I have included code that I am using

Update your web site to include a password update form and provide additional validation on the password check. Specifically you should create:

a. Password update Form - This Python form allows a previously registered user to reset their password after they have successfully logged in.

b. Authentication functions - These Python functions will check the following NIST SP 800-63B criteria are met upon password update:

• adding a user registration form
• A password complexity should be enforced to include at least 12 characters in length, and include at least 1 uppercase character, 1 lowercase character, 1 number and 1 special character.
• Use the previous criteria for password length and complexity. (This work should already be done.)
• Compare the prospective secrets against a list that contains values known to be commonlyused, expected, or compromised (Provided as CommonPasswords.txt).
• If the chosen secret is found in the list, the application SHALL advise the subscriber that they need to select a different secret.

c. Logger - make a log to log all failed login attempts. The Log should include date, time and IP address.

Hints:

1. Leverage the File I/O, Flask and Data structures work previously performed in the class.

2. Use functions to enhance code reuse and modularity.

3. Use Python Lists or other data structures to store the Common Passwords and then appropriate search functions to expedite comparisons.

The Code:

app.py:

# Let's import date function to display the date today in our website from datetime import date # Import required libraries for flask to work from flask import Flask, render_template, request, redirect, url_for, session, flash from functools import wraps # Initialize flask, store the flask instance in the app variable app = Flask(__name__) app.secret_key = "@fgg9trfj$vvjg5" # This is how you declare route in flask # this route will point to http://127.0.0.1:5000/ # login required decorator def login_required(f): @wraps(f) def wrap(*args, **kwargs): if 'logged_in' in session: return f(*args, **kwargs) else: flash('You need to login first.') return redirect(url_for('login')) return wrap @app.route('/') @login_required def home(): """Let's store the date today to be display in the page""" date_today = date.today() # render_template displays html page # We can indicate what page to show, and pass variables for our html page to use return render_template('index.html', today=date_today) @app.route('/contact_us') @login_required def contact_us(): """this route will point to http://127.0.0.1:5000/contact_us""" return render_template('contact_us.html') @app.route('/about_us') @login_required def about_me(): """this route will point to http://127.0.0.1:5000/about_us""" return render_template('about_us.html') @app.route('/login', methods=['GET', 'POST']) def login(): error = None if request.method == 'POST': if request.form['username'] != 'admin' or request.form['password'] != 'admin': error = 'Invalid credentials. Please try again.' else: session['logged_in'] = True flash('You were just logged in!') return redirect(url_for('home')) return render_template('login.html', error=error) @app.route('/logout') @login_required def logout(): session.pop('logged_in', None) flash('You were just logged out!') return redirect(url_for('login')) # this file will only run only if you directly called this python file # e.g python app.py # it also says that this is the starting point of your program if __name__ == '__main__': app.run(debug=True) 

login.html:

       
 
Please login
 
    
 {% if error %} 
Error: {{ error }} {% endif %} {% for message in get_flashed_messages() %} {{ message }} {% endfor %} 
   

index.html

          
 Finding Ice cream for you! 
  
 
 Menu 
  
 
 
 Home
 
 Contact Us 
 
 About Us
 
 
  
 
 Here's our best Ice Cream to eat! 
  
 
 Vanilla 
 
 Chocolate 
 
 Cookies & Cream 
 
 
 Special discount will be given this week!
 Don't eat ice cream to fast. 
  
 Date today is: {{ today }}
 
Click here to logout.
 {% for message in get_flashed_messages() %} {{ message }} {% endfor %}  
 
 Find McDonald Ice cream
 
 Ice cream recipes
 
 Ben & Jerry 
 
  
Table section
 
 
 
 
row1column1
 
row1column2
 
row1column3
 
 
 
row2column1
 
row2column2
 
row2column3
 
 
 
row3column1
 
row3column2
 
row3column3
 
 
 
row4column1
 
row4column2
 
row4column3
 
 
 
 

CommonPassword.txt:

password

123456

12345678

1234

qwerty

12345

dragon

baseball

football

letmein

monkey

abc123

mustang

michael

shadow

master

jennifer

111111

2000

jordan

superman

harley

1234567

hunter

trustno1

ranger

buster