-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.py
140 lines (132 loc) · 5.08 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
from flask import *
from sqlite3 import connect
from settings import *
from functools import wraps
from datetime import *
Auth = Blueprint(__name__, "db", "static", template_folder="templates")
login_tries = {}
def check_user_agent(check):
@wraps(check)
def wrap(*args, **kwargs):
if str(request.user_agent) != user_agent and agent_needed:
return jsonify({"code": "406", "message": "User Agent isnt the right."}), 406
else:
return check(*args, **kwargs)
return wrap
@Auth.route("/login", methods=["GET", "POST"])
@check_user_agent
def login():
global login_tries
if request.method == "GET":
if "username" in session:
return redirect("/")
else:
return render_template("login.html")
elif request.method == "POST":
conn = connect("db.sqlite3")
curr = conn.cursor()
try:
username_email = request.form['username']
password = request.form['password']
except:
flash("An Error occured.", "danger")
curr.close()
conn.close()
return redirect("/login")
if username_email in login_tries:
sec_between = datetime.now() - login_tries[username_email]
sec_between : timedelta
if sec_between.seconds < 4:
flash("You are going to fast.", "danger")
curr.close()
conn.close()
return render_template('login.html', email=username_email, password=password), 403
if "@" in username_email:
curr.execute(f"SELECT * FROM Users WHERE email='{username_email}'")
data = curr.fetchall()
if data == []:
flash("Email isn't registered.", "danger")
curr.close()
conn.close()
return render_template('login.html', email=username_email, password=password), 403
else:
curr.execute(f"SELECT * FROM Users WHERE username='{username_email}'")
data = curr.fetchall()
if data == []:
flash("User isn't registered.", "danger")
curr.close()
conn.close()
return render_template('login.html', email=username_email, password=password), 403
login_tries[username_email] = datetime.now()
if password == fernet.decrypt(data[0][2].encode()).decode():
session["username"] = data[0][1]
session["password"] = data[0][2]
flash("Logged in successfully.", "success")
curr.close()
conn.close()
return redirect("/")
else:
flash("User/Email and Password dont match or User doens't exist.", "danger")
curr.close()
conn.close()
return render_template('login.html', email=username_email, password=password), 403
@Auth.route("/signup", methods=["GET", "POST"])
@check_user_agent
def signup():
if request.method == "GET":
if "username" in session:
return redirect("/")
else:
return render_template("signup.html")
else:
conn = connect("db.sqlite3")
curr = conn.cursor()
try:
form = request.form
username = form.get("username")
email = form.get("email")
password = form.get("password")
password_a = form.get("password-a")
except:
flash("An Error occured.", "danger")
curr.close()
conn.close()
return redirect("/signup")
error = False
curr.execute(f"SELECT * FROM Users WHERE username='{username}'")
if curr.fetchall() != []:
flash("Username is already assigned", "danger")
error = True
curr.execute(f"SELECT * FROM Users WHERE username='{username}'")
if curr.fetchall() != []:
flash("Email is already assigned", "danger")
error = True
if password != password_a:
flash("Passwords don't match.", "danger")
error = True
if len(password) < 9:
flash("Password is too short", "danger")
error = True
if len(email) < 10:
flash("Email is too short", "danger")
error = True
if len(username) < 3:
flash("Username is too short", "danger")
error = True
if error:
return render_template("signup.html")
print(f"INSERT INTO Users VALUES('{email}', '{username}', '{fernet.encrypt(password.encode('utf-8')).decode('utf-8')}')")
curr.execute(
f"INSERT INTO Users VALUES('{email}', '{username}', '{fernet.encrypt(password.encode('utf-8')).decode('utf-8')}')")
conn.commit()
session["username"] = username
session["password"] = password
flash("Signed up successfully", "success")
curr.close()
conn.close()
return redirect("/")
@Auth.route("/logout", methods=["GET", "POST"])
@check_user_agent
def logout():
session.clear()
return redirect("/")