So I have already created a database using the pgadmin3 in postgresql. I have a set of email-ids and passwords. The passwords which I have stored are hashed, i.e. by using pwd_context.hash(password) from the pass.libs.
I have stored them as shown below in the database. Now I have to create another login form in html to authenticate. I am new to flask, but I have seen something called as flask-login. How to compare the password entered in cleartext with the hashed password in database.
Flask-login provides a set of functions... for user login,logout and so on. More information on Flask-login can be found at https://flask-login.readthedocs.io/en/latest/.
For creating and checking a password hash: When working with Flask often werkzeug security is used to create/hash and check passwords. A snippet in which this is demonstrated can be found here : http://flask.pocoo.org/snippets/54/
Finally an internet search (I have not used any of these tutorial/pages before) retrieved following page: https://blog.miguelgrinberg.com/post/two-factor-authentication-with-flask with a quick browse of the page I found an example of using flask-login and werkzeug for user-login/logout under the title 'The First Factor: Password Authentication'. A quick pointer when using this tutorial is that there have been some changes in naming since the page has come online. For example flask.ext.login has been renamed to flask_login. The tutorial http://blog.sampingchuang.com/setup-user-authentication-in-flask/ also provides more information on flask-login and werkzeug. The pointer on renaming is also valid for this one.
Related
I'm using postgres database and logging in as admin. watching YouTube videos and other online documentation I can see that other users have this button enabled but for some reason it doesn't appear in my installation. I'm thinking that it must be something in the config.py file. Everything is fairly vanilla I haven't changed any parameters at this point.
From answer on this question you need to set this flag in superset_config.py
FEATURE_FLAGS = {
"ENABLE_TEMPLATE_PROCESSING": True,
}
I'm using CasperJS for automated UI tests. I've done the basic UI testing and validation with some random data, kind of POC. I've set up this automation using bash script which kicks to start the web server, load MySQL data from SQL file, start CasperJS test cases, stop the web server, check the log files.
Now, I want to start the testing with some good known status of data which are stored in MySQL. So that I can test the list data and form data with detailed field information with some known database status. How should I know the status of data in the database at a moment?
1) Should I use pre-populated JSON dumped file which has status and details about all data?
2) Should I use web service API? (web service APIs are being used to show/save/delete data from the web page)
Let's take an example. I've 5 users in Users table. Now when I open the home page it shows 5 users with some rough details. When I click on any record from the list of users, it shows a form with detailed information about that user. The webpage is requesting to the web application to get the detail about a user with the help of user_id to show the detailed user data in a form. Now I want to check that all the data in that form is populated correctly. So at the next step, what would be the preferred way, should I read content from JSON dumped file or should I use web service API (like webpage does).
Searching this problem online, I also found MYSQL HTTP plugin. Should I consider this as well? and How safe it is to use? (I know from the docs that this plugin is not for the production, it is just for testing purpose only. :) )
For the main question in cases like this I would change the database connection string to your testing database (this is a clone).
In your case use your bash script to change the connection string (file copy?) automatically before you run the tests. And when completed change back.
Your testing database is a direct clone of your dev/live databsae but with ONLY the test data you want. Downside is you need to keep the schema in sync with DEV/LIVE.
Also another point to take into considertion is if your testing changes state (post). If so your testing data might be out of sync. One way is get around this is to drop foreign keys, truncate the data and load in a dump file.
HTH
I have a simple login form on my website, using .Net MVC. When the form is submitted a partial view is loaded with a success message. A simplified version of the form can be found here: https://jsfiddle.net/hev4f64f/10/
The Problem:
When the above form is loaded in MobileSafari (jsfiddle.net/hev4f64f/10/show/) using simulator or iPad and submitted, on inspecting the process memory dump I see the password in memory in plain t text.
I am using the method described here for inspecting MobileSafari memory dump, and then searching for the password using the following command:
grep -a 'P#$$W0Rd' core.1234
Following is a sample occurrence of the password "southpark" in the dump.
NS.boolval$clasNSNumber
NS.object.3 NS.bytes southpark$clasNSStrinNS.key.9
NS.byte'ControlLooksLikePasswordCredentialField$clasNSString NS.key.11
NS.byte)ControlLooksLikeCreditCardCardholderField$clasNSString
NS.object.21 $classNSNull NS.key.12
NS.byteControlIsDisabled$clasNSString
Not sure what "ControlLooksLikePasswordCredentialField" in the dump means.
My initial guess was it has something to do with the Safari Password Manager, but I have set autocomplete=off in the form. I am also clearing the fields in the client after form submission.
Any idea how to get rid of the password in memory?
For anyone else who comes across the same issue, I implemented a workaround solution using plugins.jquery.com/disable-autocomplete
I have an old project which is using Wordpress, currently we create a new project and need to migrate the user's data into the new database (also Mysql).
The new database is using Bcrypt for encoding password for users. The old encode type in wordpress is like:
$P$BdsGKKQnnH6mi9hznpibst1jl/6G4z1
I think it might be MD5-based or not. I looked this link: http://stackoverflow.com/questions/1045988/what-type-of-hash-does-wordpress-use
I want to find a way to convert this type of password to Bcrypt-based. Maybe mysql script could help me convert? Can anyone give me some suggestions? Thanks.
I dont know if you can login to the admin panel or not. Chances are that you cant, but if you can somehow reset the password field with a known bCrypt hash for the admin. Then you can use this plugin to change the encryption from md5 to bcrypt for all your passwords.
https://wordpress.org/plugins/wp-bcrypt/
I moved my osqa site from one machine to another machine, so I moved my mysql database too.
After I finished this, the whole site is placed at another place. When I open the new site page, all information is fine.
But when I try to log into the new site, using my username and password (registered in my old site), it can't. When I look in the database, all user information is right here, not lost..
I just copied /var/lib/mysql/osqa from one machine to another for database migration.
What could be the reason that login doesn't work?
Might need more debug information, but I wonder if in moving the database, Django is no longer able to unencrypt the passwords. If this is the case, then running user.check_password("whatever") will return False. From the shell, run the following:
from forum.models import User
user = User.objects.get(username="foo")
user.check_password("bar")
If that gives you a "False" then you know that the password is no longer working. If you get "True", then report back and we'll try something else. Good luck.