generating confirmation links

This commit is contained in:
b3yond 2018-01-08 22:56:05 +01:00
parent 89ce129b38
commit da421769e9
4 changed files with 25 additions and 8 deletions

View file

@ -26,7 +26,7 @@ virtualenv -p python3 .
Install the dependencies:
```shell
pip install tweepy pytoml requests Mastodon.py bottle
pip install tweepy pytoml requests Mastodon.py bottle pyjwt
```
Configure the bot:

View file

@ -30,6 +30,9 @@ passphrase = "sup3rs3cur3"
# Mailing list where you want to send warnings to
#list = "nbg_ticketfrei@lists.links-tech.org"
[web]
secret = "adoijf83wuc2mwipje8r"
[logging]
# The directory where logs should be stored.
logpath = "logs"

View file

@ -1,8 +1,13 @@
#!/usr/bin/env python3
import os
import bottle
import sqlite3
import sendmail
import pytoml as toml
import jwt
import pylibscrypt
class Datagetter(object):
def __init__(self):
@ -54,7 +59,9 @@ def register():
return "ERROR: Passwords don't match. Try again."
# needs to be encoded somehow
confirmlink = "ticketfrei.links-tech.org/confirm?email=" + email + "&passphrase=" + psw
payload = {"email":email, "psw_hashed":pylibscrypt.scrypt_mcf(psw)} # hash password
encoded_jwt = jwt.encode(payload, secret)
confirmlink = "ticketfrei.links-tech.org/confirm?" + encoded_jwt
config = ""
m = sendmail.Mailer(config)
m.send("Complete your registration here: " + confirmlink, email, "[Ticketfrei] Confirm your account")
@ -63,16 +70,19 @@ def register():
# How can I parse the arguments from the URI?
# https://ticketfrei.links-tech.org/confirm?user=asdf&pass=sup3rs3cur3
@app.route('/confirm')
@app.route('/confirm', method="GET")
def confirmaccount():
"""
Confirm the account creation and create a database entry.
:return: Redirection to bot.html
"""
uname = "user" # :todo get user from URI
passphrase = "pass" # :todo get passphrase from URI
encoded_jwt = bottle.request.forms.get('encoded_jwt')
dict = jwt.decode(encoded_jwt, secret)
uname = dict["email"]
pass_hashed = dict["psw_hashed"]
print(uname, pass_hashed)
active = "1"
db.conn.execute("CREATE ?, ?, ? IN user;", (uname, passphrase, active))
db.conn.execute("CREATE ?, ?, ? IN user;", (uname, pass_hashed, active))
@app.route('/static/<filename:path>')
@ -105,6 +115,11 @@ class StripPathMiddleware(object):
if __name__ == "__main__":
with open('../config.toml') as configfile:
config = toml.load(configfile)
global db
global secret
secret = os.urandom(32)
db = Datagetter()
bottle.run(app=StripPathMiddleware(app), host='0.0.0.0', port=8080)

View file

@ -2,8 +2,7 @@
<title>Ticketfrei</title>
<link rel='stylesheet' href='static/css/style.css'>
</head>
<body>
<!--<div class="background" style="background-image: url(static/img/bg_left.jpg)"></div>-->
<body style="background-image: url(static/img/wallpaper.png)">
<div class="area">
<h1><a href="https://ticketfrei.links-tech.org"><img src="/static/img/ticketfrei_logo.png" alt="Ticketfrei" height="150px" align="center" style="float: none;"></a></h1>