add authentication
This commit is contained in:
parent
ca8d6a44f6
commit
1ce8343788
|
@ -1,9 +1,18 @@
|
|||
from flask import Flask, jsonify, render_template, request, json
|
||||
from flask import Flask, jsonify, render_template, request, json, redirect, url_for
|
||||
from mocksmscast import LibSMSCast
|
||||
from libaddrbook import LibAddrBook
|
||||
from flask.ext.login import login_user, logout_user, current_user, login_required, LoginManager
|
||||
import user
|
||||
|
||||
app = Flask(__name__)
|
||||
app.secret_key = 'abcdgfkfdhgslkjh' # lol
|
||||
|
||||
login_manager = LoginManager()
|
||||
login_manager.init_app(app)
|
||||
login_manager.login_view = "login"
|
||||
|
||||
@app.route('/send')
|
||||
@login_required
|
||||
def send():
|
||||
client = LibSMSCast()
|
||||
addr = LibAddrBook()
|
||||
|
@ -20,6 +29,7 @@ def send():
|
|||
return jsonify(result="sent {} to {} numbers(s)".format(msg, howmany))
|
||||
|
||||
@app.route('/_get_people_in_groups')
|
||||
@login_required
|
||||
def get_people_in_groups():
|
||||
addr = LibAddrBook()
|
||||
groupliststr = request.args.get('grouplist')
|
||||
|
@ -28,21 +38,50 @@ def get_people_in_groups():
|
|||
return jsonify(result=ppl)
|
||||
|
||||
@app.route('/_get_people')
|
||||
@login_required
|
||||
def get_people():
|
||||
addr = LibAddrBook()
|
||||
people = addr.get_everyone()
|
||||
return jsonify(people=people)
|
||||
|
||||
@app.route('/_get_groups')
|
||||
@login_required
|
||||
def get_groups():
|
||||
addr = LibAddrBook()
|
||||
groups = addr.get_groups()
|
||||
return jsonify(groups=groups)
|
||||
|
||||
@app.route('/')
|
||||
@login_required
|
||||
def index():
|
||||
return render_template('index.html')
|
||||
|
||||
@app.route("/login", methods=["GET", "POST"])
|
||||
def login():
|
||||
if current_user.is_authenticated() and current_user.is_active():
|
||||
return redirect(url_for('index'))
|
||||
|
||||
if request.method == "POST":
|
||||
username = request.form['username']
|
||||
password = request.form['password']
|
||||
if(username and password):
|
||||
# do login because username and password have been specified
|
||||
uid = user.authenticate(username, password)
|
||||
if uid != None:
|
||||
login_user(user.get(uid))
|
||||
return redirect(url_for('index'))
|
||||
return render_template('login.html')
|
||||
|
||||
@app.route("/logout")
|
||||
def logout():
|
||||
logout_user()
|
||||
return redirect(url_for('login'))
|
||||
|
||||
@login_manager.user_loader
|
||||
def load_user(userid):
|
||||
return user.get(userid)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
app.run(host='0.0.0.0', port=42069, debug=True)
|
||||
#app.run(host='10.9.8.1', port=42069, debug=True)
|
||||
|
|
|
@ -108,7 +108,8 @@
|
|||
}
|
||||
</style>
|
||||
|
||||
<h1>uh hi</h1>
|
||||
<p style="float:right">logged in as {{ current_user.name }} <a href="logout">log out</a></p>
|
||||
<h1>smscast</h1>
|
||||
<p><input type="text" name="msg"><a href="#" id="send">send</a></p>
|
||||
<p><span id="result">res</span></p>
|
||||
<h2>groups</h2>
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
<form name="login" action="/login" method="post">
|
||||
<p>Username: <input type="text" name="username" autofocus /></p>
|
||||
<p>Password: <input type="password" name="password" /></p>
|
||||
<p><input type="submit" value="Log in" /></p>
|
||||
</form>
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
import config
|
||||
import MySQLdb
|
||||
import hashlib
|
||||
|
||||
class User:
|
||||
def __init__(self,uid):
|
||||
self.uid = uid
|
||||
self.db = MySQLdb.connect(user=config.MYSQL_USER, passwd=config.MYSQL_PASSWD, db=config.MYSQL_DB)
|
||||
|
||||
c = self.db.cursor()
|
||||
c.execute("""SELECT name FROM users WHERE uid = {}""".format(uid))
|
||||
self.name = c.fetchall()[0][0]
|
||||
|
||||
def is_authenticated(self):
|
||||
return True # stub
|
||||
|
||||
def is_active(self):
|
||||
return True # stub
|
||||
|
||||
def is_anonymous(self):
|
||||
return False
|
||||
def get_id(self):
|
||||
return unicode(self.uid)
|
||||
|
||||
|
||||
|
||||
def get(userid):
|
||||
return User(userid)
|
||||
|
||||
def authenticate(username, password):
|
||||
db = MySQLdb.connect(user=config.MYSQL_USER, passwd=config.MYSQL_PASSWD, db=config.MYSQL_DB)
|
||||
c = db.cursor()
|
||||
|
||||
# get salt for the user
|
||||
c.execute("""SELECT salt, password, uid FROM users WHERE name = %s """ , (username,))
|
||||
print "getting salt for {}".format(username)
|
||||
if(c.rowcount == 0): return None
|
||||
row = c.fetchall()[0]
|
||||
salt = row[0]
|
||||
userhash = row[1]
|
||||
uid = row[2]
|
||||
testhash = hashlib.sha1("{}{}".format(password,salt)).hexdigest()
|
||||
if testhash == userhash:
|
||||
# good
|
||||
return uid
|
||||
else:
|
||||
#bad
|
||||
return None
|
||||
|
Loading…
Reference in New Issue