From 3933078fd9621beae5e131d3d7f585015b360259 Mon Sep 17 00:00:00 2001 From: Lynne Date: Mon, 12 Nov 2018 17:34:35 +1000 Subject: [PATCH] working logins, minor bug fixes --- web.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/web.py b/web.py index 408d901..6b248e8 100755 --- a/web.py +++ b/web.py @@ -69,7 +69,7 @@ def home(): client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], access_token=session['secret'], api_base_url=session['instance']) session['avi'] = client.account_verify_credentials()['avatar'] - if session['cc'] != None: + if session['cc'] != "None": #update cc avi too r = requests.get("https://curiouscat.me/api/v2/profile?username={}".format(session['cc'])) j = r.json() @@ -86,7 +86,7 @@ def home(): def print_debug_info(): return json.dumps(session._get_current_object()) -@app.route('/reset') #TODO: ditto +@app.route('/logout') def reset_session(): session.clear() return redirect(url_for('main')) @@ -139,19 +139,20 @@ def internal_auth_b(): else: return redirect(url_for('create_password')) -@app.route('/internal/do_login') +@app.route('/internal/do_login', methods = ['POST']) def do_login(): pw_in = request.form['pw'] - pw_hashed = hashlib.sha256(pw_in.encode('utf-8')) + pw_hashed = hashlib.sha256(pw_in.encode('utf-8')).digest() acct = request.form['acct'] - session['username'] = re.match("^@[^@]*", acct).group(0) + session['username'] = re.match("^@([^@]+)@", acct).group(1) session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1)) - dc.execute("SELECT * FROM data WHERE username LIKE %s AND password LIKE %s", (session['username'], session['instance'])) + dc.execute("SELECT * FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance'])) data = dc.fetchone() - if bcrypt.checkpw(pw_hashed, data['password']): + if bcrypt.checkpw(pw_hashed, data['password'].encode('utf-8')): #password is correct, log the user in for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']: session[item] = data[item] + session['acct'] = "@{}@{}".format(session['username'], re.match("https://(.*)", session['instance']).group(1)) return redirect('/home') else: return redirect('/login?invalid')