Exemplo n.º 1
0
def PasswordResetPost():
    if Authorization.isLoggedIn(session.get('user')):
        return redirect(url_for('Campus.List'))

    email = request.form.get('email')

    staff = StaffModel.findby('email', email)

    if len(staff) != 0:
        resetToken = str(uuid.uuid4()).replace('-', '')
        expires = time.time() + 30 * 60  # 30 minutes

        prm = PasswordResetModel()

        prm.setToken(resetToken) \
           .setUserId(staff.getId()) \
           .setUserType('staff') \
           .setExpires(expires) \
           .save()

        Email.sendEmail(
            email, 'password_reset', {
                'password_reset_url':
                Config.getValue('APP_URL') + '/auth/password-reset/' +
                resetToken
            })

    return render_template('auth/password_reset_sent.html')
Exemplo n.º 2
0
def isValid(request):
    """ Checks if the session is valid (wrapper for isValidToken) """
    if 'X-App-Token' not in request.headers:
        return False

    ip_address = request.remote_addr

    if Config.getValue('DEPLOYMENT') == 'heroku':
        ip_address = request.headers['X-Forwarded-For']

    return isValidToken(request.headers['X-App-Token'], ip_address,
                        request.headers['User-Agent'])
Exemplo n.º 3
0
def route():
    """ Example route, show information about system and current session. """
    userId = -1

    if 'X-App-Token' in request.headers:
        userId = ApiSession.getUserId(request.headers['X-App-Token'])

    return JsonResponse.ok({
        'application': 'A4Scheduler',
        'environment': Config.getValue('ENVIRONMENT'),
        'userId': userId
    })
Exemplo n.º 4
0
def connect():
    """ Connects to the database """
    global connection
    global mode

    if Config.getValue('SQLITE') == 'yes':
        mode = 'sqlite'

    if mode == 'mysql':
        db = MySQLdb.connect(host=Config.getValue('DB_HOST'),
                             user=Config.getValue('DB_USER'),
                             password=Config.getValue('DB_PASS'),
                             database=Config.getValue('DB_NAME'),
                             cursorclass=MySQLdb.cursors.DictCursor,
                             use_unicode=True,
                             charset="utf8mb4")
        db.autocommit(True)
    else:
        db = sqlite3.connect('system.db')
        db.row_factory = sqlite3.Row
        db.isolation_level = None

    connection = db
Exemplo n.º 5
0
def sendEmail(recipient, template, vars={}):
    # Get template, render it then send it using the Mailgun API
    # See: http://docs.python-requests.org/en/master/
    # See: https://documentation.mailgun.com/en/latest/api-sending.html#sending (ignore mime example)

    email = renderTemplate(getTemplate(template), vars)

    apiResponse = requests.post(
        'https://api.mailgun.net/v3/mg.a4scheduler.xyz/messages',
        auth=('api', Config.getValue('MAILGUN_API_KEY')),
        data={
            'from': 'A4 Scheduler <*****@*****.**>',
            'to': recipient,
            'subject': email[2],
            'text': email[1],
            'html': email[0]
        })

    return
Exemplo n.º 6
0
def SessionLogin():
    if 'X-App-Token' in request.headers and ApiSession.isValid(request):
        return JsonResponse.ok({'token': request.headers['X-App-Token']})

    userEmail = request.form.get('email')
    userPassword = request.form.get('password')
    userType = request.form.get('user_type')

    # Step 1: Verify presence of values and validate them
    if not userEmail or not userPassword or not userType:
        return JsonResponse.badRequest({
            'message': 'post_property_missing',
            'nice_message': 'Missing POST property.'
        })

    if userType not in ('student', 'teacher'):
        return JsonResponse.badRequest({
            'message':
            'invalid_user_type',
            'nice_message':
            'Given user type is invalid! Allowable types are: student/teacher.'
        })

    # Step 2: Verify password
    if userType == 'student':
        user = StudentModel.findBy('email', userEmail)
    elif userType == 'teacher':
        user = TeacherModel.findBy('email', userEmail)
    else:
        return JsonResponse.internalServerError({
            'message':
            'unexpected_user_type',
            'nice_message':
            'Unexpected user type. Contact system administrator.'
        })

    if len(user) != 1:
        return JsonResponse.unauthorized({
            'message':
            'invalid_credentials',
            'nice_message':
            'Supplied credentials (email/password) are invalid.'
        })

    user = user[0]

    salt = user.getSalt()

    hashedPassword = Security.hashPassword(userPassword, salt)

    if hashedPassword != user.getPassword():
        return JsonResponse.unauthorized({
            'message':
            'invalid_credentials',
            'nice_message':
            'Supplied credentials (email/password) are invalid.'
        })

    userId = user.getId()

    # Step 3: Create session
    ipAddress = request.remote_addr

    if Config.getValue('DEPLOYMENT') == 'heroku':
        ipAddress = request.headers['X-Forwarded-For']

    token = ApiSession.create(userId, userType, ipAddress,
                              request.headers['User-Agent'])

    if token:
        return JsonResponse.ok({'token': token})

    return JsonResponse.internalServerError({
        'message':
        'session_generation_failed',
        'nice_message':
        'Session generation failed. Contact system administrator.'
    })
Exemplo n.º 7
0
from dotenv import load_dotenv
from core import Config
from core import Authorization
from core import Database
import os

# Setup the .env file
env_file = os.path.join(os.path.dirname(__file__), '.env')

if os.path.isfile(
        env_file
) == True:  #TODO: ONLY try to load the .env file if the environment is dev and NOT production
    load_dotenv(env_file)

# Setup the raven client for Sentry
client = Client(dsn=Config.getValue('SENTRY_DSN'),
                environment=Config.getValue('ENVIRONMENT'))

db_file = os.path.join(os.path.dirname(__file__), 'system.db')

# Setup database if not exists
if Config.getValue('SQLITE') == 'yes':
    if os.path.isfile(db_file) == False:
        Database.createSQLite()

app = Flask(__name__)
app.debug = True

if Config.getValue('ENVIRONMENT') == 'local':

    @app.after_request