From 78227870bc851aabcbd3ae12688b995eea3b1ef2 Mon Sep 17 00:00:00 2001
From: kitoy <kitoy@kitoy.me>
Date: Sun, 7 Aug 2022 17:36:20 +0200
Subject: [PATCH] =?UTF-8?q?Ajout=20fonction=20premi=C3=A8re=20connexion=20?=
 =?UTF-8?q?et=20correction=20base=20de=20donn=C3=A9e?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 config.py                  | 11 ++++----
 sqlite                     |  0
 templates/inscription.html |  2 ++
 templates/myalias.html     | 26 +++++++++++++----
 tools/databaseinit.py      | 18 ++++++++++--
 tools/utils.py             | 35 +++++++++++++----------
 views/inscription.py       | 57 ++++++++++++++++++++++++++------------
 views/loginlogout.py       | 22 ++++++++++++++-
 views/profil.py            | 17 +++++++-----
 wsgi.py                    |  1 -
 10 files changed, 135 insertions(+), 54 deletions(-)
 create mode 100644 sqlite

diff --git a/config.py b/config.py
index ff1dd3c..30379b0 100644
--- a/config.py
+++ b/config.py
@@ -1,10 +1,11 @@
-
 # L'adresse de base de votre site.
-# example BASE_URL="http://localhost/"
-BASE_URL="https://profil.kitoy.me/"
+# example BASE_URL="https://example.com"
+BASE_URL="http://localhost:8000/" # si vous lancez pywallter avec flask run"
 
+
+BASE_URL="http://localhost:8000/"
 # Essentiels pour les cookies
-SECRET_KEY="La super putain de passephrase de mort"
+SECRET_KEY="CHANGE-ME"
 
 # Dossier où seront stocker les fichiers
 DOSSIER_APP = "./users/"
@@ -18,7 +19,7 @@ EXT_IMG= {'.jpg', '.JPG', '.png', '.PNG', '.gif', '.GIF', '.bmp', '.BMP', '.jpeg
 # Service
 # XMPP = True  => Le service est installé et lancer
 # XMMP = False => Le service est désactivé
-XMPP_SERVER = True
+XMPP_SERVER = False
 
 # Service Mail
 # MAIL_SERVER = True  => Le service est installé et lancer
diff --git a/sqlite b/sqlite
new file mode 100644
index 0000000..e69de29
diff --git a/templates/inscription.html b/templates/inscription.html
index 64cf8dd..5f577ba 100644
--- a/templates/inscription.html
+++ b/templates/inscription.html
@@ -29,11 +29,13 @@
                 {% if signin_enable  %}
             <form method="POST" action="{{ url_inscription }}">
                     <input type="text" name="user" id="user" placeholder="Pseudo" class="form-control"><br />
+                    {% if MAIL_SERVER %}
                     <div class="col-sm-7">
                         <input type="text" name="mail" id="mail" placeholder="Adresse mail" class="form-control" size="2"> <br/>
                     </div>
                     <h4>@{{hostname}}</h4>
                     <br/>
+                    {% endif %}
                 <input type="password" name="passwd" id="passwd" placeholder="Mot de passe" class="form-control"><br />
                 <input type="password" name="passwdconfirm" id="passwdconfirm" placeholder="Confirmation du mot de passe" class="form-control"><br />
                 <br>
diff --git a/templates/myalias.html b/templates/myalias.html
index b929c40..c1bc47e 100644
--- a/templates/myalias.html
+++ b/templates/myalias.html
@@ -5,6 +5,7 @@
 
 
 <div class="row">
+{% if MAIL_SERVER %}
     <div class="col-md-12">
         <table class="table">
             <thead>
@@ -39,7 +40,7 @@
 
