kitoy/pywallter
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Add login_required decorator

Browse Source
This commit is contained in:
kitoy 2025-12-01 02:19:46 +01:00
parent 57c2fb4ce9
commit e14677e701
10 changed files with 569 additions and 584 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pywallter.py
View File

@ -18,7 +18,7 @@ from views.logs import logs
from views.loginlogout import loginlogout from views.loginlogout import loginlogout
from views.gallery import mygallery from views.gallery import mygallery
from tools.databaseinit import init_db, init_dir, db_migrate from tools.databaseinit import init_db, check_directories, db_migrate
import glob, os, sys, time import glob, os, sys, time
@ -26,22 +26,25 @@ app = Flask( 'pywallter' )
app.config.from_pyfile('config.py') app.config.from_pyfile('config.py')
bcrypt = Bcrypt(app) bcrypt = Bcrypt(app)
init_db()
db_migrate()
if init_dir():
print ("Le repertoire des utilisateurs a été créer")
#### Variables Globales ######################################################################### #### Variables Globales #########################################################################
DOSSIER_PERSO= app.config['DOSSIER_APP'] DOSSIER_PERSO= app.config['DOSSIER_APP']
DATABASE= app.config['DATABASE']
extensionimg = app.config['EXT_IMG'] extensionimg = app.config['EXT_IMG']
MAIL_SERVER = app.config['MAIL_SERVER'] MAIL_SERVER = app.config['MAIL_SERVER']
XMPP_SERVER = app.config['XMPP_SERVER'] XMPP_SERVER = app.config['XMPP_SERVER']
################################################################################################# #################################################################################################
init_db(DATABASE)
check_directories(DOSSIER_PERSO)
db_migrate(DATABASE)
xmpp_server_not_installed = system('whereis prosodyctl') xmpp_server_not_installed = system('whereis prosodyctl')
mail_server_not_installed = system('whereis set_mail_alias') + system('whereis set_mail_passwd') + \ mail_server_not_installed = system('whereis set_mail_alias') + system('whereis set_mail_passwd') + \
system('whereis dovecot') + system('whereis smtpd') system('whereis dovecot') + system('whereis smtpd')

25
tools/databaseinit.py
View File

@ -5,17 +5,12 @@ from tools.utils import gen_token
from flask_bcrypt import Bcrypt from flask_bcrypt import Bcrypt
app = Flask( 'pywallter' ) app = Flask( 'pywallter' )
app.config.from_pyfile('config.py')
bcrypt = Bcrypt(app) bcrypt = Bcrypt(app)
DATABASE = app.config['DATABASE']
DOSSIER_PERSO = app.config['DOSSIER_APP']
DATABASE = app.config['DATABASE']
def init_db(database):
def init_db(): conn = sqlite3.connect(database)
conn = sqlite3.connect(DATABASE)
cursor = conn.cursor() cursor = conn.cursor()
cursor.execute(""" cursor.execute("""
CREATE TABLE IF NOT EXISTS users( CREATE TABLE IF NOT EXISTS users(
@ -81,14 +76,16 @@ def init_db():
conn.close() conn.close()
print ('table posts OK') print ('table posts OK')
def init_dir(): def check_directories(users_folder):
if os.path.isdir('users'):
return False
else:
os.makedirs('./users/')
def db_migrate(): if os.path.isdir(users_folder):
conn = sqlite3.connect(DATABASE) print("Le dossier {} existe".format(users_folder))
else:
os.makedirs(users_folder)
print("Le dossier {} a été créé".format(users_folder))
def db_migrate(database):
conn = sqlite3.connect(database)
cursor = conn.cursor() cursor = conn.cursor()
cursor.execute("""SELECT name FROM PRAGMA_TABLE_INFO('users');""") cursor.execute("""SELECT name FROM PRAGMA_TABLE_INFO('users');""")

14
tools/utils.py
View File

@ -1,4 +1,5 @@
from flask import Flask from flask import Flask, url_for, session, redirect, request
from functools import wraps
import sqlite3 import sqlite3
import os import os
import string import string
@ -14,6 +15,17 @@ DATABASE = app.config['DATABASE']
DOSSIER_PERSO = app.config['DOSSIER_APP'] DOSSIER_PERSO = app.config['DOSSIER_APP']
DATABASE = app.config['DATABASE'] DATABASE = app.config['DATABASE']
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if 'username' not in session:
return redirect(url_for('loginlogout.login', next=request.url))
return f(*args, **kwargs)
return decorated_function
def append_to_log(log_line, user): def append_to_log(log_line, user):
log_file=os.path.join(DOSSIER_PERSO, user, "log.txt") log_file=os.path.join(DOSSIER_PERSO, user, "log.txt")
logs=open(log_file, "r") logs=open(log_file, "r")

