add session reset feature for debugging, get login/signup code working
This commit is contained in:
parent
966670d899
commit
4b8d432449
1 changed files with 20 additions and 14 deletions
34
web.py
34
web.py
|
@ -57,14 +57,14 @@ def home():
|
||||||
session['cc'] = "None"
|
session['cc'] = "None"
|
||||||
if session['cc'] == "None":
|
if session['cc'] == "None":
|
||||||
#every time home is rendered without cc being set
|
#every time home is rendered without cc being set
|
||||||
cc = c.execute("SELECT cc FROM `data` WHERE client_id LIKE ? AND instance LIKE ?", (session['client_id'], session['instance'])).fetchone()[0]
|
c.execute("SELECT cc FROM `data` WHERE client_id LIKE %s AND instance LIKE %s", (session['client_id'], session['instance']))
|
||||||
|
cc = c.fetchone()[0]
|
||||||
if cc != '':
|
if cc != '':
|
||||||
session['cc'] = cc
|
session['cc'] = cc
|
||||||
|
|
||||||
if 'last_avi_update' not in session or session['last_avi_update'] + (24 * 60 * 60) < time.time():
|
if 'last_avi_update' not in session or session['last_avi_update'] + (24 * 60 * 60) < time.time():
|
||||||
#avatars haven't been updated for over 24 hours
|
#avatars haven't been updated for over 24 hours, update them now
|
||||||
# avis = c.execute("SELECT avi, ccavi FROM `data` WHERE client_id LIKE ?", (session['client_id'],)).fetchone()
|
client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], access_token=session['secret'], api_base_url=session['instance'])
|
||||||
client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance'])
|
|
||||||
|
|
||||||
session['avi'] = client.account_verify_credentials()['avatar']
|
session['avi'] = client.account_verify_credentials()['avatar']
|
||||||
if session['cc'] != None:
|
if session['cc'] != None:
|
||||||
|
@ -72,9 +72,9 @@ def home():
|
||||||
r = requests.get("https://curiouscat.me/api/v2/profile?username={}".format(session['cc']))
|
r = requests.get("https://curiouscat.me/api/v2/profile?username={}".format(session['cc']))
|
||||||
j = r.json()
|
j = r.json()
|
||||||
session['ccavi'] = j['userData']['avatar']
|
session['ccavi'] = j['userData']['avatar']
|
||||||
c.execute("UPDATE data SET avi = ?, ccavi = ? WHERE client_id LIKE ? AND instance LIKE ?", (session['avi'], session['ccavi'], session['client_id'], session['instance']))
|
c.execute("UPDATE data SET avi = %s, ccavi = %s WHERE client_id LIKE %s AND instance LIKE %s", (session['avi'], session['ccavi'], session['client_id'], session['instance']))
|
||||||
else:
|
else:
|
||||||
c.execute("UPDATE data SET avi = ? WHERE client_id LIKE ? AND instance LIKE ?", (session['avi'], session['client_id'], session['instance']))
|
c.execute("UPDATE data SET avi = %s WHERE client_id LIKE %s AND instance LIKE %s", (session['avi'], session['client_id'], session['instance']))
|
||||||
return render_template("home.html")
|
return render_template("home.html")
|
||||||
else:
|
else:
|
||||||
return redirect(url_for('main'))
|
return redirect(url_for('main'))
|
||||||
|
@ -84,6 +84,11 @@ def home():
|
||||||
def print_debug_info():
|
def print_debug_info():
|
||||||
return json.dumps(session._get_current_object())
|
return json.dumps(session._get_current_object())
|
||||||
|
|
||||||
|
@app.route('/reset') #TODO: ditto
|
||||||
|
def reset_session():
|
||||||
|
session.clear()
|
||||||
|
return redirect(url_for('main'))
|
||||||
|
|
||||||
@app.route('/login')
|
@app.route('/login')
|
||||||
def log_in():
|
def log_in():
|
||||||
if 'acct' in session:
|
if 'acct' in session:
|
||||||
|
@ -123,13 +128,14 @@ def internal_auth_b():
|
||||||
session['username'] = acct_info['username']
|
session['username'] = acct_info['username']
|
||||||
session['avi'] = acct_info['avatar']
|
session['avi'] = acct_info['avatar']
|
||||||
session['acct'] = "@{}@{}".format(session['username'], session['instance'].replace("https://", ""))
|
session['acct'] = "@{}@{}".format(session['username'], session['instance'].replace("https://", ""))
|
||||||
if c.execute("SELECT COUNT(*) FROM data WHERE username LIKE ? AND instance LIKE ?", (session['username'], session['instance'])).fetchone()[0] > 0:
|
