Fix in app.py

paramecio2/modules/admin/app.py

@@ -4,7 +4,7 @@ from paramecio2.libraries.i18n import I18n
 from paramecio2.libraries.formsutils import show_form, generate_csrf, set_extra_forms_user, pass_values_to_form
 from paramecio2.libraries.db.webmodel import WebModel
 from paramecio2.modules.admin.models.admin import UserAdmin
-from paramecio2.libraries.keyutils import create_key_encrypt
+from paramecio2.libraries.keyutils import create_key_encrypt, create_key
 from time import time
 import os, sys
 from importlib import import_module
@@ -12,6 +12,7 @@ from paramecio2.libraries.config_admin import config_admin
 import copy
 from os import path
 from paramecio2.modules.admin import admin_app, t
+from paramecio2.libraries.sendmail import SendMail
 
 yes_recovery_login=False
 email_address='localhost'
@@ -30,7 +31,7 @@ def admin_prepare():
 
     g.connection=WebModel.connection()
     
-    if request.endpoint!='admin_app.login' and request.endpoint!='admin_app.signup':
+    if request.endpoint!='admin_app.login' and request.endpoint!='admin_app.signup' and request.endpoint!='admin_app.need_auth' and request.endpoint!='admin_app.auth_check':
         
         if 'login_admin' not in session:
             
@@ -54,6 +55,16 @@ def admin_prepare():
                 url_redirect=config.domain_url+url_for('admin_app.login', _external=False)
                 
                 return redirect(url_redirect)   
+        else:
+            
+            #print(session['verify_auth'])
+            if request.endpoint!='admin_app.logout':
+            
+                if not session.get('verify_auth', True):
+                    
+                    url_redirect=config.domain_url+url_for('admin_app.need_auth', _external=False)
+                    
+                    return redirect(url_redirect)   
 
 @admin_app.after_request
 def admin_finished(response):
@@ -146,6 +157,9 @@ def logout():
     if 'login_admin' in session:
         del session['login_admin']
     
+    if 'verify_auth' in session:
+        del session['verify_auth']
+    
     if 'remember_login_admin' in request.cookies:
         resp.set_cookie('remember_login_admin', value='', max_age=0, expires=0, path=config.application_root)
     
@@ -187,22 +201,49 @@ def login():
 
                     session['login_admin']=True
                     
+                    session['user_id']=arr_user['id']
+                    
                     resp = make_response({'error': 0})
                     
+                    arr_update={}
+                    
+                    user_admin.safe_query()
+                        
+                    user_admin.check_user=False
+                    
                     if 'remember_login' in request.form:
                         
                         remember_key=create_key_encrypt()
                         
-                        user_admin.safe_query()
-                        
-                        user_admin.check_user=False
-                        
-                        user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update({'token_login': remember_key})
+                        #user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update({'token_login': remember_key})
+                        arr_update['token_login']=remember_key
                         
                         timestamp=int(time())+315360000
                         
                         resp.set_cookie('remember_login_admin', value=remember_key, max_age=315360000, expires=timestamp, path=config.application_root)
                         
+                    if arr_user['double_auth']:
+                        
+                        token_auth=create_key(8)
+                        session['verify_auth']=False
+                    
+                        #user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update({'token_auth': token_auth})
+                        
+                        arr_update['token_auth']=token_auth
+                        
+                        # Send email
+                        
+                        sendmail=SendMail(ssl=True)
+                        
+                        # def send(self, from_address, to_address: list, subject, message, content_type='plain', attachments=[]):
+                        
+                        sendmail.send(config.portal_email, [arr_user['email']], I18n.lang('admin', 'code_for_complete_login', 'Code for complete login'), I18n.lang('admin', 'code_for_complete_login_explain', 'We send to you a code for activate your account using double authentication:')+"\n"+token_auth, content_type='plain', attachments=[])
+                        
+                    
+                    if len(arr_update)>0:
+                        
+                        user_admin.set_conditions('WHERE id=%s', [arr_user['id']]).update(arr_update)
+                    
                     return resp
             
                 else:
@@ -286,6 +327,31 @@ def signup():
         
         return redirect(url_for('.login'))
 
+@admin_app.route('/admin/need_auth/')
+def need_auth():
+    
+    return t.load_template('need_auth.phtml')
+
+@admin_app.route('/admin/auth_check/', methods=['POST'])
+def auth_check():
+
+    error=1
+    
+    if 'login_admin' in session:
+    
+        code=request.form.get('code', '')
+        
+        user_admin=UserAdmin(g.connection)
+        
+        c=user_admin.set_conditions('WHERE id=%s AND token_auth=%s', [session['user_id'], code]).select_count()
+        
+        if c==1:
+            
+            session['verify_auth']=True
+            error=0
+    
+    return {'error': error}
+
 @admin_app.route('/admin/recovery_password/')
 def recovery_password():