From da421769e9d54a6ac5d1fca38967297ef2279c72 Mon Sep 17 00:00:00 2001 From: b3yond Date: Mon, 8 Jan 2018 22:56:05 +0100 Subject: [PATCH] generating confirmation links --- README.md | 2 +- config.toml.example | 3 +++ frontend/login.py | 25 ++++++++++++++++++++----- static/bot.html | 3 +-- 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index cdbfe97..3ee0530 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ virtualenv -p python3 . Install the dependencies: ```shell -pip install tweepy pytoml requests Mastodon.py bottle +pip install tweepy pytoml requests Mastodon.py bottle pyjwt ``` Configure the bot: diff --git a/config.toml.example b/config.toml.example index ab040ce..2ce4966 100644 --- a/config.toml.example +++ b/config.toml.example @@ -30,6 +30,9 @@ passphrase = "sup3rs3cur3" # Mailing list where you want to send warnings to #list = "nbg_ticketfrei@lists.links-tech.org" +[web] +secret = "adoijf83wuc2mwipje8r" + [logging] # The directory where logs should be stored. logpath = "logs" diff --git a/frontend/login.py b/frontend/login.py index a2c79f7..c43b771 100644 --- a/frontend/login.py +++ b/frontend/login.py @@ -1,8 +1,13 @@ #!/usr/bin/env python3 +import os import bottle import sqlite3 import sendmail +import pytoml as toml +import jwt +import pylibscrypt + class Datagetter(object): def __init__(self): @@ -54,7 +59,9 @@ def register(): return "ERROR: Passwords don't match. Try again." # needs to be encoded somehow - confirmlink = "ticketfrei.links-tech.org/confirm?email=" + email + "&passphrase=" + psw + payload = {"email":email, "psw_hashed":pylibscrypt.scrypt_mcf(psw)} # hash password + encoded_jwt = jwt.encode(payload, secret) + confirmlink = "ticketfrei.links-tech.org/confirm?" + encoded_jwt config = "" m = sendmail.Mailer(config) m.send("Complete your registration here: " + confirmlink, email, "[Ticketfrei] Confirm your account") @@ -63,16 +70,19 @@ def register(): # How can I parse the arguments from the URI? # https://ticketfrei.links-tech.org/confirm?user=asdf&pass=sup3rs3cur3 -@app.route('/confirm') +@app.route('/confirm', method="GET") def confirmaccount(): """ Confirm the account creation and create a database entry. :return: Redirection to bot.html """ - uname = "user" # :todo get user from URI - passphrase = "pass" # :todo get passphrase from URI + encoded_jwt = bottle.request.forms.get('encoded_jwt') + dict = jwt.decode(encoded_jwt, secret) + uname = dict["email"] + pass_hashed = dict["psw_hashed"] + print(uname, pass_hashed) active = "1" - db.conn.execute("CREATE ?, ?, ? IN user;", (uname, passphrase, active)) + db.conn.execute("CREATE ?, ?, ? IN user;", (uname, pass_hashed, active)) @app.route('/static/') @@ -105,6 +115,11 @@ class StripPathMiddleware(object): if __name__ == "__main__": + with open('../config.toml') as configfile: + config = toml.load(configfile) + global db + global secret + secret = os.urandom(32) db = Datagetter() bottle.run(app=StripPathMiddleware(app), host='0.0.0.0', port=8080) \ No newline at end of file diff --git a/static/bot.html b/static/bot.html index c08345d..69eabe3 100644 --- a/static/bot.html +++ b/static/bot.html @@ -2,8 +2,7 @@ Ticketfrei - - +

Ticketfrei