diff --git a/pywallter.py b/pywallter.py index 138121c..bc454ef 100755 --- a/pywallter.py +++ b/pywallter.py @@ -18,7 +18,7 @@ from views.logs import logs from views.loginlogout import loginlogout from views.gallery import mygallery -from tools.databaseinit import init_db, init_dir, db_migrate +from tools.databaseinit import init_db, check_directories, db_migrate import glob, os, sys, time @@ -26,22 +26,25 @@ app = Flask( 'pywallter' ) app.config.from_pyfile('config.py') bcrypt = Bcrypt(app) -init_db() -db_migrate() -if init_dir(): - print ("Le repertoire des utilisateurs a été créer") + #### Variables Globales ######################################################################### DOSSIER_PERSO= app.config['DOSSIER_APP'] - +DATABASE= app.config['DATABASE'] extensionimg = app.config['EXT_IMG'] MAIL_SERVER = app.config['MAIL_SERVER'] XMPP_SERVER = app.config['XMPP_SERVER'] ################################################################################################# +init_db(DATABASE) +check_directories(DOSSIER_PERSO) +db_migrate(DATABASE) + + + xmpp_server_not_installed = system('whereis prosodyctl') mail_server_not_installed = system('whereis set_mail_alias') + system('whereis set_mail_passwd') + \ system('whereis dovecot') + system('whereis smtpd') diff --git a/tools/databaseinit.py b/tools/databaseinit.py index 9a61c02..38c6376 100755 --- a/tools/databaseinit.py +++ b/tools/databaseinit.py @@ -5,17 +5,12 @@ from tools.utils import gen_token from flask_bcrypt import Bcrypt app = Flask( 'pywallter' ) -app.config.from_pyfile('config.py') bcrypt = Bcrypt(app) -DATABASE = app.config['DATABASE'] -DOSSIER_PERSO = app.config['DOSSIER_APP'] -DATABASE = app.config['DATABASE'] - -def init_db(): - conn = sqlite3.connect(DATABASE) +def init_db(database): + conn = sqlite3.connect(database) cursor = conn.cursor() cursor.execute(""" CREATE TABLE IF NOT EXISTS users( @@ -81,14 +76,16 @@ def init_db(): conn.close() print ('table posts OK') -def init_dir(): - if os.path.isdir('users'): - return False - else: - os.makedirs('./users/') +def check_directories(users_folder): -def db_migrate(): - conn = sqlite3.connect(DATABASE) + if os.path.isdir(users_folder): + print("Le dossier {} existe".format(users_folder)) + else: + os.makedirs(users_folder) + print("Le dossier {} a été créé".format(users_folder)) + +def db_migrate(database): + conn = sqlite3.connect(database) cursor = conn.cursor() cursor.execute("""SELECT name FROM PRAGMA_TABLE_INFO('users');""") diff --git a/tools/utils.py b/tools/utils.py index 8233cf3..ff524e9 100644 --- a/tools/utils.py +++ b/tools/utils.py @@ -1,4 +1,5 @@ -from flask import Flask +from flask import Flask, url_for, session, redirect, request +from functools import wraps import sqlite3 import os import string @@ -14,6 +15,17 @@ DATABASE = app.config['DATABASE'] DOSSIER_PERSO = app.config['DOSSIER_APP'] DATABASE = app.config['DATABASE'] + +def login_required(f): + @wraps(f) + def decorated_function(*args, **kwargs): + if 'username' not in session: + return redirect(url_for('loginlogout.login', next=request.url)) + return f(*args, **kwargs) + return decorated_function + + + def append_to_log(log_line, user): log_file=os.path.join(DOSSIER_PERSO, user, "log.txt") logs=open(log_file, "r") diff --git a/views/blog.py b/views/blog.py index 18590e8..de3985c 100644 --- a/views/blog.py +++ b/views/blog.py @@ -7,6 +7,7 @@ import sqlite3 from markdown import markdown from tools.filesutils import getFileSizeKo import string +from tools.utils import login_required blog = Blueprint('blog', __name__, template_folder='templates') @@ -24,117 +25,108 @@ DOSSIER_PUBLIC= app.config['DOSSIER_PUBLIC']+'/' ################################################################################ @blog.route('/myblog/new-article/', methods=['GET', 'POST']) +@login_required def new_article(): - if 'username' in session: - user = '%s'% escape(session['username']) - folder_blog = DOSSIER_PERSO + user + "/blog/articles/" - if request.method == 'POST': - title = request.form['title'] - subtitle = request.form['subtitle'] - content = request.form['content'] - status = request.form['status'] - post_date = time.strftime("%d/%m/%Y %H:%M:%S") - filename = title.replace(" ", "_") + ".md" + user = '%s'% escape(session['username']) + folder_blog = DOSSIER_PERSO + user + "/blog/articles/" + if request.method == 'POST': + title = request.form['title'] + subtitle = request.form['subtitle'] + content = request.form['content'] + status = request.form['status'] + post_date = time.strftime("%d/%m/%Y %H:%M:%S") + filename = title.replace(" ", "_") + ".md" - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""INSERT INTO Blog_posts(title, subtitle, filename, time, author, status) VALUES(?, ?, ?, ?, ?, ?)""", (title, subtitle, filename, post_date, user, status)) # Insérer des valeurs - conn.commit() - ## On génère le fichiers markdown - with open(folder_blog + filename, 'w') as f: - f.write(content) - - return redirect(url_for('blog.list_articles_blog')) - else: - return render_template('new_article_blog.html') - else: - return redirect(BASE_URL, code=401) - -@blog.route('/myblog/list-articles/', methods=['GET']) -def list_articles_blog(): - if 'username' in session: - user = '%s'% escape(session['username']) conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""SELECT title, subtitle, time, last_updated, status FROM Blog_posts WHERE author=? """, (user,) ) - list_posts=cursor.fetchall() - posts=list() - nb_articles=0 - for post in list_posts: - posts.append(dict(title=post[0], - subtitle=post[1], - time=post[2], - last_updated=post[3], - status=post[4])) - nb_articles =+ 1 + cursor.execute("""INSERT INTO Blog_posts(title, subtitle, filename, time, author, status) VALUES(?, ?, ?, ?, ?, ?)""", (title, subtitle, filename, post_date, user, status)) # Insérer des valeurs + conn.commit() + ## On génère le fichiers markdown + with open(folder_blog + filename, 'w') as f: + f.write(content) + + return redirect(url_for('blog.list_articles_blog')) + else: + return render_template('new_article_blog.html') + +@blog.route('/myblog/list-articles/', methods=['GET']) +@login_required +def list_articles_blog(): + user = '%s'% escape(session['username']) + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + