496 lines
20 KiB
Python
496 lines
20 KiB
Python
from flask import Blueprint, Flask, request, flash, render_template, url_for, session, redirect, abort, make_response, send_file, flash, abort, send_from_directory
|
|
from werkzeug.utils import secure_filename
|
|
from PIL import Image
|
|
from markupsafe import escape
|
|
import time
|
|
import sqlite3
|
|
import os
|
|
from shutil import copy
|
|
from socket import gethostname
|
|
from flask_bcrypt import Bcrypt
|
|
from tools.utils import email_disp, append_to_log, gen_token, valid_passwd, valid_token_register, get_user_by_token
|
|
|
|
profil = Blueprint('profil', __name__, template_folder='templates')
|
|
|
|
app = Flask( 'pywallter' )
|
|
app.config.from_pyfile('config.py')
|
|
|
|
|
|
#### Variables ####################################################################################
|
|
|
|
bcrypt = Bcrypt(app)
|
|
DOSSIER_PERSO = app.config['DOSSIER_APP']
|
|
|
|
extensionimg = app.config['EXT_IMG']
|
|
|
|
DATABASE = app.config['DATABASE']
|
|
DATAS_USER = app.config['DOSSIER_APP']
|
|
MAIL_SERVER = app.config['MAIL_SERVER']
|
|
XMPP_SERVER = app.config['XMPP_SERVER']
|
|
SETUID = app.config['SETUID']
|
|
BASE_URL = app.config['BASE_URL']
|
|
BACKUP_TIME = app.config['BACKUP_TIME']
|
|
|
|
##################################################################################################
|
|
|
|
|
|
@profil.route( '/profil/<user>/<img>', methods=['GET'] )
|
|
def profil_img(user, img) :
|
|
if 'username' in session :
|
|
|
|
return send_from_directory( os.path.join(DOSSIER_PERSO, user, 'profile'), img )
|
|
else:
|
|
return redirect(BASE_URL, code=401)
|
|
|
|
|
|
|
|
@profil.route('/profil/', methods=['GET','POST'])
|
|
def profile() :
|
|
if 'username' in session :
|
|
user='%s' % escape(session['username'])
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
cursor.execute("""SELECT avatar, nom, prenom, age, Mail_rescue FROM users WHERE name=?""", (user,))
|
|
tmp = (cursor.fetchone())
|
|
profil_user = dict()
|
|
profil_user['avatar'] = tmp[0]
|
|
profil_user['nom'] = tmp[1]
|
|
profil_user['prenom'] = tmp[2]
|
|
profil_user['age'] = tmp[3]
|
|
profil_user['mail_rescue'] = tmp[4]
|
|
conn.close()
|
|
|
|
if request.method == 'POST' :
|
|
|
|
f = request.files['fic']
|
|
|
|
|
|
if request.form['theme'] != "Default":
|
|
copy( "static/vendors/picocss/pico.fluid.classless."+request.form['theme']+".min.css",
|
|
DOSSIER_PERSO+ user +'/theme.min.css' )
|
|
|
|
if request.form['nom']:
|
|
profil_user['nom'] = request.form['nom']
|
|
if request.form['prenom']:
|
|
profil_user['prenom'] = request.form['prenom']
|
|
if request.form['age']:
|
|
profil_user['age'] = request.form['age']
|
|
if '@' in request.form['mail_rescue']:
|
|
if len(request.form['mail_rescue']) > 4:
|
|
profil_user['mail_rescue'] = request.form['mail_rescue']
|
|
else:
|
|
flash(u'Adresse de courriel invalide', 'error')
|
|
else:
|
|
flash(u'Adresse de courriel de secour invalide', 'error')
|
|
if f: # On vérifie qu'un fichier a bien été envoyé
|
|
nom = secure_filename(f.filename)
|
|
f.save(DOSSIER_PERSO + user + '/profile/' + nom)
|
|
image = DOSSIER_PERSO + user + '/profile/' + nom
|
|
with Image.open(image) as img:
|
|
img.thumbnail((300,200))
|
|
