Created
August 18, 2016 21:07
-
-
Save dchabot/a0f3fe180b84e7e21efddfaa57457331 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Copyright (c) 2008 - 2013 10gen, Inc. <http://10gen.com> | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
# | |
# | |
import hmac | |
import random | |
import string | |
import hashlib | |
import pymongo | |
# The User Data Access Object handles all interactions with the User collection. | |
class UserDAO: | |
def __init__(self, db): | |
self.db = db | |
self.users = self.db.users | |
self.SECRET = 'verysecret' | |
# makes a little salt | |
def make_salt(self): | |
salt = "" | |
for i in range(5): | |
salt = salt + random.choice(string.ascii_letters) | |
return salt | |
# implement the function make_pw_hash(name, pw) that returns a hashed password | |
# of the format: | |
# HASH(pw + salt),salt | |
# use sha256 | |
def make_pw_hash(self, pw,salt=None): | |
if salt == None: | |
salt = self.make_salt(); | |
return hashlib.sha256(pw + salt).hexdigest()+","+ salt | |
# Validates a user login. Returns user record or None | |
def validate_login(self, username, password): | |
print username, password | |
user = None | |
try: | |
# XXX HW 2.3 Students Work Here | |
# you will need to retrieve right document from the users collection. | |
# establish a connection to the database | |
connection = pymongo.MongoClient("mongodb://localhost") | |
# get a handle to the school database | |
db = connection.users | |
users = db.users | |
user = users.find_one({'_id': username}) | |
print user['password'] | |
except: | |
print "Unable to query database for user" | |
if user is None: | |
print "User not in database" | |
return None | |
salt = user['password'].split(',')[1] | |
if user['password'] != self.make_pw_hash(password, salt): | |
print "user password is not a match" | |
return None | |
# Looks good | |
return user | |
# creates a new user in the users collection | |
def add_user(self, username, password, email): | |
password_hash = self.make_pw_hash(password) | |
user = {'_id': username, 'password': password_hash} | |
if email != "": | |
user['email'] = email | |
try: | |
# XXX HW 2.3 Students work here | |
# You need to insert the user into the users collection. | |
# Don't over think this one, it's a straight forward insert. | |
# establish a connection to the database | |
connection = pymongo.MongoClient("mongodb://localhost") | |
# get a handle to the school database | |
db = connection.users | |
users = db.users | |
result = users.insert_one(user) | |
print result | |
print "This space intentionally left blank." | |
except pymongo.errors.OperationFailure: | |
print "oops, mongo error" | |
return False | |
except pymongo.errors.DuplicateKeyError as e: | |
print "oops, username is already taken" | |
return False | |
return True | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment