Compare commits
No commits in common. "7435a0633dccc607207434538df1aa8af49118c1" and "d6cbd8c782084826425d0c40dabe5b619976b87a" have entirely different histories.
7435a0633d
...
d6cbd8c782
@ -6,8 +6,6 @@ copyright = "Copyright (C) 2024 Dita Aji Pratama"
|
|||||||
|
|
||||||
production = False
|
production = False
|
||||||
forbidden_registration = ['su', 'admin']
|
forbidden_registration = ['su', 'admin']
|
||||||
if production == False:
|
|
||||||
forbidden_registration = []
|
|
||||||
|
|
||||||
auth_key = 'your_key'
|
auth_key = 'your_key'
|
||||||
|
|
||||||
|
|||||||
@ -31,12 +31,6 @@ menu = {
|
|||||||
"href":"/login",
|
"href":"/login",
|
||||||
"roles":[0]
|
"roles":[0]
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"name":"Profile",
|
|
||||||
"target":"_self",
|
|
||||||
"href":"/profile",
|
|
||||||
"roles":[1,2,3]
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"name":"Logout",
|
"name":"Logout",
|
||||||
"target":"_self",
|
"target":"_self",
|
||||||
|
|||||||
10
handler.py
10
handler.py
@ -22,7 +22,6 @@ import modules.public.login as public_login
|
|||||||
import modules.public.forgot as public_forgot
|
import modules.public.forgot as public_forgot
|
||||||
import modules.public.reset as public_reset
|
import modules.public.reset as public_reset
|
||||||
|
|
||||||
import modules.public.profile as public_profile
|
|
||||||
import modules.public.roles as public_roles
|
import modules.public.roles as public_roles
|
||||||
import modules.public.users as public_users
|
import modules.public.users as public_users
|
||||||
import modules.public.accept as public_accept
|
import modules.public.accept as public_accept
|
||||||
@ -123,15 +122,6 @@ def index():
|
|||||||
else:
|
else:
|
||||||
redirect('/')
|
redirect('/')
|
||||||
|
|
||||||
@app.route('/profile')
|
|
||||||
def index():
|
|
||||||
params = {
|
|
||||||
"mako" : {
|
|
||||||
"website" : template_public.main(directory.page["public"], "profile")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return public_profile.profile().html(params)
|
|
||||||
|
|
||||||
@app.route('/roles')
|
@app.route('/roles')
|
||||||
def index():
|
def index():
|
||||||
params = {
|
params = {
|
||||||
|
|||||||
@ -256,8 +256,7 @@ class auth:
|
|||||||
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles, jwt)
|
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles, jwt)
|
||||||
user = user_validation['data']
|
user = user_validation['data']
|
||||||
loggorilla.prcss(APIADDR, "Get dependency data")
|
loggorilla.prcss(APIADDR, "Get dependency data")
|
||||||
self.cursor.execute("CALL sp_auth_login(%s, @o_count, @o_token, @o_id, @o_username, @o_password)", (user['profile']['username'],) )
|
self.cursor.execute("call sp_auth_login(%s);", (user['profile']['username'],) )
|
||||||
self.cursor.execute("SELECT @o_count, @o_token, @o_id, @o_username, @o_password")
|
|
||||||
result_login = self.cursor.fetchone()
|
result_login = self.cursor.fetchone()
|
||||||
self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' ; ", (email,) )
|
self.cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.token, auth_profile.email FROM auth_profile_verification INNER JOIN auth_profile ON auth_profile.id = auth_profile_verification.profile WHERE auth_profile.email = %s AND auth_profile_verification.type = 'email' ; ", (email,) )
|
||||||
result_email = self.cursor.fetchone()
|
result_email = self.cursor.fetchone()
|
||||||
@ -270,7 +269,7 @@ class auth:
|
|||||||
loggorilla.prcss(APIADDR, "Giving response")
|
loggorilla.prcss(APIADDR, "Giving response")
|
||||||
response["status" ] = "failed"
|
response["status" ] = "failed"
|
||||||
response["desc" ] = "Invitation roles is not allowed"
|
response["desc" ] = "Invitation roles is not allowed"
|
||||||
elif not bcrypt.checkpw(password.encode(), result_login['@o_password'].decode().encode() ):
|
elif not bcrypt.checkpw(password.encode(), result_login['password'].decode().encode() ):
|
||||||
loggorilla.accss(APIADDR, f"{user['profile']['username']} put a wrong password for send invitation")
|
loggorilla.accss(APIADDR, f"{user['profile']['username']} put a wrong password for send invitation")
|
||||||
loggorilla.prcss(APIADDR, "Giving response")
|
loggorilla.prcss(APIADDR, "Giving response")
|
||||||
response["status" ] = "failed"
|
response["status" ] = "failed"
|
||||||
@ -414,15 +413,14 @@ class auth:
|
|||||||
self.cursor.execute("BEGIN;")
|
self.cursor.execute("BEGIN;")
|
||||||
try:
|
try:
|
||||||
loggorilla.prcss(APIADDR, "Get dependency data")
|
loggorilla.prcss(APIADDR, "Get dependency data")
|
||||||
self.cursor.execute("CALL sp_auth_login(%s, @o_count, @o_token, @o_id, @o_username, @o_password)", (username,))