img.save( DOSSIER_PERSO + user + '/profile/' + nom)
|
|
filename = nom
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
cursor.execute("UPDATE users SET avatar=? WHERE name=?",
|
|
(filename, user))
|
|
conn.commit()
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
conn.close()
|
|
flash(u'Image de profil mise à jour', 'success')
|
|
|
|
else:
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l\'objet "curseur"
|
|
cursor.execute("UPDATE users SET nom=?, prenom=?, age=?, mail_rescue=? WHERE name=?",
|
|
(profil_user['nom'], profil_user['prenom'], profil_user['age'], profil_user['mail_rescue'],
|
|
user))
|
|
conn.commit()
|
|
flash(u'Le profil a été mis à jour', 'succes')
|
|
|
|
|
|
|
|
|
|
return render_template('profil.html',
|
|
section="Profil",
|
|
profil=profil_user,
|
|
username=user)
|
|
|
|
else :
|
|
return redirect(BASE_URL, code=401)
|
|
|
|
|
|
|
|
@profil.route('/profil/homepage', methods=['GET'] )
|
|
def homepage():
|
|
if 'username' in session :
|
|
username='%s' % escape(session['username'])
|
|
|
|
return render_template('homepage.html',
|
|
section="Profil",
|
|
username=username)
|
|
|
|
|
|
|
|
@profil.route('/profil/change-password/', methods=['GET','POST'] )
|
|
def change_passwd() :
|
|
if 'username' in session:
|
|
UTILISATEUR='%s' % escape(session['username'])
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
cursor.execute("""SELECT Mail, alias, xmpp FROM users WHERE name=?""", (UTILISATEUR,))
|
|
tmp = cursor.fetchone()
|
|
mailbox = dict()
|
|
mailbox['Mail'] = tmp[0]
|
|
mailbox['alias'] = tmp[1]
|
|
mailbox['xmpp'] = tmp[2]
|
|
|
|
|
|
if request.method == 'POST' :
|
|
|
|
password = request.form['password']
|
|
password_confirm = request.form['passwd_confirm']
|
|
|
|
if password == password_confirm and valid_passwd(password):
|
|
mail_passwd_change = 0
|
|
xmpp_passwd_change = 0
|
|
passwd = request.form['password']
|
|
|
|
if MAIL_SERVER:
|
|
cmd = SETUID+ ' set_mail_passwd ' + '"'+mailbox['Mail']+'" '+ '"'+passwd+'"'
|
|
mail_passwd_change = os.system(cmd)
|
|
|
|
|
|
if XMPP_SERVER:
|
|
tmp = mailbox['Mail'].split('@')
|
|
cmd = SETUID+ " prosodyctl register '"+tmp[0]+"' " + "'"+tmp[1]+"' " + "'"+passwd+"'"
|
|
xmpp_passwd_change = os.system(cmd)
|
|
if xmpp_passwd_change != 0:
|
|
flash(u'Il y a eu un problème pour le changement du mot de passe du compte XMPP !', 'error')
|
|
|
|
|
|
if mail_passwd_change == 0:
|
|
passwd_bcrypt = bcrypt.generate_password_hash(passwd)
|
|
cursor.execute("UPDATE users SET passwd=? WHERE name=?",
|
|
(passwd_bcrypt, UTILISATEUR))
|
|
conn.commit()
|
|
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
|
|
IP=request.environ['REMOTE_ADDR']
|
|
CLIENT_PLATFORM=request.headers.get('User-Agent')
|
|
log=TIME + ' - ' + IP + ' - ' + UTILISATEUR + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Changement du mot de passe" + '\n'
|
|
append_to_log(log, UTILISATEUR)
|
|
flash(u'Votre mot de passe a été changé', 'succes')
|
|
else:
|
|
if not( valid_passwd(password) ):
|
|
flash(u'Le mot de passe ne peut pas contenir les caractères " et &', 'error')
|
|
else:
|
|
flash(u'Les mot de passes ne sont pas identique :/ ', 'error')
|
|
|
|
conn.close()
|
|
return render_template('mailbox.html',
|
|
section="Profil",
|
|
address=mailbox['Mail'],
|
