forgot send to forgot and forgot change to reset

2024-09-30 18:00:55 +07:00 · 2024-09-30 18:00:55 +07:00 · 8293dfa761
commit 8293dfa761
parent 989a229e3a
4 changed files with 117 additions and 104 deletions
--- a/app/handler.py
+++ b/app/handler.py
@ -230,27 +230,32 @@ def index():
        print(str(e))
        return json.dumps({}, indent = 2).encode()

-@app.route('/api/auth/password/forgot/<type>', method='POST')
-def index(type):
+@app.route('/api/auth/password/forgot', method='POST')
+def index():
    try:
        params = request.json
-        params["type"] = type
-        if type == "send":
-            params["mako"] = {
-                "email" : template_email.main(directory.page["email"], "reset")
-            }
-        elif type == "change":
-            params["mako"] = {
-                "email" : template_email.main(directory.page["email"], "message")
-            }
-        else:
-            pass
+        params["mako"] = {
+            "email" : template_email.main(directory.page["email"], "reset")
+        }
        response.content_type = 'application/json'
        return json.dumps(api_auth.auth().forgot(params), indent = 2).encode()
    except Exception as e:
        print(str(e))
        return json.dumps({}, indent = 2).encode()

+@app.route('/api/auth/password/reset', method='POST')
+def index():
+    try:
+        params = request.json
+        params["mako"] = {
+            "email" : template_email.main(directory.page["email"], "message")
+        }
+        response.content_type = 'application/json'
+        return json.dumps(api_auth.auth().reset(params), indent = 2).encode()
+    except Exception as e:
+        print(str(e))
+        return json.dumps({}, indent = 2).encode()
+
@app.route('/api/dashboard/roles/list', method='POST')
 def index():
    try:
--- a/app/modules/api/auth.py
+++ b/app/modules/api/auth.py
@ -465,101 +465,109 @@ class auth:
        return response

    def forgot(self, params):
-        APIADDR     = "/api/auth/password/forgot/:type"
-        loggorilla.prcss(APIADDR, "Define parameters")
+        APIADDR     = "/api/auth/password/forgot"
        response    = {}
-        type        = params["type"     ] # POST: send / change
        self.cursor.execute("BEGIN;")
        try:
-            loggorilla.fyinf(APIADDR, f"type: {type}")
-            if type == "send":
-                loggorilla.prcss(APIADDR, "Define parameters inside decision")
-                email = params["email"].lower()
-                loggorilla.prcss(APIADDR, "Get dependency data")
-                self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (email,) )
-                result_verified = self.cursor.fetchone()
-                if result_verified["count"] >= 1:
-                    loggorilla.prcss(APIADDR, "Get token")
-                    token = result_verified["token"].decode()
-                    loggorilla.prcss(APIADDR, "Generate URL")
-                    # TODO: set expired time
-                    expired = datetime.datetime.now() + datetime.timedelta(minutes=30) # Can be hours or minutes
-                    expired_isoformat = expired.isoformat()
-                    payload = {
-                        "token" : token,
-                        "expired": expired_isoformat
-                    }
-                    # TODO: Config SSH key for tokenguard and set forgot URL
-                    token_encrypt       = tokenguard.encode(payload, globalvar.ssh['key']['private'], globalvar.ssh['passphrase'])
-                    change_forgot_url   = globalvar.change_forgot_url(token_encrypt)
-                    loggorilla.prcss(APIADDR, "Sending email")
-                    self.smtpconfig['subject'   ] = f"{globalvar.title} forgot password"
-                    self.smtpconfig['to'        ] = email
-                    self.smtpconfig['text'      ] = f"Please visit this link to reset password: {change_forgot_url}. Avoid the link if you are not request this."
