Added admin_auth for apps independent of admin_app

paramecio2/modules/admin/app.py

@@ -16,6 +16,7 @@ from paramecio2.modules.admin import admin_app, t
 from paramecio2.libraries.sendmail import SendMail
 from paramecio2.libraries.formsutils import check_csrf
 from hmac import compare_digest as compare_hash
+from paramecio2.modules.admin.libraries.admin_auth import admin_prepare, admin_finished
 
 try:
     import crypt
@@ -47,7 +48,8 @@ if hasattr(config, 'email_address'):
 
 #admin_app=Blueprint('admin_app', __name__, static_folder='static')
 
-@admin_app.before_request
+#@admin_app.before_request
+"""
 def admin_prepare():
 
     g.connection=WebModel.connection()
@@ -87,13 +89,12 @@ def admin_prepare():
                     
                     return redirect(url_redirect)   
 
-    
+"""
-    """
+#home=welcome_app.route("/")(home)
-    if request.method=='POST':
+admin_prepare=admin_app.before_request(admin_prepare)
-        check_csrf()
-    """
 
-@admin_app.after_request
+#@admin_app.after_request
+"""
 def admin_finished(response):
     
     #print('pepe')
@@ -101,6 +102,9 @@ def admin_finished(response):
     g.connection.close()
     
     return response
+"""
+
+admin_finished=admin_app.after_request(admin_finished)
 
 # Load modules from admin
 
@@ -115,6 +119,7 @@ for app in config.apps:
 
         a=import_module(config_path)
 
+
 arr_modules_admin={}
 
 for app_load in config_admin:

paramecio2/modules/admin/libraries/admin_auth.py

@@ -0,0 +1,48 @@
+from flask import g, request, redirect, session, url_for
+from paramecio2.libraries.db.webmodel import WebModel
+from settings import config
+
+def admin_prepare():
+
+    g.connection=WebModel.connection()
+    
+    if request.endpoint!='admin_app.login' and request.endpoint!='admin_app.signup' and request.endpoint!='admin_app.need_auth' and request.endpoint!='admin_app.auth_check':
+        
+        if 'login_admin' not in session:
+            
+            if 'remember_login_admin' in request.cookies:
+                
+                with g.connection.query('select count(id) as count_id from useradmin where token_login=%s', [request.cookies['remember_login_admin']]) as cursor:
+                    
+                    arr_count=cursor.fetchone()
+
+                    if arr_count['count_id']==0:
+                        
+                        url_redirect=config.domain_url+url_for('admin_app.login', _external=False)
+                        
+                        return redirect(url_redirect)   
+                    else:
+                        
+                        session['login_admin']=True
+            
+            else:
+                
+                url_redirect=config.domain_url+url_for('admin_app.login', _external=False)
+                
+                return redirect(url_redirect)   
+        else:
+            
+            #print(session['verify_auth'])
+            if request.endpoint!='admin_app.logout':
+            
+                if not session.get('verify_auth', True):
+                    
+                    url_redirect=config.domain_url+url_for('admin_app.need_auth', _external=False)
+                    
+                    return redirect(url_redirect)   
+
+def admin_finished(response):
+    
+    g.connection.close()
+    
+    return response

paramecio2/modules/admin/libraries/check_login_tries.py

@@ -0,0 +1,74 @@
+from paramecio2.libraries.i18n import I18n, PGetText
+from paramecio2.libraries.mtemplates import env_theme, PTemplate
+from paramecio2.modules.admin.models.admin import UserAdmin, LoginTries
+from paramecio2.libraries.db.webmodel import WebModel
+from paramecio2.libraries.db import simplequery
+from settings import config
+from paramecio2.libraries.datetime import now, format_local_strtime, timestamp_to_datetime, obtain_timestamp
+from paramecio2.libraries.keyutils import create_key_encrypt, create_key
+from time import time
+#from paramecio2.wsgiapp import app
+#from paramecio2.modules.admin2 import admin_app
+#from bottle import request, redirect, Bottle, response
+from flask import request, redirect
+#from paramecio2.modules.admin.libraries.loginplugin import check_login
+#from paramecio2.libraries.sessionplugin import SessionPlugin
+#from paramecio2.libraries.httputils import GetPostFiles
+from paramecio2.libraries.formsutils import check_form, csrf_token
+from paramecio2.libraries.db.coreforms import PasswordForm
+from paramecio2.libraries.sendmail import SendMail
+#from paramecio2.modules.admin.libraries.config import modules_admin
+
+login_tries=5
+
+if hasattr(config, 'login_tries'):
+    login_tries=config.login_tries
+
+seconds_login=300
+
+if hasattr(config, 'seconds_login'):
+    seconds_login=config.seconds_login
+
+
+def check_login_tries(request, db):
+    
+    logintries=LoginTries(db)
+    
+    logintries.safe_query()
+    
+    #ip=request.environ.get('HTTP_X_FORWARDED_FOR') or request.environ.get('REMOTE_ADDR')
+    
+    
+    if 'x-real-ip' in request.headers:
+        ip=request.headers['x-real-ip']
+    elif 'x-forwarded-for' in request.headers:
+        ip=request.headers['x-forwarded-for']
+    else:
+        ip=request.client.host
+    
+    you_cannot_login=0
+    
+    now_str=now()
+    date_now=format_local_strtime('YYYY-MM-DD HH:mm:ss', now_str)
+    
+    date_check=format_local_strtime('YYYY-MM-DD HH:mm:ss', timestamp_to_datetime(obtain_timestamp(now_str)-seconds_login))
+    
+    logintries.query('delete from logintries where last_login<%s', [date_check])
+    
+    arr_try=logintries.set_conditions('WHERE ip=%s', [ip]).select_a_row_where()
+    
+    if arr_try:
+        
+        if arr_try['num_tries']<login_tries:
+        
+            logintries.query('update logintries set num_tries=num_tries+1, last_login=%s WHERE ip=%s', [date_now, ip])
+            
+        else:
+            
+            you_cannot_login=1
+            
+    else:
+        
+        logintries.query('insert into logintries (`ip`, `num_tries`, `last_login`) VALUES (%s, %s, %s)', [ip, 1, date_now])
+
+    return you_cannot_login

paramecio2/modules/admin/templates/dashboard.phtml

@@ -39,7 +39,7 @@ ${load_js()|n}
 <div id="languages_general">
 </div>
 <div id="logout">
-<%block name="logout"><a href="${url_for('.logout')}"><i class="fa fa-power-off" aria-hidden="true"></i> Logout</a></%block>
+<%block name="logout"><a href="${url_for('admin_app.logout')}"><i class="fa fa-power-off" aria-hidden="true"></i> Logout</a></%block>
 </div>
 
 <div id="center_body">
@@ -98,7 +98,16 @@ ${load_js()|n}
                     
                     %>
                 
-                    <li><a href="${url_for(admin[2])}" class="${class_selected}">&nbsp;<i class="fa ${icon_module}" aria-hidden="true"></i>${link_text}</a></li>
+                
+                    <li><a href="${url_for(admin[2])}" class="${class_selected}">&nbsp;
+                            % if icon_module.startswith('fa-'):
+                            <i class="fa ${icon_module}" aria-hidden="true"></i>
+                            %else:
+                            ${icon_module|n}
+                            % endif
+                            ${link_text}
+                        </a>
+                    </li>
                                         
                     % elif len(admin)==1:
                     <%