|
alias=mailbox['alias'],
|
|
username=UTILISATEUR)
|
|
|
|
else :
|
|
return redirect(BASE_URL, code=401)
|
|
|
|
|
|
@profil.route('/change-password-lost/<token>', methods=['GET','POST'] )
|
|
def change_passwd_lost(token) :
|
|
|
|
if valid_token_register(token, "Lost password"):
|
|
|
|
user = get_user_by_token(token, "Lost password")
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
cursor.execute("""SELECT Mail, alias, xmpp FROM users WHERE name=?""", (user,))
|
|
tmp = cursor.fetchone()
|
|
mailbox = dict()
|
|
mailbox['Mail'] = tmp[0]
|
|
mailbox['alias'] = tmp[1]
|
|
mailbox['xmpp'] = tmp[2]
|
|
|
|
|
|
if request.method == 'GET' :
|
|
return render_template('mailbox.html',
|
|
section="Profil",
|
|
address=mailbox['Mail'],
|
|
username=user)
|
|
else:
|
|
|
|
password = request.form['password']
|
|
password_confirm = request.form['passwd_confirm']
|
|
|
|
if password == password_confirm and valid_passwd(password):
|
|
mail_passwd_change = 0
|
|
xmpp_passwd_change = 0
|
|
|
|
|
|
if MAIL_SERVER:
|
|
cmd = SETUID+ ' set_mail_passwd ' + '"'+mailbox['Mail']+'" '+ '"'+password+'"'
|
|
mail_passwd_change = os.system(cmd)
|
|
|
|
if XMPP_SERVER:
|
|
tmp = mailbox['Mail'].split('@')
|
|
cmd = SETUID+ " prosodyctl register '"+tmp[0]+"' " + "'"+tmp[1]+"' " + "'"+password+"'"
|
|
xmpp_change_passwd = os.system(cmd)
|
|
if xmpp_passwd_change != 0:
|
|
flash(u'Il y a eu un problème pour le changement du mot de passe du compte XMPP !', 'error')
|
|
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
|
|
if mail_passwd_change == 0:
|
|
passwd_bcrypt = bcrypt.generate_password_hash(password)
|
|
cursor.execute("UPDATE users SET passwd=? WHERE name=?",
|
|
(passwd_bcrypt, user))
|
|
conn.commit()
|
|
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
|
|
IP=request.environ['REMOTE_ADDR']
|
|
CLIENT_PLATFORM=request.headers.get('User-Agent')
|
|
log=TIME + ' - ' + IP + ' - ' + user + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Changement du mot de passe" + '\n'
|
|
append_to_log(log, user)
|
|
flash(u'Votre mot de passe a été changé', 'succes')
|
|
cursor.execute("""UPDATE users set Lost_password_token='' where name=?""", (user,))
|
|
conn.close()
|
|
resp = redirect(url_for('loginlogout.login'))
|
|
|
|
else:
|
|
if not( valid_passwd(password) ):
|
|
flash(u'Le mot de passe ne peut pas contenir les caractères " et &', 'error')
|
|
else:
|
|
flash(u'Les mot de passes ne sont pas identique :/ ', 'error')
|
|
|
|
resp = render_template('mailbox.html',
|
|
section="Profil",
|
|
address=mailbox['Mail'],
|
|
username=user)
|
|
|
|
return resp
|
|
else:
|
|
|
|
return redirect(BASE_URL, code=401)
|
|
|
|
|
|
@profil.route('/deltoken-password-lost/<token>', methods=['GET','POST'] )
|
|
def deltoken_passwd_lost(token) :
|
|
|
|
if valid_token_register(token, "Lost password"):
|
|
user = get_user_by_token(token, "Lost password")
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
|
|
cursor.execute("""UPDATE users set Lost_password_token='' where name=?""", (user,))
|
|
conn.commit()
|
|
conn.close()
|
|
flash(u'Votre jeton pour changer votre mot de passe a été supprimé', 'succes')
|
|
else:
|
|
flash(u'Votre jeton est invalide', 'succes')
|
|
return redirect(url_for('loginlogout.login', _external=True))
