diff --git a/tetawebapp/static/scripts/tetawebapp.js b/tetawebapp/static/scripts/tetawebapp.js
index 17f8404..67cc0a9 100644
--- a/tetawebapp/static/scripts/tetawebapp.js
+++ b/tetawebapp/static/scripts/tetawebapp.js
@@ -110,6 +110,12 @@ function verify_login() {
return false;
}
+function logout() {
+ // Logout user
+ setcookie('token', '', 30);
+ document.location = '/';
+}
+
/* **************************************************************************************
* AJAX
* **************************************************************************************/
diff --git a/tetawebapp/templates/inputs.html b/tetawebapp/templates/inputs.html
index 66cedb1..9059bc8 100644
--- a/tetawebapp/templates/inputs.html
+++ b/tetawebapp/templates/inputs.html
@@ -23,7 +23,7 @@
-
+
diff --git a/tetawebapp/tetawebapp.py b/tetawebapp/tetawebapp.py
index 460e4a1..6f97cbc 100755
--- a/tetawebapp/tetawebapp.py
+++ b/tetawebapp/tetawebapp.py
@@ -6,6 +6,7 @@ import os
import inspect
import random
import binascii
+import bcrypt
from flask import Flask, request, session, g, redirect, url_for, abort, render_template, flash
from functools import wraps
@@ -28,6 +29,18 @@ app.secret_key = 'ce1d1c9ff0ff388a838b3a1e3207dd27'
# Feel free to use SQLAlchemy (or not)
db = SQLAlchemy(app)
+
+########################################################################
+# Sample user database
+########################################################################
+class Tetawebapp_users(db.Model):
+ __tablename__ = 'tetawebapp_users'
+ id = db.Column(db.Integer, primary_key=True)
+ mail = db.Column(db.Text, nullable=False)
+ password = db.Column(db.Text, nullable=False)
+ name = db.Column(db.Text, nullable=False)
+
+
########################################################################
# Menu and navigation management
########################################################################
@@ -99,16 +112,25 @@ def check_session(func):
@wraps(func)
def check(*args, **kwargs):
try:
- if session['token'] == request.cookies['token']:
+ if session['token'] == request.cookies['token'] and len(session['token']) > 0:
return func(*args, **kwargs)
+ else:
+ session['token'] = ''
+ response = app.make_response(render_template('login.html', message=''))
+ sync_cookies(response, session)
+ return response
except KeyError:
return render_template('login.html', message='')
return check
def check_login(login, password):
""" Puts the login verification code here """
- if login == 'demo' and password == 'demo':
- return True
+ password = password.encode('utf-8')
+ hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
+ stored_hash = Tetawebapp_users.query.filter_by(mail=login).with_entities(Tetawebapp_users.password).first()
+ if stored_hash:
+ if bcrypt.checkpw(password, stored_hash[0].encode('utf-8')):
+ return True
return False
def gen_token():
@@ -133,8 +155,7 @@ def login():
password = request.form.get('password')
if check_login(login, password):
# Generate and store a token in session
- token = gen_token()
- session['token'] = token
+ session['token'] = gen_token()
# Return user to index page
page = '/'
menu = get_menu(page)
@@ -143,7 +164,10 @@ def login():
sync_cookies(response, session)
return response
# Credentials are not valid
- return render_template('login.html', message='Invalid user or password')
+ response = app.make_response(render_template('login.html', message='Invalid user or password'))
+ session['token'] = ''
+ sync_cookies(response, session)
+ return response
@app.route("/", methods=['GET', 'POST'])
@check_session
@@ -172,7 +196,6 @@ def articles_by_id(ID):
navbar = get_navbar(page, selected)
return render_template('articles_by_id.html', menu=menu, navbar=navbar, ID=ID)
-
@app.route("/basics", methods=['GET', 'POST'])
@check_session
def basics():
@@ -181,7 +204,6 @@ def basics():
menu = get_menu(page)
return render_template('basics.html', menu=menu)
-
@app.route("/inputs", methods=['GET', 'POST'])
@check_session
def inputs():
diff --git a/tetawebapp/tetawebapp.sql b/tetawebapp/tetawebapp.sql
new file mode 100644
index 0000000..72b84dc
--- /dev/null
+++ b/tetawebapp/tetawebapp.sql
@@ -0,0 +1,48 @@
+\echo ******************************
+\echo * Dropping database tetawebapp
+\echo ******************************
+
+\c postgres;
+drop database tetawebapp;
+
+\echo **************************
+\echo * Dropping role tetawebapp
+\echo **************************
+drop role tetawebapp;
+
+\echo ***************************************************
+\echo * Creating role tetawebapp with password tetawebapp
+\echo ***************************************************
+create role tetawebapp with LOGIN ENCRYPTED PASSWORD 'tetawebapp';
+
+\echo ******************************
+\echo * Creating database tetawebapp
+\echo ******************************
+create database tetawebapp;
+
+\echo *******************************************
+\echo * Giving tetawebapp ownership to tetawebapp
+\echo *******************************************
+alter database tetawebapp owner to tetawebapp;
+
+\echo *********************************
+\echo * Creating tetawebapp_users table
+\echo *********************************
+
+\c tetawebapp;
+CREATE TABLE tetawebapp_users (
+ id serial primary key,
+ mail text not NULL,
+ password text not NULL,
+ name text not NULL
+);
+
+\echo *************************************************
+\echo * Giving tetawebapp_users ownership to tetawebapp
+\echo *************************************************
+alter table tetawebapp_users owner to tetawebapp;
+
+\echo *********************************************************************
+\echo * Inserting user demo identified by password demo to tetawebapp_users
+\echo *********************************************************************
+insert into tetawebapp_users (mail, password, name) values ('demo', '$2b$12$yjv4QMctGJFj2HmmbF6u5uDq9ATIl/Y9Z96MbaqRrcG6AE0CGHKSS', 'demo');