         <p> Votre Adresse e-mail sur ce serveur : {{ email }} </p>
 
-        <label> Nouvelles identité </label>
+        <label> Nouvelle identité </label>
         <br/>
         <div class="col-sm-7">
             <input type="text" name="alias" id="alias" placeholder="Nouvel_identité" class="form-control"><br />
@@ -51,15 +52,28 @@
     </form>
     </div>
     </div>
+    {% else %}
+    <div class="panel panel-primary">
+        <div class="panel-heading">
+            <h3 class="panel-title"> Mes identitées </h3>
+        </div>
+
+
+        <div class="panel-body">
+            <h2> Le serveur de mail n'est pas activé cette fonctionnalité est désactivé <h2>
+        </div>
+    </div>
+    {% endif %}
     {# on affiche les messages d'erreur puis les messages de succes #}
     {% for categorie in ['error', 'succes'] %}
     {% with msgs = get_flashed_messages(category_filter=[categorie]) %}
     {% if msgs %}
-    <div class="flashed {{ categorie }}">
-        {% for m in msgs %}
-        <p>{{ m|safe }}</p>
-        {% endfor %}
-    </div>
+
+        <div class="flashed {{ categorie }}">
+            {% for m in msgs %}
+            <p>{{ m|safe }}</p>
+            {% endfor %}
+        </div>
     {% endif %}
     {% endwith %}
     {% endfor %}
diff --git a/tools/databaseinit.py b/tools/databaseinit.py
index 2baeadb..cd6c2b6 100755
--- a/tools/databaseinit.py
+++ b/tools/databaseinit.py
@@ -1,10 +1,12 @@
 from flask import Flask
 import sqlite3
 import os
+from tools.utils import gen_token
+from flask_bcrypt import Bcrypt
 
 app = Flask( 'pywallter' )
 app.config.from_pyfile('config.py')
-
+bcrypt = Bcrypt(app)
 
 DATABASE = app.config['DATABASE']
 DOSSIER_PERSO = app.config['DOSSIER_APP']
@@ -17,8 +19,8 @@ def init_db():
     cursor = conn.cursor()
     cursor.execute("""
     CREATE TABLE IF NOT EXISTS users(
-    Mail CHAR(80) PRIMARY KEY UNIQUE NOT NULL,
-    name TEXT,
+    Mail TEXT UNIQUE,
+    name TEXT primary KEY UNIQUE NOT NULL,
     alias TEXT,
     xmpp TEXT,
     passwd TEXT,
@@ -46,6 +48,16 @@ def init_db():
     )
     """)
     conn.commit()
+    cursor.execute("""select * from users""")
+    accounts = cursor.fetchall()
+    # Si aucun account n'est crée on créé l'utilisateur
+    # pywallter qui permet la première inscription
+    if not(accounts) :
+        user = "pywallter"
+        token = gen_token()
+        passwd_bcrypt = bcrypt.generate_password_hash(token)
+        cursor.execute("""INSERT INTO users(name, passwd, token) VALUES(?, ?, ?)""", (user, passwd_bcrypt, token))
+        conn.commit()
     conn.close()
     print ('table posts OK')
 
diff --git a/tools/utils.py b/tools/utils.py
index 226f197..fada7dc 100644
--- a/tools/utils.py
+++ b/tools/utils.py
@@ -26,26 +26,33 @@ def append_to_log(log_line, user):
 
 def email_disp(email):
     disp = True
-    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
-    cursor = conn.cursor() # Création de l'objet "curseur"
+    unique_at = len(email.split('@'))
+    print (unique_at)
+    if len(email) < 80 and unique_at == 2:
+        conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
+        cursor = conn.cursor() # Création de l'objet "curseur"
 
 
-    cursor.execute("""SELECT mail FROM users WHERE mail=?""", (email,))
-    testmail = cursor.fetchall()
-    if testmail:
-        print ("on passe ici")
+        cursor.execute("""SELECT mail FROM users WHERE mail=?""", (email,))
+        testmail = cursor.fetchall()
+        if testmail :
+            disp = False
+
+        if disp:
+            cursor.execute("""SELECT alias FROM users""")
+            aliases = cursor.fetchall()
+            for alist in aliases:
+                for alias in alist:
+                    if alias:
+                        if email in alias:
+                            disp=False
+
+    else:
         disp = False
 
-    if disp:
-        cursor.execute("""SELECT alias FROM users""")
-        aliases = cursor.fetchall()
-        for alist in aliases:
-            for alias in alist:
-                if alias:
-                    if email in alias:
-                        disp=False
     return disp
 
