"Login check from postgres database"
This commit is contained in:
parent
36c7c277b2
commit
b745381002
@ -110,6 +110,12 @@ function verify_login() {
|
||||
return false;
|
||||
}
|
||||
|
||||
function logout() {
|
||||
// Logout user
|
||||
setcookie('token', '', 30);
|
||||
document.location = '/';
|
||||
}
|
||||
|
||||
/* **************************************************************************************
|
||||
* AJAX
|
||||
* **************************************************************************************/
|
||||
|
@ -23,7 +23,7 @@
|
||||
<input type='button' class='add' title='Add' value=' '/>
|
||||
<input type='button' class='edit' title='Edit' value=' '/>
|
||||
<input type='button' class='login' title='Login' value=' '/>
|
||||
<input type='button' class='logout' title='Logout' value=' '/>
|
||||
<input type='button' class='logout' title='Logout' value=' ' onclick='javascript:logout();'/>
|
||||
<input type='button' class='refresh' title='Refresh' value=' '/>
|
||||
<input type='button' class='save' title='Save' value=' '/>
|
||||
<input type='button' class='search' title='Search' value=' '/>
|
||||
|
@ -6,6 +6,7 @@ import os
|
||||
import inspect
|
||||
import random
|
||||
import binascii
|
||||
import bcrypt
|
||||
from flask import Flask, request, session, g, redirect, url_for, abort, render_template, flash
|
||||
from functools import wraps
|
||||
|
||||
@ -28,6 +29,18 @@ app.secret_key = 'ce1d1c9ff0ff388a838b3a1e3207dd27'
|
||||
# Feel free to use SQLAlchemy (or not)
|
||||
db = SQLAlchemy(app)
|
||||
|
||||
|
||||
########################################################################
|
||||
# Sample user database
|
||||
########################################################################
|
||||
class Tetawebapp_users(db.Model):
|
||||
__tablename__ = 'tetawebapp_users'
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
mail = db.Column(db.Text, nullable=False)
|
||||
password = db.Column(db.Text, nullable=False)
|
||||
name = db.Column(db.Text, nullable=False)
|
||||
|
||||
|
||||
########################################################################
|
||||
# Menu and navigation management
|
||||
########################################################################
|
||||
@ -99,15 +112,24 @@ def check_session(func):
|
||||
@wraps(func)
|
||||
def check(*args, **kwargs):
|
||||
try:
|
||||
if session['token'] == request.cookies['token']:
|
||||
if session['token'] == request.cookies['token'] and len(session['token']) > 0:
|
||||
return func(*args, **kwargs)
|
||||
else:
|
||||
session['token'] = ''
|
||||
response = app.make_response(render_template('login.html', message=''))
|
||||
sync_cookies(response, session)
|
||||
return response
|
||||
except KeyError:
|
||||
return render_template('login.html', message='')
|
||||
return check
|
||||
|
||||
def check_login(login, password):
|
||||
""" Puts the login verification code here """
|
||||
if login == 'demo' and password == 'demo':
|
||||
password = password.encode('utf-8')
|
||||
hashed_password = bcrypt.hashpw(password, bcrypt.gensalt())
|
||||
stored_hash = Tetawebapp_users.query.filter_by(mail=login).with_entities(Tetawebapp_users.password).first()
|
||||
if stored_hash:
|
||||
if bcrypt.checkpw(password, stored_hash[0].encode('utf-8')):
|
||||
return True
|
||||
return False
|
||||
|
||||
@ -133,8 +155,7 @@ def login():
|
||||
password = request.form.get('password')
|
||||
if check_login(login, password):
|
||||
# Generate and store a token in session
|
||||
token = gen_token()
|
||||
session['token'] = token
|
||||
session['token'] = gen_token()
|
||||
# Return user to index page
|
||||
page = '/'
|
||||
menu = get_menu(page)
|
||||
@ -143,7 +164,10 @@ def login():
|
||||
sync_cookies(response, session)
|
||||
return response
|
||||
# Credentials are not valid
|
||||
return render_template('login.html', message='Invalid user or password')
|
||||
response = app.make_response(render_template('login.html', message='Invalid user or password'))
|
||||
session['token'] = ''
|
||||
sync_cookies(response, session)
|
||||
return response
|
||||
|
||||
@app.route("/", methods=['GET', 'POST'])
|
||||
@check_session
|
||||
@ -172,7 +196,6 @@ def articles_by_id(ID):
|
||||
navbar = get_navbar(page, selected)
|
||||
return render_template('articles_by_id.html', menu=menu, navbar=navbar, ID=ID)
|
||||
|
||||
|
||||
@app.route("/basics", methods=['GET', 'POST'])
|
||||
@check_session
|
||||
def basics():
|
||||
@ -181,7 +204,6 @@ def basics():
|
||||
menu = get_menu(page)
|
||||
return render_template('basics.html', menu=menu)
|
||||
|
||||
|
||||
@app.route("/inputs", methods=['GET', 'POST'])
|
||||
@check_session
|
||||
def inputs():
|
||||
|
48
tetawebapp/tetawebapp.sql
Normal file
48
tetawebapp/tetawebapp.sql
Normal file
@ -0,0 +1,48 @@
|
||||
\echo ******************************
|
||||
\echo * Dropping database tetawebapp
|
||||
\echo ******************************
|
||||
|
||||
\c postgres;
|
||||
drop database tetawebapp;
|
||||
|
||||
\echo **************************
|
||||
\echo * Dropping role tetawebapp
|
||||
\echo **************************
|
||||
drop role tetawebapp;
|
||||
|
||||
\echo ***************************************************
|
||||
\echo * Creating role tetawebapp with password tetawebapp
|
||||
\echo ***************************************************
|
||||
create role tetawebapp with LOGIN ENCRYPTED PASSWORD 'tetawebapp';
|
||||
|
||||
\echo ******************************
|
||||
\echo * Creating database tetawebapp
|
||||
\echo ******************************
|
||||
create database tetawebapp;
|
||||
|
||||
\echo *******************************************
|
||||
\echo * Giving tetawebapp ownership to tetawebapp
|
||||
\echo *******************************************
|
||||
alter database tetawebapp owner to tetawebapp;
|
||||
|
||||
\echo *********************************
|
||||
\echo * Creating tetawebapp_users table
|
||||
\echo *********************************
|
||||
|
||||
\c tetawebapp;
|
||||
CREATE TABLE tetawebapp_users (
|
||||
id serial primary key,
|
||||
mail text not NULL,
|
||||
password text not NULL,
|
||||
name text not NULL
|
||||
);
|
||||
|
||||
\echo *************************************************
|
||||
\echo * Giving tetawebapp_users ownership to tetawebapp
|
||||
\echo *************************************************
|
||||
alter table tetawebapp_users owner to tetawebapp;
|
||||
|
||||
\echo *********************************************************************
|
||||
\echo * Inserting user demo identified by password demo to tetawebapp_users
|
||||
\echo *********************************************************************
|
||||
insert into tetawebapp_users (mail, password, name) values ('demo', '$2b$12$yjv4QMctGJFj2HmmbF6u5uDq9ATIl/Y9Z96MbaqRrcG6AE0CGHKSS', 'demo');
|
Loading…
Reference in New Issue
Block a user