From 28d8419a4e4ea9aac6ac1a4e92c1b7d09076ef74 Mon Sep 17 00:00:00 2001 From: farhaanbukhsh Date: Jan 19 2016 15:21:01 +0000 Subject: Cleaning up and implementing pep8 standards --- diff --git a/alembic/versions/1b6d7dc5600a_versioning_passwords.py b/alembic/versions/1b6d7dc5600a_versioning_passwords.py index d482549..ff1aced 100644 --- a/alembic/versions/1b6d7dc5600a_versioning_passwords.py +++ b/alembic/versions/1b6d7dc5600a_versioning_passwords.py @@ -15,12 +15,14 @@ import sqlalchemy as sa import sqlalchemy.orm from pagure.lib import model + def upgrade(): - engine = op.get_bind().engine - session = sa.orm.scoped_session(sa.orm.sessionmaker(bind=engine)) - session.query(model.User).update({model.User.password: '$1$' + model.User.password}, synchronize_session=False); - session.commit() + engine = op.get_bind().engine + session = sa.orm.scoped_session(sa.orm.sessionmaker(bind=engine)) + session.query(model.User).update( + {model.User.password: '$1$' + model.User.password}, synchronize_session=False) + session.commit() def downgrade(): - raise ValueError("Password can not be downgraded") + raise ValueError("Password can not be downgraded") diff --git a/pagure/lib/login.py b/pagure/lib/login.py index d944b1a..4f5c466 100644 --- a/pagure/lib/login.py +++ b/pagure/lib/login.py @@ -64,26 +64,32 @@ def get_users_by_group(session, group): return query.all() + def generate_hashed_value(password): """ Generate hash value for password """ return '$2$' + bcrypt.hashpw(to_unicode(password), bcrypt.gensalt()) + def retrieve_hashed_value(password, hash_value): """ Retrieve hash value to compare """ return bcrypt.hashpw(to_unicode(password), hash_value) + def get_password(entered_password, user_password, version): """ Version checking and returning the password """ if version == '2': - password = retrieve_hashed_value( - entered_password, user_password) - return password + password = retrieve_hashed_value(entered_password, user_password) elif version == '1': - password = '%s%s' % (to_unicode(entered_password), - APP.config.get('PASSWORD_SEED', None)) - password = hashlib.sha512(password).hexdigest() - return password + password = '%s%s' % (to_unicode(entered_password), + APP.config.get('PASSWORD_SEED', None)) + password = hashlib.sha512(password).hexdigest() + + else: + flask.flash('Something went wrong') + return flask.redirect(flask.url_for('auth_login')) + + return password diff --git a/pagure/ui/login.py b/pagure/ui/login.py index 7a8e186..c4c126d 100644 --- a/pagure/ui/login.py +++ b/pagure/ui/login.py @@ -29,8 +29,6 @@ from pagure.lib.login import generate_hashed_value, retrieve_hashed_value, get_p # pylint: disable=E1101 - - @APP.route('/user/new/', methods=['GET', 'POST']) @APP.route('/user/new', methods=['GET', 'POST']) def new_user(): @@ -107,16 +105,16 @@ def do_login(): password = get_password(form.password.data, user_password, version) if not user_obj or not constant_time.bytes_eq( - to_bytes(user_password), - to_bytes(password)): + to_bytes(user_password), + to_bytes(password)): flask.flash('Username or password invalid.', 'error') return flask.redirect(flask.url_for('auth_login')) elif user_obj.token: flask.flash( - 'Invalid user, did you confirm the creation with the url ' - 'provided by email?', 'error') + 'Invalid user, did you confirm the creation with the url ' + 'provided by email?', 'error') return flask.redirect(flask.url_for('auth_login')) else: @@ -287,7 +285,8 @@ def change_password(username): return flask.redirect(flask.url_for('auth_login')) if form.validate_on_submit(): - old_password = get_password(form.old_password.data, user_password, version) + old_password = get_password( + form.old_password.data, user_password, version) if constant_time.bytes_eq(to_bytes(user_password), to_bytes(old_password)):