From 3eec0260da7bc445f5de8d45f30eb3db827f0257 Mon Sep 17 00:00:00 2001 From: Antonio de la Rosa Date: Tue, 2 Dec 2025 18:29:43 +0100 Subject: [PATCH] Many fixes for admin --- cuchulu/libraries/sendmail.py | 26 ++++-- cuchulu/libraries/sessionplugin.py | 4 + cuchulu/modules/admin/app.py | 35 ++++++-- cuchulu/modules/admin/libraries/admin_auth.py | 86 ++++++++++++++++++- cuchulu/modules/admin/templates/login.phtml | 8 +- .../modules/admin/templates/need_auth.phtml | 6 +- cuchulu/settings/config.py.sample | 6 +- 7 files changed, 147 insertions(+), 24 deletions(-) diff --git a/cuchulu/libraries/sendmail.py b/cuchulu/libraries/sendmail.py index bbd519f..1e0035c 100644 --- a/cuchulu/libraries/sendmail.py +++ b/cuchulu/libraries/sendmail.py @@ -67,11 +67,11 @@ class SendMail: self.txt_error='' self.ssl=ssl - if sys.version_info < (3, 6): + if sys.version_info < (3, 10): - self.context = ssl_module.SSLContext(ssl_module.PROTOCOL_TLSv1_2) - else: self.context = ssl_module.SSLContext(ssl_module.PROTOCOL_TLS) + else: + self.context = ssl_module.SSLContext(ssl_module.PROTOCOL_TLS_CLIENT) def connect(self): @@ -79,6 +79,8 @@ class SendMail: if self.ssl==True: + error=False + try: self.smtp.starttls(context=self.context) @@ -87,18 +89,32 @@ class SendMail: self.txt_error='Error: cannot make HELO to this server' - return False + error=True except RuntimeError: self.txt_error='Error: SSL/TLS is not supported in your python interpreter' - return False + error=True + + except ssl.SSLCertVerificationError: + + self.txt_error='Error: certificate verify failed, unable to get local issuer certificate. Install pip-system-certs can help.' + + error=True + + except smtplib.SMTPException as e: self.txt_error=e.__str__() + error=True + + if error: + + self.smtp.quit() + return False diff --git a/cuchulu/libraries/sessionplugin.py b/cuchulu/libraries/sessionplugin.py index 565f825..369eb5a 100644 --- a/cuchulu/libraries/sessionplugin.py +++ b/cuchulu/libraries/sessionplugin.py @@ -118,6 +118,7 @@ def session_plugin(callback): rv=callback(*args, **kwargs) + """ if request.environ['session'].changed: if not safe: @@ -125,6 +126,9 @@ def session_plugin(callback): #if not max_age: response.set_cookie(config.cookie_name, safe.dumps(session), path=config.session_opts['session.path'], httponly=True) + """ + + request.environ['session'].save() return rv diff --git a/cuchulu/modules/admin/app.py b/cuchulu/modules/admin/app.py index 821a2cc..aac6d88 100644 --- a/cuchulu/modules/admin/app.py +++ b/cuchulu/modules/admin/app.py @@ -21,6 +21,7 @@ from bottle import redirect, request, response from cuchulu.libraries.urls import url_for from cuchulu.libraries.sessionplugin import Session from cuchulu.modules.admin.libraries.check_login_tries import check_login_tries +import copy #from cuchulu.modules.admin.libraries.admin_auth import admin_prepare, admin_finished, modules_access try: import ujson as json @@ -92,15 +93,21 @@ def admin(): def logout(session=Session()): #resp=make_response(redirect(url_for('admin_app.login'))) - + """ if 'login_admin' in session: del session['login_admin'] if 'verify_auth' in session: del session['verify_auth'] + """ + #session.clear() + keys=list(session.keys()) + + for k in keys: + del session[k] if 'remember_login_admin' in request.cookies: - response.set_cookie('remember_login_admin', '', max_age=0, expires=0, path=config.application_root) + response.set_cookie('remember_login_admin', '', max_age=0, expires=0, path=config.base_url) # We need save session when redirect is done. @@ -173,6 +180,9 @@ def login(db=True, session=Session()): user_admin.check_user=False + # Disable remember login + + """ if 'remember_login' in request.forms: remember_key=create_key_encrypt() @@ -184,11 +194,13 @@ def login(db=True, session=Session()): user_admin.fields['token_login'].protected=False - response.set_cookie('remember_login_admin', json.dumps((arr_user['id'], remember_key)), max_age=315360000, expires=timestamp, path=config.application_root) + response.set_cookie('remember_login_admin', json.dumps((arr_user['id'], remember_key)), max_age=315360000, expires=timestamp, path=config.base_url) + """ if arr_user['double_auth']: token_auth=create_key(8) + session['verify_auth']=False user_admin.fields['token_auth'].protected=False @@ -309,15 +321,20 @@ def signup(db=True, session=Session()): else: - return redirect(url_for('.login')) + return redirect(url_for('admin_app.login')) -@admin_app.get('/admin/need_auth') -def need_auth(): +@admin_app.get('/admin/need_auth', name='admin_app.need_auth', skip=[check_login]) +def need_auth(session=Session()): - return t.load_template('need_auth.phtml') + #if session.get('verify_auth', False): + if 'verify_auth' in session and not session.get('verify_auth', False): + + return t.load_template('need_auth.phtml') + else: + return redirect(url_for('admin_app.login')) -@admin_app.post('/admin/auth_check') -def auth_check(db=True): +@admin_app.post('/admin/auth_check', name='admin_app.auth_check', skip=[check_login]) +def auth_check(db=True, session=Session()): error=1 diff --git a/cuchulu/modules/admin/libraries/admin_auth.py b/cuchulu/modules/admin/libraries/admin_auth.py index 9c84a33..825b6c3 100644 --- a/cuchulu/modules/admin/libraries/admin_auth.py +++ b/cuchulu/modules/admin/libraries/admin_auth.py @@ -6,6 +6,8 @@ from cuchulu.libraries.i18n import I18n, PGetText from bottle import request, redirect from cuchulu.wsgiapp import app from bottle import abort +from cuchulu.libraries.sessionplugin import get_session +from cuchulu.libraries.urls import url_for try: import ujson as json @@ -16,7 +18,7 @@ modules_access=[] def check_login(callback): def wrapper(*args, **kwargs): - + """ if 'session' in request.environ: if request.environ['session'].get('login_admin', False) and not request.environ['session'].get('verify_auth', False): @@ -34,7 +36,89 @@ def check_login(callback): redirect(app.get_url('admin_app.need_auth')) redirect(app.get_url('admin_app.login')) + """ + db=kwargs.get('db', WebModel.connection()) + + session=get_session() + + if 'login_admin' not in session: + + # Disabled remember login + + """ + if 'remember_login_admin' in request.cookies: + + try: + + arr_cookie=json.loads(request.cookies['remember_login_admin']) + + except: + + arr_cookie=(0, '') + + #print(arr_cookie) + #with g.connection.query('select count(id) as count_id from useradmin where token_login=%s', [request.cookies['remember_login_admin']]) as cursor: + with db.query('select id, token_login, dark_theme from useradmin where id=%s', [arr_cookie[0]]) as cursor: + + arr_user=cursor.fetchone() + + if arr_user: + + passfield=PasswordField('token_login') + + if passfield.verify(arr_cookie[1], arr_user['token_login']): + + session['login_admin']=True + session['user_id']=arr_user['id'] + + if arr_user['dark_theme']: + session['theme']='1' + else: + session['theme']='0' + + session['lang']=arr_user.get('lang', I18n.default_lang) + + else: + + session.clear() + + session.save() + + url_redirect=url_for('admin_app.login', _external=False) + + return redirect(url_redirect) + else: + + session.clear() + + session.save() + + url_redirect=url_for('admin_app.login', _external=False) + + return redirect(url_redirect) + + else: + + """ + + url_redirect=url_for('admin_app.login') + + return redirect(url_redirect) + + pass + else: + + if not session.get('verify_auth', True): + + url_redirect=url_for('admin_app.need_auth') + + return redirect(url_redirect) + + result = callback(*args, **kwargs) + + return result + return wrapper """ diff --git a/cuchulu/modules/admin/templates/login.phtml b/cuchulu/modules/admin/templates/login.phtml index 95fd3d8..cc108f4 100644 --- a/cuchulu/modules/admin/templates/login.phtml +++ b/cuchulu/modules/admin/templates/login.phtml @@ -23,11 +23,11 @@ data_form={'username': $('#username_form').val(), 'password': $('#password_form').val(), 'csrf_token': $("#csrf_token").val()}; - if($('#remember_login:checked').val()) + /*if($('#remember_login:checked').val()) { data_form.remember_login=$('#remember_login').val(); - } + }*/ $.ajax({ url: "${url_for('admin_app.login')}", @@ -99,9 +99,9 @@ ${_('Paramecio Login')} ${forms|n} -
+
  diff --git a/cuchulu/modules/admin/templates/need_auth.phtml b/cuchulu/modules/admin/templates/need_auth.phtml index 9fae022..20d6fb8 100644 --- a/cuchulu/modules/admin/templates/need_auth.phtml +++ b/cuchulu/modules/admin/templates/need_auth.phtml @@ -6,7 +6,7 @@ ${_('Paramecio Login')}
-

