"Login check from postgres database"

This commit is contained in:
Doug Le Tough 2017-12-23 06:04:27 +01:00
parent 36c7c277b2
commit b745381002
4 changed files with 85 additions and 9 deletions

View File

@ -110,6 +110,12 @@ function verify_login() {
return false; return false;
} }
function logout() {
// Logout user
setcookie('token', '', 30);
document.location = '/';
}
/* ************************************************************************************** /* **************************************************************************************
* AJAX * AJAX
* **************************************************************************************/ * **************************************************************************************/

View File

@ -23,7 +23,7 @@
<input type='button' class='add' title='Add' value=' '/> <input type='button' class='add' title='Add' value=' '/>
<input type='button' class='edit' title='Edit' value=' '/> <input type='button' class='edit' title='Edit' value=' '/>
<input type='button' class='login' title='Login' value=' '/> <input type='button' class='login' title='Login' value=' '/>
<input type='button' class='logout' title='Logout' value=' '/> <input type='button' class='logout' title='Logout' value=' ' onclick='javascript:logout();'/>
<input type='button' class='refresh' title='Refresh' value=' '/> <input type='button' class='refresh' title='Refresh' value=' '/>
<input type='button' class='save' title='Save' value=' '/> <input type='button' class='save' title='Save' value=' '/>
<input type='button' class='search' title='Search' value=' '/> <input type='button' class='search' title='Search' value=' '/>

View File

@ -6,6 +6,7 @@ import os
import inspect import inspect
import random import random
import binascii import binascii
import bcrypt
from flask import Flask, request, session, g, redirect, url_for, abort, render_template, flash from flask import Flask, request, session, g, redirect, url_for, abort, render_template, flash
from functools import wraps from functools import wraps
@ -28,6 +29,18 @@ app.secret_key = 'ce1d1c9ff0ff388a838b3a1e3207dd27'
# Feel free to use SQLAlchemy (or not) # Feel free to use SQLAlchemy (or not)
db = SQLAlchemy(app) db = SQLAlchemy(app)
########################################################################
# Sample user database
########################################################################
class Tetawebapp_users(db.Model):
__tablename__ = 'tetawebapp_users'
id = db.Column(db.Integer, primary_key=True)
mail = db.Column(db.Text, nullable=False)
password = db.Column(db.Text, nullable=False)
name = db.Column(db.Text, nullable=False)
######################################################################## ########################################################################
# Menu and navigation management # Menu and navigation management
######################################################################## ########################################################################
@ -99,15 +112,24 @@ def check_session(func):
@wraps(func) @wraps(func)
def check(*args, **kwargs): def check(*args, **kwargs):
try: try:
if session['token'] == request.cookies['token']: if session['token'] == request.cookies['token'] and len(session['token']) > 0:
return func(*args, **kwargs) return func(*args, **kwargs)
else:
session['token'] = ''
response = app.make_response(render_template('login.html', message=''))
sync_cookies(response, session)
return response
except KeyError: except KeyError:
return render_template('login.html', message='') return render_template('login.html', message='')
return check return check
def check_login(login, password): def check_login(login, password):
""" Puts the login verification code here """ """ Puts the login verification code here """
if login == 'demo' and password == 'demo': password = password.encode('utf-8')
hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
stored_hash = Tetawebapp_users.query.filter_by(mail=login).with_entities(Tetawebapp_users.password).first()
if stored_hash:
if bcrypt.checkpw(password, stored_hash[0].encode('utf-8')):
return True return True
return False return False
@ -133,8 +155,7 @@ def login():
password = request.form.get('password') password = request.form.get('password')
if check_login(login, password): if check_login(login, password):
# Generate and store a token in session # Generate and store a token in session
token = gen_token() session['token'] = gen_token()
session['token'] = token
# Return user to index page # Return user to index page
page = '/' page = '/'
menu = get_menu(page) menu = get_menu(page)
@ -143,7 +164,10 @@ def login():
sync_cookies(response, session) sync_cookies(response, session)
return response return response
# Credentials are not valid # Credentials are not valid
return render_template('login.html', message='Invalid user or password') response = app.make_response(render_template('login.html', message='Invalid user or password'))
session['token'] = ''
sync_cookies(response, session)
return response
@app.route("/", methods=['GET', 'POST']) @app.route("/", methods=['GET', 'POST'])
@check_session @check_session
@ -172,7 +196,6 @@ def articles_by_id(ID):
navbar = get_navbar(page, selected) navbar = get_navbar(page, selected)
return render_template('articles_by_id.html', menu=menu, navbar=navbar, ID=ID) return render_template('articles_by_id.html', menu=menu, navbar=navbar, ID=ID)
@app.route("/basics", methods=['GET', 'POST']) @app.route("/basics", methods=['GET', 'POST'])
@check_session @check_session
def basics(): def basics():
@ -181,7 +204,6 @@ def basics():
menu = get_menu(page) menu = get_menu(page)
return render_template('basics.html', menu=menu) return render_template('basics.html', menu=menu)
@app.route("/inputs", methods=['GET', 'POST']) @app.route("/inputs", methods=['GET', 'POST'])
@check_session @check_session
def inputs(): def inputs():

48
tetawebapp/tetawebapp.sql Normal file
View File

@ -0,0 +1,48 @@
\echo ******************************
\echo * Dropping database tetawebapp
\echo ******************************
\c postgres;
drop database tetawebapp;
\echo **************************
\echo * Dropping role tetawebapp
\echo **************************
drop role tetawebapp;
\echo ***************************************************
\echo * Creating role tetawebapp with password tetawebapp
\echo ***************************************************
create role tetawebapp with LOGIN ENCRYPTED PASSWORD 'tetawebapp';
\echo ******************************
\echo * Creating database tetawebapp
\echo ******************************
create database tetawebapp;
\echo *******************************************
\echo * Giving tetawebapp ownership to tetawebapp
\echo *******************************************
alter database tetawebapp owner to tetawebapp;
\echo *********************************
\echo * Creating tetawebapp_users table
\echo *********************************
\c tetawebapp;
CREATE TABLE tetawebapp_users (
id serial primary key,
mail text not NULL,
password text not NULL,
name text not NULL
);
\echo *************************************************
\echo * Giving tetawebapp_users ownership to tetawebapp
\echo *************************************************
alter table tetawebapp_users owner to tetawebapp;
\echo *********************************************************************
\echo * Inserting user demo identified by password demo to tetawebapp_users
\echo *********************************************************************
insert into tetawebapp_users (mail, password, name) values ('demo', '$2b$12$yjv4QMctGJFj2HmmbF6u5uDq9ATIl/Y9Z96MbaqRrcG6AE0CGHKSS', 'demo');