c.execute("SELECT COUNT(*) FROM data WHERE username LIKE %s AND instance LIKE %s", (session['username'], session['instance']))
|
||||||
|
if c.fetchone()[0] > 0:
|
||||||
#user already has an account with CG
|
#user already has an account with CG
|
||||||
#update the user's info to use the new info we just got, then redirect them to the login page
|
#update the user's info to use the new info we just got, then redirect them to the login page
|
||||||
c.execute("UPDATE data SET client_id = ?, client_secret = ?, secret = ?, avi = ? WHERE username LIKE ? AND instance LIKE ?", (session['client_id'], session['client_secret'], session['secret'], session['avi'], session['username'], session['instance']))
|
c.execute("UPDATE data SET client_id = ?, client_secret = ?, secret = ?, avi = ? WHERE username LIKE %s AND instance LIKE %s", (session['client_id'], session['client_secret'], session['secret'], session['avi'], session['username'], session['instance']))
|
||||||
return redirect(url_for('log_in'))
|
return redirect(url_for('log_in'))
|
||||||
else:
|
else:
|
||||||
return redirect(url_for('home'))
|
return redirect(url_for('create_password'))
|
||||||
|
|
||||||
@app.route('/internal/do_login')
|
@app.route('/internal/do_login')
|
||||||
def do_login():
|
def do_login():
|
||||||
|
@ -138,7 +144,7 @@ def do_login():
|
||||||
acct = request.form['acct']
|
acct = request.form['acct']
|
||||||
session['username'] = re.match("^@[^@]*", acct).group(0)
|
session['username'] = re.match("^@[^@]*", acct).group(0)
|
||||||
session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1))
|
session['instance'] = "https://{}".format(re.search("@([^@]+)$", acct).group(1))
|
||||||
data = dc.execute("SELECT * FROM data WHERE username LIKE ? AND password LIKE ?", (session['username'], session['instance'])).fetch_one()
|
data = dc.execute("SELECT * FROM data WHERE username LIKE %s AND password LIKE %s", (session['username'], session['instance'])).fetch_one()
|
||||||
if bcrypt.checkpw(pw_hashed, data['password']):
|
if bcrypt.checkpw(pw_hashed, data['password']):
|
||||||
#password is correct, log the user in
|
#password is correct, log the user in
|
||||||
for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']:
|
for item in ['username', 'instance', 'avi', 'secret', 'client_id', 'client_secret', 'cc', 'ccavi']:
|
||||||
|
@ -149,15 +155,15 @@ def do_login():
|
||||||
|
|
||||||
@app.route('/create_password')
|
@app.route('/create_password')
|
||||||
def create_password():
|
def create_password():
|
||||||
return render_template("create_password.html", bg = "\"background-image:url('{}')\"".format(session['avi']))
|
return render_template("create_password.html", bg = "background-image:url('{}')".format(session['avi']))
|
||||||
|
|
||||||
@app.route('/internal/create_account', methods=['POST'])
|
@app.route('/internal/create_account', methods=['POST'])
|
||||||
def create_account():
|
def create_account():
|
||||||
pw_in = request.form['pw']
|
pw_in = request.form['pw']
|
||||||
if len(pw_in < 6) or pw_in == 'password':
|
if len(pw_in) < 6 or pw_in == 'password': #TODO: this is a pretty crappy check
|
||||||
return redirect('/create_password?invalid')
|
return redirect('/create_password?invalid')
|
||||||
pw_hashed = hashlib.sha256(pw_in.encode('utf-8'))
|
pw_hashed = hashlib.sha256(pw_in.encode('utf-8')).digest()
|
||||||
pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(15))
|
pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(15))
|
||||||
c.execute("INSERT INTO data (username, instance, avi, password, secret, client_id, client_secret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance'], session['secret'], session['client_id'], session['client_secret']))
|
c.execute("INSERT INTO data (username, instance, avi, password, secret, client_id, client_secret) VALUES (%s, %s, %s, %s, %s, %s, %s)", (session['username'], session['instance'], session['avi'], pw, session['secret'], session['client_id'], session['client_secret']))
|
||||||
db.commit()
|
db.commit()
|
||||||
return redirect(url_for('home'))
|
return redirect(url_for('home'))
|
||||||
|
|
Loading…
Reference in a new issue