aji/authentication
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: aji:981192ad69f6c46e043541e40cf8bf174562dec0
Branches Tags
aji:master
aji:dev
..
compare: aji:43b46d9bad2b0af9ee4c16bc2f2fb94995ef052e
Branches Tags
aji:master
aji:dev

No commits in common. "981192ad69f6c46e043541e40cf8bf174562dec0" and "43b46d9bad2b0af9ee4c16bc2f2fb94995ef052e" have entirely different histories.
981192ad69 ... 43b46d9bad

15 changed files with 17 additions and 543 deletions
Show Stats Expand all files Collapse all files

61
handler.py
View File

@ -14,10 +14,6 @@ import templates.plain.main as template_public
import templates.postcard.main as template_email import templates.postcard.main as template_email
import modules.public.home as public_home import modules.public.home as public_home
import modules.public.register as public_register
import modules.public.notme as public_notme
import modules.public.verify as public_verify
import modules.public.login as public_login
import modules.api.auth as api_auth import modules.api.auth as api_auth
@ -32,43 +28,6 @@ def index():
} }
return public_home.main().html(params) return public_home.main().html(params)
@app.route('/register/<roles>')
def index(roles):
params = {
"roles" :roles,
"mako" :{
"website" : template_public.main(directory.page["public"], "register")
}
}
return public_register.register().html(params)
@app.route('/notme', method='GET')
def index():
params = {
"mako" : {
"website" : template_public.main(directory.page["public"], "notme")
}
}
return public_notme.notme().html(params)
@app.route('/verify', method='GET')
def index():
params = {
"mako" : {
"website" : template_public.main(directory.page["public"], "verify")
}
}
return public_verify.verify().html(params)
@app.route('/login')
def index():
params = {
"mako" : {
"website" : template_public.main(directory.page["public"], "login")
}
}
return public_login.login().html(params)
@app.route('/api/auth/register/<roles>', method=['OPTIONS', 'POST']) @app.route('/api/auth/register/<roles>', method=['OPTIONS', 'POST'])
def index(roles): def index(roles):
try: try:
@ -104,32 +63,36 @@ def index():
print(str(e),flush=True) print(str(e),flush=True)
return json.dumps({}, indent = 2).encode() return json.dumps({}, indent = 2).encode()
@app.route('/api/auth/notme', method=['OPTIONS', 'POST']) @app.route('/api/auth/notme', method='GET')
def index(): def index():
try: try:
if request.method == 'OPTIONS': if request.method == 'OPTIONS':
return None return None
else: else:
response.content_type = 'application/json' response.content_type = 'application/json'
params = request.json params = {
params["mako" ] = { "token" : request.query.token,
"email" : template_email.main(directory.page["email"], "message") "mako" : {
"email" : template_email.main(directory.page["email"], "message")
}
} }
return json.dumps(api_auth.auth().notme(params), indent = 2).encode() return json.dumps(api_auth.auth().notme(params), indent = 2).encode()
except Exception as e: except Exception as e:
print(str(e),flush=True) print(str(e),flush=True)
return json.dumps({}, indent = 2).encode() return json.dumps({}, indent = 2).encode()
@app.route('/api/auth/verify', method=['OPTIONS', 'POST']) @app.route('/api/auth/verify', method='GET')
def index(): def index():
try: try:
if request.method == 'OPTIONS': if request.method == 'OPTIONS':
return None return None
else: else:
response.content_type = 'application/json' response.content_type = 'application/json'
params = request.json params = {
params["mako" ] = { "token" : request.query.token,
"email" : template_email.main(directory.page["email"], "message") "mako" : {
"email" : template_email.main(directory.page["email"], "message")
}
} }
return json.dumps(api_auth.auth().verify(params), indent = 2).encode() return json.dumps(api_auth.auth().verify(params), indent = 2).encode()
except Exception as e: except Exception as e:

