Add login_required decorator
This commit is contained in:
parent
57c2fb4ce9
commit
4288eca551
@ -1,4 +1,5 @@
|
|||||||
from flask import Flask
|
from flask import Flask, url_for, session, redirect, request
|
||||||
|
from functools import wraps
|
||||||
import sqlite3
|
import sqlite3
|
||||||
import os
|
import os
|
||||||
import string
|
import string
|
||||||
@ -14,6 +15,17 @@ DATABASE = app.config['DATABASE']
|
|||||||
DOSSIER_PERSO = app.config['DOSSIER_APP']
|
DOSSIER_PERSO = app.config['DOSSIER_APP']
|
||||||
DATABASE = app.config['DATABASE']
|
DATABASE = app.config['DATABASE']
|
||||||
|
|
||||||
|
|
||||||
|
def login_required(f):
|
||||||
|
@wraps(f)
|
||||||
|
def decorated_function(*args, **kwargs):
|
||||||
|
if 'username' not in session:
|
||||||
|
return redirect(url_for('loginlogout.login', next=request.url))
|
||||||
|
return f(*args, **kwargs)
|
||||||
|
return decorated_function
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def append_to_log(log_line, user):
|
def append_to_log(log_line, user):
|
||||||
log_file=os.path.join(DOSSIER_PERSO, user, "log.txt")
|
log_file=os.path.join(DOSSIER_PERSO, user, "log.txt")
|
||||||
logs=open(log_file, "r")
|
logs=open(log_file, "r")
|
||||||
|
|||||||
@ -7,6 +7,7 @@ import sqlite3
|
|||||||
from markdown import markdown
|
from markdown import markdown
|
||||||
from tools.filesutils import getFileSizeKo
|
from tools.filesutils import getFileSizeKo
|
||||||
import string
|
import string
|
||||||
|
from tools.utils import login_required
|
||||||
|
|
||||||
blog = Blueprint('blog', __name__, template_folder='templates')
|
blog = Blueprint('blog', __name__, template_folder='templates')
|
||||||
|
|
||||||
@ -24,8 +25,8 @@ DOSSIER_PUBLIC= app.config['DOSSIER_PUBLIC']+'/'
|
|||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
@blog.route('/myblog/new-article/', methods=['GET', 'POST'])
|
@blog.route('/myblog/new-article/', methods=['GET', 'POST'])
|
||||||
|
@login_required
|
||||||
def new_article():
|
def new_article():
|
||||||
if 'username' in session:
|
|
||||||
user = '%s'% escape(session['username'])
|
user = '%s'% escape(session['username'])
|
||||||
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
|
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
@ -47,12 +48,10 @@ def new_article():
|
|||||||
return redirect(url_for('blog.list_articles_blog'))
|
return redirect(url_for('blog.list_articles_blog'))
|
||||||
else:
|
else:
|
||||||
return render_template('new_article_blog.html')
|
return render_template('new_article_blog.html')
|
||||||
else:
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
@blog.route('/myblog/list-articles/', methods=['GET'])
|
@blog.route('/myblog/list-articles/', methods=['GET'])
|
||||||
|
@login_required
|
||||||
def list_articles_blog():
|
def list_articles_blog():
|
||||||
if 'username' in session:
|
|
||||||
user = '%s'% escape(session['username'])
|
user = '%s'% escape(session['username'])
|
||||||
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
||||||
cursor = conn.cursor() # Création de l'objet "curseur"
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
||||||
@ -73,13 +72,10 @@ def list_articles_blog():
|
|||||||
list_posts=posts,
|
list_posts=posts,
|
||||||
nb_articles=nb_articles
|
nb_articles=nb_articles
|
||||||
)
|
)
|
||||||
else:
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
|
|
||||||
@blog.route('/myblog/delete/<title>')
|
@blog.route('/myblog/delete/<title>')
|
||||||
|
@login_required
|
||||||
def delete(title):
|
def delete(title):
|
||||||
if 'username' in session :
|
|
||||||
user='%s'% escape(session['username'])
|
user='%s'% escape(session['username'])
|
||||||
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
|
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
|
||||||
folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/"
|
folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/"
|
||||||
@ -92,12 +88,10 @@ def delete(title):
|
|||||||
os.remove(folder_blog+filename+".md")
|
os.remove(folder_blog+filename+".md")
|
||||||
os.remove(folder_blog_public+filename+".html")
