aji/authsquare
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Forgot password and reset password

Browse Source
This commit is contained in:
Dita Aji Pratama 2024-07-27 11:40:15 +07:00
parent fdb8d7a777
commit 83ba6ca330
10 changed files with 245 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
app/handler.py
View File

@ -18,6 +18,8 @@ import modules.public.register as public_register
import modules.public.notme as public_notme import modules.public.notme as public_notme
import modules.public.verify as public_verify import modules.public.verify as public_verify
import modules.public.login as public_login import modules.public.login as public_login
import modules.public.forgot as public_forgot
import modules.public.reset as public_reset
import modules.api.auth as api_auth import modules.api.auth as api_auth
@ -69,6 +71,24 @@ def index():
} }
return public_login.login().html(params) return public_login.login().html(params)
@app.route('/forgot')
def index():
params = {
"mako" : {
"website" : template_public.main(directory.page["public"], "forgot")
}
}
return public_forgot.forgot().html(params)
@app.route('/reset', method='GET')
def index():
params = {
"mako" : {
"website" : template_public.main(directory.page["public"], "reset")
}
}
return public_reset.reset().html(params)
@app.route('/logout') @app.route('/logout')
def index(): def index():
beaker_session = request.environ.get('beaker.session') beaker_session = request.environ.get('beaker.session')
@ -174,3 +194,24 @@ def index():
except Exception as e: except Exception as e:
print(str(e)) print(str(e))
return json.dumps({}, indent = 2).encode() return json.dumps({}, indent = 2).encode()
@app.route('/api/auth/password/forgot/<type>', method='POST')
def index(type):
try:
params = request.json
params["type"] = type
if type == "send":
params["mako"] = {
"email" : template_email.main(directory.page["email"], "reset")
}
elif type == "change":
params["mako"] = {
"email" : template_email.main(directory.page["email"], "message")
}
else:
pass
response.content_type = 'application/json'
return json.dumps(api_auth.auth().forgot(params), indent = 2).encode()
except Exception as e:
print(str(e))
return json.dumps({}, indent = 2).encode()

26
app/modules/api/auth.py
View File

@ -471,14 +471,16 @@ class auth:
type = params["type" ] # POST: send / change type = params["type" ] # POST: send / change
self.cursor.execute("BEGIN;") self.cursor.execute("BEGIN;")
try: try:
loggorilla.fyinf(APIADDR, f"type: {type}")
if type == "send": if type == "send":
loggorilla.prcss(APIADDR, "Define parameters inside decision") loggorilla.prcss(APIADDR, "Define parameters inside decision")
email = params["email"].lower() email = params["email"].lower()
loggorilla.prcss(APIADDR, "Get dependency data") loggorilla.prcss(APIADDR, "Get dependency data")
self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (email,) ) self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (email,) )
result_verified = self.cursor.fetchone() result_verified = self.cursor.fetchone()
token = result_verified["token"].decode()
if result_verified["count"] >= 1: if result_verified["count"] >= 1:
loggorilla.prcss(APIADDR, "Get token")
token = result_verified["token"].decode()
loggorilla.prcss(APIADDR, "Generate URL") loggorilla.prcss(APIADDR, "Generate URL")
# TODO: set expired time # TODO: set expired time
expired = datetime.datetime.now() + datetime.timedelta(minutes=30) # Can be hours or minutes expired = datetime.datetime.now() + datetime.timedelta(minutes=30) # Can be hours or minutes
@ -493,14 +495,13 @@ class auth:
loggorilla.prcss(APIADDR, "Sending email") loggorilla.prcss(APIADDR, "Sending email")
self.smtpconfig['subject' ] = f"{globalvar.title} forgot password" self.smtpconfig['subject' ] = f"{globalvar.title} forgot password"
self.smtpconfig['to' ] = email self.smtpconfig['to' ] = email
self.smtpconfig['text' ] = f"Please visit this link to change password: {change_forgot_url}. Avoid the link if you are not request this." self.smtpconfig['text' ] = f"Please visit this link to reset password: {change_forgot_url}. Avoid the link if you are not request this."
self.smtpconfig['html' ] = Template(params["mako"]["email"]['template']).render( self.smtpconfig['html' ] = Template(params["mako"]["email"]['index']).render(
title = globalvar.title, title = globalvar.title,
heading = self.smtpconfig['subject'], header = globalvar.title,
image = "https://colorlib.com/etc/email-template/10/images/email.png", copyright = globalvar.copyright,
unsubscribe = "#", container = Template(params["mako"]["email"]['container']).render(
container = Template(params["mako"]["email"]['container']).render( reset = change_forgot_url
change = change_forgot_url
) )
) )
sendwave.smtp(self.smtpconfig) sendwave.smtp(self.smtpconfig)
@ -544,12 +545,11 @@ class auth:
self.smtpconfig['subject' ] = f"{globalvar.title} password change success" self.smtpconfig['subject' ] = f"{globalvar.title} password change success"
self.smtpconfig['to' ] = email self.smtpconfig['to' ] = email
self.smtpconfig['text' ] = f"You had change your password." self.smtpconfig['text' ] = f"You had change your password."
self.smtpconfig['html' ] = Template(params["mako"]["email"]['template']).render( self.smtpconfig['html' ] = Template(params["mako"]["email"]['index']).render(
title = globalvar.title, title = globalvar.title,
heading = self.smtpconfig['subject'], header = globalvar.title,
image = "https://colorlib.com/etc/email-template/10/images/email.png", copyright = globalvar.copyright,
unsubscribe = "#", container = Template(params["mako"]["email"]['container']).render(
container = Template(params["mako"]["email"]['container']).render(
message = f"You had change your password." message = f"You had change your password."
) )
) )

