SoftwareEngineering/DualHub
4
1
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Dont store cookies + iCal refresh

Browse Source
This commit is contained in:
Paul Martin
2023-11-30 22:40:03 +01:00
parent 40fde2445c
commit b7174f353c
7 changed files with 237 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
app.py
View File

@ -1,59 +1,21 @@
#!/usr/bin/env python3.6
from flask import Flask
from flask import Flask, make_response
from flask import render_template, url_for, send_from_directory, redirect, request, send_file
from flask_login import login_user, login_required, current_user, LoginManager, UserMixin, logout_user
from flask_login import login_user, login_required, current_user, LoginManager, UserMixin, logout_user, login_manager
from flask_sqlalchemy import SQLAlchemy
from werkzeug.security import generate_password_hash, check_password_hash
from talisman import Talisman
import hashlib
import datetime
import time
import dualisauth
import fetchRAPLA
import requesthelpers
from fetchRAPLA import *
from get_mysql import get_mysql
from parseICAL import getWeek
def create():
app = Flask(__name__)
dbpw = get_mysql()[1]
dbun = get_mysql()[0]
app.config['SECRET_KEY'] = 'SECRET_KEY_GOES_HERE'
app.config['SQLALCHEMY_DATABASE_URI'] = 'mysql+pymysql://' + dbun + ':' + dbpw + '@localhost/paulmrtn_DUALHUB'
db.init_app(app)
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = "login"
@login_manager.user_loader
def load_user(uid: int):
return User.query.filter_by(id=uid).first()
return app
db = SQLAlchemy()
app = create()
Talisman(app)
class User(UserMixin, db.Model):
id = db.Column(db.Integer, primary_key=True)
email = db.Column(db.String(255), unique=True)
password = db.Column(db.String(255))
name = db.Column(db.String(255))
kurs = db.Column(db.String(15))
class Dualis(db.Model):
token = db.Column(db.String(255), unique=True)
uid = db.Column(db.Integer, primary_key=True)
token_created = db.Column(db.Integer)
result_lists = db.Column(db.String(255))
cookie = db.Column(db.String(255))
from calendar_generation import getWeek
from init import *
@app.route("/")
@ -77,7 +39,8 @@ def getKurs():
if d:
e = False
if not current_user.kurs:
kurs = dualisauth.getKurs(d.token, d.cookie)
cookie = request.cookies.get("cnsc")
kurs = dualisauth.getKurs(d.token, cookie)
if kurs != 0:
current_user.kurs = kurs
db.session.commit()
@ -136,13 +99,40 @@ def getRapla():
@login_required
@app.route("/backendpoc/plan", methods=["GET"])
def displayRapla():
week = request.args.get("week")
if week:
week = datetime.datetime.strptime(week, "%Y-%m-%d")
else:
week = "today"
samstag = request.args.get("samstag")
if not samstag:
samstag = False
events = getWeek("today", "rapla"+current_user.kurs+".ical", samstag)
events = getWeek(week, fetchRAPLA.getIcal(current_user.kurs), samstag)
return render_template("plan.html", events=events[0], eventdays=events[1])
@app.route("/backendpoc/plan/<string:kurs>")
def displayPlan(kurs):
week = request.args.get("week")
if week:
week = datetime.datetime.strptime(week, "%Y-%m-%d")
else:
week = "today"
try:
if current_user.kurs == kurs.upper():
return redirect(url_for("displayRapla"))
except AttributeError:
pass
plan = fetchRAPLA.getIcal(kurs.upper())
if plan:
samstag = request.args.get("samstag")
if not samstag:
samstag = False
events = getWeek(week, plan, samstag)
return render_template("plan-anon.html", events=events[0], eventdays=events[1])
else:
return redirect(url_for("login"))
@app.route("/backendpoc/log-in")
def login(code: int = None):
if code:
@ -156,19 +146,19 @@ def login_post():
password = request.form.get("password")
n = request.args.get("next")
if n:
success = redirect(n)
success = make_response(redirect(n))
else:
success = redirect(url_for("getKurs"))
success = make_response(redirect(url_for("getKurs")))
user = User.query.filter_by(email=email).first()
newcookie = ""
if user:
dualis = Dualis.query.filter_by(uid=user.id).first()
if check_password_hash(user.password, password):
if not dualis.token or not dualisauth.checkLifetime(dualis.token_created):
new_token = dualisauth.checkUser(email, password)
dualis.token = new_token[0]
dualis.cookie = requesthelpers.getCookie(new_token[1].cookies)
newcookie = requesthelpers.getCookie(new_token[1].cookies)
dualis.token_created = time.time()
db.session.commit()
else:
@ -178,12 +168,13 @@ def login_post():
else:
user.password = generate_password_hash(password, method="pbkdf2:sha256")
dualis.token = t[0]
dualis.cookie = requesthelpers.getCookie(t[1].cookies)
newcookie = requesthelpers.getCookie(t[1].cookies)
dualis.token_created = time.time()
db.session.commit()
login_user(user)
if user.kurs:
success = redirect(url_for("welcome"))
success = make_response(redirect(url_for("welcome")))
success.set_cookie("cnsc", newcookie)
return success
t = dualisauth.checkUser(email, password)
@ -201,23 +192,27 @@ def login_post():
cookie = requesthelpers.getCookie(t[1].cookies)
new_dualis = Dualis(uid=hashid, token=t[0], token_created=int(time.time()), cookie=cookie)
new_dualis = Dualis(uid=hashid, token=t[0], token_created=int(time.time()))
db.session.add(new_dualis)
db.session.commit()
login_user(new_user)
newcookie = cookie
success.set_cookie("cnsc", newcookie)
return success
@app.route("/backendpoc/log-out")
def logout():
cookie = request.cookies.get("cnsc")
dualis = Dualis.query.filter_by(uid=current_user.id).first()
dualisauth.logOut(dualis.token, dualis.cookie)
dualis.cookie = None
dualisauth.logOut(dualis.token, cookie)
dualis.token = None
db.session.commit()
logout_user()
return redirect(url_for("login", code=1))
red = make_response(redirect(url_for("login", code=1)))
red.set_cookie("cnsc", "Logged out! Your temporary token "
"on our server and the cookie on your device have been deleted.")
return red
if __name__ == "__main__":