From 821f20145468d2d958b840d8447b9715137702d8 Mon Sep 17 00:00:00 2001
From: b3yond <b3yond@riseup.net>
Date: Fri, 16 Feb 2018 11:33:27 +0100
Subject: [PATCH] confirmation emails work now, accounts can be created.

---
 frontend/website.py |  42 ++++++++++++++++++++++++------------------
 static/bot.html     |   2 +-
 ticketfrei.sqlite   | Bin 0 -> 4096 bytes
 3 files changed, 25 insertions(+), 19 deletions(-)
 create mode 100644 ticketfrei.sqlite

diff --git a/frontend/website.py b/frontend/website.py
index 46ceb61..4d8a39f 100644
--- a/frontend/website.py
+++ b/frontend/website.py
@@ -12,7 +12,7 @@ import pylibscrypt
 
 class Datagetter(object):
     def __init__(self):
-        self.db = "../ticketfrei.sqlite"
+        self.db = os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(__file__))), "ticketfrei.sqlite")
         self.conn = self.create_connection(self.db)
         self.cur = self.conn.cursor()
 
@@ -44,13 +44,15 @@ def login():
     psw = bottle.request.forms.get('psw')
     psw = psw.encode("utf-8")
     db.cur.execute("SELECT pass_hashed FROM user WHERE email=?;", (uname, )), psw
-    pass_hashed = db.cur.fetchone()
-    print(pass_hashed)
+    try:
+        pass_hashed = db.cur.fetchone()[0]
+    except TypeError:
+        return "Wrong Credentials."  # no user with this email
     if pylibscrypt.scrypt_mcf_check(pass_hashed, psw):
         # :todo Generate Session Cookie and give to user
         return bottle.static_file("../static/bot.html", root="../static")
     else:
-        return "Wrong Credentials."
+        return "Wrong Credentials."  # passphrase is wrong
 
 
 @app.route('/register', method="POST")
@@ -68,33 +70,37 @@ def register():
 
     # check if email is already in use
 
-    # needs to be encoded somehow
+    # hash and format for being encoded in the confirmation mail
     psw = psw.encode("utf-8")
-    psw = pylibscrypt.scrypt_mcf(psw)
-    psw = base64.encodebytes(psw)
-    psw = psw.decode("ascii")
-    payload = {"email": email, "psw_hashed": psw}  # hash password
-    encoded_jwt = jwt.encode(payload, secret)
-    confirmlink = "ticketfrei.links-tech.org/confirm?" + str(encoded_jwt)
-    print(type(confirmlink))
+    pass_hashed = pylibscrypt.scrypt_mcf(psw)  # hash password
+    pass_hashed = base64.encodebytes(pass_hashed)
+    pass_hashed = pass_hashed.decode("ascii")
+    payload = {"email": email, "pass_hashed": pass_hashed}
+
+    # create confirmlink
+    encoded_jwt = jwt.encode(payload, secret).decode('utf-8')
+    host = bottle.request.get_header('host')
+    confirmlink = "http://" + host + "/confirm/" + str(encoded_jwt)  # to be changed to https
+
+    # send the mail
     m = sendmail.Mailer(config)
     m.send("Complete your registration here: " + confirmlink, email, "[Ticketfrei] Confirm your account")
     return "We sent you an E-Mail. Please click on the confirmation link."
 
 
-# How can I parse the arguments from the URI?
-# https://ticketfrei.links-tech.org/confirm?user=asdf&pass=sup3rs3cur3
-@app.route('/confirm', method="GET")
-def confirmaccount():
+@app.route('/confirm/<encoded_jwt>', method="GET")
+def confirmaccount(encoded_jwt):
     """
     Confirm the account creation and create a database entry.
     :return: Redirection to bot.html
     """
-    encoded_jwt = bottle.request.forms.get('encoded_jwt')
+    # get values from URL
     dict = jwt.decode(encoded_jwt, secret)
     uname = dict["email"]
-    pass_hashed = dict["psw_hashed"]
+    pass_hashed = base64.b64decode(dict["pass_hashed"])
     print(uname, pass_hashed)
+
+    # create db entry
     db.cur.execute("INSERT INTO user(email, pass_hashed, enabled) VALUES(?, ?, ?);", (uname, pass_hashed, True))
     db.conn.commit()
     return bottle.static_file("../static/bot.html", root='../static')
diff --git a/static/bot.html b/static/bot.html
index 69eabe3..06ff118 100644
--- a/static/bot.html
+++ b/static/bot.html
@@ -1,6 +1,6 @@
 <head>
   <title>Ticketfrei</title>
-  <link rel='stylesheet' href='static/css/style.css'>
+  <link rel='stylesheet' href='/static/css/style.css'>
 </head>
 <body style="background-image: url(static/img/wallpaper.png)">
     <div class="area">
diff --git a/ticketfrei.sqlite b/ticketfrei.sqlite
new file mode 100644
index 0000000000000000000000000000000000000000..20f51fd31afae3164ff0f52a66b043c68d7da136
GIT binary patch
literal 4096
zcmeH~K}*9h6o8Xun`5wJ*-3aeH#QOR=*22Qie0zW6x^weTV#c;b88D;^;h{HJosC@
zh<GxuZlD8?o|Z?Gm-o{5+V>@)^m^#VnS#5;YA!Q4A!R}-IRhYsRCFurwh^ia+xBMe
zFI^#rZ_f?(L0IX9uzmKbl@UYWKL`w1wb|*=Q6_I^DqYU>z7A8h%vCbpHp>@2w*?1b
zpSv8k?rkM<uDUw1{dh$8nwCYM>>_8Lsui}<ujmL}5wz-{C5k5zYR41&lKbHG1$cq$
z!oYWWwm*U^J_0)seaF*DdfXEbc+N23-S2QUm+>qD!EeOcb1&00oXT{nip)P|RDy*T
z-u2_^?SoRad1_G-ClmFsu1n_GqOe1J)9@I3rWc@wi_pMMpK3P7fe}N%5ZEOGbu1Ro
k|K~1MZE7_H3;`s7-+#*9iN1^&0*1g&5U5dR(c)L;3p$-_ZvX%Q

literal 0
HcmV?d00001