paramecio/paramecio2fm
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Fix in app.py

Browse source
This commit is contained in:
absurdo 2023-07-21 00:23:49 +02:00
parent 3d2eb64808
commit 6ffb57b135
1 changed files with 74 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

80
paramecio2/modules/admin/app.py
View file

@ -4,7 +4,7 @@ from paramecio2.libraries.i18n import I18n
from paramecio2.libraries.formsutils import show_form, generate_csrf, set_extra_forms_user, pass_values_to_form from paramecio2.libraries.formsutils import show_form, generate_csrf, set_extra_forms_user, pass_values_to_form
from paramecio2.libraries.db.webmodel import WebModel from paramecio2.libraries.db.webmodel import WebModel
from paramecio2.modules.admin.models.admin import UserAdmin from paramecio2.modules.admin.models.admin import UserAdmin
from paramecio2.libraries.keyutils import create_key_encrypt from paramecio2.libraries.keyutils import create_key_encrypt, create_key
from time import time from time import time
import os, sys import os, sys
from importlib import import_module from importlib import import_module
@ -12,6 +12,7 @@ from paramecio2.libraries.config_admin import config_admin
import copy import copy
from os import path from os import path
from paramecio2.modules.admin import admin_app, t from paramecio2.modules.admin import admin_app, t
from paramecio2.libraries.sendmail import SendMail
yes_recovery_login=False yes_recovery_login=False
email_address='localhost' email_address='localhost'
@ -30,7 +31,7 @@ def admin_prepare():
g.connection=WebModel.connection() g.connection=WebModel.connection()
if request.endpoint!='admin_app.login' and request.endpoint!='admin_app.signup': if request.endpoint!='admin_app.login' and request.endpoint!='admin_app.signup' and request.endpoint!='admin_app.need_auth' and request.endpoint!='admin_app.auth_check':
if 'login_admin' not in session: if 'login_admin' not in session:
@ -54,6 +55,16 @@ def admin_prepare():
url_redirect=config.domain_url+url_for('admin_app.login', _external=False) url_redirect=config.domain_url+url_for('admin_app.login', _external=False)
return redirect(url_redirect) return redirect(url_redirect)
else:
#print(session['verify_auth'])
if request.endpoint!='admin_app.logout':
if not session.get('verify_auth', True):
url_redirect=config.domain_url+url_for('admin_app.need_auth', _external=False)
return redirect(url_redirect)
@admin_app.after_request @admin_app.after_request
def admin_finished(response): def admin_finished(response):
@ -146,6 +157,9 @@ def logout():
if 'login_admin' in session: if 'login_admin' in session:
del session['login_admin'] del session['login_admin']
if 'verify_auth' in session:
del session['verify_auth']
if 'remember_login_admin' in request.cookies: if 'remember_login_admin' in request.cookies:
resp.set_cookie('remember_login_admin', value='', max_age=0, expires=0, path=config.application_root) resp.set_cookie('remember_login_admin', value='', max_age=0, expires=0, path=config.application_root)
@ -187,22 +201,49 @@ def login():
session['login_admin']=True session['login_admin']=True
session['user_id']=arr_user['id']
resp = make_response({'error': 0}) resp = make_response({'error': 0})
arr_update={}
user_admin.safe_query()
user_admin.check_user=False
if 'remember_login' in request.form: if 'remember_login' in request.form:
remember_key=create_key_encrypt() remember_key=create_key_encrypt()
user_admin.safe_query() #user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update({'token_login': remember_key})
arr_update['token_login']=remember_key
user_admin.check_user=False
user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update({'token_login': remember_key})
timestamp=int(time())+315360000 timestamp=int(time())+315360000
resp.set_cookie('remember_login_admin', value=remember_key, max_age=315360000, expires=timestamp, path=config.application_root) resp.set_cookie('remember_login_admin', value=remember_key, max_age=315360000, expires=timestamp, path=config.application_root)
if arr_user['double_auth']:
token_auth=create_key(8)
session['verify_auth']=False
#user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update({'token_auth': token_auth})
arr_update['token_auth']=token_auth
# Send email
sendmail=SendMail(ssl=True)
# def send(self, from_address, to_address: list, subject, message, content_type='plain', attachments=[]):
sendmail.send(config.portal_email, [arr_user['email']], I18n.lang('admin', 'code_for_complete_login', 'Code for complete login'), I18n.lang('admin', 'code_for_complete_login_explain', 'We send to you a code for activate your account using double authentication:')+"\n"+token_auth, content_type='plain', attachments=[])
if len(arr_update)>0:
user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update(arr_update)
return resp return resp
else: else:
@ -286,6 +327,31 @@ def signup():
return redirect(url_for('.login')) return redirect(url_for('.login'))
@admin_app.route('/admin/need_auth/')
def need_auth():
return t.load_template('need_auth.phtml')
@admin_app.route('/admin/auth_check/', methods=['POST'])
def auth_check():
error=1
if 'login_admin' in session:
code=request.form.get('code', '')
user_admin=UserAdmin(g.connection)
c=user_admin.set_conditions('WHERE id=%s AND token_auth=%s', [session['user_id'], code]).select_count()
if c==1:
session['verify_auth']=True
error=0
return {'error': error}
@admin_app.route('/admin/recovery_password/') @admin_app.route('/admin/recovery_password/')
def recovery_password(): def recovery_password():