diff --git a/app/handler.py b/app/handler.py index 9c5ba20..5f39036 100644 --- a/app/handler.py +++ b/app/handler.py @@ -230,27 +230,32 @@ def index(): print(str(e)) return json.dumps({}, indent = 2).encode() -@app.route('/api/auth/password/forgot/', method='POST') -def index(type): +@app.route('/api/auth/password/forgot', method='POST') +def index(): try: params = request.json - params["type"] = type - if type == "send": - params["mako"] = { - "email" : template_email.main(directory.page["email"], "reset") - } - elif type == "change": - params["mako"] = { - "email" : template_email.main(directory.page["email"], "message") - } - else: - pass + params["mako"] = { + "email" : template_email.main(directory.page["email"], "reset") + } response.content_type = 'application/json' return json.dumps(api_auth.auth().forgot(params), indent = 2).encode() except Exception as e: print(str(e)) return json.dumps({}, indent = 2).encode() +@app.route('/api/auth/password/reset', method='POST') +def index(): + try: + params = request.json + params["mako"] = { + "email" : template_email.main(directory.page["email"], "message") + } + response.content_type = 'application/json' + return json.dumps(api_auth.auth().reset(params), indent = 2).encode() + except Exception as e: + print(str(e)) + return json.dumps({}, indent = 2).encode() + @app.route('/api/dashboard/roles/list', method='POST') def index(): try: diff --git a/app/modules/api/auth.py b/app/modules/api/auth.py index 80c20ca..1cf6bea 100644 --- a/app/modules/api/auth.py +++ b/app/modules/api/auth.py @@ -465,101 +465,109 @@ class auth: return response def forgot(self, params): - APIADDR = "/api/auth/password/forgot/:type" - loggorilla.prcss(APIADDR, "Define parameters") + APIADDR = "/api/auth/password/forgot" response = {} - type = params["type" ] # POST: send / change self.cursor.execute("BEGIN;") try: - loggorilla.fyinf(APIADDR, f"type: {type}") - if type == "send": - loggorilla.prcss(APIADDR, "Define parameters inside decision") - email = params["email"].lower() - loggorilla.prcss(APIADDR, "Get dependency data") - self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (email,) ) - result_verified = self.cursor.fetchone() - if result_verified["count"] >= 1: - loggorilla.prcss(APIADDR, "Get token") - token = result_verified["token"].decode() - loggorilla.prcss(APIADDR, "Generate URL") - # TODO: set expired time - expired = datetime.datetime.now() + datetime.timedelta(minutes=30) # Can be hours or minutes - expired_isoformat = expired.isoformat() - payload = { - "token" : token, - "expired": expired_isoformat - } - # TODO: Config SSH key for tokenguard and set forgot URL - token_encrypt = tokenguard.encode(payload, globalvar.ssh['key']['private'], globalvar.ssh['passphrase']) - change_forgot_url = globalvar.change_forgot_url(token_encrypt) - loggorilla.prcss(APIADDR, "Sending email") - self.smtpconfig['subject' ] = f"{globalvar.title} forgot password" - self.smtpconfig['to' ] = email - self.smtpconfig['text' ] = f"Please visit this link to reset password: {change_forgot_url}. Avoid the link if you are not request this." - self.smtpconfig['html' ] = Template(params["mako"]["email"]['index']).render( - title = globalvar.title, - header = globalvar.title, - copyright = globalvar.copyright, - container = Template(params["mako"]["email"]['container']).render( - reset = change_forgot_url - ) + loggorilla.prcss(APIADDR, "Define parameters") + email = params["email"].lower() + loggorilla.prcss(APIADDR, "Get dependency data") + self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (email,) ) + result_verified = self.cursor.fetchone() + if result_verified["count"] >= 1: + loggorilla.prcss(APIADDR, "Get token") + token = result_verified["token"].decode() + loggorilla.prcss(APIADDR, "Generate URL") + # TODO: set expired time + expired = datetime.datetime.now() + datetime.timedelta(minutes=30) # Can be hours or minutes + expired_isoformat = expired.isoformat() + payload = { + "token" : token, + "expired": expired_isoformat + } + # TODO: Config SSH key for tokenguard and set forgot URL + token_encrypt = tokenguard.encode(payload, globalvar.ssh['key']['private'], globalvar.ssh['passphrase']) + change_forgot_url = globalvar.change_forgot_url(token_encrypt) + loggorilla.prcss(APIADDR, "Sending email") + self.smtpconfig['subject' ] = f"{globalvar.title} forgot password" + self.smtpconfig['to' ] = email + self.smtpconfig['text' ] = f"Please visit this link to reset password: {change_forgot_url}. Avoid the link if you are not request this." + self.smtpconfig['html' ] = Template(params["mako"]["email"]['index']).render( + title = globalvar.title, + header = globalvar.title, + copyright = globalvar.copyright, + container = Template(params["mako"]["email"]['container']).render( + reset = change_forgot_url ) - sendwave.smtp(self.smtpconfig) - loggorilla.prcss(APIADDR, "Giving response") - response["status" ] = "success" - response["desc" ] = "Check email for password change." - else: - response["status" ] = "failed" - response["desc" ] = "The parameters seems suspicious and you are not authorized for that" - elif type == "change": - loggorilla.prcss(APIADDR, "Define parameters inside decision") - token_encrypt = params["token" ] - password = params["password" ] - loggorilla.prcss(APIADDR, "Decrypt token") - payload = tokenguard.decode(token_encrypt, globalvar.ssh['key']['public']) - token = payload['token'] - expired = datetime.datetime.fromisoformat(payload['expired']) - loggorilla.prcss(APIADDR, "Process