Updated login

account/account.py

@@ -3,6 +3,7 @@ import bcrypt
 import sqlite3
 import configparser
 import subprocess
+import os
 from waitress import serve
 
 # Load from config.ini
@@ -17,8 +18,49 @@ runport = config.get("Account", "port")
 print("HectaMail Account Service is starting up...")
 print("Your database is located at:", database)
 
+def is_valid_input(input_string):
+    return re.match(allowed_pattern, input_string) is not None
+
 app = Flask(__name__)
 
+def change_email_password(username, password):
+    if password and is_valid_input(username):
+        try:
+
+            # Create a temporary file to escape the password
+
+            with open("../tmp/chnpassword.tmp", "w") as file:
+                file.write(password)
+
+            # Pass the file through a shell command
+            cmd = ["cat", "../tmp/chnpassword.tmp", "|", "maddy", "creds", "password", f"{username}@hectabit.org"]
+
+            # Run and determine the result of the shell command
+            result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+
+            # Delete the temporary file
+            os.remove("../tmp/chnpassword.tmp")
+
+
+            # Check if command executed correctly
+            if result.returncode == 0:
+                # Command executed successfully
+                return True
+            else:
+                # Handle errors, log them, and return False
+                error_message = result.stderr.decode("utf-8")
+                print(f"Error creating email account: {error_message}")
+                return False
+        except Exception as e:
+            # Handle exceptions and return False
+            print(f"Error creating email account: {str(e)}")
+            return False
+    else:
+        # Something went very wrong if this function triggers
+        print(f"Injection Bypass! Very bad!")
+        return False
+
+
 def fetch_hash_from_database(key):
     conn = sqlite3.connect(database)
     cursor = conn.cursor()
@@ -97,7 +139,7 @@ def deleteacct():
     if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
         return render_template('confirm.html', user_email=email, password_hash=passwordhash)
     else:
-        return redirect(url_for('index'))
+        return redirect('/account')
 
 @app.route('/logout')
 def logout():
@@ -106,5 +148,37 @@ def logout():
     response.set_cookie('email', '', expires=0)
     return response
 
+@app.route('/changepass')
+def changepass():
+    email = request.cookies.get('email')
+    passwordhash = request.cookies.get('passwordhash')
+    if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
+        return render_template('changepass.html', user_email=email, password_hash=passwordhash)
+    else:
+        return redirect('/account')
+
+@app.route('/changeapi', methods=['POST'])
+def register():
+    # Get the form data
+    username = request.form.get('username')
+    password = request.form.get('passwordhash')
+
+    if passwordhash:
+        is_password_valid = verify_bcrypt(password_to_check, passwordhash)
+        if is_password_valid:
+            # Attempt to change the password
+            if change_email_password(username, password):
+                # Password changed
+                response.set_cookie('passwordhash', '', expires=0)
+                response.set_cookie('email', '', expires=0)
+                return redirect('/account')
+            else:
+                # Backend error, potentially maddy
+                return render_template('err.html'), 500
+        else:
+            return render_template('wrong.html'), 400
+    else:
+        return render_template('wrong.html'), 400
+
 if __name__ == '__main__':
     serve(app, host='0.0.0.0', port=runport)

account/templates/changepass.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html><head>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+    <title>HectaMail</title>
+    <link rel="stylesheet" href="/static/css/main.css" media="">
+</head>
+<body>
+    <div class="headerbar">
+        <a href="https://mail.hectabit.org/">HectaMail</a>
+        <a href="https://mail.hectabit.org/register">Sign up</a>
+        <a class="main" href="https://mail.hectabit.org/account">Account</a>
+    </div>
+    <div class="content">
+        <h1>Change your password</h1>
+        <br>
+        <form method="POST" action="/account/passwordapi">
+            <input type="hidden" name="email" value="{{ user_email }}">
+            <input name="password">
+            <button onclick="location.href = '/account';">Cancel</button>
+            <input type="submit" value="Confirm">
+    </div>
+<style type="text/css"></style>
+</body></html>

account/templates/dashboard.html

@@ -17,6 +17,7 @@
         <button onclick="location.href = '/account/changepass';">Change Password</button>
         <button onclick="location.href = '/account/deleteacct';">Delete Account</button>
         <br>
+        <br>
         <button onclick="location.href = '/account/logout';">Logout</button>
 </div>
 <style type="text/css"></style>

signup/signup.py

@@ -145,8 +145,8 @@ def register():
         # Email created
         return render_template('ok.html')
     else:
-        # Backend error, potentially maddy
+        # Username probably taken
-        return render_template('err.html'), 500
+        return render_template('taken.html'), 500
 
 # Start the web server
 if __name__ == '__main__':

signup/templates/taken.html

@@ -12,7 +12,7 @@
     </div>
     <div class="content">
         <h1>Error!</h1>
-        <p1>Something went wrong on our end - the mail server could be down. Please try again later.</p1>
+        <p1>This username is already in use!</p1>
         <div class=spacer2>
           <button onclick="location.href = '/register';">Go Back</button>
         </div>