-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp.py
executable file
·133 lines (121 loc) · 4.85 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
from flask import Flask, render_template, request, make_response,redirect, url_for, session
from user import User
import os
from utils import generateLoginToken, verifyLoginToken, hashPassword, secretKeyGenerator, encryptSecretKey, decryptSecretKey, generateQrCode,getTOTP
from user_management import createTable, insertUser, getUser, deleteUser
from os.path import join, dirname
from dotenv import load_dotenv
dotenv_path = join(dirname(__file__), '.env')
load_dotenv(dotenv_path)
app = Flask(__name__)
app.secret_key = os.environ.get("APP_SECRET_KEY")
createTable()
@app.route('/')
def landingPage():
email = verifyLoginToken(request.cookies.get('token'))
if email:
return redirect(url_for('getDashboard'))
return redirect(url_for('login'))
@app.route('/register',methods = ['GET','POST'])
def register():
if request.method == 'GET':
email = verifyLoginToken(request.cookies.get('token'))
if email:
return redirect(url_for('getDashboard'))
return render_template('register.html')
email = request.form.get('email')
name = request.form.get('name')
address = request.form.get('address')
phone_number = request.form.get('phone_number')
password = request.form.get('password')
confirmPassword = request.form.get('confirmPassword')
secret_key = secretKeyGenerator()
user = User(email, name, address, phone_number, hashPassword(password), encryptSecretKey(secret_key))
if (insertUser(user)):
if (confirmPassword!=password):
return render_template('register.html',email=email,name=name,address=address,phone_number=phone_number,info="Password not Match")
resp = make_response(redirect(url_for('getDashboard',info='Registration Success')))
resp.set_cookie('token',generateLoginToken(email))
return resp
else:
return render_template('register.html',email=email,name=name,address=address,phone_number=phone_number,info="Email has already Used")
@app.route('/login',methods = ['GET','POST'])
def login():
if request.method == 'GET':
email = verifyLoginToken(request.cookies.get('token'))
if email:
return redirect(url_for('getDashboard'))
return render_template('login.html')
email = request.form.get('email')
password = request.form.get('password')
hashedPassword = hashPassword(password)
user = getUser(email)
if not user:
resp = render_template('login.html',info="Incorrect Email",email=email)
return resp
if hashedPassword == (user['password']):
session['email'] = email
resp = render_template('totp-input.html')
return resp
else:
resp = render_template('login.html',info="Incorrect Password",email=email)
return resp
@app.route('/dashboard',methods = ['GET','POST'])
def getDashboard():
email = verifyLoginToken(request.cookies.get('token'))
info = request.args.get('info', '')
if not email:
return redirect(url_for('login'))
if request.method == 'GET':
user = getUser(email)
if not user:
resp = make_response(render_template('login.html'))
resp.set_cookie('token', '',expires=0)
return resp
resp = render_template('dashboard.html',info=info, email=user['email'],name=user['name'],address=user['address'],phone_number=user['phone_number'])
return resp
@app.route('/2fa-setup')
def setTwoFactorAuth():
email = verifyLoginToken(request.cookies.get('token'))
session['email'] = email
if not email:
return redirect(url_for('login'))
user = getUser(email)
qrcode_image = generateQrCode(user)
return render_template('totp-setup.html', qrcode_image=qrcode_image)
@app.route('/2fa-verify',methods = ['GET','POST'])
def verifyTwoFactorAuth():
email = session['email']
if not email:
return redirect(url_for('login'))
if request.method == 'GET':
return render_template('totp-input.html')
totp = request.form.get('totp')
user = getUser(email)
secret_key = decryptSecretKey(user['secret_key'])
totp_verified = (totp == getTOTP(secret_key))
if totp_verified:
session.pop('email')
info='Login Success'
if verifyLoginToken(request.cookies.get('token')):
info='Setup Success'
resp = make_response(redirect(url_for('getDashboard',info=info)))
resp.set_cookie('token',generateLoginToken(email))
return resp
return render_template('totp-input.html',info="Incorrect TOTP Code")
@app.route('/delete-account', methods=['POST'])
def deleteAccount():
email = verifyLoginToken(request.cookies.get('token'))
if deleteUser(email):
return redirect(url_for('logout'))
@app.route('/logout')
def logout():
resp = make_response(redirect(url_for('login')))
resp.set_cookie('token', '',expires=0)
return resp
@app.route('/', defaults={'path': ''})
@app.route('/<path:path>')
def catch_all(path):
return redirect(url_for('landingPage'))
if __name__ == '__main__':
app.run(host='0.0.0.0')