-                    self.smtpconfig['html'      ] = Template(params["mako"]["email"]['index']).render(
-                        title       = globalvar.title,
-                        header      = globalvar.title,
-                        copyright   = globalvar.copyright,
-                        container   = Template(params["mako"]["email"]['container']).render(
-                            reset = change_forgot_url
-            			)
+            loggorilla.prcss(APIADDR, "Define parameters")
+            email = params["email"].lower()
+            loggorilla.prcss(APIADDR, "Get dependency data")
+            self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (email,) )
+            result_verified = self.cursor.fetchone()
+            if result_verified["count"] >= 1:
+                loggorilla.prcss(APIADDR, "Get token")
+                token = result_verified["token"].decode()
+                loggorilla.prcss(APIADDR, "Generate URL")
+                # TODO: set expired time
+                expired = datetime.datetime.now() + datetime.timedelta(minutes=30) # Can be hours or minutes
+                expired_isoformat = expired.isoformat()
+                payload = {
+                    "token" : token,
+                    "expired": expired_isoformat
+                }
+                # TODO: Config SSH key for tokenguard and set forgot URL
+                token_encrypt       = tokenguard.encode(payload, globalvar.ssh['key']['private'], globalvar.ssh['passphrase'])
+                change_forgot_url   = globalvar.change_forgot_url(token_encrypt)
+                loggorilla.prcss(APIADDR, "Sending email")
+                self.smtpconfig['subject'   ] = f"{globalvar.title} forgot password"
+                self.smtpconfig['to'        ] = email
+                self.smtpconfig['text'      ] = f"Please visit this link to reset password: {change_forgot_url}. Avoid the link if you are not request this."
+                self.smtpconfig['html'      ] = Template(params["mako"]["email"]['index']).render(
+                    title       = globalvar.title,
+                    header      = globalvar.title,
+                    copyright   = globalvar.copyright,
+                    container   = Template(params["mako"]["email"]['container']).render(
+                        reset = change_forgot_url
                    )
-                    sendwave.smtp(self.smtpconfig)
-                    loggorilla.prcss(APIADDR, "Giving response")
-                    response["status"	] = "success"
-                    response["desc"		] = "Check email for password change."
-                else:
-                    response["status"	] = "failed"
-                    response["desc"		] = "The parameters seems suspicious and you are not authorized for that"
-            elif type == "change":
-                loggorilla.prcss(APIADDR, "Define parameters inside decision")
-                token_encrypt   = params["token"    ]
-                password        = params["password" ]
-                loggorilla.prcss(APIADDR, "Decrypt token")
-                payload = tokenguard.decode(token_encrypt, globalvar.ssh['key']['public'])
-                token   = payload['token']
-                expired = datetime.datetime.fromisoformat(payload['expired'])
-                loggorilla.prcss(APIADDR, "Process parameters")
-                hashed		= bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
-                loggorilla.prcss(APIADDR, "Get dependency data")
-                self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.token = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (token,) )
-                result_verified = self.cursor.fetchone()
-                email = result_verified['email']
-                loggorilla.prcss(APIADDR, "Validation")
-                if datetime.datetime.now() > expired:
-                    response["status"	] = "failed"
-                    response["desc"		] = "Expired"
-                elif len(password) < 6:
-                    response["status"	] = "failed"
-                    response["desc"		] = "password too short"
-                elif result_verified["count"] == 0:
-                    response["status"	] = "failed"
-                    response["desc"		] = "Forbidden: No active account for this"
-                    response["data"     ] = {
-                        "message": "Please contact us if you still had a problem"
-                    }
-                else:
-                    loggorilla.prcss(APIADDR, "Updating")
-                    self.cursor.execute("UPDATE `auth` SET `password` = %s, `when_update` = NOW() WHERE `token` = %s", (hashed, token) )
-                    loggorilla.prcss(APIADDR, "Sending email")
-                    self.smtpconfig['subject'   ] = f"{globalvar.title} password change success"
-                    self.smtpconfig['to'        ] = email
-                    self.smtpconfig['text'      ] = f"You had change your password."
-                    self.smtpconfig['html'      ] = Template(params["mako"]["email"]['index']).render(
-                        title       = globalvar.title,
-                        header      = globalvar.title,
-                        copyright   = globalvar.copyright,
-                        container   = Template(params["mako"]["email"]['container']).render(
-                            message = f"You had change your password."