23
modules/public/home.py
View File

@ -1,8 +1,5 @@
from mako.template import Template from mako.template import Template
from config import globalvar from config import globalvar
from scripts import loggorilla
import procedure.validation as procedure_validation
class main: class main:
@ -10,23 +7,13 @@ class main:
pass pass
def html(self, params): def html(self, params):
APIADDR = "/"
loggorilla.prcss(APIADDR, "Define page parameters")
active_page = "Home"
allowed_roles = [0,1,2,3]
loggorilla.prcss(APIADDR, "Account validation")
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles)
user = user_validation['data']
return Template(params["mako"]["website"]['index']).render( return Template(params["mako"]["website"]['index']).render(
title = globalvar.title, title = globalvar.title,
header = globalvar.header, header = "Welcome to CostaPy",
navbar = Template(params["mako"]["website"]['navbar']).render( navbar = Template(params["mako"]["website"]['navbar']).render(
menu = globalvar.menu['public']['navbar'], menu = globalvar.menu['public']['navbar'],
user_roles = user['profile']['roles'], user_roles = ["guest"],
active_page = active_page active_page = "Home"
), ),
footer = Template(params["mako"]["website"]['footer']).render( footer = Template(params["mako"]["website"]['footer']).render(
copyright = globalvar.copyright, copyright = globalvar.copyright,

35
modules/public/login.py
View File

@ -1,35 +0,0 @@
from mako.template import Template
from config import globalvar
from scripts import loggorilla
import procedure.validation as procedure_validation
class login:
def __init__(self):
pass
def html(self, params):
APIADDR = "/login"
loggorilla.prcss(APIADDR, "Define page parameters")
active_page = "Login"
allowed_roles = [0]
loggorilla.prcss(APIADDR, "Account validation")
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles)
user = user_validation['data']
return Template(params["mako"]["website"]['index']).render(
title = globalvar.title,
header = globalvar.header,
navbar = Template(params["mako"]["website"]['navbar']).render(
menu = globalvar.menu['public']['navbar'],
user_roles = user['profile']['roles'],
active_page = active_page
),
footer = Template(params["mako"]["website"]['footer']).render(
copyright = globalvar.copyright,
),
container = Template(params["mako"]["website"]['container']).render()
)

37
modules/public/notme.py
View File

@ -1,37 +0,0 @@
from mako.template import Template
from config import globalvar
from scripts import loggorilla
import procedure.validation as procedure_validation
class notme:
def __init__(self):
pass
def html(self, params):
APIADDR = "/notme"
loggorilla.prcss(APIADDR, "Define page parameters")
active_page = "Not Me"
allowed_roles = [0,1,2,3]
loggorilla.prcss(APIADDR, "Account validation")
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles)
user = user_validation['data']
return Template(params["mako"]["website"]['index']).render(
title = globalvar.title,
header = globalvar.header,
navbar = Template(params["mako"]["website"]['navbar']).render(
menu = globalvar.menu['public']['navbar'],
user_roles = user['profile']['roles'],
active_page = active_page
),
footer = Template(params["mako"]["website"]['footer']).render(
copyright = globalvar.copyright,
),
container = Template(params["mako"]["website"]['container']).render(
title = globalvar.title
)
)

41
modules/public/register.py
View File

@ -1,41 +0,0 @@
from mako.template import Template
from config import globalvar
from scripts import loggorilla
import procedure.validation as procedure_validation
class register:
def __init__(self):
pass
def html(self, params):
APIADDR = "/register"
loggorilla.prcss(APIADDR, "Define page parameters")
active_page = "Register"
allowed_roles = [0]
roles = params["roles"]
loggorilla.prcss(APIADDR, "Account validation")
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles)
user = user_validation['data']
return Template(params["mako"]["website"]['index']).render(
title = globalvar.title,
header = globalvar.header,
navbar = Template(params["mako"]["website"]['navbar']).render(
menu = globalvar.menu['public']['navbar'],
user_roles = user['profile']['roles'],
active_page = active_page
),
footer = Template(params["mako"]["website"]['footer']).render(
copyright = globalvar.copyright,
),
container = Template(params["mako"]["website"]['container']).render(
title = globalvar.title,
reCAPTCHA_client = globalvar.reCAPTCHA['client'],
roles = roles,
production = globalvar.production
)
)

