def verify_code_form(email=''):
try:
form = VerifyForm(request.form, csrf_enabled=False)
if request.method == 'GET':
form.email.data = email
if request.method == 'POST' and form.validate():
# set session
session['user'] = request.form.get('email')
# delete user from temporary
delete_user_from_data(request.form.get('email'))
# redirect
return redirect(url_for('logged_in'))
return render_template('verify.html', form=form)
except Exception as e:
#todo: error handling
print(e)
def __verify(self, db_session, submit=True):
"""Show form for TOTP verification token.
:param Session db_session: DB session
:param bool submit: Whether form was submitted
(False if shown after login form)
"""
if not TOTP_ENABLED or 'login_uid' not in session:
# TOTP not enabled or not in login process
return redirect(url_for('login'))
user = self.find_user(db_session, id=session.get('login_uid', None))
if user is None:
# user not found
return redirect(url_for('login'))
form = VerifyForm(meta=wft_locales())
if submit and form.validate_on_submit():
if self.user_totp_is_valid(user, form.token.data, db_session):
# TOTP verified
target_url = session.pop('target_url', self.tenant_prefix())
self.clear_verify_session()
return self.__login_response(user, target_url)
else:
flash(i18n.t('auth.verfication_invalid'))
form.token.errors.append(i18n.t('auth.verfication_invalid'))
form.token.data = None
if user.failed_sign_in_count >= MAX_LOGIN_ATTEMPTS:
# redirect to login after too many login attempts
return redirect(url_for('login'))
return render_template('verify.html', form=form, i18n=i18n,
title=i18n.t("auth.verify_page_title"))
def result():
form = VerifyForm()
realorfake = ""
if form.is_submitted():
result = request.form
realorfake = predict([result['articletext']])
return render_template('index.html', form=form, realorfake=realorfake)
def setup_totp(self, submit=True):
"""Show form with TOTP QR Code and token confirmation.
:param bool submit: Whether form was submitted
(False if shown after login form)
"""
if not TOTP_ENABLED or 'login_uid' not in session:
# TOTP not enabled or not in login process
return redirect(url_for('login'))
user = self.load_user(session.get('login_uid', None))
if user is None:
# user not found
return redirect(url_for('login'))
totp_secret = session.get('totp_secret', None)
if totp_secret is None:
# generate new secret
totp_secret = pyotp.random_base32()
# store temp secret in session
session['totp_secret'] = totp_secret
form = VerifyForm()
if submit and form.validate_on_submit():
if pyotp.totp.TOTP(totp_secret).verify(form.token.data,
valid_window=1):
# TOTP confirmed
# save TOTP secret
user.totp_secret = totp_secret
# update last sign in timestamp and reset failed attempts
# counter
user.last_sign_in_at = datetime.utcnow()
user.failed_sign_in_count = 0
self.user_query().session.commit()
target_url = session.pop('target_url', '/')
self.clear_verify_session()
return self.__login_response(user, target_url)
else:
flash('Invalid verification code')
form.token.errors.append('Invalid verification code')
form.token.data = None
# enable one-time loading of QR code image
session['show_qrcode'] = True
# show form
resp = make_response(
render_template('qrcode.html',
title='Two Factor Authentication Setup',
form=form,
totp_secret=totp_secret))
# do not cache in browser
resp.headers.set('Cache-Control',
'no-cache, no-store, must-revalidate')
resp.headers.set('Pragma', 'no-cache')
resp.headers.set('Expires', '0')
return resp
def verify(self, submit=True):
"""Show form for TOTP verification token.
:param bool submit: Whether form was submitted
(False if shown after login form)
"""
if not TOTP_ENABLED or 'login_uid' not in session:
# TOTP not enabled or not in login process
return redirect(url_for('login'))
user = self.load_user(session.get('login_uid', None))
if user is None:
# user not found
return redirect(url_for('login'))
form = VerifyForm()
if submit and form.validate_on_submit():
if self.user_totp_is_valid(user, form.token.data):
# TOTP verified
target_url = session.pop('target_url', '/')
self.clear_verify_session()
return self.__login_response(user, target_url)
else:
flash('Invalid verification code')
form.token.errors.append('Invalid verification code')
form.token.data = None
if user.failed_sign_in_count >= MAX_LOGIN_ATTEMPTS:
# redirect to login after too many login attempts
return redirect(url_for('login'))
return render_template('verify.html', title='Sign In', form=form)
def verify_otp(name, user_email, user_password):
global otp
form = VerifyForm()
if request.method == "GET":
flash(f"An OTP is send to your email ({user_email}) address.")
