generating confirmation links

2018-01-08 22:56:05 +01:00 · 2018-01-08 22:56:05 +01:00 · da421769e9
parent 89ce129b38
commit da421769e9
4 changed files with 25 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -26,7 +26,7 @@ virtualenv -p python3 .

 Install the dependencies:
 ```shell
-pip install tweepy pytoml requests Mastodon.py bottle
+pip install tweepy pytoml requests Mastodon.py bottle pyjwt 
 ```

 Configure the bot:
--- a/config.toml.example
+++ b/config.toml.example
@ -30,6 +30,9 @@ passphrase = "sup3rs3cur3"
 # Mailing list where you want to send warnings to
 #list = "nbg_ticketfrei@lists.links-tech.org"

+[web]
+secret = "adoijf83wuc2mwipje8r"
+
 [logging]
 # The directory where logs should be stored.
 logpath = "logs"
--- a/frontend/login.py
+++ b/frontend/login.py
@ -1,8 +1,13 @@
 #!/usr/bin/env python3

+import os
 import bottle
 import sqlite3
 import sendmail
+import pytoml as toml
+import jwt
+import pylibscrypt
+

 class Datagetter(object):
    def __init__(self):
@ -54,7 +59,9 @@ def register():
        return "ERROR: Passwords don't match. Try again."

    # needs to be encoded somehow
-    confirmlink = "ticketfrei.links-tech.org/confirm?email=" + email + "&passphrase=" + psw
+    payload = {"email":email, "psw_hashed":pylibscrypt.scrypt_mcf(psw)}  # hash password
+    encoded_jwt = jwt.encode(payload, secret)
+    confirmlink = "ticketfrei.links-tech.org/confirm?" + encoded_jwt
    config = ""
    m = sendmail.Mailer(config)
    m.send("Complete your registration here: " + confirmlink, email, "[Ticketfrei] Confirm your account")
@ -63,16 +70,19 @@ def register():

 # How can I parse the arguments from the URI?
 # https://ticketfrei.links-tech.org/confirm?user=asdf&pass=sup3rs3cur3
-@app.route('/confirm')
+@app.route('/confirm', method="GET")
 def confirmaccount():
    """
    Confirm the account creation and create a database entry.
    :return: Redirection to bot.html
    """
-    uname = "user"      # :todo get user from URI
-    passphrase = "pass" # :todo get passphrase from URI
+    encoded_jwt = bottle.request.forms.get('encoded_jwt')
+    dict = jwt.decode(encoded_jwt, secret)
+    uname = dict["email"]
+    pass_hashed = dict["psw_hashed"]
+    print(uname, pass_hashed)
    active = "1"
-    db.conn.execute("CREATE ?, ?, ? IN user;", (uname, passphrase, active))
+    db.conn.execute("CREATE ?, ?, ? IN user;", (uname, pass_hashed, active))


@app.route('/static/<filename:path>')
@ -105,6 +115,11 @@ class StripPathMiddleware(object):


 if __name__ == "__main__":
+    with open('../config.toml') as configfile:
+        config = toml.load(configfile)
+
    global db
+    global secret
+    secret = os.urandom(32)
    db = Datagetter()
    bottle.run(app=StripPathMiddleware(app), host='0.0.0.0', port=8080)
--- a/static/bot.html
+++ b/static/bot.html
@ -2,8 +2,7 @@
  <title>Ticketfrei</title>
  <link rel='stylesheet' href='static/css/style.css'>
 </head>
-<body>
-    <!--<div class="background" style="background-image: url(static/img/bg_left.jpg)"></div>-->
+<body style="background-image: url(static/img/wallpaper.png)">
    <div class="area">
        <h1><a href="https://ticketfrei.links-tech.org"><img src="/static/img/ticketfrei_logo.png" alt="Ticketfrei" height="150px" align="center" style="float: none;"></a></h1>