35
modules/public/verify.py
View File

@ -1,35 +0,0 @@
from mako.template import Template
from config import globalvar
from scripts import loggorilla
import procedure.validation as procedure_validation
class verify:
def __init__(self):
pass
def html(self, params):
APIADDR = "/verify"
loggorilla.prcss(APIADDR, "Define page parameters")
active_page = "Verify"
allowed_roles = [0]
loggorilla.prcss(APIADDR, "Account validation")
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles)
user = user_validation['data']
return Template(params["mako"]["website"]['index']).render(
title = globalvar.title,
header = globalvar.header,
navbar = Template(params["mako"]["website"]['navbar']).render(
menu = globalvar.menu['public']['navbar'],
user_roles = user['profile']['roles'],
active_page = active_page
),
footer = Template(params["mako"]["website"]['footer']).render(
copyright = globalvar.copyright,
),
container = Template(params["mako"]["website"]['container']).render()
)

15
pages/public/login.html
View File

@ -1,15 +0,0 @@
<h1>Login</h1>
<script type="text/javascript" src="/js/carrack.js"></script>
<input required type="text" id="form-username" placeholder="Username" > <br>
<input required type="password" id="form-password" placeholder="Password" > <br>
<button type="button" onclick="onSubmit()">Login</button> <br>
<a href="/forgot">Forgot password</a>
<div id="alert-response" role="alert">
<b id="alert-status">Loading...</b> <span id="alert-desc">Please wait...</span>
</div>
<script type="text/javascript" src="/js/auth/login.js"></script>

14
pages/public/notme.html
View File

@ -1,14 +0,0 @@
<h1>Not me</h1>
<script type="text/javascript" src="/js/carrack.js"></script>
<p>I hereby declare that I have never registered with ${title} and will delete the data that uses my email</p>
<button id="notme-link" onclick="notme()">
Submit
</button>
<div id="alert-response" role="alert">
<b id="alert-status">Loading...</b> <span id="alert-desc">Please wait...</span>
</div>
<script type="text/javascript" src="/js/auth/notme.js"></script>

32
pages/public/register.html
View File

@ -1,32 +0,0 @@
<h1>Register</h1>
% if production:
<script type="text/javascript" src="https://www.google.com/recaptcha/api.js"></script>
% endif
<script type="text/javascript" src="/js/carrack.js"></script>
<!-- FORM -->
<input type="hidden" id="roles" value="${roles}">
<input required type="email" id="form-email" placeholder="Email" > <br>
<input required type="text" id="form-username" placeholder="Username" > <br>
<input required type="password" id="form-password" placeholder="Password" > <br>
% if production:
<button class="g-recaptcha" data-sitekey="${reCAPTCHA_client}" data-callback='onSubmit' data-action='submit'>Register</button>
% else:
<button onclick="onSubmit('dev')">Register</button>
% endif
<!-- RESPONSE -->
<div id="alert-response" role="alert">
<b id="alert-status">Loading...</b> <span id="alert-desc">Please wait...</span>
</div>
<!-- RESEND FORM -->
<div id="resend-div">
<input type="hidden" id="resend-email" value="">
<button id="resend-link" onclick="resending()">Resend verification</button>
<p id="resend-message">Message here</p>
</div>
<script type="text/javascript" src="/js/auth/register.js"></script>

9
pages/public/verify.html
View File

@ -1,9 +0,0 @@
<h1>Verify</h1>
<script type="text/javascript" src="/js/carrack.js"></script>
<div id="alert-response" role="alert">
<b id="alert-status">Loading...</b> <span id="alert-desc">Please wait...</span>
</div>
<script type="text/javascript" src="/js/auth/verify.js"></script>