otp = randint(123456, 987654)
send_otp = SendOTP(user_name=name, user_email=user_email, otp=otp)
send_otp.register_msgBody()
send_otp.send_otp()
if request.method == "POST" and form.validate_on_submit():
enter_otp = int(request.form.get("otp"))
if enter_otp == otp:
new_user = User(name=name, email=user_email, password=user_password)
db.session.add(new_user)
db.session.commit()
# This line will authenticate the user with Flask-Login
login_user(new_user)
return redirect(url_for('get_all_posts'))
else:
flash("OTP mismatched, another OTP send to your email address.")
return redirect(url_for('verify_otp', name=name, user_email=user_email, user_password=user_password))
return render_template("email-verification.html", form=form)
def verifyFile(request, cloudItem, tokenID, form):
""" Verify file and metadata """
dajax = Dajax()
try:
t = parseAjaxParam(tokenID)
ci = checkCloudItem(cloudItem, request.user.id)
tkn = checkAccessToken(t, ci)
f = VerifyForm(deserialize_form(form))
if f.is_valid():
verType = parseAjaxParam(f.cleaned_data['verificationType'])
metaVerification = None
downVerification = None
dtaVerification = None
v = Verifier(tkn)
if verType == constConfig.VERIFY_CHOICE_METADATA:
metaVerification = v.verifyMetadata()
elif verType == constConfig.VERIFY_CHOICE_FILES or verType == constConfig.VERIFY_CHOICE_FILESHISTORY:
downVerification = v.verifyFileDownload(verType)
elif verType == constConfig.VERIFY_CHOICE_DTA_SIGNATURE:
dtaVerification = v.verifyZIP()
else:
raise Exception("Invalid Verification Type")
table = render_to_string(
"dashboard/comparator/comparatorVerify.html", {
"meta": metaVerification,
'file': downVerification,
'dta': dtaVerification
})
dajax.assign("#verifyer", "innerHTML", table)
dajax.assign("#verifyerError", "innerHTML", "")
dajax.remove_css_class("#verifyerError", ['alert', 'alert-danger'])
else:
dajax.assign("#verifyer", "innerHTML", "")
dajax.assign("#verifyerError", "innerHTML", "Invalid Form")
dajax.add_css_class("#verifyerError", ['alert', 'alert-danger'])
except Exception as e:
dajax.assign("#verifyerError", "innerHTML", formatException(e))
dajax.add_css_class("#verifyerError", ['alert', 'alert-danger'])
return dajax.json()
def register():
form = RegistrationForm()
verifyform = VerifyForm()
if form.validate_on_submit():
user = db.execute(
"SELECT username FROM users where username = :username", {
'username': form.username.data
}).fetchone()
email = db.execute("SELECT email FROM users where email = :email", {
'email': form.email.data
}).fetchone()
if user:
flash('Username taken!', 'danger')
return render_template("register.html", form=form)
if email:
flash('An account with this email id already exist!', 'danger')
return render_template("register.html", form=form)
session['otp'] = randint(99999, 999999)
session['username'] = form.username.data
session['email'] = form.email.data
session['password'] = form.password.data
subject = 'Goodreads'
mail = GMail(subject + ' <*****@*****.**>', os.getenv("password"))
msg = Message('verify your email',
to=form.email.data,
text=f"use {session['otp']} as your verification code")
mail.send(msg)
return render_template("verify.html",
email=session['email'],
verifyform=verifyform)
return render_template("register.html", form=form)
def verify(user_id=-1):
if user_id is not -1:
form = VerifyForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(id=user_id).first_or_404()
otp = OTP.query.filter_by(user_id=user.id).first_or_404()
print('after gettig user'+str(user.id))
print(form.otp_num.data)
if form.otp_num.data == 'open':
login_user(user)
flash('مرحبا بك في جمعة', 'success')
return redirect(url_for('index'))
#check otp if correct redirect to index and Login
#else return to page with error msg
return render_template('verify.html', form=form)
else:
return redirect(url_for('index'))
def verify():
verifyform = VerifyForm()
if verifyform.validate_on_submit():
session['loggedin'] = 'True'
if session['otp'] == verifyform.otp.data:
db.execute(
"INSERT INTO users (username, email, password) VALUES (:username, :email, :password)",
{
"username": session["username"],
"email": session['email'],
"password": session['password']
})
db.commit()
flash(f"Account created for {session['username']}!", 'success')
return redirect(url_for('home'))
flash("verification code didn't match", 'danger')
return render_template("verify.html",
email=session['email'],
verifyform=verifyform)
def verify():
form = VerifyForm()
if form.validate_on_submit():
user = Users.query.filter_by(email=form.email.data).first()
if user is not None and user.numberverification == form.numbercode.data:
if user.verified == 0 or user.verified == False:
user.verified = True
db.session.commit()
db.session.close()
flash('Verified!')