|
os.remove(folder_blog_public+filename+".html")
|
||||||
return redirect(url_for('blog.list_articles_blog'))
|
return redirect(url_for('blog.list_articles_blog'))
|
||||||
else:
|
|
||||||
return redirect(BASE_URL, code=401) # sinon on redirige vers login
|
|
||||||
|
|
||||||
@blog.route('/myblog/edit/<title>', methods=['GET', 'POST'])
|
@blog.route('/myblog/edit/<title>', methods=['GET', 'POST'])
|
||||||
|
@login_required
|
||||||
def edit(title):
|
def edit(title):
|
||||||
if 'username' in session :
|
|
||||||
user='%s'% escape(session['username'])
|
user='%s'% escape(session['username'])
|
||||||
filename = title.replace(" ", "_") + ".md"
|
filename = title.replace(" ", "_") + ".md"
|
||||||
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
|
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
|
||||||
@ -132,8 +126,6 @@ def edit(title):
|
|||||||
section='Post-it',
|
section='Post-it',
|
||||||
oldpost=oldpost,
|
oldpost=oldpost,
|
||||||
content=content)
|
content=content)
|
||||||
else:
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
@blog.route('/blog/<username>/', methods=['GET'])
|
@blog.route('/blog/<username>/', methods=['GET'])
|
||||||
def view(username):
|
def view(username):
|
||||||
|
|||||||
@ -9,6 +9,7 @@ import sqlite3
|
|||||||
import os
|
import os
|
||||||
from shutil import move
|
from shutil import move
|
||||||
from tools.filesutils import getFileSizeMo, getFileSizeKo, check_and_create
|
from tools.filesutils import getFileSizeMo, getFileSizeKo, check_and_create
|
||||||
|
from tools.utils import login_required
|
||||||
|
|
||||||
filesupload = Blueprint('filesupload', __name__, template_folder='templates')
|
filesupload = Blueprint('filesupload', __name__, template_folder='templates')
|
||||||
|
|
||||||
@ -28,10 +29,22 @@ BASE_URL= app.config['BASE_URL']
|
|||||||
|
|
||||||
|
|
||||||
@filesupload.route( '/filesupload/', methods=['GET', 'POST'])
|
@filesupload.route( '/filesupload/', methods=['GET', 'POST'])
|
||||||
|
@login_required
|
||||||
def uploadfiles():
|
def uploadfiles():
|
||||||
if 'username' in session :
|
|
||||||
user = '%s'% escape(session['username'])
|
user = '%s'% escape(session['username'])
|
||||||
if request.method == 'POST' :
|
if request.method == 'POST' :
|
||||||
|
|
||||||
|
if 'fic' not in request.files:
|
||||||
|
flash(u'Mauvais format de ficher', 'error')
|
||||||
|
return redirect(request.url)
|
||||||
|
file = request.files['fic']
|
||||||
|
|
||||||
|
# If the user does not select a file, the browser submits an
|
||||||
|
# empty file without a filename.
|
||||||
|
if file.filename == '':
|
||||||
|
flash(u'Vous avez oubliez de selectionner un fichier', 'error' )
|
||||||
|
return redirect(request.url)
|
||||||
|
|
||||||
files = request.files.getlist('fic')
|
files = request.files.getlist('fic')
|
||||||
for f in files :
|
for f in files :
|
||||||
nom = secure_filename(f.filename)
|
nom = secure_filename(f.filename)
|
||||||
@ -65,19 +78,15 @@ def uploadfiles():
|
|||||||
LOG.close() # Ferme log.txt
|
LOG.close() # Ferme log.txt
|
||||||
flash(u'Fichier envoyé avec succés', 'succes')
|
flash(u'Fichier envoyé avec succés', 'succes')
|
||||||
|
|
||||||
else:
|
|
||||||
flash(u'Error : Vous avez oublié le fichier !', 'error')
|
|
||||||
return redirect(url_for('filesupload.uploadfiles'))
|
|
||||||
resp = make_response(render_template('up_up.html', section="Upload"))
|
resp = make_response(render_template('up_up.html', section="Upload"))
|
||||||
resp.set_cookie('username', session['username'])
|
resp.set_cookie('username', session['username'])
|
||||||
return resp
|
return resp
|
||||||
else :
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
|
|
||||||
@filesupload.route('/view/')
|
@filesupload.route('/view/')
|
||||||
|
@login_required
|
||||||
def list():
|
def list():
|
||||||
if 'username' in session :
|
|
||||||
|
|
||||||
user = '%s'% escape(session['username'])
|
user = '%s'% escape(session['username'])
|
||||||
|
|
||||||
@ -111,22 +120,17 @@ def list():
|
|||||||
listFilesPrivate=listFilesPrivate,
|
listFilesPrivate=listFilesPrivate,
|
||||||
listFilesPublic=listFilesPublic)
|
listFilesPublic=listFilesPublic)
|
||||||
|
|
||||||
else :
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
@filesupload.route('/myfiles/<username>/<filename>')
|
@filesupload.route('/myfiles/<username>/<filename>')
|
||||||
|
@login_required
|
||||||
def myfiles(username, filename):
|
def myfiles(username, filename):
|
||||||
if 'username' in session :
|
|
||||||
user = '%s' % escape(session['username'])
|
user = '%s' % escape(session['username'])
|
||||||
return send_from_directory(
|
return send_from_directory(
|
||||||
os.path.join(DOSSIER_PERSO, username, 'files'), filename )
|
os.path.join(DOSSIER_PERSO, username, 'files'), filename )
|
||||||
else :
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
@filesupload.route('/make_public/<filename>')
|
@filesupload.route('/make_public/<filename>')
|
||||||
|
@login_required
|
||||||
def move_public(filename):
|
def move_public(filename):
|
||||||
if 'username' in session:
|
|
||||||
|
|
||||||
user = '%s' % escape(session['username'])
|
user = '%s' % escape(session['username'])
|
||||||
check_and_create(DOSSIER_PUBLIC + user + '/files/')
|
check_and_create(DOSSIER_PUBLIC + user + '/files/')
|
||||||
check_and_create(DOSSIER_PERSO + user + '/files/')
|
check_and_create(DOSSIER_PERSO + user + '/files/')
|
||||||
@ -135,12 +139,10 @@ def move_public(filename):
|
|||||||
dst = os.path.join(DOSSIER_PUBLIC, user, 'files/')
|
dst = os.path.join(DOSSIER_PUBLIC, user, 'files/')
|
||||||
move (src, dst)
|
move (src, dst)
|
||||||
return redirect(url_for('filesupload.list', _external=True))
|
return redirect(url_for('filesupload.list', _external=True))
|
||||||
else:
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
@filesupload.route('/make_private/<filename>')
|
@filesupload.route('/make_private/<filename>')
|
||||||
|
@login_required
|
||||||
def move_private(filename):
|
def move_private(filename):
|
||||||
if 'username' in session:
|
|
||||||
user = '%s' % escape(session['username'])
|
user = '%s' % escape(session['username'])
|
||||||
check_and_create(DOSSIER_PUBLIC + user + '/files/')
|
check_and_create(DOSSIER_PUBLIC + user + '/files/')
|
||||||
check_and_create(DOSSIER_PERSO + user + '/files/')
|
check_and_create(DOSSIER_PERSO + user + '/files/')
|
||||||
@ -148,19 +150,13 @@ def move_private(filename):
|
|||||||
dst = os.path.join(DOSSIER_PERSO, user, 'files/')
|
dst = os.path.join(DOSSIER_PERSO, user, 'files/')
|
||||||
move (src, dst)
|
move (src, dst)
|
||||||
return redirect(url_for('filesupload.list', _external=True))
|
return redirect(url_for('filesupload.list', _external=True))
|
||||||
else:
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
|
|
||||||
@filesupload.route('/public/<username>/<filename>')
|
|
||||||
def publicfiles(username, filename):
|
|
||||||
return send_from_directory(
|
|
||||||
os.path.join(DOSSIER_PUBLIC, username, 'files'), filename )
|
|
||||||
|
|
||||||
|
|
||||||
@filesupload.route('/remove_privateFile/<filename>')
|
@filesupload.route('/remove_privateFile/<filename>')
|
||||||
|
@login_required
|
||||||
def remove_privateFile(filename):
|
def remove_privateFile(filename):
|
||||||
if 'username' in session :
|
|
||||||
user = '%s' % escape(session['username'])
|
user = '%s' % escape(session['username'])
|
||||||
filename = secure_filename(filename)
|
filename = secure_filename(filename)
|
||||||
try:
|
try:
|
||||||
@ -168,13 +164,11 @@ def remove_privateFile(filename):
|
|||||||
except FileNotFoundError:
|
except FileNotFoundError:
|
||||||
flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error')
|
flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error')
|
||||||
return redirect(url_for('filesupload.list', _external=True))
|
return redirect(url_for('filesupload.list', _external=True))
|
||||||
else :
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
|
|
||||||
@filesupload.route('/remove_publicFile/<filename>')
|
@filesupload.route('/remove_publicFile/<filename>')
|
||||||
|
@login_required
|
||||||
def remove_publicFile(filename):
|
def remove_publicFile(filename):
