78 lines
1.9 KiB
Python
Executable File
78 lines
1.9 KiB
Python
Executable File
# -*- coding: utf-8 -*-
|
|
|
|
import hmac
|
|
import random
|
|
import string
|
|
import hashlib
|
|
import pymongo
|
|
|
|
|
|
# The User Data Access Object handles all interactions with the User collection.
|
|
class UserDAO:
|
|
|
|
def __init__(self, db):
|
|
self.db = db
|
|
self.users = self.db.users
|
|
self.SECRET = 'verysecret'
|
|
|
|
# makes a little salt
|
|
def make_salt(self):
|
|
salt = ""
|
|
for i in range(5):
|
|
salt = salt + random.choice(string.ascii_letters)
|
|
return salt
|
|
|
|
# implement the function make_pw_hash(name, pw) that returns a hashed password
|
|
# of the format:
|
|
# HASH(pw + salt),salt
|
|
# use sha256
|
|
|
|
def make_pw_hash(self, pw,salt=None):
|
|
if salt == None:
|
|
salt = self.make_salt();
|
|
return hashlib.sha256(pw + salt).hexdigest()+","+ salt
|
|
|
|
# Validates a user login. Returns user record or None
|
|
def validate_login(self, username, password):
|
|
|
|
user = None
|
|
try:
|
|
user = self.users.find_one({'_id': username})
|
|
except:
|
|
print "Unable to query database for user"
|
|
|
|
if user is None:
|
|
print "User not in database"
|
|
return None
|
|
|
|
salt = user['password'].split(',')[1]
|
|
|
|
if user['password'] != self.make_pw_hash(password, salt):
|
|
print "user password is not a match"
|
|
return None
|
|
|
|
# Looks good
|
|
return user
|
|
|
|
|
|
# creates a new user in the users collection
|
|
def add_user(self, username, password, email):
|
|
password_hash = self.make_pw_hash(password)
|
|
|
|
user = {'_id': username, 'password': password_hash}
|
|
if email != "":
|
|
user['email'] = email
|
|
|
|
try:
|
|
self.users.insert_one(user)
|
|
except pymongo.errors.OperationFailure:
|
|
print "oops, mongo error"
|
|
return False
|
|
except pymongo.errors.DuplicateKeyError as e:
|
|
print "oops, username is already taken"
|
|
return False
|
|
|
|
return True
|
|
|
|
|