Browse code

"Login check from postgres database"

Doug Le Tough authored on 23/12/2017 05:04:27
Showing 4 changed files
... ...
@@ -110,6 +110,12 @@ function verify_login() {
110 110
   return false;
111 111
 }
112 112
 
113
+function logout() {
114
+  // Logout user
115
+  setcookie('token', '', 30);
116
+  document.location = '/';
117
+}
118
+
113 119
 /* **************************************************************************************
114 120
  * AJAX
115 121
  * **************************************************************************************/
... ...
@@ -23,7 +23,7 @@
23 23
         <input type='button' class='add' title='Add' value=' '/>
24 24
         <input type='button' class='edit' title='Edit' value=' '/>
25 25
         <input type='button' class='login' title='Login' value=' '/>
26
-        <input type='button' class='logout' title='Logout' value=' '/>
26
+        <input type='button' class='logout' title='Logout' value=' ' onclick='javascript:logout();'/>
27 27
         <input type='button' class='refresh' title='Refresh' value=' '/>
28 28
         <input type='button' class='save' title='Save' value=' '/>
29 29
         <input type='button' class='search' title='Search' value=' '/>
... ...
@@ -6,6 +6,7 @@ import os
6 6
 import inspect
7 7
 import random
8 8
 import binascii
9
+import bcrypt
9 10
 from flask import Flask, request, session, g, redirect, url_for, abort, render_template, flash
10 11
 from functools import wraps
11 12
 
... ...
@@ -28,6 +29,18 @@ app.secret_key = 'ce1d1c9ff0ff388a838b3a1e3207dd27'
28 28
 # Feel free to use SQLAlchemy (or not)
29 29
 db = SQLAlchemy(app)
30 30
 
31
+
32
+########################################################################
33
+# Sample user database
34
+########################################################################
35
+class Tetawebapp_users(db.Model):
36
+  __tablename__ = 'tetawebapp_users'
37
+  id = db.Column(db.Integer, primary_key=True)
38
+  mail = db.Column(db.Text, nullable=False)
39
+  password = db.Column(db.Text, nullable=False)
40
+  name = db.Column(db.Text, nullable=False)
41
+
42
+
31 43
 ########################################################################
32 44
 # Menu and navigation management
33 45
 ########################################################################
... ...
@@ -99,16 +112,25 @@ def check_session(func):
99 99
   @wraps(func)
100 100
   def check(*args, **kwargs):
101 101
     try:
102
-      if session['token'] == request.cookies['token']:
102
+      if session['token'] == request.cookies['token'] and len(session['token']) > 0:
103 103
         return func(*args, **kwargs)
104
+      else:
105
+        session['token'] = ''
106
+        response = app.make_response(render_template('login.html', message=''))
107
+        sync_cookies(response, session)
108
+        return response
104 109
     except KeyError:
105 110
       return render_template('login.html', message='')
106 111
   return check
107 112
 
108 113
 def check_login(login, password):
109 114
   """ Puts the login verification code here """
110
-  if login == 'demo' and password == 'demo':
111
-    return True
115
+  password = password.encode('utf-8')
116
+  hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
117
+  stored_hash = Tetawebapp_users.query.filter_by(mail=login).with_entities(Tetawebapp_users.password).first()
118
+  if stored_hash:
119
+    if bcrypt.checkpw(password, stored_hash[0].encode('utf-8')):
120
+      return True
112 121
   return False
113 122
 
114 123
 def gen_token():
... ...
@@ -133,8 +155,7 @@ def login():
133 133
   password = request.form.get('password')
134 134
   if check_login(login, password):
135 135
     # Generate and store a token in session
136
-    token = gen_token()
137
-    session['token'] = token
136
+    session['token'] = gen_token()
138 137
     # Return user to index page
139 138
     page = '/'
140 139
     menu = get_menu(page)
... ...
@@ -143,7 +164,10 @@ def login():
143 143
     sync_cookies(response, session)
144 144
     return response
145 145
   # Credentials are not valid
146
-  return render_template('login.html', message='Invalid user or password')
146
+  response = app.make_response(render_template('login.html', message='Invalid user or password'))
147
+  session['token'] = ''
148
+  sync_cookies(response, session)
149
+  return response
147 150
 
148 151
 @app.route("/", methods=['GET', 'POST'])
149 152
 @check_session
... ...
@@ -172,7 +196,6 @@ def articles_by_id(ID):
172 172
   navbar = get_navbar(page, selected)
173 173
   return render_template('articles_by_id.html', menu=menu, navbar=navbar, ID=ID)
174 174
 
175
-
176 175
 @app.route("/basics", methods=['GET', 'POST'])
177 176
 @check_session
178 177
 def basics():
... ...
@@ -181,7 +204,6 @@ def basics():
181 181
   menu = get_menu(page)
182 182
   return render_template('basics.html', menu=menu)
183 183
 
184
-
185 184
 @app.route("/inputs", methods=['GET', 'POST'])
186 185
 @check_session
187 186
 def inputs():
188 187
new file mode 100644
... ...
@@ -0,0 +1,48 @@
0
+\echo ******************************
1
+\echo * Dropping database tetawebapp
2
+\echo ******************************
3
+
4
+\c postgres;
5
+drop database tetawebapp;
6
+
7
+\echo **************************
8
+\echo * Dropping role tetawebapp
9
+\echo **************************
10
+drop role tetawebapp;
11
+
12
+\echo ***************************************************
13
+\echo * Creating role tetawebapp with password tetawebapp
14
+\echo ***************************************************
15
+create role tetawebapp with LOGIN ENCRYPTED PASSWORD 'tetawebapp';
16
+
17
+\echo ******************************
18
+\echo * Creating database tetawebapp
19
+\echo ******************************
20
+create database tetawebapp;
21
+
22
+\echo *******************************************
23
+\echo * Giving tetawebapp ownership to tetawebapp
24
+\echo *******************************************
25
+alter database tetawebapp owner to tetawebapp;
26
+
27
+\echo *********************************
28
+\echo * Creating tetawebapp_users table
29
+\echo *********************************
30
+
31
+\c tetawebapp;
32
+CREATE TABLE tetawebapp_users (
33
+  id serial primary key,
34
+  mail text not NULL,
35
+  password text not NULL,
36
+  name text not NULL
37
+);
38
+
39
+\echo *************************************************
40
+\echo * Giving tetawebapp_users ownership to tetawebapp
41
+\echo *************************************************
42
+alter table tetawebapp_users owner to tetawebapp;
43
+
44
+\echo *********************************************************************
45
+\echo * Inserting user demo identified by password demo to tetawebapp_users
46
+\echo *********************************************************************
47
+insert into tetawebapp_users (mail, password, name) values ('demo', '$2b$12$yjv4QMctGJFj2HmmbF6u5uDq9ATIl/Y9Z96MbaqRrcG6AE0CGHKSS', 'demo');