cursor.execute("""SELECT title, subtitle, time, last_updated, status FROM Blog_posts WHERE author=? """, (user,) ) + list_posts=cursor.fetchall() + posts=list() + nb_articles=0 + for post in list_posts: + posts.append(dict(title=post[0], + subtitle=post[1], + time=post[2], + last_updated=post[3], + status=post[4])) + nb_articles =+ 1 - return render_template('list_articles.html', + return render_template('list_articles.html', section="Articles", list_posts=posts, nb_articles=nb_articles ) - else: - return redirect(BASE_URL, code=401) - @blog.route('/myblog/delete/') +@login_required def delete(title): - if 'username' in session : - user='%s'% escape(session['username']) - folder_blog = DOSSIER_PERSO + user + "/blog/articles/" - folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/" - filename = title.replace(" ", "_") - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""DELETE FROM Blog_posts WHERE title=? AND author=?""", (title, user)) + user='%s'% escape(session['username']) + folder_blog = DOSSIER_PERSO + user + "/blog/articles/" + folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/" + filename = title.replace(" ", "_") + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + cursor.execute("""DELETE FROM Blog_posts WHERE title=? AND author=?""", (title, user)) + conn.commit() + conn.close() + os.remove(folder_blog+filename+".md") + os.remove(folder_blog_public+filename+".html") + return redirect(url_for('blog.list_articles_blog')) + +@blog.route('/myblog/edit/<title>', methods=['GET', 'POST']) +@login_required +def edit(title): + user='%s'% escape(session['username']) + filename = title.replace(" ", "_") + ".md" + folder_blog = DOSSIER_PERSO + user + "/blog/articles/" + + if request.method == 'POST' : + subtitle = request.form['subtitle'] + newcontent = request.form['content'] + newstatus = request.form['status'] + updated = time.strftime("%d/%m/%Y %H:%M:%S") + conn = sqlite3.connect(DATABASE) + cursor = conn.cursor() + cursor.execute("""UPDATE Blog_posts SET subtitle=?, last_updated=?, status=? WHERE title=? AND author=?""", (subtitle, updated, newstatus, title, user)) conn.commit() conn.close() - os.remove(folder_blog+filename+".md") - os.remove(folder_blog_public+filename+".html") - return redirect(url_for('blog.list_articles_blog')) - else: - return redirect(BASE_URL, code=401) # sinon on redirige vers login - -@blog.route('/myblog/edit/<title>', methods=['GET', 'POST']) -def edit(title): - if 'username' in session : - user='%s'% escape(session['username']) - filename = title.replace(" ", "_") + ".md" - folder_blog = DOSSIER_PERSO + user + "/blog/articles/" - - if request.method == 'POST' : - subtitle = request.form['subtitle'] - newcontent = request.form['content'] - newstatus = request.form['status'] - updated = time.strftime("%d/%m/%Y %H:%M:%S") - conn = sqlite3.connect(DATABASE) - cursor = conn.cursor() - cursor.execute("""UPDATE Blog_posts SET subtitle=?, last_updated=?, status=? WHERE title=? AND author=?""", (subtitle, updated, newstatus, title, user)) - conn.commit() - conn.close() - with open(folder_blog + filename, 'w') as f: - f.write(newcontent) + with open(folder_blog + filename, 'w') as f: + f.write(newcontent) - return redirect(url_for('blog.list_articles_blog')) - else: - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""SELECT title, subtitle, status FROM Blog_posts WHERE title=? AND author=?""", (title, user)) - oldpost = cursor.fetchone() - conn.close() - - with open(folder_blog + filename, 'r') as f: - content = f.read() - - return render_template('edit_article.html', - section='Post-it', - oldpost=oldpost, - content=content) + return redirect(url_for('blog.list_articles_blog')) else: - return redirect(BASE_URL, code=401) + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + cursor.execute("""SELECT title, subtitle, status FROM Blog_posts WHERE title=? AND author=?""", (title, user)) + oldpost = cursor.fetchone() + conn.close() + + with open(folder_blog + filename, 'r') as f: + content = f.read() + return render_template('edit_article.html', + section='Post-it', + oldpost=oldpost, + content=content) + @blog.route('/blog/<username>/', methods=['GET']) def view(username): user = username diff --git a/views/filesupload.py b/views/filesupload.py index e7205a3..62038eb 100644 --- a/views/filesupload.py +++ b/views/filesupload.py @@ -9,6 +9,7 @@ import sqlite3 import os from shutil import move from tools.filesutils import getFileSizeMo, getFileSizeKo, check_and_create +from tools.utils import login_required filesupload = Blueprint('filesupload', __name__, template_folder='templates') @@ -28,163 +29,154 @@ BASE_URL= app.config['BASE_URL'] @filesupload.route( '/filesupload/', methods=['GET', 'POST']) +@login_required def uploadfiles(): - if 'username' in session : - user = '%s'% escape(session['username']) - if request.method == 'POST' : - files = request.files.getlist('fic') - for f in files : - nom = secure_filename(f.filename) - check_and_create(DOSSIER_PERSO+ user + 'files') - check_and_create(DOSSIER_PERSO+ user + 'images') - if os.path.isfile(DOSSIER_PERSO + user + '/files/' + nom) or os.path.isfile(DOSSIER_PERSO + user + '/images/' + nom): - flash(u'Un fichier avec le même nom existe déjà, merci de spécifier un autre nom de fichier', 'error') - else: - file, ext = os.path.splitext(nom) - if ext in extensionimg : - f.save(DOSSIER_PERSO + user + '/images/' + nom) - image = DOSSIER_PERSO + user + '/images/' + nom - with Image.open(image) as img : - img.thumbnail((300,300)) - img.save( DOSSIER_PERSO + user + '/images/thumbnails/' + nom ) - TIME=time.strftime("%A %d %B %Y %H:%M:%S") - IP=request.environ['REMOTE_ADDR'] - CLIENT_PLATFORM=request.headers.get('User-Agent') - log_file=os.path.join(DOSSIER_PERSO, user, "log.txt") - LOG=open(log_file, "a") - LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') - LOG.close() - flash(u'Image envoyée et traitée avec succés', 'succes') - else: - f.save(DOSSIER_PERSO + user + '/files/' + nom) - TIME=time.strftime("%A %d %B %Y %H:%M:%S") - IP=request.environ['REMOTE_ADDR'] - CLIENT_PLATFORM=request.headers.get('User-Agent') - LOG=open("log.txt", "a") # Ouvre fichier log.txt - LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') # Écrit dans log - LOG.close() # Ferme log.txt - flash(u'Fichier envoyé avec succés', 'succes') + user = '%s'% escape(session['username']) + if request.method == 'POST' : + + if 'fic' not in request.files: + flash(u'Mauvais format de ficher', 'error') + return redirect(request.url) + file = request.files['fic'] + + # If the user does not select a file, the browser submits an + # empty file without a filename. + if file.filename == '': + flash(u'Vous avez oubliez de selectionner un fichier', 'error' ) + return redirect(request.url) + + files = request.files.getlist('fic') + for f in files : + nom = secure_filename(f.filename) + check_and_create(DOSSIER_PERSO+ user + 'files') + check_and_create(DOSSIER_PERSO+ user + 'images') + if os.path.isfile(DOSSIER_PERSO + user + '/files/' + nom) or os.path.isfile(DOSSIER_PERSO + user + '/images/' + nom): + flash(u'Un fichier avec le même nom existe déjà, merci de spécifier un autre nom de fichier', 'error') + else: + file, ext = os.path.splitext(nom) + if ext in extensionimg : + f.save(DOSSIER_PERSO + user + '/images/' + nom) + image = DOSSIER_PERSO + user + '/images/' + nom + with Image.open(image) as img : + img.thumbnail((300,300)) + img.save( DOSSIER_PERSO + user + '/images/thumbnails/' + nom ) + TIME=time.strftime("%A %d %B %Y %H:%M:%S") + IP=request.environ['REMOTE_ADDR'] + CLIENT_PLATFORM=request.headers.get('User-Agent') + log_file=os.path.join(DOSSIER_PERSO, user, "log.txt") + LOG=open(log_file, "a") + LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') + LOG.close() + flash(u'Image envoyée et traitée avec succés', 'succes') + else: + f.save(DOSSIER_PERSO + user + '/files/' + nom) + TIME=time.strftime("%A %d %B %Y %H:%M:%S") + IP=request.environ['REMOTE_ADDR'] + CLIENT_PLATFORM=request.headers.get('User-Agent') + LOG=open("log.txt", "a") # Ouvre fichier log.txt + LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') # Écrit dans log + LOG.close() # Ferme log.txt + flash(u'Fichier envoyé avec succés', 'succes') - else: - flash(u'Error : Vous avez oublié le fichier !', 'error') - return redirect(url_for('filesupload.uploadfiles')) - resp = make_response(render_template('up_up.html', section="Upload")) - resp.set_cookie('username', session['username']) - return resp - else : - return redirect(BASE_URL, code=401) - + + resp = make_response(render_template('up_up.html', section="Upload")) + resp.set_cookie('username', session['username']) + return resp + @filesupload.route('/view/') +@login_required def list(): - if 'username' in session : - user = '%s'% escape(session['username']) - - check_and_create(DOSSIER_PUBLIC + user + '/files/') - check_and_create(DOSSIER_PERSO + user + '/files/') - files_public = os.listdir(DOSSIER_PUBLIC + user + '/files/') - files_private = os.listdir(DOSSIER_PERSO + user + '/files/') - listFilesPublic = [] - listFilesPrivate = [] - nb_pv = 0 - size=0 - if files_private: - for fich in files_private: - nb_pv += 1 - size = getFileSizeMo(DOSSIER_PERSO + user + '/files/' + fich) # size = taille des fichiers - listFilesPrivate.append([nb_pv, fich, size]) # On implémente la listeFichiers avec le num le ficier et sa taille - - nb_pu = 0 - if files_public: - for fich in files_public: - nb_pu += 1 - size = getFileSizeMo(DOSSIER_PUBLIC + user + '/files/' + fich) # size = taille des fichiers - listFilesPublic.append([nb_pu, fich, size]) - - return render_template('up_list.html', - section="Files", - size=size, - username=user, - nb_pv=nb_pv, - nb_pu=nb_pu, - listFilesPrivate=listFilesPrivate, - listFilesPublic=listFilesPublic) + user = '%s'% escape(session['username']) - else : - return redirect(BASE_URL, code=401) + check_and_create(DOSSIER_PUBLIC + user + '/files/') + check_and_create(DOSSIER_PERSO + user + '/files/') + files_public = os.listdir(DOSSIER_PUBLIC + user + '/files/') + files_private = os.listdir(DOSSIER_PERSO + user + '/files/') + listFilesPublic = [] + listFilesPrivate = [] + nb_pv = 0 + size=0 + if files_private: + for fich in files_private: + nb_pv += 1 + size = getFileSizeMo(DOSSIER_PERSO + user + '/files/' + fich) # size = taille des fichiers + listFilesPrivate.append([nb_pv, fich, size]) # On implémente la listeFichiers avec le num le ficier et sa taille + nb_pu = 0 + if files_public: + for fich in files_public: + nb_pu += 1 + size = getFileSizeMo(DOSSIER_PUBLIC + user + '/files/' + fich) # size = taille des fichiers + listFilesPublic.append([nb_pu, fich, size]) + + return render_template('up_list.html', + section="Files", + size=size, + username=user, + nb_pv=nb_pv, + nb_pu=nb_pu, + listFilesPrivate=listFilesPrivate, + listFilesPublic=listFilesPublic) + + @filesupload.route('/myfiles/<username>/<filename>') +@login_required def myfiles(username, filename): - if 'username' in session : - user = '%s' % escape(session['username']) - return send_from_directory( - os.path.join(DOSSIER_PERSO, username, 'files'), filename ) - else : - return redirect(BASE_URL, code=401) - -@filesupload.route('/make_public/<filename>') -def move_public(filename): - if 'username' in session: - - user = '%s' % escape(session['username']) - check_and_create(DOSSIER_PUBLIC + user + '/files/') - check_and_create(DOSSIER_PERSO + user + '/files/') - - src = os.path.join(DOSSIER_PERSO, user, 'files', filename) - dst = os.path.join(DOSSIER_PUBLIC, user, 'files/') - move (src, dst) - return redirect(url_for('filesupload.list', _external=True)) - else: - return redirect(BASE_URL, code=401) - -@filesupload.route('/make_private/<filename>') -def move_private(filename): - if 'username' in session: - user = '%s' % escape(session['username']) - check_and_create(DOSSIER_PUBLIC + user + '/files/') - check_and_create(DOSSIER_PERSO + user + '/files/') - src = os.path.join(DOSSIER_PUBLIC, user, 'files', filename) - dst = os.path.join(DOSSIER_PERSO, user, 'files/') - move (src, dst) - return redirect(url_for('filesupload.list', _external=True)) - else: - return redirect(BASE_URL, code=401) - - -@filesupload.route('/public/<username>/<filename>') -def publicfiles(username, filename): + user = '%s' % escape(session['username']) return send_from_directory( - os.path.join(DOSSIER_PUBLIC, username, 'files'), filename ) + os.path.join(DOSSIER_PERSO, username, 'files'), filename ) + +@filesupload.route('/make_public/<filename>') +@login_required +def move_public(filename): + user = '%s' % escape(session['username']) + check_and_create(DOSSIER_PUBLIC + user + '/files/') + check_and_create(DOSSIER_PERSO + user + '/files/') + + src = os.path.join(DOSSIER_PERSO, user, 'files', filename) + dst = os.path.join(DOSSIER_PUBLIC, user, 'files/') + move (src, dst) + return redirect(url_for('filesupload.list', _external=True)) + +@filesupload.route('/make_private/<filename>') +@login_required +def move_private(filename): + user = '%s' % escape(session['username']) + check_and_create(DOSSIER_PUBLIC + user + '/files/') + check_and_create(DOSSIER_PERSO + user + '/files/') + src = os.path.join(DOSSIER_PUBLIC, user, 'files', filename) + dst = os.path.join(DOSSIER_PERSO, user, 'files/') + move (src, dst) + return redirect(url_for('filesupload.list', _external=True)) + + @filesupload.route('/remove_privateFile/<filename>') +@login_required def remove_privateFile(filename): - if 'username' in session : - user = '%s' % escape(session['username']) - filename = secure_filename(filename) - try: - os.remove(DOSSIER_PERSO + user + '/files/' + filename) # on le supprime - except FileNotFoundError: - flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error') - return redirect(url_for('filesupload.list', _external=True)) - else : - return redirect(BASE_URL, code=401) - + user = '%s' % escape(session['username']) + filename = secure_filename(filename) + try: + os.remove(DOSSIER_PERSO + user + '/files/' + filename) # on le supprime + except FileNotFoundError: + flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error') + return redirect(url_for('filesupload.list', _external=True)) + @filesupload.route('/remove_publicFile/<filename>') +@login_required def remove_publicFile(filename): - if 'username' in session : - user = '%s' % escape(session['username']) - filename = secure_filename(filename) - try: - os.remove(DOSSIER_PUBLIC + user + '/files/' + filename) # on le supprime - except FileNotFoundError: - flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error') - return redirect(url_for('filesupload.list', _external=True)) - else : - return redirect(BASE_URL, code=401) - + user = '%s' % escape(session['username']) + filename = secure_filename(filename) + try: + os.remove(DOSSIER_PUBLIC + user + '/files/' + filename) # on le supprime + except FileNotFoundError: + flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error') + return redirect(url_for('filesupload.list', _external=True)) + @filesupload.route('/theme.min.css') def theme(): if 'username' in session: @@ -193,3 +185,8 @@ def theme(): return send_file(DOSSIER_PERSO+ user +'/theme.min.css', mimetype='text/css') else: return send_file("static/default.min.css", mimetype='text/css') + +@filesupload.route('/public/<username>/<filename>') +def publicfiles(username, filename): + return send_from_directory( + os.path.join(DOSSIER_PUBLIC, username, 'files'), filename ) diff --git a/views/gallery.py b/views/gallery.py index 2cfd913..f72bb76 100644 --- a/views/gallery.py +++ b/views/gallery.py @@ -8,6 +8,7 @@ import time import sqlite3 import os from tools.filesutils import check_and_create +from tools.utils import login_required mygallery = Blueprint('mygallery', __name__, template_folder='templates') @@ -25,61 +26,56 @@ DATABASE = app.config['DATABASE'] ################################################################################################# @mygallery.route( '/gallery/') +@login_required def gallery(): - if 'username' in session : - user ='%s' % escape(session['username']) - check_and_create(DOSSIER_PUBLIC + user + '/images/') - check_and_create(DOSSIER_PUBLIC + user + '/images/thumbnails/') - check_and_create(DOSSIER_PERSO + user + '/images/') - check_and_create(DOSSIER_PERSO + user + '/images/thumbnails/') - THUMBNAILS=DOSSIER_PERSO + user + '/images/thumbnails/' - fichiers = [fich for fich in os.listdir(THUMBNAILS)] - return render_template('gallery.html', - section='Gallery', - THUMBNAILS=THUMBNAILS, - fichiers=fichiers) - else : - return redirect(url_for('loginlogout.login'), code=401) + user ='%s' % escape(session['username']) + check_and_create(DOSSIER_PUBLIC + user + '/images/') + check_and_create(DOSSIER_PUBLIC + user + '/images/thumbnails/') + check_and_create(DOSSIER_PERSO + user + '/images/') + check_and_create(DOSSIER_PERSO + user + '/images/thumbnails/') + THUMBNAILS=DOSSIER_PERSO + user + '/images/thumbnails/' + fichiers = [fich for fich in os.listdir(THUMBNAILS)] + return render_template('gallery.html', + section='Gallery', + THUMBNAILS=THUMBNAILS, + fichiers=fichiers) + @mygallery.route('/myfiles/images/<filename>') +@login_required def myimg(filename): - if 'username' in session : - UTILISATEUR='%s' % escape(session['username']) - return send_from_directory( - os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images'), filename ) - else : - return redirect(BASE_URL, code=401) + UTILISATEUR='%s' % escape(session['username']) + return send_from_directory( + os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images'), filename ) @mygallery.route('/myfiles/images/thumbnails/<filename>') +@login_required def mythumbnails(filename): - if 'username' in session : - UTILISATEUR='%s' % escape(session['username']) - return send_from_directory( - os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images/thumbnails'), filename ) - else : - return redirect(BASE_URL, code=401) + UTILISATEUR='%s' % escape(session['username']) + return send_from_directory( + os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images/thumbnails'), filename ) @mygallery.route('/remove_privateImage/<filename>') +@login_required def remove_privateImage(filename): - if 'username' in session : - user = '%s' % escape(session['username']) - filename = secure_filename(filename) - try: - os.remove(DOSSIER_PERSO + user + '/images/thumbnails/' + filename) # on le supprime - os.remove(DOSSIER_PERSO + user + '/images/' + filename) # on le supprime - except FileNotFoundError: - flash(u'Image {filename} inexistante.'.format(filename=filename), 'error') - return redirect(url_for('mygallery.gallery')) + user = '%s' % escape(session['username']) + filename = secure_filename(filename) + try: + os.remove(DOSSIER_PERSO + user + '/images/thumbnails/' + filename) # on le supprime + os.remove(DOSSIER_PERSO + user + '/images/' + filename) # on le supprime + except FileNotFoundError: + flash(u'Image {filename} inexistante.'