172
views/blog.py
View File

@ -7,6 +7,7 @@ import sqlite3
from markdown import markdown from markdown import markdown
from tools.filesutils import getFileSizeKo from tools.filesutils import getFileSizeKo
import string import string
from tools.utils import login_required
blog = Blueprint('blog', __name__, template_folder='templates') blog = Blueprint('blog', __name__, template_folder='templates')
@ -24,116 +25,107 @@ DOSSIER_PUBLIC= app.config['DOSSIER_PUBLIC']+'/'
################################################################################ ################################################################################
@blog.route('/myblog/new-article/', methods=['GET', 'POST']) @blog.route('/myblog/new-article/', methods=['GET', 'POST'])
@login_required
def new_article(): def new_article():
if 'username' in session: user = '%s'% escape(session['username'])
user = '%s'% escape(session['username']) folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
folder_blog = DOSSIER_PERSO + user + "/blog/articles/" if request.method == 'POST':
if request.method == 'POST': title = request.form['title']
title = request.form['title'] subtitle = request.form['subtitle']
subtitle = request.form['subtitle'] content = request.form['content']
content = request.form['content'] status = request.form['status']
status = request.form['status'] post_date = time.strftime("%d/%m/%Y %H:%M:%S")
post_date = time.strftime("%d/%m/%Y %H:%M:%S") filename = title.replace(" ", "_") + ".md"
filename = title.replace(" ", "_") + ".md"
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""INSERT INTO Blog_posts(title, subtitle, filename, time, author, status) VALUES(?, ?, ?, ?, ?, ?)""", (title, subtitle, filename, post_date, user, status)) # Insérer des valeurs
conn.commit()
## On génère le fichiers markdown
with open(folder_blog + filename, 'w') as f:
f.write(content)
return redirect(url_for('blog.list_articles_blog'))
else:
return render_template('new_article_blog.html')
else:
return redirect(BASE_URL, code=401)
@blog.route('/myblog/list-articles/', methods=['GET'])
def list_articles_blog():
if 'username' in session:
user = '%s'% escape(session['username'])
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur" cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, subtitle, time, last_updated, status FROM Blog_posts WHERE author=? """, (user,) ) cursor.execute("""INSERT INTO Blog_posts(title, subtitle, filename, time, author, status) VALUES(?, ?, ?, ?, ?, ?)""", (title, subtitle, filename, post_date, user, status)) # Insérer des valeurs
list_posts=cursor.fetchall() conn.commit()
posts=list() ## On génère le fichiers markdown
nb_articles=0 with open(folder_blog + filename, 'w') as f:
for post in list_posts: f.write(content)
posts.append(dict(title=post[0],
subtitle=post[1],
time=post[2],
last_updated=post[3],
status=post[4]))
nb_articles =+ 1
return render_template('list_articles.html', return redirect(url_for('blog.list_articles_blog'))
else:
return render_template('new_article_blog.html')
@blog.route('/myblog/list-articles/', methods=['GET'])
@login_required
def list_articles_blog():
user = '%s'% escape(session['username'])
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, subtitle, time, last_updated, status FROM Blog_posts WHERE author=? """, (user,) )
list_posts=cursor.fetchall()
posts=list()
nb_articles=0
for post in list_posts:
posts.append(dict(title=post[0],
subtitle=post[1],
time=post[2],
last_updated=post[3],
status=post[4]))
nb_articles =+ 1
return render_template('list_articles.html',
section="Articles", section="Articles",
list_posts=posts, list_posts=posts,
nb_articles=nb_articles nb_articles=nb_articles
) )
else:
return redirect(BASE_URL, code=401)
@blog.route('/myblog/delete/<title>') @blog.route('/myblog/delete/<title>')
@login_required
def delete(title): def delete(title):
if 'username' in session : user='%s'% escape(session['username'])
user='%s'% escape(session['username']) folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
folder_blog = DOSSIER_PERSO + user + "/blog/articles/" folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/"
folder_blog_public = DOSSIER_PUBLIC + user + "/blog/articles/" filename = title.replace(" ", "_")
filename = title.replace(" ", "_") conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l'objet "curseur"
cursor = conn.cursor() # Création de l'objet "curseur" cursor.execute("""DELETE FROM Blog_posts WHERE title=? AND author=?""", (title, user))
cursor.execute("""DELETE FROM Blog_posts WHERE title=? AND author=?""", (title, user)) conn.commit()
conn.commit() conn.close()
conn.close() os.remove(folder_blog+filename+".md")
os.remove(folder_blog+filename+".md") os.remove(folder_blog_public+filename+".html")
os.remove(folder_blog_public+filename+".html") return redirect(url_for('blog.list_articles_blog'))
return redirect(url_for('blog.list_articles_blog'))
else:
return redirect(BASE_URL, code=401) # sinon on redirige vers login
@blog.route('/myblog/edit/<title>', methods=['GET', 'POST']) @blog.route('/myblog/edit/<title>', methods=['GET', 'POST'])
@login_required
def edit(title): def edit(title):
if 'username' in session : user='%s'% escape(session['username'])
user='%s'% escape(session['username']) filename = title.replace(" ", "_") + ".md"
filename = title.replace(" ", "_") + ".md" folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
folder_blog = DOSSIER_PERSO + user + "/blog/articles/"
if request.method == 'POST' : if request.method == 'POST' :
subtitle = request.form['subtitle'] subtitle = request.form['subtitle']
newcontent = request.form['content'] newcontent = request.form['content']
newstatus = request.form['status'] newstatus = request.form['status']
updated = time.strftime("%d/%m/%Y %H:%M:%S") updated = time.strftime("%d/%m/%Y %H:%M:%S")
conn = sqlite3.connect(DATABASE) conn = sqlite3.connect(DATABASE)
cursor = conn.cursor() cursor = conn.cursor()
cursor.execute("""UPDATE Blog_posts SET subtitle=?, last_updated=?, status=? WHERE title=? AND author=?""", (subtitle, updated, newstatus, title, user)) cursor.execute("""UPDATE Blog_posts SET subtitle=?, last_updated=?, status=? WHERE title=? AND author=?""", (subtitle, updated, newstatus, title, user))
conn.commit() conn.commit()
conn.close() conn.close()
with open(folder_blog + filename, 'w') as f: with open(folder_blog + filename, 'w') as f:
f.write(newcontent) f.write(newcontent)
return redirect(url_for('blog.list_articles_blog')) return redirect(url_for('blog.list_articles_blog'))
else:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, subtitle, status FROM Blog_posts WHERE title=? AND author=?""", (title, user))
oldpost = cursor.fetchone()
conn.close()
with open(folder_blog + filename, 'r') as f:
content = f.read()
return render_template('edit_article.html',
section='Post-it',
oldpost=oldpost,
content=content)
else: else:
return redirect(BASE_URL, code=401) conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT title, subtitle, status FROM Blog_posts WHERE title=? AND author=?""", (title, user))
oldpost = cursor.fetchone()
conn.close()
with open(folder_blog + filename, 'r') as f:
content = f.read()
return render_template('edit_article.html',
section='Post-it',
oldpost=oldpost,
content=content)
@blog.route('/blog/<username>/', methods=['GET']) @blog.route('/blog/<username>/', methods=['GET'])
def view(username): def view(username):