-            			)
-                    )
-                    sendwave.smtp(self.smtpconfig)
-                    loggorilla.prcss(APIADDR, "Giving response")
-                    response["status"	] = "success"
-                    response["desc"		] = "password change success"
+                )
+                sendwave.smtp(self.smtpconfig)
+                loggorilla.prcss(APIADDR, "Giving response")
+                response["status"	] = "success"
+                response["desc"		] = "Check email for password change."
            else:
                response["status"	] = "failed"
-                response["desc"		] = "forbidden"
+                response["desc"		] = "The parameters seems suspicious and you are not authorized for that"
+        except Exception as e:
+            self.cursor.execute("ROLLBACK;")
+            loggorilla.error(APIADDR, str(e) )
+            response["status"	] = "failed"
+            response["desc"		] = "Internal Server Error. Please contact us if you still have an error. for detail"
+        finally:
+            self.cursor.execute("COMMIT;")
+            self.cursor.close()
+            self.db_main.close()
+        return response
+
+    def reset(self, params):
+        APIADDR     = "/api/auth/password/reset"
+        response    = {}
+        self.cursor.execute("BEGIN;")
+        try:
+            loggorilla.prcss(APIADDR, "Define parameters")
+            token_encrypt   = params["token"    ]
+            password        = params["password" ]
+            loggorilla.prcss(APIADDR, "Decrypt token")
+            payload = tokenguard.decode(token_encrypt, globalvar.ssh['key']['public'])
+            token   = payload['token']
+            expired = datetime.datetime.fromisoformat(payload['expired'])
+            loggorilla.prcss(APIADDR, "Process parameters")
+            hashed		= bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
+            loggorilla.prcss(APIADDR, "Get dependency data")
+            self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.token = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (token,) )
+            result_verified = self.cursor.fetchone()
+            email = result_verified['email']
+            loggorilla.prcss(APIADDR, "Validation")
+            if datetime.datetime.now() > expired:
+                response["status"	] = "failed"
+                response["desc"		] = "Expired"
+            elif len(password) < 6:
+                response["status"	] = "failed"
+                response["desc"		] = "password too short"
+            elif result_verified["count"] == 0:
+                response["status"	] = "failed"
+                response["desc"		] = "Forbidden: No active account for this"
+                response["data"     ] = {
+                    "message": "Please contact us if you still had a problem"
+                }
+            else:
+                loggorilla.prcss(APIADDR, "Updating")
+                self.cursor.execute("UPDATE `auth` SET `password` = %s, `when_update` = NOW() WHERE `token` = %s", (hashed, token) )
+                loggorilla.prcss(APIADDR, "Sending email")
+                self.smtpconfig['subject'   ] = f"{globalvar.title} password change success"
+                self.smtpconfig['to'        ] = email
+                self.smtpconfig['text'      ] = f"You had change your password."
+                self.smtpconfig['html'      ] = Template(params["mako"]["email"]['index']).render(
+                    title       = globalvar.title,
+                    header      = globalvar.title,
+                    copyright   = globalvar.copyright,
+                    container   = Template(params["mako"]["email"]['container']).render(
+                        message = f"You had change your password."
+                    )
+                )
+                sendwave.smtp(self.smtpconfig)
+                loggorilla.prcss(APIADDR, "Giving response")
+                response["status"	] = "success"
+                response["desc"		] = "password change success"
        except Exception as e:
            self.cursor.execute("ROLLBACK;")
            loggorilla.error(APIADDR, str(e) )
--- a/app/static/js/auth/forgot.js
+++ b/app/static/js/auth/forgot.js
@ -26,7 +26,7 @@ function responseAlert(response) {
 function onSubmit() {
  loadingResponse();
  var email     = document.getElementById("form-email"    ).value;
-  var url       = "/api/auth/password/forgot/send";
+  var url       = "/api/auth/password/forgot";
  var payload   = {
    "email"     : email
  };
--- a/app/static/js/auth/reset.js
+++ b/app/static/js/auth/reset.js
@ -32,7 +32,7 @@ function onSubmit() {
  const urlParams   = new URLSearchParams(queryString);
  const token       = urlParams.get('token')
  var password     = document.getElementById("form-password").value;
-  var url     = "/api/auth/password/forgot/change";
+  var url     = "/api/auth/password/reset";
  var payload = {
    "token" : token,
    "password" : password