6 changed files with 118 additions and 137 deletions
--- a/app/.gitignore
+++ b/app/.gitignore
@ -1,11 +1,8 @@
-.ssh
+.ssh/
 .venv
 .beaker/data/*
 !.beaker/data/.noremove
 **/__pycache__
 *.pyc
-
+venv/
-.DS_Store
+env/
-
+.beaker/data/*
 !.beaker/data/.noremove
 nohup.out
--- a/app/handler.py
+++ b/app/handler.py
@ -230,32 +230,27 @@ def index():
        print(str(e))
        return json.dumps({}, indent = 2).encode()
-@app.route('/api/auth/password/forgot', method='POST')
+@app.route('/api/auth/password/forgot/<type>', method='POST')
-def index():
+def index(type):
    try:
        params = request.json
-        params["mako"] = {
+        params["type"] = type
-            "email" : template_email.main(directory.page["email"], "reset")
+        if type == "send":
-        }
+            params["mako"] = {
                "email" : template_email.main(directory.page["email"], "reset")
            }
        elif type == "change":
            params["mako"] = {
                "email" : template_email.main(directory.page["email"], "message")
            }
        else:
            pass
        response.content_type = 'application/json'
        return json.dumps(api_auth.auth().forgot(params), indent = 2).encode()
    except Exception as e:
        print(str(e))
        return json.dumps({}, indent = 2).encode()
@app.route('/api/auth/password/reset', method='POST')
 def index():
    try:
        params = request.json
        params["mako"] = {
            "email" : template_email.main(directory.page["email"], "message")
        }
        response.content_type = 'application/json'
        return json.dumps(api_auth.auth().reset(params), indent = 2).encode()
    except Exception as e:
        print(str(e))
        return json.dumps({}, indent = 2).encode()
@app.route('/api/dashboard/roles/list', method='POST')
 def index():
    try:
--- a/app/install.sh
+++ b/app/install.sh
@ -1,13 +1,10 @@
-python3 -m venv .venv                   # Create .venv
+sudo apt-get install -y python3-pip
 pip install --upgrade pip
 pip install bottle # Micro Framework
 pip install gunicorn # WSGI Server Backend
 pip install beaker # Session & caching library
 pip install mako # Template library
 pip install mysql-connector # Database
-.venv/bin/pip3 install --upgrade pip    # Upgrade pip
+pip install bcrypt
-
+pip install pyjwt[crypto]
 .venv/bin/pip3 install bottle           # Micro Framework
 .venv/bin/pip3 install gunicorn         # WSGI Server Backend
 .venv/bin/pip3 install beaker           # Session & caching library
 .venv/bin/pip3 install mako             # Template library
 .venv/bin/pip3 install mysql-connector  # Database connector
 .venv/bin/pip3 install bcrypt           # Password hash
 .venv/bin/pip3 install pyjwt[crypto]    # JWT
 .venv/bin/pip3 install requests         # For HTTP Request (Recaptcha need a POST HTTP requests)
--- a/app/modules/api/auth.py
+++ b/app/modules/api/auth.py
@ -465,109 +465,101 @@ class auth:
        return response
    def forgot(self, params):
-        APIADDR     = "/api/auth/password/forgot"
+        APIADDR     = "/api/auth/password/forgot/:type"
        loggorilla.prcss(APIADDR, "Define parameters")
        response    = {}
        type        = params["type"     ] # POST: send / change
        self.cursor.execute("BEGIN;")
        try:
-            loggorilla.prcss(APIADDR, "Define parameters")
+            loggorilla.fyinf(APIADDR, f"type: {type}")
-            email = params["email"].lower()
+            if type == "send":
-            loggorilla.prcss(APIADDR, "Get dependency data")
+                loggorilla.prcss(APIADDR, "Define parameters inside decision")
-            self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (email,) )
+                email = params["email"].lower()
-            result_verified = self.cursor.fetchone()
+                loggorilla.prcss(APIADDR, "Get dependency data")
-            if result_verified["count"] >= 1:
+                self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (email,) )
-                loggorilla.prcss(APIADDR, "Get token")
+                result_verified = self.cursor.fetchone()
-                token = result_verified["token"].decode()
+                if result_verified["count"] >= 1:
-                loggorilla.prcss(APIADDR, "Generate URL")
+                    loggorilla.prcss(APIADDR, "Get token")
-                # TODO: set expired time
+                    token = result_verified["token"].decode()
-                expired = datetime.datetime.now() + datetime.timedelta(minutes=30) # Can be hours or minutes
+                    loggorilla.prcss(APIADDR, "Generate URL")
-                expired_isoformat = expired.isoformat()
+                    # TODO: set expired time
-                payload = {
+                    expired = datetime.datetime.now() + datetime.timedelta(minutes=30) # Can be hours or minutes
-                    "token" : token,
+                    expired_isoformat = expired.isoformat()
-                    "expired": expired_isoformat
+                    payload = {
-                }
+                        "token" : token,
-                # TODO: Config SSH key for tokenguard and set forgot URL
+                        "expired": expired_isoformat
-                token_encrypt       = tokenguard.encode(payload, globalvar.ssh['key']['private'], globalvar.ssh['passphrase'])