${_('Check your email for get instructions for complete login with double auth or')} logout and login again with other user

+

${_('Check your email for get instructions for complete login with double auth or')} logout and login again with other user

${csrf_token()|n}
@@ -29,7 +29,7 @@ data_form={'code': $('#code_form').val(), 'csrf_token': $("#csrf_token").val()}; $.ajax({ - url: "${url_for('.auth_check')}", + url: "${url_for('admin_app.auth_check')}", method: "POST", dataType: "json", data: data_form, @@ -45,7 +45,7 @@ { //location.reload() - location.href="${url_for('.admin')}"; + location.href="${url_for('admin_app.admin')}"; } else diff --git a/cuchulu/settings/config.py.sample b/cuchulu/settings/config.py.sample index 250b4d6..f9325ca 100644 --- a/cuchulu/settings/config.py.sample +++ b/cuchulu/settings/config.py.sample @@ -15,7 +15,7 @@ cuchulu_root=os.path.dirname(sys.modules['cuchulu'].__file__) #Host/IP where bind the server -port=8080 +port=5000 debug=False @@ -64,7 +64,9 @@ session_enabled=True cookie_name = 'cuchulu.session' -domain_url='http://localhost:8080' +domain_url='http://localhost:5000 + +portal_email='Portal name' #Keep this variable and don't show to anybody