30
app/modules/public/forgot.py Normal file
View File

@ -0,0 +1,30 @@
from mako.template import Template
from config import globalvar
from bottle import request
class forgot:
def __init__(self):
pass
def html(self, params):
active_page = "Forgot"
user_roles = [0]
beaker_session = request.environ.get('beaker.session')
jwt = beaker_session["token"] if "token" in beaker_session else None
if jwt is not None:
return redirect('/')
else:
return Template(params["mako"]["website"]['index']).render(
title = globalvar.title,
header = globalvar.header,
navbar = Template(params["mako"]["website"]['navbar']).render(
menu = globalvar.menu['public']['navbar'],
user_roles = user_roles,
active_page = active_page
),
footer = Template(params["mako"]["website"]['footer']).render(
copyright = globalvar.copyright,
),
container = Template(params["mako"]["website"]['container']).render()
)

30
app/modules/public/reset.py Normal file
View File

@ -0,0 +1,30 @@
from mako.template import Template
from config import globalvar
from bottle import request
class reset:
def __init__(self):
pass
def html(self, params):
active_page = "Reset"
user_roles = [0]
beaker_session = request.environ.get('beaker.session')
jwt = beaker_session["token"] if "token" in beaker_session else None
if jwt is not None:
return redirect('/')
else:
return Template(params["mako"]["website"]['index']).render(
title = globalvar.title,
header = globalvar.header,
navbar = Template(params["mako"]["website"]['navbar']).render(
menu = globalvar.menu['public']['navbar'],
user_roles = user_roles,
active_page = active_page
),
footer = Template(params["mako"]["website"]['footer']).render(
copyright = globalvar.copyright,
),
container = Template(params["mako"]["website"]['container']).render()
)

6
app/pages/email/reset.html Normal file
View File

@ -0,0 +1,6 @@
<h2>Forgot Password</h2>
<p>Please visit this link below to reset password. <b>Avoid the link if you are not request this.</b> </p>
<a href="${reset}" class="button">
Reset password
</a>

15
app/pages/public/forgot.html Normal file
View File

@ -0,0 +1,15 @@
<h1>Forgot Password</h1>
<script type="text/javascript" src="/js/carrack.js"></script>
<!-- FORM -->
<input required type="email" id="form-email" placeholder="Email"> <br>
<button onclick="onSubmit()">Submit</button>
<!-- RESPONSE -->
<div id="alert-response" role="alert">
<b id="alert-status">Loading...</b> <span id="alert-desc">Please wait...</span>
</div>
<script type="text/javascript" src="/js/auth/forgot.js"></script>

