email_address = Column(Unicode(50), unique=True, nullable=False)
- password = db.Column(db.Unicode(24), nullable=False)
- salt = db.Column(db.Unicode(32), nullable=False)
- password_info = db.Column(db.Unicode(50))
+ # Todo: Turn on strict mode for Mysql
+ password = Column(Unicode(500), nullable=False)
- full_name = db.Column(db.Unicode(50))
- organization = db.Column(db.Unicode(50))
+ full_name = Column(Unicode(50))
+ organization = Column(Unicode(50))
- active = db.Column(db.Boolean())
- confirmed_at = db.Column(db.DateTime())
+ active = Column(Boolean())
+ confirmed_at = Column(DateTime())
- last_login_at = db.Column(db.DateTime())
- current_login_at = db.Column(db.DateTime())
- last_login_ip = db.Column(db.Unicode(39))
- current_login_ip = db.Column(db.Unicode(39))
- login_count = db.Column(db.Integer())
+ last_login_at = Column(DateTime())
+ current_login_at = Column(DateTime())
+ last_login_ip = Column(Unicode(39))
+ current_login_ip = Column(Unicode(39))
+ login_count = Column(Integer())
- roles = db.relationship('Role', secondary=roles_users,
- backref=db.backref('users', lazy='dynamic'))
+ #roles = relationship('Role', secondary=roles_users,
+ # backref=backref('users', lazy='dynamic'))
# Setup Flask-Security
#user_datastore = SQLAlchemyUserDatastore(db, User, Role)
@@ -80,6 +87,5 @@ class User(db.Model):
#
#security = Security(app, user_datastore, register_form=ExtendedRegisterForm)
-db.metadata.create_all(db.engine)
#user_datastore.create_role(name="Genentech", description="Genentech Beta Project(testing)")
diff --git a/wqflask/wqflask/pbkdf2.py b/wqflask/wqflask/pbkdf2.py
index b7a7dd42..f7f61a09 100644
--- a/wqflask/wqflask/pbkdf2.py
+++ b/wqflask/wqflask/pbkdf2.py
@@ -72,11 +72,21 @@ def pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None):
rv = u = _pseudorandom(salt + _pack_int(block))
for i in xrange(iterations - 1):
u = _pseudorandom(''.join(map(chr, u)))
- rv = starmap(xor, izip(rv, u))
+ rv = list(starmap(xor, izip(rv, u)))
buf.extend(rv)
return ''.join(map(chr, buf))[:keylen]
+def safe_str_cmp(a, b):
+ if len(a) != len(b):
+ return False
+ rv = 0
+ for x, y in izip(a, b):
+ rv |= ord(x) ^ ord(y)
+ return rv == 0
+
+
+
def test():
failed = []
def check(data, salt, iterations, keylen, expected):
diff --git a/wqflask/wqflask/user_manager.py b/wqflask/wqflask/user_manager.py
index 3f5eee08..bafc1c3e 100644
--- a/wqflask/wqflask/user_manager.py
+++ b/wqflask/wqflask/user_manager.py
@@ -14,7 +14,7 @@ import time
import simplejson as json
-import pbkdf2
+from wqflask import pbkdf2
from wqflask.database import db_session
@@ -100,12 +100,12 @@ class RegisterUser(object):
algorithm = getattr(hashlib, algo_string)
pwfields.algorithm = "pbkdf2-" + algo_string
pwfields.salt = os.urandom(32)
-
- # lastpass did 100000 iterations in 2011
+
+ # https://forums.lastpass.com/viewtopic.php?t=84104
pwfields.iterations = 100000
pwfields.keylength = 24
- pwfields.created = datetime.datetime.utcnow()
+ pwfields.created_ts = datetime.datetime.utcnow().isoformat()
# One more check on password length
assert len(password) >= 6, "Password shouldn't be so short here"
@@ -114,7 +114,12 @@ class RegisterUser(object):
start_time = time.time()
pwfields.password = pbkdf2.pbkdf2_hex(password, pwfields.salt, pwfields.iterations, pwfields.keylength, algorithm)
print("Creating password took:", time.time() - start_time)
- self.user.password = json.dumps(pwfields.__dict__, sort_keys=True)
+ self.user.password = json.dumps(pwfields.__dict__,
+ sort_keys=True,
+ # See http://stackoverflow.com/a/12312896
+ encoding="latin-1"
+ )
+
#def combined_salt(user_salt):