diff --git a/handler.py b/handler.py index 6a9b664..9673233 100644 --- a/handler.py +++ b/handler.py @@ -18,6 +18,8 @@ import modules.public.register as public_register import modules.public.notme as public_notme import modules.public.verify as public_verify import modules.public.login as public_login +import modules.public.forgot as public_forgot +import modules.public.reset as public_reset import modules.api.auth as api_auth @@ -69,6 +71,24 @@ def index(): } return public_login.login().html(params) +@app.route('/forgot') +def index(): + params = { + "mako" : { + "website" : template_public.main(directory.page["public"], "forgot") + } + } + return public_forgot.forgot().html(params) + +@app.route('/reset', method='GET') +def index(): + params = { + "mako" : { + "website" : template_public.main(directory.page["public"], "reset") + } + } + return public_reset.reset().html(params) + @app.route('/api/auth/register/', method=['OPTIONS', 'POST']) def index(roles): try: @@ -136,6 +156,38 @@ def index(): print(str(e),flush=True) return json.dumps({}, indent = 2).encode() +@app.route('/api/auth/forgot', method=['OPTIONS', 'POST']) +def index(): + try: + if request.method == 'OPTIONS': + return None + else: + response.content_type = 'application/json' + params = request.json + params["mako" ] = { + "email" : template_email.main(directory.page["email"], "reset") + } + return json.dumps(api_auth.auth().forgot(params), indent = 2).encode() + except Exception as e: + print(str(e),flush=True) + return json.dumps({}, indent = 2).encode() + +@app.route('/api/auth/reset', method=['OPTIONS', 'POST']) +def index(): + try: + if request.method == 'OPTIONS': + return None + else: + response.content_type = 'application/json' + params = request.json + params["mako" ] = { + "email" : template_email.main(directory.page["email"], "message") + } + return json.dumps(api_auth.auth().reset(params), indent = 2).encode() + except Exception as e: + print(str(e),flush=True) + return json.dumps({}, indent = 2).encode() + @app.route('/api/auth/login', method=['OPTIONS', 'POST']) def index(): try: diff --git a/modules/api/auth.py b/modules/api/auth.py index 0ed1b6c..b1b43db 100644 --- a/modules/api/auth.py +++ b/modules/api/auth.py @@ -169,6 +169,7 @@ class auth: response["status" ] = "success" response["desc" ] = "Thanks for your report. Now your data will be deleted from our system." except Exception as e: + loggorilla.prcss(APIADDR, "Rollback") self.cursor.execute("ROLLBACK;") loggorilla.error(APIADDR, str(e) ) response["status" ] = "failed" @@ -427,7 +428,7 @@ class auth: } else: loggorilla.prcss(APIADDR, "Updating") - self.cursor.execute("UPDATE `auth` SET `password` = %s, `when_update` = NOW() WHERE `token` = %s", (hashed, token) ) + self.cursor.execute("UPDATE `auth` SET `password` = %s WHERE `token` = %s", (hashed, token) ) loggorilla.prcss(APIADDR, "Sending email") webmail_data = {} result_webmail = procedure_webmail.webmail().changed(APIADDR, params, webmail_data) diff --git a/modules/public/forgot.py b/modules/public/forgot.py new file mode 100644 index 0000000..bdeb90d --- /dev/null +++ b/modules/public/forgot.py @@ -0,0 +1,35 @@ +from mako.template import Template +from config import globalvar +from scripts import loggorilla + +import procedure.validation as procedure_validation + +class forgot: + + def __init__(self): + pass + + def html(self, params): + APIADDR = "/forgot" + + loggorilla.prcss(APIADDR, "Define page parameters") + active_page = "Forgot" + allowed_roles = [0] + + loggorilla.prcss(APIADDR, "Account validation") + user_validation = procedure_validation.validation().account(APIADDR, allowed_roles) + user = user_validation['data'] + + return Template(params["mako"]["website"]['index']).render( + title = globalvar.title, + header = globalvar.header, + navbar = Template(params["mako"]["website"]['navbar']).render( + menu = globalvar.menu['public']['navbar'], + user_roles = user['profile']['roles'], + active_page = active_page + ), + footer = Template(params["mako"]["website"]['footer']).render( + copyright = globalvar.copyright, + ), + container = Template(params["mako"]["website"]['container']).render() + ) diff --git a/modules/public/reset.py b/modules/public/reset.py new file mode 100644 index 0000000..fea1422 --- /dev/null +++ b/modules/public/reset.py @@ -0,0 +1,35 @@ +from mako.template import Template +from config import globalvar +from scripts import loggorilla + +import procedure.validation as procedure_validation + +class reset: + + def __init__(self): + pass + + def html(self, params): + APIADDR = "/reset" + + loggorilla.prcss(APIADDR, "Define page parameters") + active_page = "Reset" + allowed_roles = [0] + + loggorilla.prcss(APIADDR, "Account validation") + user_validation = procedure_validation.validation().account(APIADDR, allowed_roles) + user = user_validation['data'] + + return Template(params["mako"]["website"]['index']).render( + title = globalvar.title, + header = globalvar.header, + navbar = Template(params["mako"]["website"]['navbar']).render( + menu = globalvar.menu['public']['navbar'], + user_roles = user['profile']['roles'], + active_page = active_page + ), + footer = Template(params["mako"]["website"]['footer']).render( + copyright = globalvar.copyright, + ), + container = Template(params["mako"]["website"]['container']).render() + ) diff --git a/pages/public/forgot.html b/pages/public/forgot.html new file mode 100644 index 0000000..54bfa68 --- /dev/null +++ b/pages/public/forgot.html @@ -0,0 +1,15 @@ +

