got logins working

This commit is contained in:
Lynne Megido 2018-11-10 16:38:43 +10:00
parent c3f3cccf1f
commit 710634be73
Signed by: lynnesbian
GPG key ID: FB7B970303ACE499
3 changed files with 18 additions and 21 deletions

View file

@ -9,8 +9,8 @@
<h2>Please enter a password for your new Curious Greg account.</h2> <h2>Please enter a password for your new Curious Greg account.</h2>
<!-- <div id='logo-main'></div> --> <!-- <div id='logo-main'></div> -->
<form action='/internal/create_account' method='POST'> <form action='/internal/create_account' method='POST'>
<div id='form-avi' style='background-image:url("https://fedi.lynnesbian.space/system/accounts/avatars/000/000/002/original/7ebcb4b973eee926.gif?1541354017")'></div> <div id='form-avi' style='background-image:url("")'></div>
<span id='form-avi-label'>@lynnesbian@fedi.lynnesbian.space</span><br /><br /> <span id='form-avi-label'>{{ session['acct'] }}</span><br /><br />
<label for='pw'>Password</label><br /> <label for='pw'>Password</label><br />
<input type='password' name='pw' placeholder='••••••••' required /><br /> <input type='password' name='pw' placeholder='••••••••' required /><br />
<button>Create Account</button> <button>Create Account</button>

View file

@ -8,7 +8,7 @@
<h1>Curious Greg</h1> <h1>Curious Greg</h1>
<h2>Connect your Curious Cat and Mastodon accounts for automated crossposting.</h2> <h2>Connect your Curious Cat and Mastodon accounts for automated crossposting.</h2>
<!-- <div id='logo-main'></div> --> <!-- <div id='logo-main'></div> -->
<form action='/internal/create_app' method='POST'> <form action='/internal/auth_a' method='GET'>
<label for='instance'>Instance URL</label><br /> <label for='instance'>Instance URL</label><br />
<input name='instance' placeholder='mastodon.social' id='instance-input' /><br /> <input name='instance' placeholder='mastodon.social' id='instance-input' /><br />
<button>Sign Up</button> <button>Sign Up</button>

31
web.py
View file

@ -11,10 +11,11 @@ import bcrypt
import urllib import urllib
cfg = json.load(open("meta.json")) cfg = json.load(open("meta.json"))
scopes = ["read:accounts", "write:statuses"]
db = sqlite3.connect("database.db") #TODO: switch to mysql so concurrency is possible db = sqlite3.connect("database.db") #TODO: switch to mysql so concurrency is possible
c = db.cursor() c = db.cursor()
c.execute("CREATE TABLE IF NOT EXISTS `data` (username TEXT NOT NULL, instance TEXT NOT NULL, password TEXT NOT NULL, avi TEXT NOT NULL, secret TEXT NOT NULL, appid TEXT NOT NULL, appsecret TEXT NOT NULL, cc TEXT, latest_post TEXT, latest_timestamp TEXT, time_between_checks INT)") c.execute("CREATE TABLE IF NOT EXISTS `data` (username TEXT NOT NULL, instance TEXT NOT NULL, password TEXT NOT NULL, avi TEXT NOT NULL, secret TEXT NOT NULL, client_id TEXT NOT NULL, client_secret TEXT NOT NULL, cc TEXT, latest_post TEXT, latest_timestamp TEXT, time_between_checks INT)")
app = Flask(cfg['name']) app = Flask(cfg['name'])
app.secret_key = cfg['flask_key'] app.secret_key = cfg['flask_key']
@ -53,34 +54,30 @@ def log_in():
@app.route('/internal/auth_a') @app.route('/internal/auth_a')
def internal_auth_a(): #TODO: prevent these endpoints from being spammed somehow def internal_auth_a(): #TODO: prevent these endpoints from being spammed somehow
session['instance_url'] = request.args.get('url', default='mastodon.social', type=str) session['instance_url'] = request.args.get('instance', default='mastodon.social', type=str)
if not session['instance_url'].startswith("https://"): if not session['instance_url'].startswith("https://"):
session['instance_url'] = "https://{}".format(session['instance_url']) session['instance_url'] = "https://{}".format(session['instance_url'])
session['client_id'], session['client_secret'] = Mastodon.create_app(cfg['name'], session['client_id'], session['client_secret'] = Mastodon.create_app(cfg['name'],
api_base_url=session['instance_url'], api_base_url=session['instance_url'],
scopes=["write:statuses", "read:accounts"], scopes=scopes,
website=cfg['website'], website=cfg['website'],
redirect_uris=['https://cg.lynnesbian.space/internal/auth_b'] redirect_uris=['https://cg.lynnesbian.space/internal/auth_b', 'http://localhost:5000/internal/auth_b']
) )
params = { client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance_url'])
"client_id": session['client_id'], url = client.auth_request_url(client_id=session['client_id'], redirect_uris='http://localhost:5000/internal/auth_b', scopes=scopes)
"client_secret":session['client_secret'],
"scope":"write:statuses+read:accounts",
"redirect_uri": "https://cg.lynnesbian.space/internal/auth_b",
"response_type":"code",
}
url = "{}/oauth/authorize?{}".format(session['instance_url'], urllib.parse.urlencode(params)) return redirect(url, code=307)
return url
@app.route('/internal/auth_b') @app.route('/internal/auth_b')
def internal_auth_b(): def internal_auth_b():
session['secret'] = request.args.get('code')
#write details to DB #write details to DB
client = Mastodon(access_token = session['secret'], api_base_url=session['instance_url']) client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance_url'])
session['username'] = client.account_verify_credentials()['username'] session['secret'] = client.log_in(code = request.args.get('code'), scopes=scopes, redirect_uri='http://localhost:5000/internal/auth_b')
acct_info = client.account_verify_credentials()
session['username'] = acct_info['username']
session['avi'] = acct_info['avatar']
session['acct'] = "@{}@{}".format(session['username'], session['instance_url'].replace("https://", "")) session['acct'] = "@{}@{}".format(session['username'], session['instance_url'].replace("https://", ""))
if c.execute("SELECT COUNT(*) FROM data WHERE username LIKE ? AND instance LIKE ?", (session['username'], session['instance_url'])).fetchone()[0] > 0: if c.execute("SELECT COUNT(*) FROM data WHERE username LIKE ? AND instance LIKE ?", (session['username'], session['instance_url'])).fetchone()[0] > 0:
#user already has an account with CG #user already has an account with CG
@ -99,5 +96,5 @@ def create_password():
@app.route('/internal/create_account', methods=['POST']) @app.route('/internal/create_account', methods=['POST'])
def create_account(): def create_account():
pw = bcrypt.hashpw(request.form['pw'], bcrypt.gensalt(15)) pw = bcrypt.hashpw(request.form['pw'], bcrypt.gensalt(15))
c.execute("INSERT INTO data (username, instance, password, secret, appid, appsecret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance_url'], session['secret'], session['client_id'], session['client_secret'])) c.execute("INSERT INTO data (username, instance, avi, password, secret, client_id, client_secret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance_url'], session['secret'], session['client_id'], session['client_secret']))
db.commit() db.commit()