IEEE.org     |     IEEE Xplore Digital Library     |     IEEE Standards     |     IEEE Spectrum     |     More Sites

Verified Commit c754a8ea authored by Emi Simpson's avatar Emi Simpson
Browse files

Add password authentication

parent 1ea6da7a
from argon2.exceptions import VerifyMismatchError
from pymysql.err import IntegrityError
from werkzeug.exceptions import abort
from werkzeug.utils import redirect
......@@ -8,12 +9,14 @@ from flask.templating import render_template
from mystic.database import User
from typing import Optional, Tuple, cast
from argon2 import PasswordHasher
from pymysql.cursors import Cursor
from mystic.auth import AuthModule, update_user
from flask import session, request
from flask.app import Flask
from random import randint
password_hasher = PasswordHasher(memory_cost = 2097152) # 2 GiB
bp = Blueprint("direct_login", __name__, url_prefix="/")
@bp.get("/login")
......@@ -81,6 +84,10 @@ def run_signup() -> None:
last_name,
email,
)
password_hashed = password_hasher.hash(password)
c.execute("INSERT INTO passwords VALUES (%s, %s)", (uid, password_hashed))
db.commit()
except IntegrityError as e:
n_conflicts = c.execute(
......@@ -118,11 +125,27 @@ def run_login() -> None:
lookup = User.lookup_user_by_email
else:
lookup = User.lookup_user
user = lookup(c, username)
if user is None:
flash(f'User not found', 'error-login-username')
c.close()
return
num_res = c.execute(
"SELECT pass_hash FROM passwords WHERE user_id = %s",
(user.user_id,)
)
assert num_res > 0, "User exists, but no password was found"
password_hash: str = c.fetchone()[0]
c.close()
try:
password_hasher.verify(password_hash, password)
except VerifyMismatchError:
flash(f'Password incorrect', 'error-login-password')
return
session["id"] = user.user_id
abort(redirect("/"))
......
......@@ -54,6 +54,15 @@ def setup_database(c: Cursor) -> None:
UNIQUE (project_id, data_type, data_url)
);
CREATE TABLE IF NOT EXISTS passwords (
user_id INTEGER PRIMARY KEY,
pass_hash CHAR(78) NOT NULL,
FOREIGN KEY (user_id)
REFERENCES users(user_id)
ON DELETE CASCADE
ON UPDATE RESTRICT
);
CREATE INDEX IF NOT EXISTS dx_data_source_project ON data_sources(project_id);
CREATE INDEX IF NOT EXISTS dx_project_draft_of ON projects(draft_owner);
'''
......
......@@ -10,6 +10,7 @@ setup(
'elasticsearch>=6.0.0,<7.0.0',
'flask-saml2 @ git+https://github.com/Alch-Emi/flask-saml2@timestamps#egg=flask-saml2',
'msgpack==1.0.2',
'msgpack-types'
'msgpack-types',
'argon2-cffi'
],
)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment