Updated login
This commit is contained in:
parent
aa63d80cbb
commit
61657d1b3d
|
|
@ -3,6 +3,7 @@ import bcrypt
|
|||
import sqlite3
|
||||
import configparser
|
||||
import subprocess
|
||||
import os
|
||||
from waitress import serve
|
||||
|
||||
# Load from config.ini
|
||||
|
|
@ -17,8 +18,49 @@ runport = config.get("Account", "port")
|
|||
print("HectaMail Account Service is starting up...")
|
||||
print("Your database is located at:", database)
|
||||
|
||||
def is_valid_input(input_string):
|
||||
return re.match(allowed_pattern, input_string) is not None
|
||||
|
||||
app = Flask(__name__)
|
||||
|
||||
def change_email_password(username, password):
|
||||
if password and is_valid_input(username):
|
||||
try:
|
||||
|
||||
# Create a temporary file to escape the password
|
||||
|
||||
with open("../tmp/chnpassword.tmp", "w") as file:
|
||||
file.write(password)
|
||||
|
||||
# Pass the file through a shell command
|
||||
cmd = ["cat", "../tmp/chnpassword.tmp", "|", "maddy", "creds", "password", f"{username}@hectabit.org"]
|
||||
|
||||
# Run and determine the result of the shell command
|
||||
result = subprocess.run(" ".join(cmd), shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
||||
|
||||
# Delete the temporary file
|
||||
os.remove("../tmp/chnpassword.tmp")
|
||||
|
||||
|
||||
# Check if command executed correctly
|
||||
if result.returncode == 0:
|
||||
# Command executed successfully
|
||||
return True
|
||||
else:
|
||||
# Handle errors, log them, and return False
|
||||
error_message = result.stderr.decode("utf-8")
|
||||
print(f"Error creating email account: {error_message}")
|
||||
return False
|
||||
except Exception as e:
|
||||
# Handle exceptions and return False
|
||||
print(f"Error creating email account: {str(e)}")
|
||||
return False
|
||||
else:
|
||||
# Something went very wrong if this function triggers
|
||||
print(f"Injection Bypass! Very bad!")
|
||||
return False
|
||||
|
||||
|
||||
def fetch_hash_from_database(key):
|
||||
conn = sqlite3.connect(database)
|
||||
cursor = conn.cursor()
|
||||
|
|
@ -97,7 +139,7 @@ def deleteacct():
|
|||
if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
|
||||
return render_template('confirm.html', user_email=email, password_hash=passwordhash)
|
||||
else:
|
||||
return redirect(url_for('index'))
|
||||
return redirect('/account')
|
||||
|
||||
@app.route('/logout')
|
||||
def logout():
|
||||
|
|
@ -106,5 +148,37 @@ def logout():
|
|||
response.set_cookie('email', '', expires=0)
|
||||
return response
|
||||
|
||||
@app.route('/changepass')
|
||||
def changepass():
|
||||
email = request.cookies.get('email')
|
||||
passwordhash = request.cookies.get('passwordhash')
|
||||
if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
|
||||
return render_template('changepass.html', user_email=email, password_hash=passwordhash)
|
||||
else:
|
||||
return redirect('/account')
|
||||
|
||||
@app.route('/changeapi', methods=['POST'])
|
||||
def register():
|
||||
# Get the form data
|
||||
username = request.form.get('username')
|
||||
password = request.form.get('passwordhash')
|
||||
|
||||
if passwordhash:
|
||||
is_password_valid = verify_bcrypt(password_to_check, passwordhash)
|
||||
if is_password_valid:
|
||||
# Attempt to change the password
|
||||
if change_email_password(username, password):
|
||||
# Password changed
|
||||
response.set_cookie('passwordhash', '', expires=0)
|
||||
response.set_cookie('email', '', expires=0)
|
||||
return redirect('/account')
|
||||
else:
|
||||
# Backend error, potentially maddy
|
||||
return render_template('err.html'), 500
|
||||
else:
|
||||
return render_template('wrong.html'), 400
|
||||
else:
|
||||
return render_template('wrong.html'), 400
|
||||
|
||||
if __name__ == '__main__':
|
||||
serve(app, host='0.0.0.0', port=runport)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,23 @@
|
|||
<!DOCTYPE html>
|
||||
<html><head>
|
||||
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
|
||||
<title>HectaMail</title>
|
||||
<link rel="stylesheet" href="/static/css/main.css" media="">
|
||||
</head>
|
||||
<body>
|
||||
<div class="headerbar">
|
||||
<a href="https://mail.hectabit.org/">HectaMail</a>
|
||||
<a href="https://mail.hectabit.org/register">Sign up</a>
|
||||
<a class="main" href="https://mail.hectabit.org/account">Account</a>
|
||||
</div>
|
||||
<div class="content">
|
||||
<h1>Change your password</h1>
|
||||
<br>
|
||||
<form method="POST" action="/account/passwordapi">
|
||||
<input type="hidden" name="email" value="{{ user_email }}">
|
||||
<input name="password">
|
||||
<button onclick="location.href = '/account';">Cancel</button>
|
||||
<input type="submit" value="Confirm">
|
||||
</div>
|
||||
<style type="text/css"></style>
|
||||
</body></html>
|
||||
|
|
@ -17,6 +17,7 @@
|
|||
<button onclick="location.href = '/account/changepass';">Change Password</button>
|
||||
<button onclick="location.href = '/account/deleteacct';">Delete Account</button>
|
||||
<br>
|
||||
<br>
|
||||
<button onclick="location.href = '/account/logout';">Logout</button>
|
||||
</div>
|
||||
<style type="text/css"></style>
|
||||
|
|
|
|||
|
|
@ -145,8 +145,8 @@ def register():
|
|||
# Email created
|
||||
return render_template('ok.html')
|
||||
else:
|
||||
# Backend error, potentially maddy
|
||||
return render_template('err.html'), 500
|
||||
# Username probably taken
|
||||
return render_template('taken.html'), 500
|
||||
|
||||
# Start the web server
|
||||
if __name__ == '__main__':
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
</div>
|
||||
<div class="content">
|
||||
<h1>Error!</h1>
|
||||
<p1>Something went wrong on our end - the mail server could be down. Please try again later.</p1>
|
||||
<p1>This username is already in use!</p1>
|
||||
<div class=spacer2>
|
||||
<button onclick="location.href = '/register';">Go Back</button>
|
||||
</div>
|
||||
Loading…
Reference in New Issue