247
views/filesupload.py
View File

@ -9,6 +9,7 @@ import sqlite3
import os import os
from shutil import move from shutil import move
from tools.filesutils import getFileSizeMo, getFileSizeKo, check_and_create from tools.filesutils import getFileSizeMo, getFileSizeKo, check_and_create
from tools.utils import login_required
filesupload = Blueprint('filesupload', __name__, template_folder='templates') filesupload = Blueprint('filesupload', __name__, template_folder='templates')
@ -28,162 +29,153 @@ BASE_URL= app.config['BASE_URL']
@filesupload.route( '/filesupload/', methods=['GET', 'POST']) @filesupload.route( '/filesupload/', methods=['GET', 'POST'])
@login_required
def uploadfiles(): def uploadfiles():
if 'username' in session : user = '%s'% escape(session['username'])
user = '%s'% escape(session['username']) if request.method == 'POST' :
if request.method == 'POST' :
files = request.files.getlist('fic')
for f in files :
nom = secure_filename(f.filename)
check_and_create(DOSSIER_PERSO+ user + 'files')
check_and_create(DOSSIER_PERSO+ user + 'images')
if os.path.isfile(DOSSIER_PERSO + user + '/files/' + nom) or os.path.isfile(DOSSIER_PERSO + user + '/images/' + nom):
flash(u'Un fichier avec le même nom existe déjà, merci de spécifier un autre nom de fichier', 'error')
else:
file, ext = os.path.splitext(nom)
if ext in extensionimg :
f.save(DOSSIER_PERSO + user + '/images/' + nom)
image = DOSSIER_PERSO + user + '/images/' + nom
with Image.open(image) as img :
img.thumbnail((300,300))
img.save( DOSSIER_PERSO + user + '/images/thumbnails/' + nom )
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
IP=request.environ['REMOTE_ADDR']
CLIENT_PLATFORM=request.headers.get('User-Agent')
log_file=os.path.join(DOSSIER_PERSO, user, "log.txt")
LOG=open(log_file, "a")
LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n')
LOG.close()
flash(u'Image envoyée et traitée avec succés', 'succes')
else:
f.save(DOSSIER_PERSO + user + '/files/' + nom)
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
IP=request.environ['REMOTE_ADDR']
CLIENT_PLATFORM=request.headers.get('User-Agent')
LOG=open("log.txt", "a") # Ouvre fichier log.txt
LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') # Écrit dans log
LOG.close() # Ferme log.txt
flash(u'Fichier envoyé avec succés', 'succes')
else: if 'fic' not in request.files:
flash(u'Error : Vous avez oublié le fichier !', 'error') flash(u'Mauvais format de ficher', 'error')
return redirect(url_for('filesupload.uploadfiles')) return redirect(request.url)
resp = make_response(render_template('up_up.html', section="Upload")) file = request.files['fic']
resp.set_cookie('username', session['username'])
return resp # If the user does not select a file, the browser submits an
else : # empty file without a filename.
return redirect(BASE_URL, code=401) if file.filename == '':
flash(u'Vous avez oubliez de selectionner un fichier', 'error' )
return redirect(request.url)
files = request.files.getlist('fic')
for f in files :
nom = secure_filename(f.filename)
check_and_create(DOSSIER_PERSO+ user + 'files')
check_and_create(DOSSIER_PERSO+ user + 'images')
if os.path.isfile(DOSSIER_PERSO + user + '/files/' + nom) or os.path.isfile(DOSSIER_PERSO + user + '/images/' + nom):
flash(u'Un fichier avec le même nom existe déjà, merci de spécifier un autre nom de fichier', 'error')
else:
file, ext = os.path.splitext(nom)
if ext in extensionimg :
f.save(DOSSIER_PERSO + user + '/images/' + nom)
image = DOSSIER_PERSO + user + '/images/' + nom
with Image.open(image) as img :
img.thumbnail((300,300))
img.save( DOSSIER_PERSO + user + '/images/thumbnails/' + nom )
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
IP=request.environ['REMOTE_ADDR']
CLIENT_PLATFORM=request.headers.get('User-Agent')
log_file=os.path.join(DOSSIER_PERSO, user, "log.txt")
LOG=open(log_file, "a")
LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n')
LOG.close()
flash(u'Image envoyée et traitée avec succés', 'succes')
else:
f.save(DOSSIER_PERSO + user + '/files/' + nom)
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
IP=request.environ['REMOTE_ADDR']
CLIENT_PLATFORM=request.headers.get('User-Agent')
LOG=open("log.txt", "a") # Ouvre fichier log.txt
LOG.write (TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + nom + '\n') # Écrit dans log
LOG.close() # Ferme log.txt
flash(u'Fichier envoyé avec succés', 'succes')
resp = make_response(render_template('up_up.html', section="Upload"))
resp.set_cookie('username', session['username'])
return resp
@filesupload.route('/view/') @filesupload.route('/view/')
@login_required
def list(): def list():
if 'username' in session :
user = '%s'% escape(session['username']) user = '%s'% escape(session['username'])
check_and_create(DOSSIER_PUBLIC + user + '/files/') check_and_create(DOSSIER_PUBLIC + user + '/files/')
check_and_create(DOSSIER_PERSO + user + '/files/') check_and_create(DOSSIER_PERSO + user + '/files/')
files_public = os.listdir(DOSSIER_PUBLIC + user + '/files/') files_public = os.listdir(DOSSIER_PUBLIC + user + '/files/')
files_private = os.listdir(DOSSIER_PERSO + user + '/files/') files_private = os.listdir(DOSSIER_PERSO + user + '/files/')
listFilesPublic = [] listFilesPublic = []
listFilesPrivate = [] listFilesPrivate = []
nb_pv = 0 nb_pv = 0
size=0 size=0
if files_private: if files_private:
for fich in files_private: for fich in files_private:
nb_pv += 1 nb_pv += 1
size = getFileSizeMo(DOSSIER_PERSO + user + '/files/' + fich) # size = taille des fichiers size = getFileSizeMo(DOSSIER_PERSO + user + '/files/' + fich) # size = taille des fichiers
listFilesPrivate.append([nb_pv, fich, size]) # On implémente la listeFichiers avec le num le ficier et sa taille listFilesPrivate.append([nb_pv, fich, size]) # On implémente la listeFichiers avec le num le ficier et sa taille
nb_pu = 0 nb_pu = 0
if files_public: if files_public:
for fich in files_public: for fich in files_public:
nb_pu += 1 nb_pu += 1
size = getFileSizeMo(DOSSIER_PUBLIC + user + '/files/' + fich) # size = taille des fichiers size = getFileSizeMo(DOSSIER_PUBLIC + user + '/files/' + fich) # size = taille des fichiers
listFilesPublic.append([nb_pu, fich, size]) listFilesPublic.append([nb_pu, fich, size])
return render_template('up_list.html', return render_template('up_list.html',
section="Files", section="Files",
size=size, size=size,
username=user, username=user,
nb_pv=nb_pv, nb_pv=nb_pv,
nb_pu=nb_pu, nb_pu=nb_pu,
listFilesPrivate=listFilesPrivate, listFilesPrivate=listFilesPrivate,
listFilesPublic=listFilesPublic) listFilesPublic=listFilesPublic)
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/myfiles/<username>/<filename>') @filesupload.route('/myfiles/<username>/<filename>')
@login_required
def myfiles(username, filename): def myfiles(username, filename):
if 'username' in session : user = '%s' % escape(session['username'])
user = '%s' % escape(session['username']) return send_from_directory(
return send_from_directory( os.path.join(DOSSIER_PERSO, username, 'files'), filename )
os.path.join(DOSSIER_PERSO, username, 'files'), filename )
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/make_public/<filename>') @filesupload.route('/make_public/<filename>')
@login_required
def move_public(filename): def move_public(filename):
if 'username' in session: user = '%s' % escape(session['username'])
check_and_create(DOSSIER_PUBLIC + user + '/files/')
check_and_create(DOSSIER_PERSO + user + '/files/')
user = '%s' % escape(session['username']) src = os.path.join(DOSSIER_PERSO, user, 'files', filename)
check_and_create(DOSSIER_PUBLIC + user + '/files/') dst = os.path.join(DOSSIER_PUBLIC, user, 'files/')
check_and_create(DOSSIER_PERSO + user + '/files/') move (src, dst)
return redirect(url_for('filesupload.list', _external=True))
src = os.path.join(DOSSIER_PERSO, user, 'files', filename)
dst = os.path.join(DOSSIER_PUBLIC, user, 'files/')
move (src, dst)
return redirect(url_for('filesupload.list', _external=True))
else:
return redirect(BASE_URL, code=401)
@filesupload.route('/make_private/<filename>') @filesupload.route('/make_private/<filename>')
@login_required
def move_private(filename): def move_private(filename):
if 'username' in session: user = '%s' % escape(session['username'])
user = '%s' % escape(session['username']) check_and_create(DOSSIER_PUBLIC + user + '/files/')
check_and_create(DOSSIER_PUBLIC + user + '/files/') check_and_create(DOSSIER_PERSO + user + '/files/')
check_and_create(DOSSIER_PERSO + user + '/files/') src = os.path.join(DOSSIER_PUBLIC, user, 'files', filename)
src = os.path.join(DOSSIER_PUBLIC, user, 'files', filename) dst = os.path.join(DOSSIER_PERSO, user, 'files/')
dst = os.path.join(DOSSIER_PERSO, user, 'files/') move (src, dst)
move (src, dst) return redirect(url_for('filesupload.list', _external=True))
return redirect(url_for('filesupload.list', _external=True))
else:
return redirect(BASE_URL, code=401)
@filesupload.route('/public/<username>/<filename>')
def publicfiles(username, filename):
return send_from_directory(
os.path.join(DOSSIER_PUBLIC, username, 'files'), filename )
@filesupload.route('/remove_privateFile/<filename>') @filesupload.route('/remove_privateFile/<filename>')
@login_required
def remove_privateFile(filename): def remove_privateFile(filename):
if 'username' in session : user = '%s' % escape(session['username'])
user = '%s' % escape(session['username']) filename = secure_filename(filename)
filename = secure_filename(filename) try:
try: os.remove(DOSSIER_PERSO + user + '/files/' + filename) # on le supprime
os.remove(DOSSIER_PERSO + user + '/files/' + filename) # on le supprime except FileNotFoundError:
except FileNotFoundError: flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error')
flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error') return redirect(url_for('filesupload.list', _external=True))
return redirect(url_for('filesupload.list', _external=True))
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/remove_publicFile/<filename>') @filesupload.route('/remove_publicFile/<filename>')
@login_required
def remove_publicFile(filename): def remove_publicFile(filename):
if 'username' in session : user = '%s' % escape(session['username'])
user = '%s' % escape(session['username']) filename = secure_filename(filename)
filename = secure_filename(filename) try:
try: os.remove(DOSSIER_PUBLIC + user + '/files/' + filename) # on le supprime
os.remove(DOSSIER_PUBLIC + user + '/files/' + filename) # on le supprime except FileNotFoundError:
except FileNotFoundError: flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error')
flash(u'Fichier {filename} inexistant.'.format(filename=filename), 'error') return redirect(url_for('filesupload.list', _external=True))
return redirect(url_for('filesupload.list', _external=True))
else :
return redirect(BASE_URL, code=401)
@filesupload.route('/theme.min.css') @filesupload.route('/theme.min.css')
def theme(): def theme():
@ -193,3 +185,8 @@ def theme():
return send_file(DOSSIER_PERSO+ user +'/theme.min.css', mimetype='text/css') return send_file(DOSSIER_PERSO+ user +'/theme.min.css', mimetype='text/css')
else: else:
return send_file("static/default.min.css", mimetype='text/css') return send_file("static/default.min.css", mimetype='text/css')
@filesupload.route('/public/<username>/<filename>')
def publicfiles(username, filename):
return send_from_directory(
os.path.join(DOSSIER_PUBLIC, username, 'files'), filename )

84
views/gallery.py
View File

@ -8,6 +8,7 @@ import time
import sqlite3 import sqlite3
import os import os
from tools.filesutils import check_and_create from tools.filesutils import check_and_create
from tools.utils import login_required
mygallery = Blueprint('mygallery', __name__, template_folder='templates') mygallery = Blueprint('mygallery', __name__, template_folder='templates')
@ -25,61 +26,56 @@ DATABASE = app.config['DATABASE']
################################################################################################# #################################################################################################
@mygallery.route( '/gallery/') @mygallery.route( '/gallery/')
@login_required
def gallery(): def gallery():
if 'username' in session : user ='%s' % escape(session['username'])
user ='%s' % escape(session['username']) check_and_create(DOSSIER_PUBLIC + user + '/images/')
check_and_create(DOSSIER_PUBLIC + user + '/images/') check_and_create(DOSSIER_PUBLIC + user + '/images/thumbnails/')
check_and_create(DOSSIER_PUBLIC + user + '/images/thumbnails/') check_and_create(DOSSIER_PERSO + user + '/images/')
check_and_create(DOSSIER_PERSO + user + '/images/') check_and_create(DOSSIER_PERSO + user + '/images/thumbnails/')
check_and_create(DOSSIER_PERSO + user + '/images/thumbnails/') THUMBNAILS=DOSSIER_PERSO + user + '/images/thumbnails/'
THUMBNAILS=DOSSIER_PERSO + user + '/images/thumbnails/' fichiers = [fich for fich in os.listdir(THUMBNAILS)]
fichiers = [fich for fich in os.listdir(THUMBNAILS)] return render_template('gallery.html',
return render_template('gallery.html', section='Gallery',
section='Gallery', THUMBNAILS=THUMBNAILS,
THUMBNAILS=THUMBNAILS, fichiers=fichiers)
fichiers=fichiers)
else :
return redirect(url_for('loginlogout.login'), code=401)
@mygallery.route('/myfiles/images/<filename>') @mygallery.route('/myfiles/images/<filename>')
@login_required
def myimg(filename): def myimg(filename):
if 'username' in session : UTILISATEUR='%s' % escape(session['username'])
UTILISATEUR='%s' % escape(session['username']) return send_from_directory(
return send_from_directory( os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images'), filename )
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images'), filename )
else :
return redirect(BASE_URL, code=401)
@mygallery.route('/myfiles/images/thumbnails/<filename>') @mygallery.route('/myfiles/images/thumbnails/<filename>')
@login_required
def mythumbnails(filename): def mythumbnails(filename):
if 'username' in session : UTILISATEUR='%s' % escape(session['username'])
UTILISATEUR='%s' % escape(session['username']) return send_from_directory(
return send_from_directory( os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images/thumbnails'), filename )
os.path.join(DOSSIER_PERSO, UTILISATEUR, 'images/thumbnails'), filename )
else :
return redirect(BASE_URL, code=401)
@mygallery.route('/remove_privateImage/<filename>') @mygallery.route('/remove_privateImage/<filename>')
@login_required
def remove_privateImage(filename): def remove_privateImage(filename):
if 'username' in session : user = '%s' % escape(session['username'])
user = '%s' % escape(session['username']) filename = secure_filename(filename)
filename = secure_filename(filename) try:
try: os.remove(DOSSIER_PERSO + user + '/images/thumbnails/' + filename) # on le supprime
os.remove(DOSSIER_PERSO + user + '/images/thumbnails/' + filename) # on le supprime os.remove(DOSSIER_PERSO + user + '/images/' + filename) # on le supprime
os.remove(DOSSIER_PERSO + user + '/images/' + filename) # on le supprime except FileNotFoundError:
except FileNotFoundError: flash(u'Image {filename} inexistante.'.format(filename=filename), 'error')
flash(u'Image {filename} inexistante.'.format(filename=filename), 'error') return redirect(url_for('mygallery.gallery'))
return redirect(url_for('mygallery.gallery'))
@mygallery.route('/remove_publicImage/<filename>') @mygallery.route('/remove_publicImage/<filename>')
@login_required
def remove_publicImage(filename): def remove_publicImage(filename):
if 'username' in session : user = '%s' % escape(session['username'])
user = '%s' % escape(session['username']) filename = secure_filename(filename)
filename = secure_filename(filename) try:
try: os.remove(DOSSIER_PUBLIC + user + '/images/thumbnails/' + filename) # on le supprime
os.remove(DOSSIER_PUBLIC + user + '/images/thumbnails/' + filename) # on le supprime os.remove(DOSSIER_PUBLIC + user + '/images/' + filename) # on le supprime
os.remove(DOSSIER_PUBLIC + user + '/images/' + filename) # on le supprime except FileNotFoundError:
except FileNotFoundError: flash(u'Image {filename} inexistante.'.format(filename=filename), 'error')
flash(u'Image {filename} inexistante.'.format(filename=filename), 'error') return redirect(url_for('mygallery.gallery'))
return redirect(url_for('mygallery.gallery'))