.format(filename=filename), 'error') + return redirect(url_for('mygallery.gallery')) @mygallery.route('/remove_publicImage/<filename>') +@login_required def remove_publicImage(filename): - if 'username' in session : - user = '%s' % escape(session['username']) - filename = secure_filename(filename) - try: - os.remove(DOSSIER_PUBLIC + user + '/images/thumbnails/' + filename) # on le supprime - os.remove(DOSSIER_PUBLIC + user + '/images/' + filename) # on le supprime - except FileNotFoundError: - flash(u'Image {filename} inexistante.'.format(filename=filename), 'error') - return redirect(url_for('mygallery.gallery')) + user = '%s' % escape(session['username']) + filename = secure_filename(filename) + try: + os.remove(DOSSIER_PUBLIC + user + '/images/thumbnails/' + filename) # on le supprime + os.remove(DOSSIER_PUBLIC + user + '/images/' + filename) # on le supprime + except FileNotFoundError: + flash(u'Image {filename} inexistante.'.format(filename=filename), 'error') + return redirect(url_for('mygallery.gallery')) diff --git a/views/loginlogout.py b/views/loginlogout.py index 6967323..0d260e5 100644 --- a/views/loginlogout.py +++ b/views/loginlogout.py @@ -6,6 +6,7 @@ from socket import gethostname from os import remove, system from tools.utils import email_disp, valid_token_register, valid_passwd, valid_username, gen_token, totp_is_valid from tools.mailer import Mailer +from tools.utils import login_required app = Flask( 'pywallter' ) app.config.from_pyfile('config.py') @@ -29,8 +30,34 @@ BACKUP_TIME = app.config['BACKUP_TIME'] loginlogout = Blueprint('loginlogout', __name__, template_folder='templates') + +@loginlogout.route( '/' ) +def index(): + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + cursor.execute("""SELECT token passwd FROM users where name=? """, ("pywallter", )) + tmp = cursor.fetchone() + conn.close + if tmp: + token = tmp[0] + else: + token = None + + if 'username' in session : + return redirect(url_for('profil.profile')) + else : + if token: + hostname = gethostname() + url_inscription = BASE_URL+'inscription/'+token + return render_template('inscription.html', signin_enable=app.config['SIGNIN_ENABLE'], + token=token, hostname=hostname, + url_inscription=url_inscription, + MAIL_SERVER=MAIL_SERVER) + else: + return redirect(url_for('loginlogout.login', _external=True)) + @loginlogout.route( '/login/', methods=['GET','POST'] ) -def login() : +def login(): if 'username' in session : resp = redirect(url_for('profil.profile', _external=True)) else : @@ -63,65 +90,66 @@ def login() : @loginlogout.route( '/logout/' ) +@login_required def logout(): session.pop('username', None) # Supprimer username de la session s'il s'y trouve return redirect(url_for('loginlogout.index')) @loginlogout.route( '/delete_me/', methods=['GET','POST']) +@login_required def delete_account(): - if 'username' in session : - user='%s'% escape(session['username']) - resp = render_template('delete_account.html', time_backup=BACKUP_TIME) - if request.method == 'POST' : - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""SELECT passwd FROM users WHERE name=?""", (user,)) - passwd = cursor.fetchone()[0].decode() - conn.close() - password = request.form['passwd'] - if bcrypt.check_password_hash(passwd, password) is True: - not_error = True + user='%s'% escape(session['username']) + resp = render_template('delete_account.html', time_backup=BACKUP_TIME) + if request.method == 'POST' : + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + cursor.execute("""SELECT passwd FROM users WHERE name=?""", (user,)) + passwd = cursor.fetchone()[0].decode() + conn.close() + password = request.form['passwd'] + if bcrypt.check_password_hash(passwd, password) is True: + not_error = True + try: + cmd = 'rm -r ' + DATAS_USER + '/' + user + if system(cmd) != 0: + raise TypeError("Remove directory error") + except: + not_error = False + flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error') + + if MAIL_SERVER: try: - cmd = 'rm -r ' + DATAS_USER + '/' + user - if system(cmd) != 0: - raise TypeError("Remove directory error") + cmd = SETUID + ' set_mail_passwd del' + '"'+mail+'"' + system(cmd) except: not_error = False - flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error') - - if MAIL_SERVER: - try: - cmd = SETUID + ' set_mail_passwd del' + '"'+mail+'"' - system(cmd) - except: - not_error = False - flash(u'Erreur lors de la suppression de votre compte Mail.', 'error') + flash(u'Erreur lors de la suppression de votre compte Mail.', 'error') - if XMPP_SERVER: - try: - tmp = mail.split('@') - cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'" - system(cmd) - except: - not_error = False - flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error') + if XMPP_SERVER: + try: + tmp = mail.split('@') + cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'" + system(cmd) + except: + not_error = False + flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error') - if not_error: - try: - conn = sqlite3.connect(DATABASE) - cursor = conn.cursor() - cursor.execute("""DELETE FROM users WHERE name=?""", (user,)) - conn.commit() - conn.close() - except: - flash(u'Erreur lors de la suppression de votre compte.', 'error') - else: - flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes') - resp = redirect(url_for('loginlogout.logout')) + if not_error: + try: + conn = sqlite3.connect(DATABASE) + cursor = conn.cursor() + cursor.execute("""DELETE FROM users WHERE name=?""", (user,)) + conn.commit() + conn.close() + except: + flash(u'Erreur lors de la suppression de votre compte.', 'error') else: - flash(u'Mauvais mot de passe', 'error') - return resp + flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes') + resp = redirect(url_for('loginlogout.logout')) + else: + flash(u'Mauvais mot de passe', 'error') + return resp @loginlogout.route( '/lost_password/', methods=['GET', 'POST']) @@ -160,27 +188,3 @@ def lost_password(): return render_template('lost_password.html') -@loginlogout.route( '/' ) -def index(): - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""SELECT token passwd FROM users