|
||||||
if 'username' in session :
|
|
||||||
user = '%s' % escape(session['username'])
|
user = '%s' % escape(session['username'])
|
||||||
filename = secure_filename(filename)
|
filename = secure_filename(filename)
|
||||||
try:
|
try:
|
||||||
@ -182,8 +176,6 @@ def remove_publicFile(filename):
|
|||||||
except FileNotFoundError:
|
except FileNotFoundError:
|
||||||
flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error')
|
flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error')
|
||||||
return redirect(url_for('filesupload.list', _external=True))
|
return redirect(url_for('filesupload.list', _external=True))
|
||||||
else :
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
@filesupload.route('/theme.min.css')
|
@filesupload.route('/theme.min.css')
|
||||||
def theme():
|
def theme():
|
||||||
@ -193,3 +185,8 @@ def theme():
|
|||||||
return send_file(DOSSIER_PERSO+ user +'/theme.min.css', mimetype='text/css')
|
return send_file(DOSSIER_PERSO+ user +'/theme.min.css', mimetype='text/css')
|
||||||
else:
|
else:
|
||||||
return send_file("static/default.min.css", mimetype='text/css')
|
return send_file("static/default.min.css", mimetype='text/css')
|
||||||
|
|
||||||
|
@filesupload.route('/public/<username>/<filename>')
|
||||||
|
def publicfiles(username, filename):
|
||||||
|
return send_from_directory(
|
||||||
|
os.path.join(DOSSIER_PUBLIC, username, 'files'), filename )
|
||||||
|
|||||||
@ -8,6 +8,7 @@ import time
|
|||||||
import sqlite3
|
import sqlite3
|
||||||
import os
|
import os
|
||||||
from tools.filesutils import check_and_create
|
from tools.filesutils import check_and_create
|
||||||
|
from tools.utils import login_required
|
||||||
|
|
||||||
mygallery = Blueprint('mygallery', __name__, template_folder='templates')
|
mygallery = Blueprint('mygallery', __name__, template_folder='templates')
|
||||||
|
|
||||||
@ -25,8 +26,8 @@ DATABASE = app.config['DATABASE']
|
|||||||
#################################################################################################
|
#################################################################################################
|
||||||
|
|
||||||
@mygallery.route( '/gallery/')
|
@mygallery.route( '/gallery/')
|
||||||
|
@login_required
|
||||||
def gallery():
|
def gallery():
|
||||||
if 'username' in session :
|
|
||||||
user ='%s' % escape(session['username'])
|
user ='%s' % escape(session['username'])
|
||||||
check_and_create(DOSSIER_PUBLIC + user + '/images/')
|
check_and_create(DOSSIER_PUBLIC + user + '/images/')
|
||||||
check_and_create(DOSSIER_PUBLIC + user + '/images/thumbnails/')
|
check_and_create(DOSSIER_PUBLIC + user + '/images/thumbnails/')
|
||||||
@ -38,30 +39,25 @@ def gallery():
|
|||||||
section='Gallery',
|
section='Gallery',
|
||||||
THUMBNAILS=THUMBNAILS,
|
THUMBNAILS=THUMBNAILS,
|
||||||
fichiers=fichiers)
|
fichiers=fichiers)
|
||||||
else :
|
|
||||||
return redirect(url_for('loginlogout.login'), code=401)
|
|
||||||
|
|
||||||
@mygallery.route('/myfiles/images/<filename>')
|
@mygallery.route('/myfiles/images/<filename>')
|
||||||
|
@login_required
|
||||||
def myimg(filename):
|
def myimg(filename):
|
||||||
if 'username' in session :
|
|
||||||
UTILISATEUR='%s' % escape(session['username'])
|
UTILISATEUR='%s' % escape(session['username'])
|
||||||
return send_from_directory(
|
return send_from_directory(
|
||||||
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images'), filename )
|
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images'), filename )
|
||||||
else :
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
@mygallery.route('/myfiles/images/thumbnails/<filename>')
|
@mygallery.route('/myfiles/images/thumbnails/<filename>')
|
||||||
|
@login_required
|
||||||
def mythumbnails(filename):
|
def mythumbnails(filename):
|
||||||
if 'username' in session :
|
|
||||||
UTILISATEUR='%s' % escape(session['username'])
|
UTILISATEUR='%s' % escape(session['username'])
|
||||||
return send_from_directory(
|
return send_from_directory(
|
||||||
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images/thumbnails'), filename )