146
views/loginlogout.py
View File

@ -6,6 +6,7 @@ from socket import gethostname
from os import remove, system from os import remove, system
from tools.utils import email_disp, valid_token_register, valid_passwd, valid_username, gen_token, totp_is_valid from tools.utils import email_disp, valid_token_register, valid_passwd, valid_username, gen_token, totp_is_valid
from tools.mailer import Mailer from tools.mailer import Mailer
from tools.utils import login_required
app = Flask( 'pywallter' ) app = Flask( 'pywallter' )
app.config.from_pyfile('config.py') app.config.from_pyfile('config.py')
@ -29,8 +30,34 @@ BACKUP_TIME = app.config['BACKUP_TIME']
loginlogout = Blueprint('loginlogout', __name__, template_folder='templates') loginlogout = Blueprint('loginlogout', __name__, template_folder='templates')
@loginlogout.route( '/' )
def index():
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT token passwd FROM users where name=? """, ("pywallter", ))
tmp = cursor.fetchone()
conn.close
if tmp:
token = tmp[0]
else:
token = None
if 'username' in session :
return redirect(url_for('profil.profile'))
else :
if token:
hostname = gethostname()
url_inscription = BASE_URL+'inscription/'+token
return render_template('inscription.html', signin_enable=app.config['SIGNIN_ENABLE'],
token=token, hostname=hostname,
url_inscription=url_inscription,
MAIL_SERVER=MAIL_SERVER)
else:
return redirect(url_for('loginlogout.login', _external=True))
@loginlogout.route( '/login/', methods=['GET','POST'] ) @loginlogout.route( '/login/', methods=['GET','POST'] )
def login() : def login():
if 'username' in session : if 'username' in session :
resp = redirect(url_for('profil.profile', _external=True)) resp = redirect(url_for('profil.profile', _external=True))
else : else :
@ -63,65 +90,66 @@ def login() :
@loginlogout.route( '/logout/' ) @loginlogout.route( '/logout/' )
@login_required
def logout(): def logout():
session.pop('username', None) # Supprimer username de la session s'il s'y trouve session.pop('username', None) # Supprimer username de la session s'il s'y trouve
return redirect(url_for('loginlogout.index')) return redirect(url_for('loginlogout.index'))
@loginlogout.route( '/delete_me/', methods=['GET','POST']) @loginlogout.route( '/delete_me/', methods=['GET','POST'])
@login_required
def delete_account(): def delete_account():
if 'username' in session : user='%s'% escape(session['username'])
user='%s'% escape(session['username']) resp = render_template('delete_account.html', time_backup=BACKUP_TIME)
resp = render_template('delete_account.html', time_backup=BACKUP_TIME) if request.method == 'POST' :
if request.method == 'POST' : conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l'objet "curseur"
cursor = conn.cursor() # Création de l'objet "curseur" cursor.execute("""SELECT passwd FROM users WHERE name=?""", (user,))
cursor.execute("""SELECT passwd FROM users WHERE name=?""", (user,)) passwd = cursor.fetchone()[0].decode()
passwd = cursor.fetchone()[0].decode() conn.close()
conn.close() password = request.form['passwd']
password = request.form['passwd'] if bcrypt.check_password_hash(passwd, password) is True:
if bcrypt.check_password_hash(passwd, password) is True: not_error = True
not_error = True try:
cmd = 'rm -r ' + DATAS_USER + '/' + user
if system(cmd) != 0:
raise TypeError("Remove directory error")
except:
not_error = False
flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error')
if MAIL_SERVER:
try: try:
cmd = 'rm -r ' + DATAS_USER + '/' + user cmd = SETUID + ' set_mail_passwd del' + '"'+mail+'"'
if system(cmd) != 0: system(cmd)
raise TypeError("Remove directory error")
except: except:
not_error = False not_error = False
flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error') flash(u'Erreur lors de la suppression de votre compte Mail.', 'error')
if MAIL_SERVER: if XMPP_SERVER:
try: try:
cmd = SETUID + ' set_mail_passwd del' + '"'+mail+'"' tmp = mail.split('@')
system(cmd) cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'"
except: system(cmd)
not_error = False except:
flash(u'Erreur lors de la suppression de votre compte Mail.', 'error') not_error = False
flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error')
if XMPP_SERVER: if not_error:
try: try:
tmp = mail.split('@') conn = sqlite3.connect(DATABASE)
cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'" cursor = conn.cursor()
system(cmd) cursor.execute("""DELETE FROM users WHERE name=?""", (user,))
except: conn.commit()
not_error = False conn.close()
flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error') except:
flash(u'Erreur lors de la suppression de votre compte.', 'error')
if not_error:
try:
conn = sqlite3.connect(DATABASE)
cursor = conn.cursor()
cursor.execute("""DELETE FROM users WHERE name=?""", (user,))
conn.commit()
conn.close()
except:
flash(u'Erreur lors de la suppression de votre compte.', 'error')
else:
flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes')
resp = redirect(url_for('loginlogout.logout'))
else: else:
flash(u'Mauvais mot de passe', 'error') flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes')
return resp resp = redirect(url_for('loginlogout.logout'))
else:
flash(u'Mauvais mot de passe', 'error')
return resp
@loginlogout.route( '/lost_password/', methods=['GET', 'POST']) @loginlogout.route( '/lost_password/', methods=['GET', 'POST'])
@ -160,27 +188,3 @@ def lost_password():
return render_template('lost_password.html') return render_template('lost_password.html')
@loginlogout.route( '/' )
def index():
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l'objet "curseur"
cursor.execute("""SELECT token passwd FROM users where name=? """, ("pywallter", ))
tmp = cursor.fetchone()
conn.close
if tmp:
token = tmp[0]
else:
token = None
if 'username' in session :
return redirect(url_for('profil.profile'))
else :
if token:
hostname = gethostname()
url_inscription = BASE_URL+'inscription/'+token
return render_template('inscription.html', signin_enable=app.config['SIGNIN_ENABLE'],
token=token, hostname=hostname,
url_inscription=url_inscription,
MAIL_SERVER=MAIL_SERVER)
else:
return redirect(url_for('loginlogout.login', _external=True))