Forgot Password

+ + + + +
+ + + + + + + diff --git a/pages/public/reset.html b/pages/public/reset.html new file mode 100644 index 0000000..5b77a0f --- /dev/null +++ b/pages/public/reset.html @@ -0,0 +1,16 @@ +

Reset Password

+ + + + +
+
+ +
+ + + + + diff --git a/static/js/auth/forgot.js b/static/js/auth/forgot.js new file mode 100644 index 0000000..f13787a --- /dev/null +++ b/static/js/auth/forgot.js @@ -0,0 +1,42 @@ +function flushResponse() { + document.getElementById("alert-response" ).style.display = 'none'; + document.getElementById("alert-response" ).classList.remove('alert-success' ); + document.getElementById("alert-response" ).classList.remove('alert-danger' ); + document.getElementById("alert-response" ).classList.remove('alert-primary' ); +} + +function loadingResponse() { + flushResponse(); + document.getElementById("alert-status" ).innerHTML = "Loading..."; + document.getElementById("alert-desc" ).innerHTML = "Please wait..."; + document.getElementById("alert-response").classList.add('alert-primary'); + document.getElementById("alert-response").style.display = 'block'; +} + +function responseAlert(response) { + flushResponse(); + const obj = JSON.parse(response); + if (obj.status == "success" ) document.getElementById("alert-response").classList.add('alert-success' ); + if (obj.status == "failed" ) document.getElementById("alert-response").classList.add('alert-danger' ); + document.getElementById("alert-status" ).innerHTML = obj.status; + document.getElementById("alert-desc" ).innerHTML = obj.desc; + document.getElementById("alert-response").style.display = 'block'; +} + +function onSubmit() { + loadingResponse(); + var email = document.getElementById("form-email" ).value; + var url = "/api/auth/forgot"; + var payload = { + "email" : email + }; + sendHttpRequest(url, "POST", payload, function (error, response) { + if (error) console.error("Error:", error); + else { + console.log("JSON Response:", response); + responseAlert(response); + } + }, "application/json"); +} + +flushResponse(); diff --git a/static/js/auth/reset.js b/static/js/auth/reset.js new file mode 100644 index 0000000..41060c5 --- /dev/null +++ b/static/js/auth/reset.js @@ -0,0 +1,49 @@ +function flushResponse() { + document.getElementById("alert-response" ).style.display = 'none'; + document.getElementById("alert-response" ).classList.remove('alert-success' ); + document.getElementById("alert-response" ).classList.remove('alert-danger' ); + document.getElementById("alert-response" ).classList.remove('alert-primary' ); +} + +function loadingResponse() { + flushResponse(); + document.getElementById("alert-status" ).innerHTML = "Loading..."; + document.getElementById("alert-desc" ).innerHTML = "Please wait..."; + document.getElementById("alert-response").classList.add('alert-primary'); + document.getElementById("alert-response").style.display = 'block'; +} + +function responseAlert(response) { + flushResponse(); + const obj = JSON.parse(response); + if (obj.status == "success" ) { + document.getElementById("form").style.display = 'none'; + document.getElementById("alert-response").classList.add('alert-success' ); + } + if (obj.status == "failed" ) document.getElementById("alert-response").classList.add('alert-danger' ); + document.getElementById("alert-status" ).innerHTML = obj.status; + document.getElementById("alert-desc" ).innerHTML = obj.desc; + document.getElementById("alert-response").style.display = 'block'; +} + +function onSubmit() { + loadingResponse(); + const queryString = window.location.search; + const urlParams = new URLSearchParams(queryString); + const token = urlParams.get('token') + var password = document.getElementById("form-password").value; + var url = "/api/auth/reset"; + var payload = { + "token" : token, + "password" : password + }; + sendHttpRequest(url, "POST", payload, function (error, response) { + if (error) console.error("Error:", error); + else { + console.log("JSON Response:", response); + responseAlert(response); + } + }, "application/json"); +} + +flushResponse();