parameters") - hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode() - loggorilla.prcss(APIADDR, "Get dependency data") - self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.token = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (token,) ) - result_verified = self.cursor.fetchone() - email = result_verified['email'] - loggorilla.prcss(APIADDR, "Validation") - if datetime.datetime.now() > expired: - response["status" ] = "failed" - response["desc" ] = "Expired" - elif len(password) < 6: - response["status" ] = "failed" - response["desc" ] = "password too short" - elif result_verified["count"] == 0: - response["status" ] = "failed" - response["desc" ] = "Forbidden: No active account for this" - response["data" ] = { - "message": "Please contact us if you still had a problem" - } - else: - loggorilla.prcss(APIADDR, "Updating") - self.cursor.execute("UPDATE `auth` SET `password` = %s, `when_update` = NOW() WHERE `token` = %s", (hashed, token) ) - loggorilla.prcss(APIADDR, "Sending email") - self.smtpconfig['subject' ] = f"{globalvar.title} password change success" - self.smtpconfig['to' ] = email - self.smtpconfig['text' ] = f"You had change your password." - self.smtpconfig['html' ] = Template(params["mako"]["email"]['index']).render( - title = globalvar.title, - header = globalvar.title, - copyright = globalvar.copyright, - container = Template(params["mako"]["email"]['container']).render( - message = f"You had change your password." - ) - ) - sendwave.smtp(self.smtpconfig) - loggorilla.prcss(APIADDR, "Giving response") - response["status" ] = "success" - response["desc" ] = "password change success" + ) + sendwave.smtp(self.smtpconfig) + loggorilla.prcss(APIADDR, "Giving response") + response["status" ] = "success" + response["desc" ] = "Check email for password change." else: response["status" ] = "failed" - response["desc" ] = "forbidden" + response["desc" ] = "The parameters seems suspicious and you are not authorized for that" + except Exception as e: + self.cursor.execute("ROLLBACK;") + loggorilla.error(APIADDR, str(e) ) + response["status" ] = "failed" + response["desc" ] = "Internal Server Error. Please contact us if you still have an error. for detail" + finally: + self.cursor.execute("COMMIT;") + self.cursor.close() + self.db_main.close() + return response + + def reset(self, params): + APIADDR = "/api/auth/password/reset" + response = {} + self.cursor.execute("BEGIN;") + try: + loggorilla.prcss(APIADDR, "Define parameters") + token_encrypt = params["token" ] + password = params["password" ] + loggorilla.prcss(APIADDR, "Decrypt token") + payload = tokenguard.decode(token_encrypt, globalvar.ssh['key']['public']) + token = payload['token'] + expired = datetime.datetime.fromisoformat(payload['expired']) + loggorilla.prcss(APIADDR, "Process parameters") + hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode() + loggorilla.prcss(APIADDR, "Get dependency data") + self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.token = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (token,) ) + result_verified = self.cursor.fetchone() + email = result_verified['email'] + loggorilla.prcss(APIADDR, "Validation") + if datetime.datetime.now() > expired: + response["status" ] = "failed" + response["desc" ] = "Expired" + elif len(password) < 6: + response["status" ] = "failed" + response["desc" ] = "password too short" + elif result_verified["count"] == 0: + response["status" ] = "failed" + response["desc" ] = "Forbidden: No active account for this" + response["data" ] = { + "message": "Please contact us if you still had a problem" + } + else: + loggorilla.prcss(APIADDR, "Updating") + self.cursor.execute("UPDATE `auth` SET `password` = %s, `when_update` = NOW() WHERE `token` = %s", (hashed, token) ) + loggorilla.prcss(APIADDR, "Sending email") + self.smtpconfig['subject' ] = f"{globalvar.title} password change success" + self.smtpconfig['to' ] = email + self.smtpconfig['text' ] = f"You had change your password." + self.smtpconfig['html' ] = Template(params["mako"]["email"]['index']).render( + title = globalvar.title, + header = globalvar.title, + copyright = globalvar.copyright, + container = Template(params["mako"]["email"]['container']).render( + message = f"You had change your password." + ) + ) + sendwave.smtp(self.smtpconfig) + loggorilla.prcss(APIADDR, "Giving response") + response["status" ] = "success" + response["desc" ] = "password change success" except Exception as e: self.cursor.execute("ROLLBACK;") loggorilla.error(APIADDR, str(e) ) diff --git a/app/static/js/auth/forgot.js b/app/static/js/auth/forgot.js index 2810a2a..627d142 100644 --- a/app/static/js/auth/forgot.js +++ b/app/static/js/auth/forgot.js @@ -26,7 +26,7 @@ function responseAlert(response) { function onSubmit() { loadingResponse(); var email = document.getElementById("form-email" ).value; - var url = "/api/auth/password/forgot/send"; + var url = "/api/auth/password/forgot"; var payload = { "email" : email }; diff --git a/app/static/js/auth/reset.js b/app/static/js/auth/reset.js index 136b0a1..023a1eb 100644 --- a/app/static/js/auth/reset.js +++ b/app/static/js/auth/reset.js @@ -32,7 +32,7 @@ function onSubmit() { const urlParams = new URLSearchParams(queryString); const token = urlParams.get('token') var password = document.getElementById("form-password").value; - var url = "/api/auth/password/forgot/change"; + var url = "/api/auth/password/reset"; var payload = { "token" : token, "password" : password