app/.gitignore

@@ -1,11 +1,8 @@
-.ssh
-.venv
-.beaker/data/*
-!.beaker/data/.noremove
-
+.ssh/
 **/__pycache__
 *.pyc
-
-.DS_Store
-
+venv/
+env/
+.beaker/data/*
+!.beaker/data/.noremove
 nohup.out

app/handler.py

@@ -230,28 +230,23 @@ def index():
         print(str(e))
         return json.dumps({}, indent = 2).encode()
 
-@app.route('/api/auth/password/forgot', method='POST')
-def index():
+@app.route('/api/auth/password/forgot/<type>', method='POST')
+def index(type):
     try:
         params = request.json
+        params["type"] = type
+        if type == "send":
             params["mako"] = {
                 "email" : template_email.main(directory.page["email"], "reset")
             }
-        response.content_type = 'application/json'
-        return json.dumps(api_auth.auth().forgot(params), indent = 2).encode()
-    except Exception as e:
-        print(str(e))
-        return json.dumps({}, indent = 2).encode()
-
-@app.route('/api/auth/password/reset', method='POST')
-def index():
-    try:
-        params = request.json
+        elif type == "change":
             params["mako"] = {
                 "email" : template_email.main(directory.page["email"], "message")
             }
+        else:
+            pass
         response.content_type = 'application/json'
-        return json.dumps(api_auth.auth().reset(params), indent = 2).encode()
+        return json.dumps(api_auth.auth().forgot(params), indent = 2).encode()
     except Exception as e:
         print(str(e))
         return json.dumps({}, indent = 2).encode()

app/install.sh

@@ -1,13 +1,10 @@
-python3 -m venv .venv                   # Create .venv
+sudo apt-get install -y python3-pip
+pip install --upgrade pip
+pip install bottle # Micro Framework
+pip install gunicorn # WSGI Server Backend
+pip install beaker # Session & caching library
+pip install mako # Template library
+pip install mysql-connector # Database
 
-.venv/bin/pip3 install --upgrade pip    # Upgrade pip
-
-.venv/bin/pip3 install bottle           # Micro Framework
-.venv/bin/pip3 install gunicorn         # WSGI Server Backend
-.venv/bin/pip3 install beaker           # Session & caching library
-.venv/bin/pip3 install mako             # Template library
-
-.venv/bin/pip3 install mysql-connector  # Database connector
-.venv/bin/pip3 install bcrypt           # Password hash
-.venv/bin/pip3 install pyjwt[crypto]    # JWT
-.venv/bin/pip3 install requests         # For HTTP Request (Recaptcha need a POST HTTP requests)
+pip install bcrypt
+pip install pyjwt[crypto]

app/modules/api/auth.py

@@ -465,11 +465,15 @@ class auth:
         return response
 
     def forgot(self, params):
-        APIADDR     = "/api/auth/password/forgot"
+        APIADDR     = "/api/auth/password/forgot/:type"
+        loggorilla.prcss(APIADDR, "Define parameters")
         response    = {}
+        type        = params["type"     ] # POST: send / change
         self.cursor.execute("BEGIN;")
         try:
-            loggorilla.prcss(APIADDR, "Define parameters")
+            loggorilla.fyinf(APIADDR, f"type: {type}")
+            if type == "send":
+                loggorilla.prcss(APIADDR, "Define parameters inside decision")
                 email = params["email"].lower()
                 loggorilla.prcss(APIADDR, "Get dependency data")
                 self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (email,) )
@@ -507,23 +511,8 @@ class auth:
                 else:
                     response["status"	] = "failed"
                     response["desc"		] = "The parameters seems suspicious and you are not authorized for that"
-        except Exception as e:
-            self.cursor.execute("ROLLBACK;")
-            loggorilla.error(APIADDR, str(e) )
-            response["status"	] = "failed"
-            response["desc"		] = "Internal Server Error. Please contact us if you still have an error. for detail"
-        finally:
-            self.cursor.execute("COMMIT;")
-            self.cursor.close()
-            self.db_main.close()
-        return response
-
-    def reset(self, params):
-        APIADDR     = "/api/auth/password/reset"
-        response    = {}
-        self.cursor.execute("BEGIN;")
-        try:
-            loggorilla.prcss(APIADDR, "Define parameters")
+            elif type == "change":
+                loggorilla.prcss(APIADDR, "Define parameters inside decision")
                 token_encrypt   = params["token"    ]
                 password        = params["password" ]
                 loggorilla.prcss(APIADDR, "Decrypt token")
@@ -568,6 +557,9 @@ class auth:
                     loggorilla.prcss(APIADDR, "Giving response")
                     response["status"	] = "success"
                     response["desc"		] = "password change success"
+            else:
+                response["status"	] = "failed"
+                response["desc"		] = "forbidden"
         except Exception as e:
             self.cursor.execute("ROLLBACK;")
             loggorilla.error(APIADDR, str(e) )

app/static/js/auth/forgot.js

@@ -26,7 +26,7 @@ function responseAlert(response) {
 function onSubmit() {
   loadingResponse();
   var email     = document.getElementById("form-email"    ).value;
-  var url       = "/api/auth/password/forgot";
+  var url       = "/api/auth/password/forgot/send";
   var payload   = {
     "email"     : email
   };

app/static/js/auth/reset.js

@@ -32,7 +32,7 @@ function onSubmit() {
   const urlParams   = new URLSearchParams(queryString);
   const token       = urlParams.get('token')
   var password     = document.getElementById("form-password").value;
-  var url     = "/api/auth/password/reset";
+  var url     = "/api/auth/password/forgot/change";
   var payload = {
     "token" : token,
     "password" : password