return redirect(url_for('login'))
else:
flash('You are already verified!')
return redirect(url_for('login'))
else:
flash('Invalid code or email!')
return redirect(url_for('verify'))
return render_template('verify.html', form=form)
def verifyFile(request,cloudItem,tokenID,form):
""" Verify file and metadata """
dajax = Dajax()
try:
t = parseAjaxParam(tokenID)
ci = checkCloudItem(cloudItem,request.user.id)
tkn = checkAccessToken(t,ci)
f = VerifyForm(deserialize_form(form))
if f.is_valid():
verType = parseAjaxParam(f.cleaned_data['verificationType'])
metaVerification = None
downVerification = None
dtaVerification = None
v = Verifier(tkn)
if verType == constConfig.VERIFY_CHOICE_METADATA:
metaVerification = v.verifyMetadata()
elif verType == constConfig.VERIFY_CHOICE_FILES or verType == constConfig.VERIFY_CHOICE_FILESHISTORY:
downVerification = v.verifyFileDownload(verType)
elif verType == constConfig.VERIFY_CHOICE_DTA_SIGNATURE:
dtaVerification = v.verifyZIP()
else:
raise Exception ("Invalid Verification Type")
table = render_to_string("dashboard/comparator/comparatorVerify.html",{"meta":metaVerification,'file': downVerification,'dta':dtaVerification})
dajax.assign("#verifyer","innerHTML",table)
dajax.assign("#verifyerError","innerHTML","")
dajax.remove_css_class("#verifyerError",['alert','alert-danger'])
else:
dajax.assign("#verifyer","innerHTML","")
dajax.assign("#verifyerError","innerHTML","Invalid Form")
dajax.add_css_class("#verifyerError",['alert','alert-danger'])
except Exception as e:
dajax.assign("#verifyerError","innerHTML",formatException(e))
dajax.add_css_class("#verifyerError",['alert','alert-danger'])
return dajax.json()
def index(request):
if request.method == 'POST':
form = VerifyForm(request.POST, request.FILES)
if form.is_valid():
form.verify()
else:
form = VerifyForm()
return render(request, 'index.html', {'form': form})
def verify():
form = VerifyForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user:
if form.mantra.data == "secret":
user.tdr_mark = int(form.mark.data)
user.tdr_school = form.school.data
db.session.commit()
return redirect(url_for('verify'))
else:
flash("Aquest mantra no és vàlid")
else:
flash("No existeix cap usuari amb aquest correu")
return render_template('verify.html', form=form)
def verify_user_otp(name, user_email):
global otp
form = VerifyForm()
if request.method == "GET":
otp = randint(123456, 987654)
otp_send = SendOTP(user_name=name, user_email=user_email, otp=otp)
otp_send.forgot_password_msgBody()
otp_send.send_otp()
if request.method == "POST" and form.validate_on_submit():
user_otp = int(request.form.get("otp"))
if user_otp == otp:
print(user_otp, otp)
flash("Enter your new password, and note it in your dairy.")
return redirect(url_for('reset_password', user_email=user_email))
else:
flash("Wrong credentials provided, Please try again !")
return redirect(url_for('login'))
return render_template("forgot-password.html", form=form)
def comparatorView(request, cloudItem, tokenID):
""" Show the timeline options """
#when the page loads display the comparator
data = dict()
data['objID'] = cloudItem
data['tokenID'] = tokenID
data['showToken'] = True
data['form'] = VerifyForm()
return render_to_response("dashboard/comparator/comparatorHome.html",
data,
context_instance=RequestContext(request))
def post(self, request):
req = request.POST
verify_form = VerifyForm(req)
if not verify_form.is_valid():
context = {'form': verify_form}
return render(request, 'users/verify.html', context)
else:
addr = verify_form.cleaned_data['wallet_addr']
amt = verify_form.cleaned_data['amount']
time = verify_form.cleaned_data['tx_time']
date = verify_form.cleaned_data['tx_date']
curr = verify_form.cleaned_data['curr']
desc = verify_form.cleaned_data['desc']
new_claim = PayClaim.objects.create(sender_addr=addr,
user=request.user,
amount=amt,
date=date,
time=time,
curr=curr,
description=desc)
context = {
'claim': new_claim,
'msg':
'Your pay verification is being processed, your account will be credited once the pay is verified. Thanks for trading with us.',
'color': 'green'
}
return render(request, 'users/dashboard.html', context)
def about():
form = VerifyForm()
if form.is_submitted():
result = request.form
print(result['articletext'])
return render_template('index.html', form=form)