+                    }
-                change_forgot_url   = globalvar.change_forgot_url(token_encrypt)
+                    # TODO: Config SSH key for tokenguard and set forgot URL
-                loggorilla.prcss(APIADDR, "Sending email")
+                    token_encrypt       = tokenguard.encode(payload, globalvar.ssh['key']['private'], globalvar.ssh['passphrase'])
-                self.smtpconfig['subject'   ] = f"{globalvar.title} forgot password"
+                    change_forgot_url   = globalvar.change_forgot_url(token_encrypt)
-                self.smtpconfig['to'        ] = email
+                    loggorilla.prcss(APIADDR, "Sending email")
-                self.smtpconfig['text'      ] = f"Please visit this link to reset password: {change_forgot_url}. Avoid the link if you are not request this."
+                    self.smtpconfig['subject'   ] = f"{globalvar.title} forgot password"
-                self.smtpconfig['html'      ] = Template(params["mako"]["email"]['index']).render(
+                    self.smtpconfig['to'        ] = email
-                    title       = globalvar.title,
+                    self.smtpconfig['text'      ] = f"Please visit this link to reset password: {change_forgot_url}. Avoid the link if you are not request this."
-                    header      = globalvar.title,
+                    self.smtpconfig['html'      ] = Template(params["mako"]["email"]['index']).render(
-                    copyright   = globalvar.copyright,
+                        title       = globalvar.title,
-                    container   = Template(params["mako"]["email"]['container']).render(
+                        header      = globalvar.title,
-                        reset = change_forgot_url
+                        copyright   = globalvar.copyright,
                        container   = Template(params["mako"]["email"]['container']).render(
                            reset = change_forgot_url
            			)
                    )
-                )
+                    sendwave.smtp(self.smtpconfig)
-                sendwave.smtp(self.smtpconfig)
+                    loggorilla.prcss(APIADDR, "Giving response")
-                loggorilla.prcss(APIADDR, "Giving response")
+                    response["status"	] = "success"
-                response["status"	] = "success"
+                    response["desc"		] = "Check email for password change."
-                response["desc"		] = "Check email for password change."
+                else:
                    response["status"	] = "failed"
                    response["desc"		] = "The parameters seems suspicious and you are not authorized for that"
            elif type == "change":
                loggorilla.prcss(APIADDR, "Define parameters inside decision")
                token_encrypt   = params["token"    ]
                password        = params["password" ]
                loggorilla.prcss(APIADDR, "Decrypt token")
                payload = tokenguard.decode(token_encrypt, globalvar.ssh['key']['public'])
                token   = payload['token']
                expired = datetime.datetime.fromisoformat(payload['expired'])
                loggorilla.prcss(APIADDR, "Process parameters")
                hashed		= bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
                loggorilla.prcss(APIADDR, "Get dependency data")
                self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.token = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (token,) )
                result_verified = self.cursor.fetchone()
                email = result_verified['email']
                loggorilla.prcss(APIADDR, "Validation")
                if datetime.datetime.now() > expired:
                    response["status"	] = "failed"
                    response["desc"		] = "Expired"
                elif len(password) < 6:
                    response["status"	] = "failed"
                    response["desc"		] = "password too short"
                elif result_verified["count"] == 0:
                    response["status"	] = "failed"
                    response["desc"		] = "Forbidden: No active account for this"
                    response["data"     ] = {
                        "message": "Please contact us if you still had a problem"
                    }
                else:
                    loggorilla.prcss(APIADDR, "Updating")
                    self.cursor.execute("UPDATE `auth` SET `password` = %s, `when_update` = NOW() WHERE `token` = %s", (hashed, token) )
                    loggorilla.prcss(APIADDR, "Sending email")
                    self.smtpconfig['subject'   ] = f"{globalvar.title} password change success"
                    self.smtpconfig['to'        ] = email
                    self.smtpconfig['text'      ] = f"You had change your password."
                    self.smtpconfig['html'      ] = Template(params["mako"]["email"]['index']).render(
                        title       = globalvar.title,
                        header      = globalvar.title,
                        copyright   = globalvar.copyright,
                        container   = Template(params["mako"]["email"]['container']).render(
                            message = f"You had change your password."
