get auth/logins working with xmr signing auth

2 years ago · 6681315128
parent 6dc1b351b8
commit 6681315128
9 changed files with 46 additions and 62 deletions
--- a/xmrbackers/helpers.py
+++ b/xmrbackers/helpers.py
@ -21,11 +21,16 @@ def check_tx_key(tx_id, tx_key, wallet_address):

 def make_wallet_rpc(method, data={}):
    try:
-        w = Wallet(port=config.XMR_WALLET_RPC_PORT, user=config.XMR_WALLET_RPC_USER, password=config.XMR_WALLET_RPC_PASS)
+        w = Wallet(
+            port=config.XMR_WALLET_RPC_PORT, 
+            user=config.XMR_WALLET_RPC_USER, 
+            password=config.XMR_WALLET_RPC_PASS, 
+            timeout=5
+        )
        res = w._backend.raw_request(method, data)
        return res
-    except:
-        raise Exception('there was a problem i dont feel like writing good code for right now')
+    except Exception as e:
+        raise Exception('there was a problem i dont feel like writing good code for right now', e)


 class EnumArrayField(pwpg.ArrayField):
@ -54,6 +59,9 @@ class EnumArrayField(pwpg.ArrayField):
        """python -> database"""
        if not isinstance(value, (tuple, list)):
            raise TypeError("Wrong type, must be a list of enums")
+        # if isinstance(value, tuple):
+        #     value = value[0]
+
        data = []
        for enum in value:
            if not isinstance(enum, self.enum_class):
--- a/xmrbackers/models.py
+++ b/xmrbackers/models.py
@ -66,7 +66,6 @@ class User(pw.Model):
    def generate_challenge(self):
        self.challenge = token_urlsafe(24)
        self.save()
-        return self.challenge

    class Meta:
        database = db
--- a/xmrbackers/routes/auth.py
+++ b/xmrbackers/routes/auth.py
@ -73,19 +73,20 @@ async def challenge(handle):
            'address': user.wallet_address,
            'signature': form.signature.data
        }
-        res = make_wallet_rpc('verify', data)
-        print(res)
-        from quart import jsonify
-        return jsonify(res)
-        # # Check if user doesn't exist
-        # user = User.select().where(
-        #     User.handle == form.handle.data
-        # ).first()
-        # if not user:
-        #     await flash('That handle does not exist.')
-        #     return redirect(url_for('auth.login'))
-        return redirect(url_for('main.index'))
-
+        try:
+            res = make_wallet_rpc('verify', data)
+            if res['good']:
+                user.generate_challenge()
+                login_user(user)
+                await flash('Successful login!')
+                return redirect(url_for('main.index'))
+            else:
+                await flash('Invalid signature. Try again.')
+                return redirect(url_for('auth.challenge', handle=handle))
+        except Exception as e:
+            await flash(f'Issue with checking the signature provided: {e}')
+            return redirect(url_for('auth.challenge', handle=handle))
+            
    return await render_template(
        'auth/challenge.html', 
        user=user,
@ -99,29 +100,3 @@ async def logout():
    else:
        await flash('Not authenticated!')
    return redirect(url_for('main.index'))
-
-# @auth_bp.route("/reset/<string:hash>", methods=["GET", "POST"])
-# def reset(hash):
-#     hash = PasswordReset.query.filter(PasswordReset.hash==hash).first()
-#     if not hash:
-#         flash('Invalid password reset hash')
-#         return redirect(url_for('auth.login'))
-#
-#     if hash.hours_elapsed() > hash.expiration_hours or hash.expired:
-#         flash('Reset hash has expired')
-#         return redirect(url_for('auth.login'))
-#
-#     form = ResetPassword()
-#     if form.validate_on_submit():
-#         try:
-#             user = User.query.get(hash.user)
-#             user.password = bcrypt.generate_password_hash(form.password.data).decode('utf8')
-#             hash.expired = True
-#             db.session.commit()
-#             flash('Password reset successfully')
-#             return redirect(url_for('auth.login'))
-#         except:
-#             flash('Error resetting password')
-#             return redirect(url_for('auth.login'))
-#
-#     return render_template('auth/reset.html', form=form)
--- a/xmrbackers/templates/auth/challenge.html
+++ b/xmrbackers/templates/auth/challenge.html
@ -35,7 +35,6 @@
                  <input type="submit" value="Login" class="btn btn-link btn-outline btn-xl">
              </form>
 						</header>
-						<span class="image"><img src="/static/images/monero-logo.png" width=150px></span>
 					</div>
 				</section>

--- a/xmrbackers/templates/auth/login.html
+++ b/xmrbackers/templates/auth/login.html
@ -32,7 +32,6 @@
                  <input type="submit" value="Login" class="btn btn-link btn-outline btn-xl">
              </form>
 						</header>
-						<span class="image"><img src="/static/images/monero-logo.png" width=150px></span>
 					</div>
 				</section>

--- a/xmrbackers/templates/auth/register.html
+++ b/xmrbackers/templates/auth/register.html
@ -32,7 +32,6 @@
                  <input type="submit" value="Register" class="btn btn-link btn-outline btn-xl">
              </form>
 						</header>
-						<span class="image"><img src="/static/images/monero-logo.png" width=150px></span>
 					</div>
 				</section>

--- a/xmrbackers/templates/includes/footer.html
+++ b/xmrbackers/templates/includes/footer.html
@ -1,3 +1,14 @@
+<hr>
+
+<section id="banner">
+  <div class="content">
+    <header>
+      <p>This is a simple prototype and is under heavy development.</p>
+    </header>
+    <span class="image"><img src="/static/images/monero-logo.png" width=150px></span>
+  </div>
+</section>
+
 <footer id="footer">
  <ul class="icons">
  </ul>
--- a/xmrbackers/templates/includes/header.html
+++ b/xmrbackers/templates/includes/header.html
@ -7,8 +7,8 @@
      <li><a href="{{ url_for('auth.logout') }}">Logout</a></li>
    </ul>
  </nav>
-  <p>Authenticated: {{ current_user.is_authenticated }}</p>
  {% if current_user.is_authenticated %}
+    <p>Authenticated: {{ current_user.is_authenticated }}</p>
    <p>Username: {{ current_user.handle }}</p>
    <p>Email: {{ current_user.email }}</p>
    <p>Wallet Address: {{ current_user.wallet_address }}</p>
@ -18,14 +18,19 @@
 <hr>

 <script src="/static/js/noty.js"></script>
-{% with messages = get_flashed_messages() %}
+{% with messages = get_flashed_messages(with_categories=true) %}
  {% if messages %}
  <script type="text/javascript">
-    {% for message in messages %}
+    {% for category, message in messages %}
+      {% if category == "message" %}
+        {% set _c = "info" %}
+      {% else %}
+        {% set _c = category %}
+      {% endif %}
      new Noty({
-        type: 'error',
+        type: '{{ _c }}',
        theme: 'relax',
-        layout: 'topCenter',
+        layout: 'topRight',
        text: '{{ message }}',
        timeout: 4500
      }).show();
--- a/xmrbackers/templates/index.html
+++ b/xmrbackers/templates/index.html
@ -27,17 +27,6 @@
 							<p>{{ s.id }}</p>
 						{% endfor %}
 					{% endif %}
-				{% else %}
-
-				<section id="banner">
-					<div class="content">
-						<header>
-							<p>This is a simple prototype and is under heavy development.</p>
-						</header>
-						<span class="image"><img src="/static/images/monero-logo.png" width=150px></span>
-					</div>
-				</section>
-
 				{% endif %}

 				{% include 'includes/footer.html' %}