From 821f20145468d2d958b840d8447b9715137702d8 Mon Sep 17 00:00:00 2001 From: b3yond Date: Fri, 16 Feb 2018 11:33:27 +0100 Subject: [PATCH] confirmation emails work now, accounts can be created. --- frontend/website.py | 42 ++++++++++++++++++++++++------------------ static/bot.html | 2 +- ticketfrei.sqlite | Bin 0 -> 4096 bytes 3 files changed, 25 insertions(+), 19 deletions(-) create mode 100644 ticketfrei.sqlite diff --git a/frontend/website.py b/frontend/website.py index 46ceb61..4d8a39f 100644 --- a/frontend/website.py +++ b/frontend/website.py @@ -12,7 +12,7 @@ import pylibscrypt class Datagetter(object): def __init__(self): - self.db = "../ticketfrei.sqlite" + self.db = os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(__file__))), "ticketfrei.sqlite") self.conn = self.create_connection(self.db) self.cur = self.conn.cursor() @@ -44,13 +44,15 @@ def login(): psw = bottle.request.forms.get('psw') psw = psw.encode("utf-8") db.cur.execute("SELECT pass_hashed FROM user WHERE email=?;", (uname, )), psw - pass_hashed = db.cur.fetchone() - print(pass_hashed) + try: + pass_hashed = db.cur.fetchone()[0] + except TypeError: + return "Wrong Credentials." # no user with this email if pylibscrypt.scrypt_mcf_check(pass_hashed, psw): # :todo Generate Session Cookie and give to user return bottle.static_file("../static/bot.html", root="../static") else: - return "Wrong Credentials." + return "Wrong Credentials." # passphrase is wrong @app.route('/register', method="POST") @@ -68,33 +70,37 @@ def register(): # check if email is already in use - # needs to be encoded somehow + # hash and format for being encoded in the confirmation mail psw = psw.encode("utf-8") - psw = pylibscrypt.scrypt_mcf(psw) - psw = base64.encodebytes(psw) - psw = psw.decode("ascii") - payload = {"email": email, "psw_hashed": psw} # hash password - encoded_jwt = jwt.encode(payload, secret) - confirmlink = "ticketfrei.links-tech.org/confirm?" + str(encoded_jwt) - print(type(confirmlink)) + pass_hashed = pylibscrypt.scrypt_mcf(psw) # hash password + pass_hashed = base64.encodebytes(pass_hashed) + pass_hashed = pass_hashed.decode("ascii") + payload = {"email": email, "pass_hashed": pass_hashed} + + # create confirmlink + encoded_jwt = jwt.encode(payload, secret).decode('utf-8') + host = bottle.request.get_header('host') + confirmlink = "http://" + host + "/confirm/" + str(encoded_jwt) # to be changed to https + + # send the mail m = sendmail.Mailer(config) m.send("Complete your registration here: " + confirmlink, email, "[Ticketfrei] Confirm your account") return "We sent you an E-Mail. Please click on the confirmation link." -# How can I parse the arguments from the URI? -# https://ticketfrei.links-tech.org/confirm?user=asdf&pass=sup3rs3cur3 -@app.route('/confirm', method="GET") -def confirmaccount(): +@app.route('/confirm/', method="GET") +def confirmaccount(encoded_jwt): """ Confirm the account creation and create a database entry. :return: Redirection to bot.html """ - encoded_jwt = bottle.request.forms.get('encoded_jwt') + # get values from URL dict = jwt.decode(encoded_jwt, secret) uname = dict["email"] - pass_hashed = dict["psw_hashed"] + pass_hashed = base64.b64decode(dict["pass_hashed"]) print(uname, pass_hashed) + + # create db entry db.cur.execute("INSERT INTO user(email, pass_hashed, enabled) VALUES(?, ?, ?);", (uname, pass_hashed, True)) db.conn.commit() return bottle.static_file("../static/bot.html", root='../static') diff --git a/static/bot.html b/static/bot.html index 69eabe3..06ff118 100644 --- a/static/bot.html +++ b/static/bot.html @@ -1,6 +1,6 @@ Ticketfrei - +
diff --git a/ticketfrei.sqlite b/ticketfrei.sqlite new file mode 100644 index 0000000000000000000000000000000000000000..20f51fd31afae3164ff0f52a66b043c68d7da136 GIT binary patch literal 4096 zcmeH~K}*9h6o8Xun`5wJ*-3aeH#QOR=*22Qie0zW6x^weTV#c;b88D;^;h{HJosC@ zh@)^m^#VnS#5;YA!Q4A!R}-IRhYsRCFurwh^ia+xBMe zFI^#rZ_f?(L0IX9uzmKbl@UYWKL`w1wb|*=Q6_I^DqYU>z7A8h%vCbpHp>@2w*?1b zpSv8k?rkM>_8Lsui}qD!EeOcb1&00oXT{nip)P|RDy*T z-u2_^?SoRad1_G-ClmFsu1n_GqOe1J)9@I3rWc@wi_pMMpK3P7fe}N%5ZEOGbu1Ro k|K~1MZE7_H3;`s7-+#*9iN1^&0*1g&5U5dR(c)L;3p$-_ZvX%Q literal 0 HcmV?d00001