            			)
                    )
                    sendwave.smtp(self.smtpconfig)
                    loggorilla.prcss(APIADDR, "Giving response")
                    response["status"	] = "success"
                    response["desc"		] = "password change success"
            else:
                response["status"	] = "failed"
-                response["desc"		] = "The parameters seems suspicious and you are not authorized for that"
+                response["desc"		] = "forbidden"
        except Exception as e:
            self.cursor.execute("ROLLBACK;")
            loggorilla.error(APIADDR, str(e) )
            response["status"	] = "failed"
            response["desc"		] = "Internal Server Error. Please contact us if you still have an error. for detail"
        finally:
            self.cursor.execute("COMMIT;")
            self.cursor.close()
            self.db_main.close()
        return response
    def reset(self, params):
        APIADDR     = "/api/auth/password/reset"
        response    = {}
        self.cursor.execute("BEGIN;")
        try:
            loggorilla.prcss(APIADDR, "Define parameters")
            token_encrypt   = params["token"    ]
            password        = params["password" ]
            loggorilla.prcss(APIADDR, "Decrypt token")
            payload = tokenguard.decode(token_encrypt, globalvar.ssh['key']['public'])
            token   = payload['token']
            expired = datetime.datetime.fromisoformat(payload['expired'])
            loggorilla.prcss(APIADDR, "Process parameters")
            hashed		= bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
            loggorilla.prcss(APIADDR, "Get dependency data")
            self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.token = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (token,) )
            result_verified = self.cursor.fetchone()
            email = result_verified['email']
            loggorilla.prcss(APIADDR, "Validation")
            if datetime.datetime.now() > expired:
                response["status"	] = "failed"
                response["desc"		] = "Expired"
            elif len(password) < 6:
                response["status"	] = "failed"
                response["desc"		] = "password too short"
            elif result_verified["count"] == 0:
                response["status"	] = "failed"
                response["desc"		] = "Forbidden: No active account for this"
                response["data"     ] = {
                    "message": "Please contact us if you still had a problem"
                }
            else:
                loggorilla.prcss(APIADDR, "Updating")
                self.cursor.execute("UPDATE `auth` SET `password` = %s, `when_update` = NOW() WHERE `token` = %s", (hashed, token) )
                loggorilla.prcss(APIADDR, "Sending email")
                self.smtpconfig['subject'   ] = f"{globalvar.title} password change success"
                self.smtpconfig['to'        ] = email
                self.smtpconfig['text'      ] = f"You had change your password."
                self.smtpconfig['html'      ] = Template(params["mako"]["email"]['index']).render(
                    title       = globalvar.title,
                    header      = globalvar.title,
                    copyright   = globalvar.copyright,
                    container   = Template(params["mako"]["email"]['container']).render(
                        message = f"You had change your password."
                    )
                )
                sendwave.smtp(self.smtpconfig)
                loggorilla.prcss(APIADDR, "Giving response")
                response["status"	] = "success"
                response["desc"		] = "password change success"
        except Exception as e:
            self.cursor.execute("ROLLBACK;")
            loggorilla.error(APIADDR, str(e) )
--- a/app/static/js/auth/forgot.js
+++ b/app/static/js/auth/forgot.js
@ -26,7 +26,7 @@ function responseAlert(response) {
 function onSubmit() {
  loadingResponse();
  var email     = document.getElementById("form-email"    ).value;
-  var url       = "/api/auth/password/forgot";
+  var url       = "/api/auth/password/forgot/send";
  var payload   = {
    "email"     : email
  };
--- a/app/static/js/auth/reset.js
+++ b/app/static/js/auth/reset.js
@ -32,7 +32,7 @@ function onSubmit() {
  const urlParams   = new URLSearchParams(queryString);
  const token       = urlParams.get('token')
  var password     = document.getElementById("form-password").value;
-  var url     = "/api/auth/password/reset";
+  var url     = "/api/auth/password/forgot/change";
  var payload = {
    "token" : token,
    "password" : password