|
self.cursor.execute("call sp_auth_login(%s);", (username,) )
|
||||||
self.cursor.execute("SELECT @o_count, @o_token, @o_id, @o_username, @o_password")
|
|
||||||
result_login = self.cursor.fetchone()
|
result_login = self.cursor.fetchone()
|
||||||
self.cursor.execute("SELECT `profile`, `type`, `verified` FROM auth_profile_verification WHERE `type` = 'email' AND `profile` = %s ; ", (result_login['@o_id'],) )
|
self.cursor.execute("SELECT `profile`, `type`, `verified` FROM auth_profile_verification WHERE `type` = 'email' AND `profile` = %s ; ", (result_login['id'],) )
|
||||||
result_verification = self.cursor.fetchone()
|
result_verification = self.cursor.fetchone()
|
||||||
loggorilla.prcss(APIADDR, "Validation")
|
loggorilla.prcss(APIADDR, "Validation")
|
||||||
if result_login['@o_count'] == 1 and result_verification['verified'] == 1 and bcrypt.checkpw(password.encode(), result_login['@o_password'].decode().encode() ) :
|
if result_login['count'] == 1 and result_verification['verified'] == 1 and bcrypt.checkpw(password.encode(), result_login['password'].decode().encode() ) :
|
||||||
loggorilla.prcss(APIADDR, "Add session")
|
loggorilla.prcss(APIADDR, "Add session")
|
||||||
self.cursor.execute(f"INSERT INTO `auth_session` VALUES (DEFAULT, %s, NOW(), NOW() + INTERVAL 60 DAY)", ( result_login['@o_token'], ) )
|
self.cursor.execute(f"INSERT INTO `auth_session` VALUES (DEFAULT, %s, NOW(), NOW() + INTERVAL 60 DAY)", ( result_login['token'], ) )
|
||||||
session_last_id = self.cursor.lastrowid
|
session_last_id = self.cursor.lastrowid
|
||||||
self.cursor.execute(f"SELECT `id`, `start`, `end` FROM `auth_session` WHERE id = %s ; ", ( session_last_id, ) )
|
self.cursor.execute(f"SELECT `id`, `start`, `end` FROM `auth_session` WHERE id = %s ; ", ( session_last_id, ) )
|
||||||
session = self.cursor.fetchone()
|
session = self.cursor.fetchone()
|
||||||
|
|||||||
@ -1,37 +0,0 @@
|
|||||||
from mako.template import Template
|
|
||||||
from config import globalvar, navigation
|
|
||||||
from scripts import loggorilla
|
|
||||||
|
|
||||||
import procedure.validation as procedure_validation
|
|
||||||
|
|
||||||
class profile:
|
|
||||||
|
|
||||||
def __init__(self):
|
|
||||||
pass
|
|
||||||
|
|
||||||
def html(self, params):
|
|
||||||
APIADDR = "/profile"
|
|
||||||
|
|
||||||
loggorilla.prcss(APIADDR, "Define page parameters")
|
|
||||||
active_page = "Profile"
|
|
||||||
allowed_roles = [1,2,3]
|
|
||||||
|
|
||||||
loggorilla.prcss(APIADDR, "Account validation")
|
|
||||||
user_validation = procedure_validation.validation().account(APIADDR, allowed_roles)
|
|
||||||
user = user_validation['data']
|
|
||||||
|
|
||||||
return Template(params["mako"]["website"]['index']).render(
|
|
||||||
title = globalvar.title,
|
|
||||||
header = globalvar.header,
|
|
||||||
navbar = Template(params["mako"]["website"]['navbar']).render(
|
|
||||||
menu = navigation.menu['public']['navbar'],
|
|
||||||
user_roles = user['profile']['roles'],
|
|
||||||
active_page = active_page
|
|
||||||
),
|
|
||||||
footer = Template(params["mako"]["website"]['footer']).render(
|
|
||||||
copyright = globalvar.copyright,
|
|
||||||
),
|
|
||||||
container = Template(params["mako"]["website"]['container']).render(
|
|
||||||
profile = user['profile']
|
|
||||||
)
|
|
||||||
)
|
|
||||||
@ -1,5 +0,0 @@
|
|||||||
<ul>
|
|
||||||
<li>Username: ${profile['username']}</li>
|
|
||||||
<li>Email: ${profile['email']}</li>
|
|
||||||
<li>Phone: ${profile['phone']}</li>
|
|
||||||
</ul>
|
|
||||||
13
sql/auth.sql
13
sql/auth.sql
@ -109,12 +109,7 @@ DELIMITER ;
|
|||||||
|
|
||||||
DELIMITER //
|
DELIMITER //
|
||||||
CREATE PROCEDURE sp_auth_login(
|
CREATE PROCEDURE sp_auth_login(
|
||||||
IN p_username VARCHAR(36),
|
IN p_username varchar(36)
|
||||||
OUT o_count INT(11),
|
|
||||||
OUT o_token BINARY(40),
|
|
||||||
OUT o_id INT(11),
|
|
||||||
OUT o_username VARCHAR(36),
|
|
||||||
OUT o_password BINARY(60)
|
|
||||||
)
|
)
|
||||||
BEGIN
|
BEGIN
|
||||||
SELECT
|
SELECT
|
||||||
@ -123,12 +118,6 @@ BEGIN
|
|||||||
auth_profile.id,
|
auth_profile.id,
|
||||||
auth_profile.username,
|
auth_profile.username,
|
||||||
auth.password
|
auth.password
|
||||||
INTO
|
|
||||||
o_count,
|
|
||||||
o_token,
|
|
||||||
o_id,
|
|
||||||
o_username,
|
|
||||||
o_password
|
|
||||||
FROM auth_profile
|
FROM auth_profile
|
||||||
INNER JOIN auth ON auth.token = auth_profile.token
|
INNER JOIN auth ON auth.token = auth_profile.token
|
||||||
WHERE auth_profile.username = p_username ;
|
WHERE auth_profile.username = p_username ;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user