+
 def valid_token_register(token):
     valid = True
     print(token)
diff --git a/views/inscription.py b/views/inscription.py
index ea70cc7..d5158ca 100644
--- a/views/inscription.py
+++ b/views/inscription.py
@@ -29,39 +29,58 @@ inscription = Blueprint('inscription', __name__, template_folder='templates')
 @inscription.route( '/inscription/<token>', methods=['GET','POST'] )
 def signin(token) :
     hostname = gethostname()
+    url_inscription = BASE_URL+'inscription/'+token
+    resp = None
     if app.config['SIGNIN_ENABLE'] and valid_token_register(token):
         if 'username' in session :
             resp = redirect(url_for('profil.profile', _external=True))
         else :
             if request.method == 'POST':
-                conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
-                cursor = conn.cursor() # Création de l'objet "curseur"
+                if not(request.form['user']) or not(request.form['passwd']) or not(request.form['mail']):
+                    flash(u'Il faut remplir le formulaire en entier, les champs ne peuvent pas etre vide ', 'error')
+                    return render_template('inscription.html',
+                                           signin_enable=app.config['SIGNIN_ENABLE'],
+                                           token=token, hostname=hostname,
+                                           url_inscription=url_inscription,
+                                           MAIL_SERVER=MAIL_SERVER)
+
                 user = request.form['user']
-                mail = request.form['mail']+'@'+hostname
                 passwd = request.form['passwd']
-               
+                mail = ""
                 passwdconfirm = request.form['passwdconfirm']
                 bcrypt_passwd = bcrypt.generate_password_hash(request.form['passwd'])
+                mail_passwd_change = 0
+
+                conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
+                cursor = conn.cursor() # Création de l'objet "curseur"
+
                 cursor.execute("""SELECT name FROM users WHERE name=?""", (user,))
                 testuser = cursor.fetchone()
                 conn.close()
 
+
                 if MAIL_SERVER:
-                    cmd = SETUID + " set_mail_passwd " + "'"+mail+"' " + "'"+passwd+"'" 
-                    mail_passwd_change = os.system(cmd)
+                    mail = request.form['mail']+'@'+hostname
+                    if not(email_disp(mail)) :
+                        flash(u'Adresse email déjà utilisé ou invalide, merci d\'en choisir une autre', 'error')
+                        resp = render_template('inscription.html',
+                                               signin_enable=app.config['SIGNIN_ENABLE'],
+                                               token=token, hostname=hostname,
+                                               url_inscription=url_inscription,
+                                               MAIL_SERVER=MAIL_SERVER)
+                    else:
+                        cmd = SETUID + " set_mail_passwd " + "'"+mail+"' " + "'"+passwd+"'"
+                        mail_passwd_change = os.system(cmd)
 
 
-                if testuser:
+                if testuser or mail_passwd_change != 0 or resp:
                     flash(u'Non d\'utilisateur déjà utilisé, merci d\'en choisir un autre', 'error')
                     resp = render_template('inscription.html',
                                            signin_enable=app.config['SIGNIN_ENABLE'],
-                                           hostname=hostname)
+                                           token=token, hostname=hostname,
+                                           url_inscription=url_inscription,
+                                           MAIL_SERVER=MAIL_SERVER)
 
-                elif not(email_disp(mail)) or mail_passwd_change != 0 :
-                    flash(u'Adresse email déjà utilisé, merci d\'en choisir un autre', 'error')
-                    resp = render_template('inscription.html',
-                                           signin_enable=app.config['SIGNIN_ENABLE'],
-                                           hostname=hostname)
                 else:
                     confirmation = bcrypt.check_password_hash(bcrypt_passwd, passwdconfirm)
                     if confirmation is True:
@@ -83,7 +102,7 @@ def signin(token) :
                         users = cursor.fetchall()
                         for i in users:
                             i = print('{0} - {1} - {2}'.format(i[0], i[1], i[2]))
-                            
+
                         userracine = DOSSIER_PERSO + user
                         userfiles = userracine + '/files'
                         userimages = userracine + '/images'
@@ -114,12 +133,16 @@ def signin(token) :
                         flash(u'Les mots de passe ne sont pas identiques !', 'error')
                         resp = render_template('inscription.html',
                                                signin_enable=app.config['SIGNIN_ENABLE'],
-                                               hostname=hostname)
+                                               token=token, hostname=hostname,
+                                               url_inscription=url_inscription,
+                                               MAIL_SERVER=MAIL_SERVER)
             else :
-                url_inscription = BASE_URL+'inscription/'+token
+
                 resp = render_template('inscription.html',
                                        signin_enable=app.config['SIGNIN_ENABLE'],
-                                       token=token, hostname=hostname, url_inscription=url_inscription)
+                                       token=token, hostname=hostname,
+                                       url_inscription=url_inscription,
+                                       MAIL_SERVER=MAIL_SERVER)
     else:
         resp = redirect(BASE_URL, code=401)
 
diff --git a/views/loginlogout.py b/views/loginlogout.py
index 3016d60..45c52eb 100644
--- a/views/loginlogout.py
+++ b/views/loginlogout.py
@@ -1,6 +1,7 @@
 from flask import Blueprint, Flask, request, flash, render_template, url_for, session, redirect, abort, make_response, send_file, escape
 import sqlite3
 from flask_bcrypt import Bcrypt
+from socket import gethostname
 
 app = Flask( 'pywallter' )
 app.config.from_pyfile('config.py')
@@ -14,6 +15,10 @@ DOSSIER_PERSO= app.config['DOSSIER_APP']
 extensionimg = app.config['EXT_IMG']
 