|
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images/thumbnails'), filename )
|
||||||
else :
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
@mygallery.route('/remove_privateImage/<filename>')
|
@mygallery.route('/remove_privateImage/<filename>')
|
||||||
|
@login_required
|
||||||
def remove_privateImage(filename):
|
def remove_privateImage(filename):
|
||||||
if 'username' in session :
|
|
||||||
user = '%s' % escape(session['username'])
|
user = '%s' % escape(session['username'])
|
||||||
filename = secure_filename(filename)
|
filename = secure_filename(filename)
|
||||||
try:
|
try:
|
||||||
@ -73,8 +69,8 @@ def remove_privateImage(filename):
|
|||||||
|
|
||||||
|
|
||||||
@mygallery.route('/remove_publicImage/<filename>')
|
@mygallery.route('/remove_publicImage/<filename>')
|
||||||
|
@login_required
|
||||||
def remove_publicImage(filename):
|
def remove_publicImage(filename):
|
||||||
if 'username' in session :
|
|
||||||
user = '%s' % escape(session['username'])
|
user = '%s' % escape(session['username'])
|
||||||
filename = secure_filename(filename)
|
filename = secure_filename(filename)
|
||||||
try:
|
try:
|
||||||
|
|||||||
@ -6,6 +6,7 @@ from socket import gethostname
|
|||||||
from os import remove, system
|
from os import remove, system
|
||||||
from tools.utils import email_disp, valid_token_register, valid_passwd, valid_username, gen_token, totp_is_valid
|
from tools.utils import email_disp, valid_token_register, valid_passwd, valid_username, gen_token, totp_is_valid
|
||||||
from tools.mailer import Mailer
|
from tools.mailer import Mailer
|
||||||
|
from tools.utils import login_required
|
||||||
|
|
||||||
app = Flask( 'pywallter' )
|
app = Flask( 'pywallter' )
|
||||||
app.config.from_pyfile('config.py')
|
app.config.from_pyfile('config.py')
|
||||||
@ -29,6 +30,32 @@ BACKUP_TIME = app.config['BACKUP_TIME']
|
|||||||
|
|
||||||
loginlogout = Blueprint('loginlogout', __name__, template_folder='templates')
|
loginlogout = Blueprint('loginlogout', __name__, template_folder='templates')
|
||||||
|
|
||||||
|
|
||||||
|
@loginlogout.route( '/' )
|
||||||
|
def index():
|
||||||
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
||||||
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
||||||
|
cursor.execute("""SELECT token passwd FROM users where name=? """, ("pywallter", ))
|
||||||
|
tmp = cursor.fetchone()
|
||||||
|
conn.close
|
||||||
|
if tmp:
|
||||||
|
token = tmp[0]
|
||||||
|
else:
|
||||||
|
token = None
|
||||||
|
|
||||||
|
if 'username' in session :
|
||||||
|
return redirect(url_for('profil.profile'))
|
||||||
|
else :
|
||||||
|
if token:
|
||||||
|
hostname = gethostname()
|
||||||
|
url_inscription = BASE_URL+'inscription/'+token
|
||||||
|
return render_template('inscription.html', signin_enable=app.config['SIGNIN_ENABLE'],
|
||||||
|
token=token, hostname=hostname,
|
||||||
|
url_inscription=url_inscription,
|
||||||
|
MAIL_SERVER=MAIL_SERVER)
|
||||||
|
else:
|
||||||
|
return redirect(url_for('loginlogout.login', _external=True))
|
||||||
|
|
||||||
@loginlogout.route( '/login/', methods=['GET','POST'] )
|
@loginlogout.route( '/login/', methods=['GET','POST'] )
|
||||||
def login():
|
def login():
|
||||||
if 'username' in session :
|
if 'username' in session :
|
||||||
@ -63,14 +90,15 @@ def login() :
|
|||||||
|
|
||||||
|
|
||||||
@loginlogout.route( '/logout/' )
|
@loginlogout.route( '/logout/' )
|
||||||
|
@login_required
|
||||||
def logout():
|
def logout():
|
||||||
session.pop('username', None) # Supprimer username de la session s'il s'y trouve
|
session.pop('username', None) # Supprimer username de la session s'il s'y trouve
|
||||||
return redirect(url_for('loginlogout.index'))
|
return redirect(url_for('loginlogout.index'))
|
||||||
|
|
||||||
|
|
||||||
@loginlogout.route( '/delete_me/', methods=['GET','POST'])
|
@loginlogout.route( '/delete_me/', methods=['GET','POST'])
|
||||||
|
@login_required
|
||||||
def delete_account():
|
def delete_account():
|
||||||
if 'username' in session :
|
|
||||||
user='%s'% escape(session['username'])