83
static/js/auth/login.js
View File

@ -1,83 +0,0 @@
function flushResponse() {
document.getElementById("alert-response" ).style.display = 'none';
document.getElementById("alert-response" ).classList.remove('alert-success' );
document.getElementById("alert-response" ).classList.remove('alert-danger' );
document.getElementById("alert-response" ).classList.remove('alert-primary' );
}
function loadingResponse() {
flushResponse();
document.getElementById("alert-status" ).innerHTML = "Loading...";
document.getElementById("alert-desc" ).innerHTML = "Please wait...";
document.getElementById("alert-response").classList.add('alert-primary');
document.getElementById("alert-response").style.display = 'block';
}
function responseSession(response) {
flushResponse();
const obj = JSON.parse(response);
document.getElementById("alert-status").innerHTML = obj.status;
if (obj.status == "success") {
document.getElementById("alert-desc" ).innerHTML = "Welcome!";
document.getElementById("alert-response").classList.add('alert-success');
document.getElementById("alert-response").style.display = 'block';
window.location.replace("/?msg=Welcome");
}
else {
document.getElementById("alert-desc" ).innerHTML = "Internal error";
document.getElementById("alert-response").classList.add('alert-danger');
document.getElementById("alert-response").style.display = 'block';
}
}
function setSession(jwt) {
var url = "/api/auth/session/set";
var payload = {
"jwt" : jwt
};
sendHttpRequest(url, "POST", payload, function (error, response) {
if (error) console.error("Error:", error);
else {
console.log("JSON Response:", response);
responseSession(response);
}
}, "application/json");
}
function responseAlert(response) {
flushResponse();
const obj = JSON.parse(response);
if (obj.status == "success") {
loadingResponse();
document.getElementById("alert-desc" ).innerHTML = "Set the session";
setSession(obj.data.jwt);
}
if (obj.status == "failed") {
document.getElementById("alert-response").classList.add('alert-danger');
document.getElementById("alert-status" ).innerHTML = obj.status;
document.getElementById("alert-desc" ).innerHTML = obj.desc;
document.getElementById("alert-response").style.display = 'block';
}
}
function onSubmit() {
loadingResponse();
var username = document.getElementById("form-username").value;
var password = document.getElementById("form-password").value;
var url = "/api/auth/login";
var payload = {
"username" : username,
"password" : password
};
sendHttpRequest(url, "POST", payload, function (error, response) {
if (error) console.error("Error:", error);
else {
console.log("JSON Response:", response);
responseAlert(response);
}
}, "application/json");
}
flushResponse();

45
static/js/auth/notme.js
View File

@ -1,45 +0,0 @@
function flushResponse() {
document.getElementById("alert-response" ).style.display = 'none';
document.getElementById("alert-response" ).classList.remove('alert-success' );
document.getElementById("alert-response" ).classList.remove('alert-danger' );
document.getElementById("alert-response" ).classList.remove('alert-primary' );
}
function loadingResponse() {
flushResponse();
document.getElementById("alert-status" ).innerHTML = "Loading...";
document.getElementById("alert-desc" ).innerHTML = "Please wait...";
document.getElementById("alert-response").classList.add('alert-primary');
document.getElementById("alert-response").style.display = 'block';
}
function responseAlert(response) {
flushResponse();
const obj = JSON.parse(response);
if (obj.status == "success" ) document.getElementById("alert-response").classList.add('alert-success' );
if (obj.status == "failed" ) document.getElementById("alert-response").classList.add('alert-danger' );
document.getElementById("alert-status" ).innerHTML = obj.status;
document.getElementById("alert-desc" ).innerHTML = obj.desc;
document.getElementById("alert-response").style.display = 'block';
}
function notme() {
document.getElementById("notme-link").style.display = 'none';
loadingResponse();
const queryString = window.location.search;
const urlParams = new URLSearchParams(queryString);
const token = urlParams.get('token');
var url = "/api/auth/notme";
var payload = {
"token" : token
};
sendHttpRequest(url, "POST", payload, function (error, response) {
if (error) console.error("Error:", error);
else {
console.log("JSON Response:", response);
responseAlert(response);
}
}, "application/json");
}
flushResponse();