17
views/logs.py
View File

@ -1,6 +1,7 @@
from flask import Blueprint, Flask, request, flash, render_template, url_for, session, redirect, abort, make_response, send_file from flask import Blueprint, Flask, request, flash, render_template, url_for, session, redirect, abort, make_response, send_file
import glob, os, sys import glob, os, sys
from markupsafe import escape from markupsafe import escape
from tools.utils import login_required
logs = Blueprint('logs', __name__, template_folder='templates') logs = Blueprint('logs', __name__, template_folder='templates')
@ -19,13 +20,11 @@ DATABASE = app.config['DATABASE']
@logs.route('/logs/') @logs.route('/logs/')
@login_required
def logfile(): def logfile():
if 'username' in session: UTILISATEUR='%s'% escape(session['username'])
UTILISATEUR='%s'% escape(session['username']) log_file=os.path.join(DOSSIER_PERSO, UTILISATEUR, "log.txt")
log_file=os.path.join(DOSSIER_PERSO, UTILISATEUR, "log.txt") with open(log_file, 'r') as log:
with open(log_file, 'r') as log: logs=log.readlines()
logs=log.readlines() log.close()
log.close() return render_template('logs.html', section="Logs", logs=logs)
return render_template('logs.html', section="Logs", logs=logs)
else :
return redirect(url_for('loginlogout.login', _external=True), code=401)

4
views/mymailbox.py
View File

@ -7,7 +7,7 @@ import sqlite3
import os import os
from shutil import copy from shutil import copy
from socket import gethostname from socket import gethostname
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, login_required
@ -35,6 +35,7 @@ BACKUP_TIME = app.config['BACKUP_TIME']
@mymailbox.route('/mymailbox/alias', methods=['GET', 'POST'] ) @mymailbox.route('/mymailbox/alias', methods=['GET', 'POST'] )
@login_required
def myalias(): def myalias():
hostname=gethostname() hostname=gethostname()
UTILISATEUR='%s' % escape(session['username']) UTILISATEUR='%s' % escape(session['username'])
@ -94,6 +95,7 @@ def myalias():
@mymailbox.route('/mymailbox/rmalias/<aliasrm>') @mymailbox.route('/mymailbox/rmalias/<aliasrm>')
@login_required
def remove_alias(aliasrm): def remove_alias(aliasrm):
if MAIL_SERVER: if MAIL_SERVER:
UTILISATEUR='%s' % escape(session['username']) UTILISATEUR='%s' % escape(session['username'])