|
user='%s'% escape(session['username'])
|
||||||
resp = render_template('delete_account.html', time_backup=BACKUP_TIME)
|
resp = render_template('delete_account.html', time_backup=BACKUP_TIME)
|
||||||
if request.method == 'POST' :
|
if request.method == 'POST' :
|
||||||
@ -160,27 +188,3 @@ def lost_password():
|
|||||||
|
|
||||||
return render_template('lost_password.html')
|
return render_template('lost_password.html')
|
||||||
|
|
||||||
@loginlogout.route( '/' )
|
|
||||||
def index():
|
|
||||||
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
||||||
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
||||||
cursor.execute("""SELECT token passwd FROM users where name=? """, ("pywallter", ))
|
|
||||||
tmp = cursor.fetchone()
|
|
||||||
conn.close
|
|
||||||
if tmp:
|
|
||||||
token = tmp[0]
|
|
||||||
else:
|
|
||||||
token = None
|
|
||||||
|
|
||||||
if 'username' in session :
|
|
||||||
return redirect(url_for('profil.profile'))
|
|
||||||
else :
|
|
||||||
if token:
|
|
||||||
hostname = gethostname()
|
|
||||||
url_inscription = BASE_URL+'inscription/'+token
|
|
||||||
return render_template('inscription.html', signin_enable=app.config['SIGNIN_ENABLE'],
|
|
||||||
token=token, hostname=hostname,
|
|
||||||
url_inscription=url_inscription,
|
|
||||||
MAIL_SERVER=MAIL_SERVER)
|
|
||||||
else:
|
|
||||||
return redirect(url_for('loginlogout.login', _external=True))
|
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
from flask import Blueprint, Flask, request, flash, render_template, url_for, session, redirect, abort, make_response, send_file
|
from flask import Blueprint, Flask, request, flash, render_template, url_for, session, redirect, abort, make_response, send_file
|
||||||
import glob, os, sys
|
import glob, os, sys
|
||||||
from markupsafe import escape
|
from markupsafe import escape
|
||||||
|
from tools.utils import login_required
|
||||||
|
|
||||||
logs = Blueprint('logs', __name__, template_folder='templates')
|
logs = Blueprint('logs', __name__, template_folder='templates')
|
||||||
|
|
||||||
@ -19,13 +20,11 @@ DATABASE = app.config['DATABASE']
|
|||||||
|
|
||||||
|
|
||||||
@logs.route('/logs/')
|
@logs.route('/logs/')
|
||||||
|
@login_required
|
||||||
def logfile():
|
def logfile():
|
||||||
if 'username' in session:
|
|
||||||
UTILISATEUR='%s'% escape(session['username'])
|
UTILISATEUR='%s'% escape(session['username'])
|
||||||
log_file=os.path.join(DOSSIER_PERSO, UTILISATEUR, "log.txt")
|
log_file=os.path.join(DOSSIER_PERSO, UTILISATEUR, "log.txt")
|
||||||
with open(log_file, 'r') as log:
|
with open(log_file, 'r') as log:
|
||||||
logs=log.readlines()
|
logs=log.readlines()
|
||||||
log.close()
|
log.close()
|
||||||
return render_template('logs.html', section="Logs", logs=logs)
|
return render_template('logs.html', section="Logs", logs=logs)
|
||||||
else :
|
|
||||||
return redirect(url_for('loginlogout.login', _external=True), code=401)
|
|
||||||
|
|||||||
@ -7,7 +7,7 @@ import sqlite3
|
|||||||
import os
|
import os
|
||||||
from shutil import copy
|
from shutil import copy
|
||||||
from socket import gethostname
|
from socket import gethostname
|
||||||
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd
|
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, login_required
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -35,6 +35,7 @@ BACKUP_TIME = app.config['BACKUP_TIME']
|
|||||||
|
|
||||||
|
|
||||||
@mymailbox.route('/mymailbox/alias', methods=['GET', 'POST'] )
|
@mymailbox.route('/mymailbox/alias', methods=['GET', 'POST'] )
|
||||||
|
@login_required
|
||||||
def myalias():
|
def myalias():
|
||||||
hostname=gethostname()
|
hostname=gethostname()
|
||||||
UTILISATEUR='%s' % escape(session['username'])
|
UTILISATEUR='%s' % escape(session['username'])
|
||||||
@ -94,6 +95,7 @@ def myalias():
|
|||||||
|
|
||||||
|
|
||||||
@mymailbox.route('/mymailbox/rmalias/<aliasrm>')
|
@mymailbox.route('/mymailbox/rmalias/<aliasrm>')
|
||||||
|
@login_required
|
||||||
def remove_alias(aliasrm):
|
def remove_alias(aliasrm):
|
||||||
if MAIL_SERVER:
|
if MAIL_SERVER:
|
||||||
