got logins working

This commit is contained in:
Lynne Megido 2018-11-10 16:38:43 +10:00
parent c3f3cccf1f
commit 710634be73
Signed by: lynnesbian
GPG key ID: FB7B970303ACE499
3 changed files with 18 additions and 21 deletions

View file

@ -9,8 +9,8 @@
<h2>Please enter a password for your new Curious Greg account.</h2>
<!-- <div id='logo-main'></div> -->
<form action='/internal/create_account' method='POST'>
<div id='form-avi' style='background-image:url("https://fedi.lynnesbian.space/system/accounts/avatars/000/000/002/original/7ebcb4b973eee926.gif?1541354017")'></div>
<span id='form-avi-label'>@lynnesbian@fedi.lynnesbian.space</span><br /><br />
<div id='form-avi' style='background-image:url("")'></div>
<span id='form-avi-label'>{{ session['acct'] }}</span><br /><br />
<label for='pw'>Password</label><br />
<input type='password' name='pw' placeholder='••••••••' required /><br />
<button>Create Account</button>

View file

@ -8,7 +8,7 @@
<h1>Curious Greg</h1>
<h2>Connect your Curious Cat and Mastodon accounts for automated crossposting.</h2>
<!-- <div id='logo-main'></div> -->
<form action='/internal/create_app' method='POST'>
<form action='/internal/auth_a' method='GET'>
<label for='instance'>Instance URL</label><br />
<input name='instance' placeholder='mastodon.social' id='instance-input' /><br />
<button>Sign Up</button>

31
web.py
View file

@ -11,10 +11,11 @@ import bcrypt
import urllib
cfg = json.load(open("meta.json"))
scopes = ["read:accounts", "write:statuses"]
db = sqlite3.connect("database.db") #TODO: switch to mysql so concurrency is possible
c = db.cursor()
c.execute("CREATE TABLE IF NOT EXISTS `data` (username TEXT NOT NULL, instance TEXT NOT NULL, password TEXT NOT NULL, avi TEXT NOT NULL, secret TEXT NOT NULL, appid TEXT NOT NULL, appsecret TEXT NOT NULL, cc TEXT, latest_post TEXT, latest_timestamp TEXT, time_between_checks INT)")
c.execute("CREATE TABLE IF NOT EXISTS `data` (username TEXT NOT NULL, instance TEXT NOT NULL, password TEXT NOT NULL, avi TEXT NOT NULL, secret TEXT NOT NULL, client_id TEXT NOT NULL, client_secret TEXT NOT NULL, cc TEXT, latest_post TEXT, latest_timestamp TEXT, time_between_checks INT)")
app = Flask(cfg['name'])
app.secret_key = cfg['flask_key']
@ -53,34 +54,30 @@ def log_in():
@app.route('/internal/auth_a')
def internal_auth_a(): #TODO: prevent these endpoints from being spammed somehow
session['instance_url'] = request.args.get('url', default='mastodon.social', type=str)
session['instance_url'] = request.args.get('instance', default='mastodon.social', type=str)
if not session['instance_url'].startswith("https://"):
session['instance_url'] = "https://{}".format(session['instance_url'])
session['client_id'], session['client_secret'] = Mastodon.create_app(cfg['name'],
api_base_url=session['instance_url'],
scopes=["write:statuses", "read:accounts"],
scopes=scopes,
website=cfg['website'],
redirect_uris=['https://cg.lynnesbian.space/internal/auth_b']
redirect_uris=['https://cg.lynnesbian.space/internal/auth_b', 'http://localhost:5000/internal/auth_b']
)
params = {
"client_id": session['client_id'],
"client_secret":session['client_secret'],
"scope":"write:statuses+read:accounts",
"redirect_uri": "https://cg.lynnesbian.space/internal/auth_b",
"response_type":"code",
}
client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance_url'])
url = client.auth_request_url(client_id=session['client_id'], redirect_uris='http://localhost:5000/internal/auth_b', scopes=scopes)
url = "{}/oauth/authorize?{}".format(session['instance_url'], urllib.parse.urlencode(params))
return url
return redirect(url, code=307)
@app.route('/internal/auth_b')
def internal_auth_b():
session['secret'] = request.args.get('code')
#write details to DB
client = Mastodon(access_token = session['secret'], api_base_url=session['instance_url'])
session['username'] = client.account_verify_credentials()['username']
client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance_url'])
session['secret'] = client.log_in(code = request.args.get('code'), scopes=scopes, redirect_uri='http://localhost:5000/internal/auth_b')
acct_info = client.account_verify_credentials()
session['username'] = acct_info['username']
session['avi'] = acct_info['avatar']
session['acct'] = "@{}@{}".format(session['username'], session['instance_url'].replace("https://", ""))
if c.execute("SELECT COUNT(*) FROM data WHERE username LIKE ? AND instance LIKE ?", (session['username'], session['instance_url'])).fetchone()[0] > 0:
#user already has an account with CG
@ -99,5 +96,5 @@ def create_password():
@app.route('/internal/create_account', methods=['POST'])
def create_account():
pw = bcrypt.hashpw(request.form['pw'], bcrypt.gensalt(15))
c.execute("INSERT INTO data (username, instance, password, secret, appid, appsecret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance_url'], session['secret'], session['client_id'], session['client_secret']))
c.execute("INSERT INTO data (username, instance, avi, password, secret, client_id, client_secret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance_url'], session['secret'], session['client_id'], session['client_secret']))
db.commit()