From b745381002b85c26ebcc033cb026da48f680b2e2 Mon Sep 17 00:00:00 2001
From: Doug Le Tough <doug.letough@free.fr>
Date: Sat, 23 Dec 2017 06:04:27 +0100
Subject: [PATCH] "Login check from postgres database"

---
 tetawebapp/static/scripts/tetawebapp.js |  6 ++++
 tetawebapp/templates/inputs.html        |  2 +-
 tetawebapp/tetawebapp.py                | 38 +++++++++++++++-----
 tetawebapp/tetawebapp.sql               | 48 +++++++++++++++++++++++++
 4 files changed, 85 insertions(+), 9 deletions(-)
 create mode 100644 tetawebapp/tetawebapp.sql

diff --git a/tetawebapp/static/scripts/tetawebapp.js b/tetawebapp/static/scripts/tetawebapp.js
index 17f8404..67cc0a9 100644
--- a/tetawebapp/static/scripts/tetawebapp.js
+++ b/tetawebapp/static/scripts/tetawebapp.js
@@ -110,6 +110,12 @@ function verify_login() {
   return false;
 }
 
+function logout() {
+  // Logout user
+  setcookie('token', '', 30);
+  document.location = '/';
+}
+
 /* **************************************************************************************
  * AJAX
  * **************************************************************************************/
diff --git a/tetawebapp/templates/inputs.html b/tetawebapp/templates/inputs.html
index 66cedb1..9059bc8 100644
--- a/tetawebapp/templates/inputs.html
+++ b/tetawebapp/templates/inputs.html
@@ -23,7 +23,7 @@
         <input type='button' class='add' title='Add' value=' '/>
         <input type='button' class='edit' title='Edit' value=' '/>
         <input type='button' class='login' title='Login' value=' '/>
-        <input type='button' class='logout' title='Logout' value=' '/>
+        <input type='button' class='logout' title='Logout' value=' ' onclick='javascript:logout();'/>
         <input type='button' class='refresh' title='Refresh' value=' '/>
         <input type='button' class='save' title='Save' value=' '/>
         <input type='button' class='search' title='Search' value=' '/>
diff --git a/tetawebapp/tetawebapp.py b/tetawebapp/tetawebapp.py
index 460e4a1..6f97cbc 100755
--- a/tetawebapp/tetawebapp.py
+++ b/tetawebapp/tetawebapp.py
@@ -6,6 +6,7 @@ import os
 import inspect
 import random
 import binascii
+import bcrypt
 from flask import Flask, request, session, g, redirect, url_for, abort, render_template, flash
 from functools import wraps
 
@@ -28,6 +29,18 @@ app.secret_key = 'ce1d1c9ff0ff388a838b3a1e3207dd27'
 # Feel free to use SQLAlchemy (or not)
 db = SQLAlchemy(app)
 
+
+########################################################################
+# Sample user database
+########################################################################
+class Tetawebapp_users(db.Model):
+  __tablename__ = 'tetawebapp_users'
+  id = db.Column(db.Integer, primary_key=True)
+  mail = db.Column(db.Text, nullable=False)
+  password = db.Column(db.Text, nullable=False)
+  name = db.Column(db.Text, nullable=False)
+
+
 ########################################################################
 # Menu and navigation management
 ########################################################################
@@ -99,16 +112,25 @@ def check_session(func):
   @wraps(func)
   def check(*args, **kwargs):
     try:
-      if session['token'] == request.cookies['token']:
+      if session['token'] == request.cookies['token'] and len(session['token']) > 0:
         return func(*args, **kwargs)
+      else:
+        session['token'] = ''
+        response = app.make_response(render_template('login.html', message=''))
+        sync_cookies(response, session)
+        return response
     except KeyError:
       return render_template('login.html', message='')
   return check
 
 def check_login(login, password):
   """ Puts the login verification code here """
-  if login == 'demo' and password == 'demo':
-    return True
+  password = password.encode('utf-8')
+  hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
+  stored_hash = Tetawebapp_users.query.filter_by(mail=login).with_entities(Tetawebapp_users.password).first()
+  if stored_hash:
+    if bcrypt.checkpw(password, stored_hash[0].encode('utf-8')):
+      return True
   return False
 
 def gen_token():
@@ -133,8 +155,7 @@ def login():
   password = request.form.get('password')
   if check_login(login, password):
     # Generate and store a token in session
-    token = gen_token()
-    session['token'] = token
+    session['token'] = gen_token()
     # Return user to index page
     page = '/'
     menu = get_menu(page)
@@ -143,7 +164,10 @@ def login():
     sync_cookies(response, session)
     return response
   # Credentials are not valid
-  return render_template('login.html', message='Invalid user or password')
+  response = app.make_response(render_template('login.html', message='Invalid user or password'))
+  session['token'] = ''
+  sync_cookies(response, session)
+  return response
 
 @app.route("/", methods=['GET', 'POST'])
 @check_session
@@ -172,7 +196,6 @@ def articles_by_id(ID):
   navbar = get_navbar(page, selected)
   return render_template('articles_by_id.html', menu=menu, navbar=navbar, ID=ID)
 
-
 @app.route("/basics", methods=['GET', 'POST'])
 @check_session
 def basics():
@@ -181,7 +204,6 @@ def basics():
   menu = get_menu(page)
   return render_template('basics.html', menu=menu)
 
-
 @app.route("/inputs", methods=['GET', 'POST'])
 @check_session
 def inputs():
diff --git a/tetawebapp/tetawebapp.sql b/tetawebapp/tetawebapp.sql
new file mode 100644
index 0000000..72b84dc
--- /dev/null
+++ b/tetawebapp/tetawebapp.sql
@@ -0,0 +1,48 @@
+\echo ******************************
+\echo * Dropping database tetawebapp
+\echo ******************************
+
+\c postgres;
+drop database tetawebapp;
+
+\echo **************************
+\echo * Dropping role tetawebapp
+\echo **************************
+drop role tetawebapp;
+
+\echo ***************************************************
+\echo * Creating role tetawebapp with password tetawebapp
+\echo ***************************************************
+create role tetawebapp with LOGIN ENCRYPTED PASSWORD 'tetawebapp';
+
+\echo ******************************
+\echo * Creating database tetawebapp
+\echo ******************************
+create database tetawebapp;
+
+\echo *******************************************
+\echo * Giving tetawebapp ownership to tetawebapp
+\echo *******************************************
+alter database tetawebapp owner to tetawebapp;
+
+\echo *********************************
+\echo * Creating tetawebapp_users table
+\echo *********************************
+
+\c tetawebapp;
+CREATE TABLE tetawebapp_users (
+  id serial primary key,
+  mail text not NULL,
+  password text not NULL,
+  name text not NULL
+);
+
+\echo *************************************************
+\echo * Giving tetawebapp_users ownership to tetawebapp
+\echo *************************************************
+alter table tetawebapp_users owner to tetawebapp;
+
+\echo *********************************************************************
+\echo * Inserting user demo identified by password demo to tetawebapp_users
+\echo *********************************************************************
+insert into tetawebapp_users (mail, password, name) values ('demo', '$2b$12$yjv4QMctGJFj2HmmbF6u5uDq9ATIl/Y9Z96MbaqRrcG6AE0CGHKSS', 'demo');