where name=? """, ("pywallter", )) - tmp = cursor.fetchone() - conn.close - if tmp: - token = tmp[0] - else: - token = None - - if 'username' in session : - return redirect(url_for('profil.profile')) - else : - if token: - hostname = gethostname() - url_inscription = BASE_URL+'inscription/'+token - return render_template('inscription.html', signin_enable=app.config['SIGNIN_ENABLE'], - token=token, hostname=hostname, - url_inscription=url_inscription, - MAIL_SERVER=MAIL_SERVER) - else: - return redirect(url_for('loginlogout.login', _external=True)) diff --git a/views/logs.py b/views/logs.py index 5cb6eb1..844832c 100644 --- a/views/logs.py +++ b/views/logs.py @@ -1,6 +1,7 @@ from flask import Blueprint, Flask, request, flash, render_template, url_for, session, redirect, abort, make_response, send_file import glob, os, sys from markupsafe import escape +from tools.utils import login_required logs = Blueprint('logs', __name__, template_folder='templates') @@ -19,13 +20,11 @@ DATABASE = app.config['DATABASE'] @logs.route('/logs/') +@login_required def logfile(): - if 'username' in session: - UTILISATEUR='%s'% escape(session['username']) - log_file=os.path.join(DOSSIER_PERSO, UTILISATEUR, "log.txt") - with open(log_file, 'r') as log: - logs=log.readlines() - log.close() - return render_template('logs.html', section="Logs", logs=logs) - else : - return redirect(url_for('loginlogout.login', _external=True), code=401) + UTILISATEUR='%s'% escape(session['username']) + log_file=os.path.join(DOSSIER_PERSO, UTILISATEUR, "log.txt") + with open(log_file, 'r') as log: + logs=log.readlines() + log.close() + return render_template('logs.html', section="Logs", logs=logs) diff --git a/views/mymailbox.py b/views/mymailbox.py index 6f1d9fd..8bb70bd 100644 --- a/views/mymailbox.py +++ b/views/mymailbox.py @@ -7,7 +7,7 @@ import sqlite3 import os from shutil import copy from socket import gethostname -from tools.utils import email_disp, append_to_log, gen_token, valid_passwd +from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, login_required @@ -35,6 +35,7 @@ BACKUP_TIME = app.config['BACKUP_TIME'] @mymailbox.route('/mymailbox/alias', methods=['GET', 'POST'] ) +@login_required def myalias(): hostname=gethostname() UTILISATEUR='%s' % escape(session['username']) @@ -94,6 +95,7 @@ def myalias(): @mymailbox.route('/mymailbox/rmalias/<aliasrm>') +@login_required def remove_alias(aliasrm): if MAIL_SERVER: UTILISATEUR='%s' % escape(session['username']) diff --git a/views/profil.py b/views/profil.py index d27e900..7811153 100644 --- a/views/profil.py +++ b/views/profil.py @@ -8,7 +8,7 @@ import os from shutil import copy from socket import gethostname from flask_bcrypt import Bcrypt -from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token, totp_is_valid +from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token, totp_is_valid, login_required from pyotp import random_base32 import qrcode @@ -38,54 +38,51 @@ BACKUP_TIME = app.config['BACKUP_TIME'] @profil.route( '/profil/<user>/<img>', methods=['GET'] ) +@login_required def profil_img(user, img) : - if 'username' in session : - - return send_from_directory( os.path.join(DOSSIER_PERSO, user, 'profile'), img ) - else: - return redirect(BASE_URL, code=401) - + return send_from_directory( os.path.join(DOSSIER_PERSO, user, 'profile'), img ) + @profil.route('/profil/', methods=['GET','POST']) +@login_required def profile() : - if 'username' in session : - user='%s' % escape(session['username']) - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""SELECT avatar, nom, prenom, age, Mail_rescue FROM users WHERE name=?""", (user,)) - tmp = (cursor.fetchone()) - profil_user = dict() - profil_user['avatar'] = tmp[0] - profil_user['nom'] = tmp[1] - profil_user['prenom'] = tmp[2] - profil_user['age'] = tmp[3] - profil_user['mail_rescue'] = tmp[4] - conn.close() + user='%s' % escape(session['username']) + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + cursor.execute("""SELECT avatar, nom, prenom, age, Mail_rescue FROM users WHERE name=?""", (user,)) + tmp = (cursor.fetchone()) + profil_user = dict() + profil_user['avatar'] = tmp[0] + profil_user['nom'] = tmp[1] + profil_user['prenom'] = tmp[2] + profil_user['age'] = tmp[3] + profil_user['mail_rescue'] = tmp[4] + conn.close() - if request.method == 'POST' : + if request.method == 'POST' : - f = request.files['fic'] + f = request.files['fic'] - if request.form['theme'] != "Default": - copy( "static/vendors/picocss/pico.fluid.classless."+request.form['theme']+".min.css", - DOSSIER_PERSO+ user +'/theme.min.css' ) + if request.form['theme'] != "Default": + copy( "static/vendors/picocss/pico.fluid.classless."+request.form['theme']+".min.css", + DOSSIER_PERSO+ user +'/theme.min.css' ) - if request.form['nom']: + if request.form['nom']: profil_user['nom'] = request.form['nom'] - if request.form['prenom']: + if request.form['prenom']: profil_user['prenom'] = request.form['prenom'] - if request.form['age']: + if request.form['age']: profil_user['age'] = request.form['age'] - if '@' in request.form['mail_rescue']: + if '@' in request.form['mail_rescue']: if len(request.form['mail_rescue']) > 4: - profil_user['mail_rescue'] = request.form['mail_rescue'] + profil_user['mail_rescue'] = request.form['mail_rescue'] else: - flash(u'Adresse de courriel invalide', 'error') - else: + flash(u'Adresse de courriel invalide', 'error') + else: flash(u'Adresse de courriel de secour invalide', 'error') - if f: # On vérifie qu'un fichier a bien été envoyé + if f: # On vérifie qu'un fichier a bien été envoyé nom = secure_filename(f.filename) f.save(DOSSIER_PERSO + user + '/profile/' + nom) image = DOSSIER_PERSO + user + '/profile/' + nom @@ -102,7 +99,7 @@ def profile() : conn.close() flash(u'Image de profil mise à jour', 'success') - else: + else: conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l\'objet "curseur" cursor.execute("UPDATE users SET nom=?, prenom=?, age=?, mail_rescue=? WHERE name=?", @@ -114,56 +111,53 @@ def profile() : - return render_template('profil.html', + return render_template('profil.html', section="Profil", profil=profil_user, username=user) - else : - return redirect(BASE_URL, code=401) - @profil.route('/profil/homepage', methods=['GET'] ) +@login_required def