working logins, minor bug fixes

This commit is contained in:
Lynne Megido 2018-11-12 17:34:35 +10:00
parent aa4e98d475
commit 3933078fd9
Signed by: lynnesbian
GPG key ID: FB7B970303ACE499

15
web.py
View file

@ -69,7 +69,7 @@ def home():
client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], access_token=session['secret'], api_base_url=session['instance'])
session['avi'] = client.account_verify_credentials()['avatar']
if session['cc'] != None:
if session['cc'] != "None":
#update cc avi too
r = requests.get("https://curiouscat.me/api/v2/profile?username={}".format(session['cc']))
j = r.json()
@ -86,7 +86,7 @@ def home():
def print_debug_info():
return json.dumps(session._get_current_object())
@app.route('/reset') #TODO: ditto
@app.route('/logout')
def reset_session():
session.clear()
return redirect(url_for('main'))
@ -139,19 +139,20 @@ def internal_auth_b():
else:
return redirect(url_for('create_password'))
@app.route('/internal/do_login')
@app.route('/internal/do_login', methods = ['POST'])
def do_login():
pw_in = request.form['pw']
pw_hashed = hashlib.sha256(pw_in.encode('utf-8'))
pw_hashed = hashlib.sha256(pw_in.encode('utf-8')).digest()
acct = request.form['acct']
session['username'] = re.match("^@[^@]*", acct).group(0)
session['username'] = re.match("^@([^@]+)@", acct).group(1)
session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1))
dc.execute("SELECT * FROM data WHERE username LIKE %s AND password LIKE %s", (session['username'], session['instance']))
dc.execute("SELECT * FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance']))
data = dc.fetchone()
if bcrypt.checkpw(pw_hashed, data['password']):
if bcrypt.checkpw(pw_hashed, data['password'].encode('utf-8')):
#password is correct, log the user in
for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']:
session[item] = data[item]
session['acct'] = "@{}@{}".format(session['username'], re.match("https://(.*)", session['instance']).group(1))
return redirect('/home')
else:
return redirect('/login?invalid')