385
views/profil.py
View File

@ -8,7 +8,7 @@ import os
from shutil import copy from shutil import copy
from socket import gethostname from socket import gethostname
from flask_bcrypt import Bcrypt from flask_bcrypt import Bcrypt
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token, totp_is_valid from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token, totp_is_valid, login_required
from pyotp import random_base32 from pyotp import random_base32
import qrcode import qrcode
@ -38,54 +38,51 @@ BACKUP_TIME = app.config['BACKUP_TIME']
@profil.route( '/profil/<user>/<img>', methods=['GET'] ) @profil.route( '/profil/<user>/<img>', methods=['GET'] )
@login_required
def profil_img(user, img) : def profil_img(user, img) :
if 'username' in session : return send_from_directory( os.path.join(DOSSIER_PERSO, user, 'profile'), img )
return send_from_directory( os.path.join(DOSSIER_PERSO, user, 'profile'), img )
else:
return redirect(BASE_URL, code=401)
@profil.route('/profil/', methods=['GET','POST']) @profil.route('/profil/', methods=['GET','POST'])
@login_required
def profile() : def profile() :
if 'username' in session : user='%s' % escape(session['username'])
user='%s' % escape(session['username']) conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l'objet "curseur"
cursor = conn.cursor() # Création de l'objet "curseur" cursor.execute("""SELECT avatar, nom, prenom, age, Mail_rescue FROM users WHERE name=?""", (user,))
cursor.execute("""SELECT avatar, nom, prenom, age, Mail_rescue FROM users WHERE name=?""", (user,)) tmp = (cursor.fetchone())
tmp = (cursor.fetchone()) profil_user = dict()
profil_user = dict() profil_user['avatar'] = tmp[0]
profil_user['avatar'] = tmp[0] profil_user['nom'] = tmp[1]
profil_user['nom'] = tmp[1] profil_user['prenom'] = tmp[2]
profil_user['prenom'] = tmp[2] profil_user['age'] = tmp[3]
profil_user['age'] = tmp[3] profil_user['mail_rescue'] = tmp[4]
profil_user['mail_rescue'] = tmp[4] conn.close()
conn.close()
if request.method == 'POST' : if request.method == 'POST' :
f = request.files['fic'] f = request.files['fic']
if request.form['theme'] != "Default": if request.form['theme'] != "Default":
copy( "static/vendors/picocss/pico.fluid.classless."+request.form['theme']+".min.css", copy( "static/vendors/picocss/pico.fluid.classless."+request.form['theme']+".min.css",
DOSSIER_PERSO+ user +'/theme.min.css' ) DOSSIER_PERSO+ user +'/theme.min.css' )
if request.form['nom']: if request.form['nom']:
profil_user['nom'] = request.form['nom'] profil_user['nom'] = request.form['nom']
if request.form['prenom']: if request.form['prenom']:
profil_user['prenom'] = request.form['prenom'] profil_user['prenom'] = request.form['prenom']
if request.form['age']: if request.form['age']:
profil_user['age'] = request.form['age'] profil_user['age'] = request.form['age']
if '@' in request.form['mail_rescue']: if '@' in request.form['mail_rescue']:
if len(request.form['mail_rescue']) > 4: if len(request.form['mail_rescue']) > 4:
profil_user['mail_rescue'] = request.form['mail_rescue'] profil_user['mail_rescue'] = request.form['mail_rescue']
else: else:
flash(u'Adresse de courriel invalide', 'error') flash(u'Adresse de courriel invalide', 'error')
else: else:
flash(u'Adresse de courriel de secour invalide', 'error') flash(u'Adresse de courriel de secour invalide', 'error')
if f: # On vérifie qu'un fichier a bien été envoyé if f: # On vérifie qu'un fichier a bien été envoyé
nom = secure_filename(f.filename) nom = secure_filename(f.filename)
f.save(DOSSIER_PERSO + user + '/profile/' + nom) f.save(DOSSIER_PERSO + user + '/profile/' + nom)
image = DOSSIER_PERSO + user + '/profile/' + nom image = DOSSIER_PERSO + user + '/profile/' + nom
@ -102,7 +99,7 @@ def profile() :
conn.close() conn.close()
flash(u'Image de profil mise à jour', 'success') flash(u'Image de profil mise à jour', 'success')
else: else:
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
cursor = conn.cursor() # Création de l\'objet "curseur" cursor = conn.cursor() # Création de l\'objet "curseur"
cursor.execute("UPDATE users SET nom=?, prenom=?, age=?, mail_rescue=? WHERE name=?", cursor.execute("UPDATE users SET nom=?, prenom=?, age=?, mail_rescue=? WHERE name=?",
@ -114,56 +111,53 @@ def profile() :
return render_template('profil.html', return render_template('profil.html',
section="Profil", section="Profil",
profil=profil_user, profil=profil_user,
username=user) username=user)
else :
return redirect(BASE_URL, code=401)
@profil.route('/profil/homepage', methods=['GET'] ) @profil.route('/profil/homepage', methods=['GET'] )
@login_required
def homepage(): def homepage():
if 'username' in session : username='%s' % escape(session['username'])
username='%s' % escape(session['username'])
return render_template('homepage.html', return render_template('homepage.html',
section="Profil", section="Profil",
username=username) username=username)
@profil.route('/profil/change-password/', methods=['GET','POST'] ) @profil.route('/profil/change-password/', methods=['GET','POST'] )
@login_required
def change_passwd() : def change_passwd() :
if 'username' in session: user='%s' % escape(session['username'])
user='%s' % escape(session['username']) conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l'objet "curseur"
cursor = conn.cursor() # Création de l'objet "curseur" cursor.execute("""SELECT Mail, alias, xmpp, totp FROM users WHERE name=?""", (user,))
cursor.execute("""SELECT Mail, alias, xmpp, totp FROM users WHERE name=?""", (user,)) tmp = cursor.fetchone()
tmp = cursor.fetchone() shared_key_validate=True
shared_key_validate=True account = dict()
account = dict() account['Mail'] = tmp[0]
account['Mail'] = tmp[0] account['alias'] = tmp[1]
account['alias'] = tmp[1] account['xmpp'] = tmp[2]
account['xmpp'] = tmp[2] account['totp'] = tmp[3]
account['totp'] = tmp[3]
if request.method == 'POST' : if request.method == 'POST' :
password = request.form['password'] password = request.form['password']
password_confirm = request.form['passwd_confirm'] password_confirm = request.form['passwd_confirm']
if not(password == "") and password == password_confirm and valid_passwd(password): if not(password == "") and password == password_confirm and valid_passwd(password):
mail_passwd_change = 0 mail_passwd_change = 0
xmpp_passwd_change = 0 xmpp_passwd_change = 0
passwd = request.form['password'] passwd = request.form['password']
if MAIL_SERVER: if MAIL_SERVER:
cmd = SETUID+ ' set_mail_passwd ' + '"'+account['Mail']+'" '+ '"'+passwd+'"' cmd = SETUID+ ' set_mail_passwd ' + '"'+account['Mail']+'" '+ '"'+passwd+'"'
mail_passwd_change = os.system(cmd) mail_passwd_change = os.system(cmd)
if XMPP_SERVER: if XMPP_SERVER:
@ -185,33 +179,31 @@ def change_passwd() :
log=TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Changement du mot de passe" + '\n' log=TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Changement du mot de passe" + '\n'
append_to_log(log, user) append_to_log(log, user)
flash(u'Votre mot de passe a été changé', 'success') flash(u'Votre mot de passe a été changé', 'success')
else: else:
if not( valid_passwd(password) ): if not( valid_passwd(password) ):
flash(u'Le mot de passe ne peut pas contenir les caractères " et &', 'error') flash(u'Le mot de passe ne peut pas contenir les caractères " et &', 'error')
elif password == "": elif password == "":
flash(u' Vous ne pouvez pas ne pas mettre de mot de passe ou un mot de passe vide', 'error') flash(u' Vous ne pouvez pas ne pas mettre de mot de passe ou un mot de passe vide', 'error')
else: else:
flash(u'Les mot de passes ne sont pas identiques :/ ', 'error') flash(u'Les mot de passes ne sont pas identiques :/ ', 'error')
conn.close() conn.close()
if not(account['totp']): if not(account['totp']):
account['totp'] = random_base32() account['totp'] = random_base32()
img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+account['totp']) img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+account['totp'])
img.save(DOSSIER_PERSO + user + "/totp.png") img.save(DOSSIER_PERSO + user + "/totp.png")
shared_key_validate = False shared_key_validate = False
return render_template('mypassword.html', return render_template('mypassword.html',
section="Profil", section="Profil",
address=account['Mail'], address=account['Mail'],
alias=account['alias'], alias=account['alias'],
totp_shared_key=account['totp'], totp_shared_key=account['totp'],
shared_key_validate=shared_key_validate, shared_key_validate=shared_key_validate,
username=user, username=user,
base_url=BASE_URL) base_url=BASE_URL)
else :
return redirect(BASE_URL, code=401)
@profil.route('/change-password-lost/<token>', methods=['GET','POST'] ) @profil.route('/change-password-lost/<token>', methods=['GET','POST'] )
@ -292,56 +284,51 @@ def change_passwd_lost(token) :
return redirect(BASE_URL, code=401) return redirect(BASE_URL, code=401)