homepage(): - if 'username' in session : - username='%s' % escape(session['username']) - - return render_template('homepage.html', - section="Profil", - username=username) + username='%s' % escape(session['username']) + + return render_template('homepage.html', + section="Profil", + username=username) @profil.route('/profil/change-password/', methods=['GET','POST'] ) +@login_required def change_passwd() : - if 'username' in session: - user='%s' % escape(session['username']) - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""SELECT Mail, alias, xmpp, totp FROM users WHERE name=?""", (user,)) - tmp = cursor.fetchone() - shared_key_validate=True - account = dict() - account['Mail'] = tmp[0] - account['alias'] = tmp[1] - account['xmpp'] = tmp[2] - account['totp'] = tmp[3] + user='%s' % escape(session['username']) + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + cursor.execute("""SELECT Mail, alias, xmpp, totp FROM users WHERE name=?""", (user,)) + tmp = cursor.fetchone() + shared_key_validate=True + account = dict() + account['Mail'] = tmp[0] + account['alias'] = tmp[1] + account['xmpp'] = tmp[2] + account['totp'] = tmp[3] - if request.method == 'POST' : + if request.method == 'POST' : - password = request.form['password'] - password_confirm = request.form['passwd_confirm'] + password = request.form['password'] + password_confirm = request.form['passwd_confirm'] - if not(password == "") and password == password_confirm and valid_passwd(password): + if not(password == "") and password == password_confirm and valid_passwd(password): mail_passwd_change = 0 xmpp_passwd_change = 0 passwd = request.form['password'] if MAIL_SERVER: - cmd = SETUID+ ' set_mail_passwd ' + '"'+account['Mail']+'" '+ '"'+passwd+'"' - mail_passwd_change = os.system(cmd) + cmd = SETUID+ ' set_mail_passwd ' + '"'+account['Mail']+'" '+ '"'+passwd+'"' + mail_passwd_change = os.system(cmd) if XMPP_SERVER: @@ -185,34 +179,32 @@ def change_passwd() : log=TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Changement du mot de passe" + '\n' append_to_log(log, user) flash(u'Votre mot de passe a été changé', 'success') - else: - if not( valid_passwd(password) ): - flash(u'Le mot de passe ne peut pas contenir les caractères " et &', 'error') - elif password == "": - flash(u' Vous ne pouvez pas ne pas mettre de mot de passe ou un mot de passe vide', 'error') - else: - flash(u'Les mot de passes ne sont pas identiques :/ ', 'error') + else: + if not( valid_passwd(password) ): + flash(u'Le mot de passe ne peut pas contenir les caractères " et &', 'error') + elif password == "": + flash(u' Vous ne pouvez pas ne pas mettre de mot de passe ou un mot de passe vide', 'error') + else: + flash(u'Les mot de passes ne sont pas identiques :/ ', 'error') - conn.close() + conn.close() - if not(account['totp']): - account['totp'] = random_base32() - img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+account['totp']) - img.save(DOSSIER_PERSO + user + "/totp.png") - shared_key_validate = False + if not(account['totp']): + account['totp'] = random_base32() + img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+account['totp']) + img.save(DOSSIER_PERSO + user + "/totp.png") + shared_key_validate = False - return render_template('mypassword.html', - section="Profil", - address=account['Mail'], - alias=account['alias'], - totp_shared_key=account['totp'], - shared_key_validate=shared_key_validate, - username=user, - base_url=BASE_URL) - - else : - return redirect(BASE_URL, code=401) + return render_template('mypassword.html', + section="Profil", + address=account['Mail'], + alias=account['alias'], + totp_shared_key=account['totp'], + shared_key_validate=shared_key_validate, + username=user, + base_url=BASE_URL) + @profil.route('/change-password-lost/<token>', methods=['GET','POST'] ) def change_passwd_lost(token) : @@ -292,56 +284,51 @@ def change_passwd_lost(token) : return redirect(BASE_URL, code=401) @profil.route('/set_totp/', methods=['POST']) +@login_required def set_totp(): - if 'username' in session: - user='%s' % escape(session['username']) - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" + user='%s' % escape(session['username']) + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" - shared_key = request.form['shared_key'] - code_totp = request.form['code_totp'] + shared_key = request.form['shared_key'] + code_totp = request.form['code_totp'] - if totp_is_valid(shared_key, code_totp) and code_totp !="" and shared_key != "": - print("shared_key: " +shared_key) - cursor.execute("""UPDATE users SET totp=? WHERE name=?""", (shared_key, user,)) - conn.commit() - img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+shared_key) - img.save(DOSSIER_PERSO + user + "/totp.png") - flash(u'Votre mot de passe à usage unique est configuré et actif.', 'success') - else: - flash(u'Le code de validation totp n\'est pas valide.', 'error') - - conn.close() - return redirect(url_for('profil.change_passwd', _external=True)) + if totp_is_valid(shared_key, code_totp) and code_totp !="" and shared_key != "": + print("shared_key: " +shared_key) + cursor.execute("""UPDATE users SET totp=? WHERE name=?""", (shared_key, user,)) + conn.commit() + img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+shared_key) + img.save(DOSSIER_PERSO + user + "/totp.png") + flash(u'Votre mot de passe à usage unique est configuré et actif.', 'success') else: - return redirect(BASE_URL, code=401) - + flash(u'Le code de validation totp n\'est pas valide.', 'error') + + conn.close() + return redirect(url_for('profil.change_passwd', _external=True)) + @profil.route('/del_totp/', methods=['GET']) +@login_required def del_totp(): - if 'username' in session: - user='%s' % escape(session['username']) - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""UPDATE users SET totp="" WHERE name=?""", (user,)) - conn.commit() - conn.close() - return redirect(url_for('profil.change_passwd', _external=True)) + user='%s' % escape(session['username']) + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + cursor.execute("""UPDATE users SET totp="" WHERE name=?""", (user,)) + conn.commit() + conn.close() + return redirect(url_for('profil.change_passwd', _external=True)) @profil.route('/totp.png', methods=['GET']) +@login_required