add authentication

smscastwebapp.py

@@ -1,9 +1,18 @@
-from flask import Flask, jsonify, render_template, request, json
+from flask import Flask, jsonify, render_template, request, json, redirect, url_for
 from mocksmscast import LibSMSCast
 from libaddrbook import LibAddrBook
+from flask.ext.login import login_user, logout_user, current_user, login_required, LoginManager
+import user
+
 app = Flask(__name__)
+app.secret_key = 'abcdgfkfdhgslkjh' # lol
+
+login_manager = LoginManager()
+login_manager.init_app(app)
+login_manager.login_view = "login"
 
 @app.route('/send')
+@login_required
 def send():
 	client = LibSMSCast()
 	addr = LibAddrBook()
@@ -20,6 +29,7 @@ def send():
 	return jsonify(result="sent {} to {} numbers(s)".format(msg, howmany))
 
 @app.route('/_get_people_in_groups')
+@login_required
 def get_people_in_groups():
 	addr = LibAddrBook()
 	groupliststr = request.args.get('grouplist')
@@ -28,21 +38,50 @@ def get_people_in_groups():
 	return jsonify(result=ppl)
 
 @app.route('/_get_people')
+@login_required
 def get_people():
 	addr = LibAddrBook()
 	people = addr.get_everyone()
 	return jsonify(people=people)
 
 @app.route('/_get_groups')
+@login_required
 def get_groups():
 	addr = LibAddrBook()
 	groups = addr.get_groups()
 	return jsonify(groups=groups)
 
 @app.route('/')
+@login_required
 def index():
 	return render_template('index.html')
 
+@app.route("/login", methods=["GET", "POST"])
+def login():
+	if current_user.is_authenticated() and current_user.is_active():
+		return redirect(url_for('index'))
+
+	if request.method == "POST":
+		username = request.form['username']
+		password = request.form['password']
+		if(username and password):
+			# do login because username and password have been specified
+			uid = user.authenticate(username, password)
+			if uid != None:
+				login_user(user.get(uid))
+				return redirect(url_for('index'))
+	return render_template('login.html')
+
+@app.route("/logout")
+def logout():
+	logout_user()
+	return redirect(url_for('login'))
+	
+@login_manager.user_loader
+def load_user(userid):
+	return user.get(userid)
+
+
 if __name__ == '__main__':
 	app.run(host='0.0.0.0', port=42069, debug=True)
 	#app.run(host='10.9.8.1', port=42069, debug=True)

templates/index.html

@@ -108,7 +108,8 @@
 	}
 </style>
 
-<h1>uh hi</h1>
+<p style="float:right">logged in as {{ current_user.name }} <a href="logout">log out</a></p>
+<h1>smscast</h1>
 <p><input type="text" name="msg"><a href="#" id="send">send</a></p>
 <p><span id="result">res</span></p>
 <h2>groups</h2>

templates/login.html

@@ -0,0 +1,6 @@
+<form name="login" action="/login" method="post">
+<p>Username: <input type="text" name="username" autofocus /></p>
+<p>Password: <input type="password" name="password" /></p>
+<p><input type="submit" value="Log in" /></p>
+</form>
+	

user.py

@@ -0,0 +1,49 @@
+import config
+import MySQLdb
+import hashlib
+
+class User:
+	def __init__(self,uid):
+		self.uid = uid
+		self.db = MySQLdb.connect(user=config.MYSQL_USER, passwd=config.MYSQL_PASSWD, db=config.MYSQL_DB)
+
+		c = self.db.cursor()
+		c.execute("""SELECT name FROM users WHERE uid = {}""".format(uid))
+		self.name = c.fetchall()[0][0]
+
+	def is_authenticated(self):
+		return True # stub
+
+	def is_active(self):
+		return True # stub
+
+	def is_anonymous(self):
+		return False
+	def get_id(self):
+		return unicode(self.uid)
+
+		
+
+def get(userid):
+	return User(userid)
+
+def authenticate(username, password):
+	db = MySQLdb.connect(user=config.MYSQL_USER, passwd=config.MYSQL_PASSWD, db=config.MYSQL_DB)
+	c = db.cursor()
+	
+	# get salt for the user
+	c.execute("""SELECT salt, password, uid FROM users WHERE name = %s """ , (username,))
+	print "getting salt for {}".format(username)
+	if(c.rowcount == 0): return None
+	row = c.fetchall()[0]
+	salt = row[0]
+	userhash = row[1]
+	uid = row[2]
+	testhash = hashlib.sha1("{}{}".format(password,salt)).hexdigest()
+	if testhash == userhash:
+		# good
+		return uid
+	else:
+		#bad
+		return None
+