|
|
|
|
|
|
@profil.route('/mymailbox/alias', methods=['GET', 'POST'] )
|
|
def myalias():
|
|
hostname=gethostname()
|
|
if 'username' in session:
|
|
UTILISATEUR='%s' % escape(session['username'])
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
if request.method == 'POST' and MAIL_SERVER:
|
|
if request.form['alias']:
|
|
alias = request.form['alias'].lower()+'@'+hostname
|
|
else:
|
|
flash(u'Addresse invalide')
|
|
|
|
if email_disp(alias):
|
|
cursor.execute("""SELECT Mail, alias FROM users where name=?""", (UTILISATEUR,))
|
|
tmp = cursor.fetchone()
|
|
mail = tmp[0]
|
|
if tmp[1]:
|
|
alias_list = tmp[1]
|
|
aliases = alias_list + "," +alias
|
|
else:
|
|
aliases = alias
|
|
cmd = SETUID+ " set_mail_alias " + "'"+mail+"'"+" add "+"'"+alias+"'"
|
|
res = os.system(cmd)
|
|
if res == 0:
|
|
cursor.execute("UPDATE users SET alias=? WHERE name=?",
|
|
(aliases, UTILISATEUR))
|
|
conn.commit()
|
|
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
|
|
IP=request.environ['REMOTE_ADDR']
|
|
CLIENT_PLATFORM=request.headers.get('User-Agent')
|
|
|
|
log=TIME + ' - ' + IP + ' - ' + UTILISATEUR + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Ajout de l'alias "+ alias + '\n'
|
|
append_to_log(log, UTILISATEUR)
|
|
flash(u'Votre alias a été ajouté', 'succes')
|
|
else:
|
|
flash(u'Adresse indisponible', 'error')
|
|
else:
|
|
flash(u'Adresse indisponible', 'error')
|
|
|
|
cursor.execute("""SELECT Mail, alias FROM users WHERE name=?""",
|
|
(UTILISATEUR,))
|
|
tmp = cursor.fetchone()
|
|
mailbox = dict()
|
|
mailbox['Mail'] = tmp[0]
|
|
if tmp[1]:
|
|
mailbox['alias'] = tmp[1].split(',')
|
|
else:
|
|
mailbox['alias'] = list()
|
|
conn.close()
|
|
return render_template('myalias.html',
|
|
section="mailbox",
|
|
email=mailbox['Mail'],
|
|
aliases=mailbox['alias'],
|
|
hostname=hostname,
|
|
MAIL_SERVER=MAIL_SERVER,
|
|
username=UTILISATEUR )
|
|
|
|
else:
|
|
return redirect(BASE_URL, code=401)
|
|
|
|
@profil.route('/mymailbox/rmalias/<aliasrm>')
|
|
def remove_alias(aliasrm):
|
|
if 'username' in session:
|
|
if MAIL_SERVER:
|
|
UTILISATEUR='%s' % escape(session['username'])
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
cursor.execute("""SELECT Mail, alias FROM users WHERE name=?""", (UTILISATEUR,))
|
|
tmp = cursor.fetchone()
|
|
mail = tmp[0]
|
|
alias_list = tmp[1].split(',')
|
|
aliases = ""
|
|
for alias in alias_list:
|
|
if alias != aliasrm:
|
|
if aliases:
|
|
aliases = aliases + "," + alias
|
|
else:
|
|
aliases = alias
|
|
cmd = SETUID + " set_mail_alias " + "'"+mail+"'"+" del "+"'"+alias+"'"
|
|
res = os.system(cmd)
|
|
if res == 0:
|
|
cursor.execute("UPDATE users SET alias=? WHERE name=?",
|
|
(aliases, UTILISATEUR))
|
|
conn.commit()
|
|
TIME=time.strftime("%A %d %B %Y %H:%M:%S")
|
|
IP=request.environ['REMOTE_ADDR']
|
|
CLIENT_PLATFORM=request.headers.get('User-Agent')
|
|
log = TIME + ' - ' + IP + ' - ' + UTILISATEUR + ' - ' + CLIENT_PLATFORM + '\n' + '---> ' + "Suppression de l'alias "+ alias + '\n'
|
|
append_to_log(log, UTILISATEUR)
|
|
flash(u'Votre alias a été supprimé', 'succes')
|
|
else:
|
|
flash(u'Il y a eu une erreur', 'error')
|
|
|
|
return redirect(url_for('profil.myalias', _external=True))
|
|
else:
|
|
return redirect(BASE_URL, code=401)
|
|