 DATABASE = app.config['DATABASE']
+
+BASE_URL = app.config['BASE_URL']
+
+MAIL_SERVER = app.config['MAIL_SERVER']
 ##################################################################################################
 
 
@@ -52,7 +57,22 @@ def logout():
 
 @loginlogout.route( '/' )
 def index():
+
+    conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
+    cursor = conn.cursor() # Création de l'objet "curseur"
+    cursor.execute("""SELECT token passwd FROM users where name=? """, ("pywallter", ))
+    tmp = cursor.fetchone()
+    conn.close
+    token = tmp[0]
     if 'username' in session :
         return redirect(url_for('profil.profile'))
     else :
-        return redirect(url_for('loginlogout.login', _external=True))
+        if token:
+            hostname = gethostname()
+            url_inscription = BASE_URL+'inscription/'+token
+            return render_template('inscription.html', signin_enable=app.config['SIGNIN_ENABLE'],
+                                   token=token, hostname=hostname,
+                                   url_inscription=url_inscription,
+                                   MAIL_SERVER=MAIL_SERVER)
+        else:
+            return redirect(url_for('loginlogout.login', _external=True))
diff --git a/views/profil.py b/views/profil.py
index 06c7a67..2b17da5 100644
--- a/views/profil.py
+++ b/views/profil.py
@@ -128,9 +128,9 @@ def change_passwd() :
             mail_passwd_change = 0
             xmmp_passwd_change = 0
             passwd = request.form['password']
-
+            mail_passwd_change = 0
             if MAIL_SERVER:
-               cmd = SETUID+ " set_mail_passwd " + "'"+mailbox['Mail']+"' "+"'"+passwd+"'" 
+               cmd = SETUID+ " set_mail_passwd " + "'"+mailbox['Mail']+"' "+"'"+passwd+"'"
                mail_passwd_change = os.system(cmd)
 
 
@@ -190,7 +190,7 @@ def myalias():
                aliases = alias_list + "," +alias
             else:
                aliases = alias
-            cmd = SETUID+ " set_mail_alias " + "'"+mail+"'"+" add "+"'"+alias+"'" 
+            cmd = SETUID+ " set_mail_alias " + "'"+mail+"'"+" add "+"'"+alias+"'"
             res = os.system(cmd)
             if res == 0:
                cursor.execute("UPDATE users SET alias=? WHERE name=?",
@@ -223,7 +223,7 @@ def myalias():
                              email=mailbox['Mail'],
                              aliases=mailbox['alias'],
                              hostname=hostname,
-                             Mail_active=MAIL_SERVER,
+                             MAIL_SERVER=MAIL_SERVER,
                              username=UTILISATEUR )
 
    else:
@@ -247,7 +247,7 @@ def remove_alias(aliasrm):
                   aliases = aliases + "," + alias
                else:
                   aliases = alias
-         cmd = SETUID+ " set_mail_alias " + "'"+mail+"'"+" del "+"'"+alias+"'" 
+         cmd = SETUID+ " set_mail_alias " + "'"+mail+"'"+" del "+"'"+alias+"'"
          res = os.system(cmd)
          if res == 0:
             cursor.execute("UPDATE users SET alias=? WHERE name=?",
@@ -276,11 +276,14 @@ def invitation():
       cursor = conn.cursor() # Création de l'objet "curseur"
       cursor.execute("""SELECT Token, invitations FROM users WHERE name=?""", (UTILISATEUR,))
       tmp = cursor.fetchone()
-      print (tmp[0])
       token = tmp[0]
+      if token:
+          url_invitation = BASE_URL + 'inscription/' + token
+      else:
+          url_invitation = ""
       invitations_count = tmp[1]
       conn.close()
-      url_invitation = BASE_URL + 'inscription/' + token
+
       return render_template('invitation.html',
                       section='Profil',
                       nb_invitation=invitations_count,
diff --git a/wsgi.py b/wsgi.py
index 4997d11..290129c 100644
--- a/wsgi.py
+++ b/wsgi.py
@@ -1,5 +1,4 @@
 from gevent.pywsgi import WSGIServer
-from flask import Flask
 from pywallter import create_app
 
 app = create_app()