68
static/js/auth/register.js
View File

@ -1,68 +0,0 @@
function flushResponse() {
document.getElementById("alert-response" ).style.display = 'none';
document.getElementById("resend-div" ).style.display = 'none';
document.getElementById("alert-response" ).classList.remove('alert-success' );
document.getElementById("alert-response" ).classList.remove('alert-danger' );
document.getElementById("alert-response" ).classList.remove('alert-primary' );
}
function loadingResponse() {
flushResponse();
document.getElementById("alert-status" ).innerHTML = "Loading...";
document.getElementById("alert-desc" ).innerHTML = "Please wait...";
document.getElementById("alert-response").classList.add('alert-primary');
document.getElementById("alert-response").style.display = 'block';
}
function responseAlert(response) {
flushResponse();
const obj = JSON.parse(response);
if (obj.status == "success" ) document.getElementById("alert-response").classList.add('alert-success' );
if (obj.status == "failed" ) document.getElementById("alert-response").classList.add('alert-danger' );
if (obj.desc == "check email for verification") {
document.getElementById("resend-email" ).value = document.getElementById("form-email").value;
document.getElementById("resend-message" ).innerHTML = obj.data.message;
document.getElementById("resend-link" ).setAttribute('href', obj.data.resend);
document.getElementById("resend-div" ).style.display = 'block';
}
document.getElementById("alert-status" ).innerHTML = obj.status;
document.getElementById("alert-desc" ).innerHTML = obj.desc;
document.getElementById("alert-response").style.display = 'block';
}
function onSubmit(token) {
loadingResponse();
var email = document.getElementById("form-email" ).value;
var username = document.getElementById("form-username" ).value;
var password = document.getElementById("form-password" ).value;
var roles = document.getElementById("roles" ).value;
var url = "/api/auth/register/"+roles;
var payload = {
"email" : email,
"username" : username,
"password" : password
};
payload.captcha = token; // Add response from reCAPTCHA
sendHttpRequest(url, "POST", payload, function (error, response) {
if (error) console.error("Error:", error);
else {
console.log("JSON Response:", response);
responseAlert(response);
}
}, "application/json");
}
function resending() {
loadingResponse();
var email = document.getElementById("resend-email").value;
var url = "/api/auth/resend?email="+email;
sendHttpRequest(url, "GET", null, function (error, response) {
if (error) console.error("Error:", error);
else {
console.log("JSON Response:", response);
responseAlert(response);
}
}, "multipart/form-data");
}
flushResponse();

44
static/js/auth/verify.js
View File

@ -1,44 +0,0 @@
function flushResponse() {
document.getElementById("alert-response" ).style.display = 'none';
document.getElementById("alert-response" ).classList.remove('alert-success' );
document.getElementById("alert-response" ).classList.remove('alert-danger' );
document.getElementById("alert-response" ).classList.remove('alert-primary' );
}
function loadingResponse() {
flushResponse();
document.getElementById("alert-status" ).innerHTML = "Loading...";
document.getElementById("alert-desc" ).innerHTML = "Please wait...";
document.getElementById("alert-response").classList.add('alert-primary');
document.getElementById("alert-response").style.display = 'block';
}
function responseAlert(response) {
flushResponse();
const obj = JSON.parse(response);
if (obj.status == "success" ) document.getElementById("alert-response").classList.add('alert-success' );
if (obj.status == "failed" ) document.getElementById("alert-response").classList.add('alert-danger' );
document.getElementById("alert-status" ).innerHTML = obj.status;
document.getElementById("alert-desc" ).innerHTML = obj.desc;
document.getElementById("alert-response").style.display = 'block';
}
function verify() {
loadingResponse();
const queryString = window.location.search;
const urlParams = new URLSearchParams(queryString);
const token = urlParams.get('token')
var url = "/api/auth/verify";
var payload = {
"token" : token
};
sendHttpRequest(url, "POST", payload, function (error, response) {
if (error) console.error("Error:", error);
else {
console.log("JSON Response:", response);
responseAlert(response);
}
}, "application/json");
}
verify();

18
static/js/carrack.js
View File

@ -1,18 +0,0 @@
function sendHttpRequest(url, method, data, callback, contentType = "multipart/form-data") {
var xhr = new XMLHttpRequest();
xhr.open(method, url, true);
xhr.setRequestHeader("Content-Type", contentType);
xhr.onreadystatechange = function () {
if (xhr.readyState === 4) {
if (xhr.status === 200) {
var response = xhr.responseText;
callback(null, response);
}
else callback(xhr.status, null);
}
};
var requestData;
if (contentType === "application/json") requestData = JSON.stringify(data);
else requestData = data;
xhr.send(requestData);
}