UTILISATEUR='%s' % escape(session['username'])
|
UTILISATEUR='%s' % escape(session['username'])
|
||||||
|
|||||||
@ -8,7 +8,7 @@ import os
|
|||||||
from shutil import copy
|
from shutil import copy
|
||||||
from socket import gethostname
|
from socket import gethostname
|
||||||
from flask_bcrypt import Bcrypt
|
from flask_bcrypt import Bcrypt
|
||||||
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token, totp_is_valid
|
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token, totp_is_valid, login_required
|
||||||
from pyotp import random_base32
|
from pyotp import random_base32
|
||||||
import qrcode
|
import qrcode
|
||||||
|
|
||||||
@ -38,18 +38,15 @@ BACKUP_TIME = app.config['BACKUP_TIME']
|
|||||||
|
|
||||||
|
|
||||||
@profil.route( '/profil/<user>/<img>', methods=['GET'] )
|
@profil.route( '/profil/<user>/<img>', methods=['GET'] )
|
||||||
|
@login_required
|
||||||
def profil_img(user, img) :
|
def profil_img(user, img) :
|
||||||
if 'username' in session :
|
|
||||||
|
|
||||||
return send_from_directory( os.path.join(DOSSIER_PERSO, user, 'profile'), img )
|
return send_from_directory( os.path.join(DOSSIER_PERSO, user, 'profile'), img )
|
||||||
else:
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@profil.route('/profil/', methods=['GET','POST'])
|
@profil.route('/profil/', methods=['GET','POST'])
|
||||||
|
@login_required
|
||||||
def profile() :
|
def profile() :
|
||||||
if 'username' in session :
|
|
||||||
user='%s' % escape(session['username'])
|
user='%s' % escape(session['username'])
|
||||||
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
||||||
cursor = conn.cursor() # Création de l'objet "curseur"
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
||||||
@ -119,14 +116,11 @@ def profile() :
|
|||||||
profil=profil_user,
|
profil=profil_user,
|
||||||
username=user)
|
username=user)
|
||||||
|
|
||||||
else :
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@profil.route('/profil/homepage', methods=['GET'] )
|
@profil.route('/profil/homepage', methods=['GET'] )
|
||||||
|
@login_required
|
||||||
def homepage():
|
def homepage():
|
||||||
if 'username' in session :
|
|
||||||
username='%s' % escape(session['username'])
|
username='%s' % escape(session['username'])
|
||||||
|
|
||||||
return render_template('homepage.html',
|
return render_template('homepage.html',
|
||||||
@ -136,8 +130,8 @@ def homepage():
|
|||||||
|
|
||||||
|
|
||||||
@profil.route('/profil/change-password/', methods=['GET','POST'] )
|
@profil.route('/profil/change-password/', methods=['GET','POST'] )
|
||||||
|
@login_required
|
||||||
def change_passwd() :
|
def change_passwd() :
|
||||||
if 'username' in session:
|
|
||||||
user='%s' % escape(session['username'])
|
user='%s' % escape(session['username'])
|
||||||
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
||||||
cursor = conn.cursor() # Création de l'objet "curseur"
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
||||||
@ -210,8 +204,6 @@ def change_passwd() :
|
|||||||
username=user,
|
username=user,
|
||||||
base_url=BASE_URL)
|
base_url=BASE_URL)
|
||||||
|
|
||||||
else :
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
|
|
||||||
@profil.route('/change-password-lost/<token>', methods=['GET','POST'] )
|
@profil.route('/change-password-lost/<token>', methods=['GET','POST'] )
|
||||||
@ -292,8 +284,8 @@ def change_passwd_lost(token) :
|
|||||||
return redirect(BASE_URL, code=401)
|
return redirect(BASE_URL, code=401)
|
||||||
|
|
||||||
@profil.route('/set_totp/', methods=['POST'])
|
@profil.route('/set_totp/', methods=['POST'])
|
||||||
|
@login_required
|
||||||
def set_totp():
|
def set_totp():
|
||||||
if 'username' in session:
|
|
||||||
user='%s' % escape(session['username'])
|
user='%s' % escape(session['username'])
|
||||||
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
||||||
cursor = conn.cursor() # Création de l'objet "curseur"
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
||||||
@ -314,12 +306,10 @@ def set_totp():
|
|||||||
|
|
||||||
conn.close()
|
conn.close()
|
||||||