@profil.route('/set_totp/', methods=['POST']) @profil.route('/set_totp/', methods=['POST'])
@login_required
def set_totp(): def set_totp():
if 'username' in session: user='%s' % escape(session['username'])
user='%s' % escape(session['username']) conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l'objet "curseur"
cursor = conn.cursor() # Création de l'objet "curseur"
shared_key = request.form['shared_key'] shared_key = request.form['shared_key']
code_totp = request.form['code_totp'] code_totp = request.form['code_totp']
if totp_is_valid(shared_key, code_totp) and code_totp !="" and shared_key != "": if totp_is_valid(shared_key, code_totp) and code_totp !="" and shared_key != "":
print("shared_key: " +shared_key) print("shared_key: " +shared_key)
cursor.execute("""UPDATE users SET totp=? WHERE name=?""", (shared_key, user,)) cursor.execute("""UPDATE users SET totp=? WHERE name=?""", (shared_key, user,))
conn.commit() conn.commit()
img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+shared_key) img = qrcode.make('otpauth://totp/'+BASE_URL+'?secret='+shared_key)
img.save(DOSSIER_PERSO + user + "/totp.png") img.save(DOSSIER_PERSO + user + "/totp.png")
flash(u'Votre mot de passe à usage unique est configuré et actif.', 'success') flash(u'Votre mot de passe à usage unique est configuré et actif.', 'success')
else:
flash(u'Le code de validation totp n\'est pas valide.', 'error')
conn.close()
return redirect(url_for('profil.change_passwd', _external=True))
else: else:
return redirect(BASE_URL, code=401) flash(u'Le code de validation totp n\'est pas valide.', 'error')
conn.close()
return redirect(url_for('profil.change_passwd', _external=True))
@profil.route('/del_totp/', methods=['GET']) @profil.route('/del_totp/', methods=['GET'])
@login_required
def del_totp(): def del_totp():
if 'username' in session: user='%s' % escape(session['username'])
user='%s' % escape(session['username']) conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l'objet "curseur"
cursor = conn.cursor() # Création de l'objet "curseur" cursor.execute("""UPDATE users SET totp="" WHERE name=?""", (user,))
cursor.execute("""UPDATE users SET totp="" WHERE name=?""", (user,)) conn.commit()
conn.commit() conn.close()
conn.close() return redirect(url_for('profil.change_passwd', _external=True))
return redirect(url_for('profil.change_passwd', _external=True))
@profil.route('/totp.png', methods=['GET']) @profil.route('/totp.png', methods=['GET'])
@login_required
def totp_qrcode(): def totp_qrcode():
if 'username' in session : user='%s' % escape(session['username'])
user='%s' % escape(session['username']) return send_file(
return send_file( os.path.join(DOSSIER_PERSO, user, "totp.png"), "totp.png")
os.path.join(DOSSIER_PERSO, user, "totp.png"), "totp.png")
else :
return redirect(BASE_URL, code=401)
@profil.route('/deltoken-password-lost/<token>', methods=['GET','POST'] ) @profil.route('/deltoken-password-lost/<token>', methods=['GET','POST'] )
def deltoken_passwd_lost(token) : def deltoken_passwd_lost(token) :
if valid_token_register(token, "Lost password"): if valid_token_register(token, "Lost password"):
user = get_user_by_token(token, "Lost password") user = get_user_by_token(token, "Lost password")
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
@ -358,106 +345,102 @@ def deltoken_passwd_lost(token) :
@profil.route('/invitation/', methods=['GET']) @profil.route('/invitation/', methods=['GET'])
@login_required
def invitation(): def invitation():
if 'username' in session: UTILISATEUR='%s' % escape(session['username'])
UTILISATEUR='%s' % escape(session['username']) conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l'objet "curseur"
cursor = conn.cursor() # Création de l'objet "curseur" cursor.execute("""SELECT Token, invitations FROM users WHERE name=?""", (UTILISATEUR,))
cursor.execute("""SELECT Token, invitations FROM users WHERE name=?""", (UTILISATEUR,)) tmp = cursor.fetchone()
tmp = cursor.fetchone() token = tmp[0]
token = tmp[0] if token:
if token: url_invitation = BASE_URL + 'inscription/' + token
url_invitation = BASE_URL + 'inscription/' + token
else:
url_invitation = ""
invitations_count = tmp[1]
conn.close()
return render_template('invitation.html',
section='Profil',
nb_invitation=invitations_count,
token=token,
url_invitation=url_invitation)
else: else:
return redirect(BASE_URL, code=401) url_invitation = ""
invitations_count = tmp[1]
conn.close()
return render_template('invitation.html',
section='Profil',
nb_invitation=invitations_count,
token=token,
url_invitation=url_invitation)
@profil.route('/gen_token/', methods=['GET']) @profil.route('/gen_token/', methods=['GET'])
@login_required
def generate_token(): def generate_token():
if 'username' in session: UTILISATEUR='%s' % escape(session['username'])
UTILISATEUR='%s' % escape(session['username']) conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l'objet "curseur"
cursor = conn.cursor() # Création de l'objet "curseur" token = gen_token("Invitation")
token = gen_token("Invitation") cursor.execute("UPDATE users SET Token=? WHERE name=?",
cursor.execute("UPDATE users SET Token=? WHERE name=?", (token, UTILISATEUR))
(token, UTILISATEUR)) conn.commit()
conn.commit() conn.close()
conn.close() return redirect(BASE_URL+'invitation/')
return redirect(BASE_URL+'invitation/')
else:
return redirect(BASE_URL, code=401)
@profil.route( '/delete_me/', methods=['GET','POST']) @profil.route( '/delete_me/', methods=['GET','POST'])
@login_required
def delete_account(): def delete_account():
if 'username' in session : UTILISATEUR='%s'% escape(session['username'])
UTILISATEUR='%s'% escape(session['username']) resp = render_template('delete_account.html', time_backup=BACKUP_TIME)
resp = render_template('delete_account.html', time_backup=BACKUP_TIME) if request.method == 'POST' :
if request.method == 'POST' : conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée cursor = conn.cursor() # Création de l'objet "curseur"
cursor = conn.cursor() # Création de l'objet "curseur" cursor.execute("""SELECT passwd FROM users WHERE name=?""", (UTILISATEUR,))
cursor.execute("""SELECT passwd FROM users WHERE name=?""", (UTILISATEUR,)) passwd = cursor.fetchone()[0]
passwd = cursor.fetchone()[0] cursor.execute("""SELECT mail FROM users WHERE name=?""", (UTILISATEUR,))
cursor.execute("""SELECT mail FROM users WHERE name=?""", (UTILISATEUR,)) mail = cursor.fetchone()[0]
mail = cursor.fetchone()[0] conn.close()
conn.close() password = request.form['passwd']
password = request.form['passwd'] if bcrypt.check_password_hash(passwd, password) is True:
if bcrypt.check_password_hash(passwd, password) is True: not_error = True
not_error = True
if MAIL_SERVER: if MAIL_SERVER:
try: try:
cmd = SETUID + ' set_mail_passwd del ' + '"'+mail+'"' cmd = SETUID + ' set_mail_passwd del ' + '"'+mail+'"'
print(cmd) print(cmd)
os.system(cmd) os.system(cmd)
except: except:
not_error = False not_error = False
flash(u'Erreur lors de la suppression de votre compte Mail.', 'error') flash(u'Erreur lors de la suppression de votre compte Mail.', 'error')
if XMPP_SERVER: if XMPP_SERVER:
try: try:
tmp = mail.split('@') tmp = mail.split('@')
cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'" cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'"
os.system(cmd) os.system(cmd)
except: except:
not_error = False not_error = False
flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error') flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error')
if not_error: if not_error:
try: try:
cmd = 'rm -r ' + DATAS_USER + '/' + UTILISATEUR cmd = 'rm -r ' + DATAS_USER + '/' + UTILISATEUR
if os.system(cmd) != 0: if os.system(cmd) != 0:
raise TypeError("Remove directory error") raise TypeError("Remove directory error")
except: except:
flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error') flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error')
try: try:
conn = sqlite3.connect(DATABASE) conn = sqlite3.connect(DATABASE)
cursor = conn.cursor() cursor = conn.cursor()
cursor.execute("""DELETE FROM users WHERE name=?""", (UTILISATEUR,)) cursor.execute("""DELETE FROM users WHERE name=?""", (UTILISATEUR,))
cursor.execute("""DELETE FROM posts WHERE author=?""", (UTILISATEUR,)) cursor.execute("""DELETE FROM posts WHERE author=?""", (UTILISATEUR,))
conn.commit() conn.commit()
conn.close() conn.close()
except: except:
flash(u'Erreur lors de la suppression de votre compte.', 'error') flash(u'Erreur lors de la suppression de votre compte.', 'error')
else: else:
flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes') flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes')
resp = redirect(url_for('loginlogout.logout')) resp = redirect(url_for('loginlogout.logout'))
else: else:
flash(u'Mauvais mot de passe', 'error') flash(u'Mauvais mot de passe', 'error')
return resp return resp