4
app/pages/public/login.html
View File

@ -4,7 +4,9 @@
<input required type="text" id="form-username" placeholder="Username" > <br> <input required type="text" id="form-username" placeholder="Username" > <br>
<input required type="password" id="form-password" placeholder="Password" > <br> <input required type="password" id="form-password" placeholder="Password" > <br>
<button type="button" onclick="onSubmit()">Login</button> <button type="button" onclick="onSubmit()">Login</button> <br>
<a href="/forgot">Forgot password</a>
<div id="alert-response" role="alert"> <div id="alert-response" role="alert">
<b id="alert-status">Loading...</b> <span id="alert-desc">Please wait...</span> <b id="alert-status">Loading...</b> <span id="alert-desc">Please wait...</span>

16
app/pages/public/reset.html Normal file
View File

@ -0,0 +1,16 @@
<h1>Reset Password</h1>
<script type="text/javascript" src="/js/carrack.js"></script>
<!-- FORM -->
<div id="form">
<input required type="password" id="form-password" placeholder="New Password"> <br>
<button onclick="onSubmit()">Submit</button>
</div>
<!-- RESPONSE -->
<div id="alert-response" role="alert">
<b id="alert-status">Loading...</b> <span id="alert-desc">Please wait...</span>
</div>
<script type="text/javascript" src="/js/auth/reset.js"></script>

42
app/static/js/auth/forgot.js Normal file
View File

@ -0,0 +1,42 @@
function flushResponse() {
document.getElementById("alert-response" ).style.display = 'none';
document.getElementById("alert-response" ).classList.remove('alert-success' );
document.getElementById("alert-response" ).classList.remove('alert-danger' );
document.getElementById("alert-response" ).classList.remove('alert-primary' );
}
function loadingResponse() {
flushResponse();
document.getElementById("alert-status" ).innerHTML = "Loading...";
document.getElementById("alert-desc" ).innerHTML = "Please wait...";
document.getElementById("alert-response").classList.add('alert-primary');
document.getElementById("alert-response").style.display = 'block';
}
function responseAlert(response) {
flushResponse();
const obj = JSON.parse(response);
if (obj.status == "success" ) document.getElementById("alert-response").classList.add('alert-success' );
if (obj.status == "failed" ) document.getElementById("alert-response").classList.add('alert-danger' );
document.getElementById("alert-status" ).innerHTML = obj.status;
document.getElementById("alert-desc" ).innerHTML = obj.desc;
document.getElementById("alert-response").style.display = 'block';
}
function onSubmit() {
loadingResponse();
var email = document.getElementById("form-email" ).value;
var url = "/api/auth/password/forgot/send";
var payload = {
"email" : email
};
sendHttpRequest(url, "POST", payload, function (error, response) {
if (error) console.error("Error:", error);
else {
console.log("JSON Response:", response);
responseAlert(response);
}
}, "application/json");
}
flushResponse();

49
app/static/js/auth/reset.js Normal file
View File

@ -0,0 +1,49 @@
function flushResponse() {
document.getElementById("alert-response" ).style.display = 'none';
document.getElementById("alert-response" ).classList.remove('alert-success' );
document.getElementById("alert-response" ).classList.remove('alert-danger' );
document.getElementById("alert-response" ).classList.remove('alert-primary' );
}
function loadingResponse() {
flushResponse();
document.getElementById("alert-status" ).innerHTML = "Loading...";
document.getElementById("alert-desc" ).innerHTML = "Please wait...";
document.getElementById("alert-response").classList.add('alert-primary');
document.getElementById("alert-response").style.display = 'block';
}
function responseAlert(response) {
flushResponse();
const obj = JSON.parse(response);
if (obj.status == "success" ) {
document.getElementById("form").style.display = 'none';
document.getElementById("alert-response").classList.add('alert-success' );
}
if (obj.status == "failed" ) document.getElementById("alert-response").classList.add('alert-danger' );
document.getElementById("alert-status" ).innerHTML = obj.status;
document.getElementById("alert-desc" ).innerHTML = obj.desc;
document.getElementById("alert-response").style.display = 'block';
}
function onSubmit() {
loadingResponse();
const queryString = window.location.search;
const urlParams = new URLSearchParams(queryString);
const token = urlParams.get('token')
var password = document.getElementById("form-password").value;
var url = "/api/auth/password/forgot/change";
var payload = {
"token" : token,
"password" : password
};
sendHttpRequest(url, "POST", payload, function (error, response) {
if (error) console.error("Error:", error);
else {
console.log("JSON Response:", response);
responseAlert(response);
}
}, "application/json");
}
flushResponse();