From 0b547dfb48d448b87d2bacf384b4a382f3cd94ac Mon Sep 17 00:00:00 2001
From: drakylar <drakylar@gmail.com>
Date: Wed, 19 Jan 2022 14:36:40 +0300
Subject: [PATCH] Added new config params

---
 app.py                             | 37 ++++++++++++++++++++++--------
 configuration/settings.ini         |  4 ++++
 configuration/settings_default.ini |  2 ++
 routes/ui/struct.py                |  8 +++++--
 system/db.py                       |  5 ++--
 templates/register.html            |  8 ++-----
 6 files changed, 45 insertions(+), 19 deletions(-)

diff --git a/app.py b/app.py
index d403e7c..0fb5716 100644
--- a/app.py
+++ b/app.py
@@ -8,6 +8,8 @@
 from xml.sax.saxutils import escape
 import json
 import time
+import string
+import random
 import logging
 import urllib.parse
 from os import remove
@@ -208,15 +210,32 @@ def handle_csrf_error(e):
 def check_session(fn):
     @wraps(fn)
     def decorated_view(*args, **kwargs):
-        url = request.path
-        if 'id' not in session:
-            return redirect(
-                '/logout?redirect={}'.format(urllib.parse.quote_plus(url)))
-        current_user = db.select_user_by_id(session['id'])
-        if not current_user:
-            return redirect('/logout')
-        kwargs['current_user'] = current_user[0]
-        return fn(*args, **kwargs)
+        # if proxy auth
+        if config['security']['proxy_auth'] == '1':
+            auth_email = request.headers.get(config['security']['proxy_email_header'])
+            if auth_email:
+                current_user = db.select_user_by_email(auth_email)
+                if not current_user:
+                    # register user
+                    user_id = db.insert_user(auth_email, ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(30)))
+                    current_user = db.select_user_by_id(user_id)[0]
+                else:
+                    current_user = current_user[0]
+                session['id'] = current_user['id']
+                kwargs['current_user'] = current_user
+                return fn(*args, **kwargs)
+            else:
+                return redirect('/login')
+        else:
+            url = request.path
+            if 'id' not in session:
+                return redirect(
+                    '/logout?redirect={}'.format(urllib.parse.quote_plus(url)))
+            current_user = db.select_user_by_id(session['id'])
+            if not current_user:
+                return redirect('/logout')
+            kwargs['current_user'] = current_user[0]
+            return fn(*args, **kwargs)
 
     return decorated_view
 
diff --git a/configuration/settings.ini b/configuration/settings.ini
index 5e627d1..41913ee 100644
--- a/configuration/settings.ini
+++ b/configuration/settings.ini
@@ -26,6 +26,10 @@ basic_password = 3jyqqso6bvszn2zijhze
 # lifetime hours  (1 week = 24 * 7 = 168 hours)
 session_lifetime = 168
 csrf_lifetime = 24
+proxy_auth = 0
+proxy_email_header = X-Forwarded-User
+enable_form_registration = 1
+enable_form_login = 1
 
 [speedup]
 external_js = 0
diff --git a/configuration/settings_default.ini b/configuration/settings_default.ini
index ac5a3ed..4b2ff87 100644
--- a/configuration/settings_default.ini
+++ b/configuration/settings_default.ini
@@ -28,6 +28,8 @@ basic_password = ojsflijurngrbvijsl1
 # lifetime hours  (1 week = 24 * 7 = 168 hours)
 session_lifetime = 168
 csrf_lifetime = 24
+proxy_auth = 0
+proxy_email_header = X-Forwarded-User
 
 [speedup]
 external_js = 0
diff --git a/routes/ui/struct.py b/routes/ui/struct.py
index 03f1bcd..40b223e 100644
--- a/routes/ui/struct.py
+++ b/routes/ui/struct.py
@@ -115,7 +115,9 @@ def login():
 def login_form():
     form = LoginForm()
     error = None
-    if form.validate():
+    if config['security']['enable_form_login'] == '0':
+        error = 'Authorization was disabled!'
+    elif form.validate():
         try:
             data = db.select_user_by_email(form.email.data)[0]
         except IndexError:
@@ -147,7 +149,9 @@ def register():
 def register_form():
     form = RegistrationForm()
     error = None
-    if form.validate():
+    if config['security']['enable_form_registration'] == '0':
+        error = 'Registration was disabled!'
+    elif form.validate():
         if len(db.select_user_by_email(form.email.data)) > 0:
             error = 'Email already exist!'
         else:
diff --git a/system/db.py b/system/db.py
index 7601f74..1bfad5d 100644
--- a/system/db.py
+++ b/system/db.py
@@ -98,13 +98,14 @@ def return_arr_dict(self):
         return results
 
     def insert_user(self, email, password):
+        user_id = gen_uuid()
         password_hash = hash_password(password)
         self.execute(
             "INSERT INTO Users(id,email,password) VALUES (?,?,?)",
-            (gen_uuid(), email, password_hash)
+            (user_id, email, password_hash)
         )
         self.conn.commit()
-        return
+        return user_id
 
     def select_user_by_email(self, email):
         self.execute('SELECT * FROM Users WHERE email=?', (email,))
diff --git a/templates/register.html b/templates/register.html
index 856c4b9..4ea79ec 100644
--- a/templates/register.html
+++ b/templates/register.html
@@ -56,18 +56,14 @@ <h2 class="ui dividing header">Register account:</h2>
 
     <button type="submit" class="ui primary button"><i class="plus icon"></i>Register</button>
 
-    {% if form is defined and form.errors %}
+    {% if error is defined and error != None %}
         <div class="ui error message visible">
             <i class="close icon"></i>
             <div class="header">
                 There were some errors with registration
             </div>
             <ul class="list">
-                {% for field in form.errors %}
-                    {% for error in form.errors[field] %}
-                        <li>{{ error }}</li>
-                    {% endfor %}
-                {% endfor %}
+                <li>{{ error }}</li>
             </ul>
         </div>
     {% elif form is defined %}