|
|
|
|
|
|
@profil.route('/invitation/', methods=['GET'])
|
|
def invitation():
|
|
if 'username' in session:
|
|
UTILISATEUR='%s' % escape(session['username'])
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
cursor.execute("""SELECT Token, invitations FROM users WHERE name=?""", (UTILISATEUR,))
|
|
tmp = cursor.fetchone()
|
|
token = tmp[0]
|
|
if token:
|
|
url_invitation = BASE_URL + 'inscription/' + token
|
|
else:
|
|
url_invitation = ""
|
|
invitations_count = tmp[1]
|
|
conn.close()
|
|
|
|
return render_template('invitation.html',
|
|
section='Profil',
|
|
nb_invitation=invitations_count,
|
|
token=token,
|
|
url_invitation=url_invitation)
|
|
else:
|
|
return redirect(BASE_URL, code=401)
|
|
|
|
@profil.route('/gen_token/', methods=['GET'])
|
|
def generate_token():
|
|
if 'username' in session:
|
|
UTILISATEUR='%s' % escape(session['username'])
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
token = gen_token("Invitation")
|
|
cursor.execute("UPDATE users SET Token=? WHERE name=?",
|
|
(token, UTILISATEUR))
|
|
conn.commit()
|
|
conn.close()
|
|
return redirect(BASE_URL+'invitation/')
|
|
else:
|
|
return redirect(BASE_URL, code=401)
|
|
|
|
|
|
@profil.route( '/delete_me/', methods=['GET','POST'])
|
|
def delete_account():
|
|
if 'username' in session :
|
|
UTILISATEUR='%s'% escape(session['username'])
|
|
resp = render_template('delete_account.html', time_backup=BACKUP_TIME)
|
|
if request.method == 'POST' :
|
|
conn = sqlite3.connect(DATABASE) # Connexion à la base de donnée
|
|
cursor = conn.cursor() # Création de l'objet "curseur"
|
|
cursor.execute("""SELECT passwd FROM users WHERE name=?""", (UTILISATEUR,))
|
|
passwd = cursor.fetchone()[0]
|
|
cursor.execute("""SELECT mail FROM users WHERE name=?""", (UTILISATEUR,))
|
|
mail = cursor.fetchone()[0]
|
|
conn.close()
|
|
password = request.form['passwd']
|
|
if bcrypt.check_password_hash(passwd, password) is True:
|
|
not_error = True
|
|
|
|
if MAIL_SERVER:
|
|
try:
|
|
cmd = SETUID + ' set_mail_passwd del ' + '"'+mail+'"'
|
|
print(cmd)
|
|
os.system(cmd)
|
|
except:
|
|
not_error = False
|
|
flash(u'Erreur lors de la suppression de votre compte Mail.', 'error')
|
|
|
|
|
|
|
|
if XMPP_SERVER:
|
|
try:
|
|
tmp = mail.split('@')
|
|
cmd = SETUID+ ' prosodyctl deluser ' "'"+tmp[0]+"' " + "'"+tmp[1]+"'"
|
|
os.system(cmd)
|
|
except:
|
|
not_error = False
|
|
flash(u'Erreur lors de la suppression de votre compte XMPP.', 'error')
|
|
|
|
if not_error:
|
|
try:
|
|
cmd = 'rm -r ' + DATAS_USER + '/' + UTILISATEUR
|
|
if os.system(cmd) != 0:
|
|
raise TypeError("Remove directory error")
|
|
except:
|
|
flash(u'Erreur lors de la suppression de votre dossier utilisateur.', 'error')
|
|
|
|
|
|
try:
|
|
conn = sqlite3.connect(DATABASE)
|
|
cursor = conn.cursor()
|
|
cursor.execute("""DELETE FROM users WHERE name=?""", (UTILISATEUR,))
|
|
cursor.execute("""DELETE FROM posts WHERE author=?""", (UTILISATEUR,))
|
|
conn.commit()
|
|
conn.close()
|
|
except:
|
|
flash(u'Erreur lors de la suppression de votre compte.', 'error')
|
|
else:
|
|
flash(u'Désinscription réalisé avec succés, y\'a plus rien !', 'succes')
|
|
resp = redirect(url_for('loginlogout.logout'))
|
|
else:
|
|
flash(u'Mauvais mot de passe', 'error')
|
|
return resp
|
|
|