Updated login

2023-11-20 00:19:47 +00:00 · 2023-11-20 00:19:47 +00:00 · 9f1ab53385
parent 0251d0eeb1
commit 9f1ab53385
3 changed files with 19 additions and 3 deletions
--- a/account/account.py
+++ b/account/account.py
@ -37,7 +37,7 @@ def verify_bcrypt(passphrase, hashed_password):
 def index():
    return render_template('index.html')

-@app.route('/api', methods=['POST'])
+@app.route('/loginapi', methods=['POST'])
 def login():
    key_to_fetch = request.form['email']
    password_to_check = request.form['password']
@ -56,6 +56,22 @@ def login():
    else:
        return "Email not found in the database"

+@app.route('/deleteapi', methods=['POST'])
+def delete():
+    key_to_fetch = request.form['email']
+    verify_hash = request.form['hash']
+
+    passwordhash = fetch_hash_from_database(key_to_fetch)
+
+    if passwordhash:
+        if verify_hash == passwordhash:
+            return "Your account would have been deleted... if this worked. Which it doesn't. Email postmaster@hectabit.org to delete your email."
+        else:
+            return "Incorrect email or password"
+    else:
+        return "Email not found in the database"
+
+
@app.route('/dashboard')
 def dashboard():
    if 'passwordhash' in request.cookies and request.cookies.get('passwordhash'):
--- a/account/templates/confirm.html
+++ b/account/templates/confirm.html
@ -14,7 +14,7 @@
        <h1>Are you SURE you would like to delete your account?</h1>
        <button onclick="location.href = '/account/dashboard';">Whoops, wrong button, bring me back to the safe zone!</button>
        <br>
-        <form method="POST" action="/account/deleteacct">
+        <form method="POST" action="/account/deleteapi">
            <input type="hidden" name="email" value="{{ user_email }}">
            <input type="hidden" name="hash" value="{{ password_hash }}">
            <input type="submit" style="background-color: rgb(20, 10, 30);padding: 0;text-decoration: underline;font-family: Arial;" value="Yes, I understand this is permanent and cannot be undone!">
--- a/account/templates/index.html
+++ b/account/templates/index.html
@ -13,7 +13,7 @@
    <div class="content">
        <h1>Login to your Email Account</h1>
 	<p1>Warning! This is only a proof of concept and has no actual use!</p1>
-        <form method="POST" action="/account/api">
+        <form method="POST" action="/account/loginapi">
            <label for="username">Email</label>
 	    <div class="spacer">
                <input type="text" name="email" required="">