return redirect(url_for('profil.change_passwd', _external=True))
|
return redirect(url_for('profil.change_passwd', _external=True))
|
||||||
else:
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
@profil.route('/del_totp/', methods=['GET'])
|
@profil.route('/del_totp/', methods=['GET'])
|
||||||
|
@login_required
|
||||||
def del_totp():
|
def del_totp():
|
||||||
if 'username' in session:
|
|
||||||
user='%s' % escape(session['username'])
|
user='%s' % escape(session['username'])
|
||||||
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
||||||
cursor = conn.cursor() # Création de l'objet "curseur"
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
||||||
@ -330,18 +320,15 @@ def del_totp():
|
|||||||
|
|
||||||
|
|
||||||
@profil.route('/totp.png', methods=['GET'])
|
@profil.route('/totp.png', methods=['GET'])
|
||||||
|
@login_required
|
||||||
def totp_qrcode():
|
def totp_qrcode():
|
||||||
if 'username' in session :
|
|
||||||
user='%s' % escape(session['username'])
|
user='%s' % escape(session['username'])
|
||||||
return send_file(
|
return send_file(
|
||||||
os.path.join(DOSSIER_PERSO, user, "totp.png"), "totp.png")
|
os.path.join(DOSSIER_PERSO, user, "totp.png"), "totp.png")
|
||||||
else :
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
|
|
||||||
@profil.route('/deltoken-password-lost/<token>', methods=['GET','POST'] )
|
@profil.route('/deltoken-password-lost/<token>', methods=['GET','POST'] )
|
||||||
def deltoken_passwd_lost(token) :
|
def deltoken_passwd_lost(token) :
|
||||||
|
|
||||||
if valid_token_register(token, "Lost password"):
|
if valid_token_register(token, "Lost password"):
|
||||||
user = get_user_by_token(token, "Lost password")
|
user = get_user_by_token(token, "Lost password")
|
||||||
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
||||||
@ -358,8 +345,8 @@ def deltoken_passwd_lost(token) :
|
|||||||
|
|
||||||
|
|
||||||
@profil.route('/invitation/', methods=['GET'])
|
@profil.route('/invitation/', methods=['GET'])
|
||||||
|
@login_required
|
||||||
def invitation():
|
def invitation():
|
||||||
if 'username' in session:
|
|
||||||
UTILISATEUR='%s' % escape(session['username'])
|
UTILISATEUR='%s' % escape(session['username'])
|
||||||
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
||||||
cursor = conn.cursor() # Création de l'objet "curseur"
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
||||||
@ -378,14 +365,12 @@ def invitation():
|
|||||||
nb_invitation=invitations_count,
|
nb_invitation=invitations_count,
|
||||||
token=token,
|
token=token,
|
||||||
url_invitation=url_invitation)
|
url_invitation=url_invitation)
|
||||||
else:
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@profil.route('/gen_token/', methods=['GET'])
|
@profil.route('/gen_token/', methods=['GET'])
|
||||||
|
@login_required
|
||||||
def generate_token():
|
def generate_token():
|
||||||
if 'username' in session:
|
|
||||||
UTILISATEUR='%s' % escape(session['username'])
|
UTILISATEUR='%s' % escape(session['username'])
|
||||||
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
||||||
cursor = conn.cursor() # Création de l'objet "curseur"
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
||||||
@ -395,13 +380,11 @@ def generate_token():
|
|||||||
conn.commit()
|
conn.commit()
|
||||||
conn.close()
|
conn.close()
|
||||||
return redirect(BASE_URL+'invitation/')
|
return redirect(BASE_URL+'invitation/')
|
||||||
else:
|
|
||||||
return redirect(BASE_URL, code=401)
|
|
||||||
|
|
||||||
|
|
||||||
@profil.route( '/delete_me/', methods=['GET','POST'])
|
@profil.route( '/delete_me/', methods=['GET','POST'])
|
||||||
|
@login_required
|
||||||
def delete_account():
|
def delete_account():
|
||||||
if 'username' in session :
|
|
||||||
UTILISATEUR='%s'% escape(session['username'])
|
UTILISATEUR='%s'% escape(session['username'])
|
||||||
resp = render_template('delete_account.html', time_backup=BACKUP_TIME)
|
resp = render_template('delete_account.html', time_backup=BACKUP_TIME)
|
||||||
if request.method == 'POST' :
|
if request.method == 'POST' :
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user