def totp_qrcode(): - if 'username' in session : - user='%s' % escape(session['username']) - return send_file( - os.path.join(DOSSIER_PERSO, user, "totp.png"), "totp.png") - else : - return redirect(BASE_URL, code=401) - + user='%s' % escape(session['username']) + return send_file( + os.path.join(DOSSIER_PERSO, user, "totp.png"), "totp.png") + @profil.route('/deltoken-password-lost/<token>', methods=['GET','POST'] ) def deltoken_passwd_lost(token) : - if valid_token_register(token, "Lost password"): user = get_user_by_token(token, "Lost password") conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée @@ -358,106 +345,102 @@ def deltoken_passwd_lost(token) : @profil.route('/invitation/', methods=['GET']) +@login_required def invitation(): - if 'username' in session: - UTILISATEUR='%s' % escape(session['username']) - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""SELECT Token, invitations FROM users WHERE name=?""", (UTILISATEUR,)) - tmp = cursor.fetchone() - token = tmp[0] - if token: - url_invitation = BASE_URL + 'inscription/' + token - else: - url_invitation = "" - invitations_count = tmp[1] - conn.close() - - return render_template('invitation.html', - section='Profil', - nb_invitation=invitations_count, - token=token, - url_invitation=url_invitation) + UTILISATEUR='%s' % escape(session['username']) + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + cursor.execute("""SELECT Token, invitations FROM users WHERE name=?""", (UTILISATEUR,)) + tmp = cursor.fetchone() + token = tmp[0] + if token: + url_invitation = BASE_URL + 'inscription/' + token else: - return redirect(BASE_URL, code=401) + url_invitation = "" + invitations_count = tmp[1] + conn.close() + + return render_template('invitation.html', + section='Profil', + nb_invitation=invitations_count, + token=token, + url_invitation=url_invitation) @profil.route('/gen_token/', methods=['GET']) +@login_required def generate_token(): - if 'username' in session: - UTILISATEUR='%s' % escape(session['username']) - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - token = gen_token("Invitation") - cursor.execute("UPDATE users SET Token=? WHERE name=?", - (token, UTILISATEUR)) - conn.commit() - conn.close() - return redirect(BASE_URL+'invitation/') - else: - return redirect(BASE_URL, code=401) - + UTILISATEUR='%s' % escape(session['username']) + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + token = gen_token("Invitation") + cursor.execute("UPDATE users SET Token=? WHERE name=?", + (token, UTILISATEUR)) + conn.commit() + conn.close() + return redirect(BASE_URL+'invitation/') + @profil.route( '/delete_me/', methods=['GET','POST']) +@login_required def delete_account(): - if 'username' in session : - UTILISATEUR='%s'% escape(session['username']) - resp = render_template('delete_account.html', time_backup=BACKUP_TIME) - if request.method == 'POST' : - conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée - cursor = conn.cursor() # Création de l'objet "curseur" - cursor.execute("""SELECT passwd FROM users WHERE name=?""", (UTILISATEUR,)) - passwd = cursor.fetchone()[0] - cursor.execute("""SELECT mail FROM users WHERE name=?""", (UTILISATEUR,)) - mail = cursor.fetchone()[0] - conn.close() - password = request.form['passwd'] - if bcrypt.check_password_hash(passwd, password) is True: - not_error = True + UTILISATEUR='%s'% escape(session['username']) + resp = render_template('delete_account.html', time_backup=BACKUP_TIME) + if request.method == 'POST' : + conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée + cursor = conn.cursor() # Création de l'objet "curseur" + cursor.execute("""SELECT passwd FROM users WHERE name=?""", (UTILISATEUR,)) + passwd = cursor.fetchone()[0] + cursor.execute("""SELECT mail FROM users WHERE name=?""", (UTILISATEUR,)) + mail = cursor.fetchone()[0] + conn.close() + password = request.form['passwd'] + if bcrypt.check_password_hash(passwd, password) is True: + not_error = True - if MAIL_SERVER: - try: - cmd = SETUID + ' set_mail_passwd del ' + '"'+mail+'"' - print(cmd) - os.system(cmd) - except: - not_error = False - flash(u'Erreur lors de la suppression de votre compte Mail.', 'error') + if MAIL_SERVER: + try: + cmd = SETUID + ' set_mail_passwd del ' + '"'+mail+'"' + print(cmd) + os.system(cmd) + except: + not_error = False + flash(u'Erreur lors de la suppression de votre compte Mail.', 'error') - if XMPP_SERVER: - try: - tmp = mail.split('@') - cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'" - os.system(cmd) - except: - not_error = False - flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error') + if XMPP_SERVER: + try: + tmp = mail.split('@') + cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'" + os.system(cmd) + except: + not_error = False + flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error') - if not_error: - try: - cmd = 'rm -r ' + DATAS_USER + '/' + UTILISATEUR - if os.system(cmd) != 0: - raise TypeError("Remove directory error") - except: - flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error') + if not_error: + try: + cmd = 'rm -r ' + DATAS_USER + '/' + UTILISATEUR + if os.system(cmd) != 0: + raise TypeError("Remove directory error") + except: + flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error') - try: - conn = sqlite3.connect(DATABASE) - cursor = conn.cursor() - cursor.execute("""DELETE FROM users WHERE name=?""", (UTILISATEUR,)) - cursor.execute("""DELETE FROM posts WHERE author=?""", (UTILISATEUR,)) - conn.commit() - conn.close() - except: - flash(u'Erreur lors de la suppression de votre compte.', 'error') - else: - flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes') - resp = redirect(url_for('loginlogout.logout')) - else: - flash(u'Mauvais mot de passe', 'error') - return resp + try: + conn = sqlite3.connect(DATABASE) + cursor = conn.cursor() + cursor.execute("""DELETE FROM users WHERE name=?""", (UTILISATEUR,)) + cursor.execute("""DELETE FROM posts WHERE author=?""", (UTILISATEUR,)) + conn.commit() + conn.close() + except: + flash(u'Erreur lors de la suppression de votre compte.', 'error') + else: + flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes') + resp = redirect(url_for('loginlogout.logout')) + else: + flash(u'Mauvais mot de passe', 'error') + return resp