From 6681315128128a476e67a8084a93bb517dc88844 Mon Sep 17 00:00:00 2001 From: lza_menace Date: Wed, 28 Sep 2022 22:53:07 -0700 Subject: [PATCH] get auth/logins working with xmr signing auth --- xmrbackers/helpers.py | 14 ++++-- xmrbackers/models.py | 1 - xmrbackers/routes/auth.py | 53 ++++++----------------- xmrbackers/templates/auth/challenge.html | 1 - xmrbackers/templates/auth/login.html | 1 - xmrbackers/templates/auth/register.html | 1 - xmrbackers/templates/includes/footer.html | 11 +++++ xmrbackers/templates/includes/header.html | 15 ++++--- xmrbackers/templates/index.html | 11 ----- 9 files changed, 46 insertions(+), 62 deletions(-) diff --git a/xmrbackers/helpers.py b/xmrbackers/helpers.py index 6b4cbb6..09260c6 100644 --- a/xmrbackers/helpers.py +++ b/xmrbackers/helpers.py @@ -21,11 +21,16 @@ def check_tx_key(tx_id, tx_key, wallet_address): def make_wallet_rpc(method, data={}): try: - w = Wallet(port=config.XMR_WALLET_RPC_PORT, user=config.XMR_WALLET_RPC_USER, password=config.XMR_WALLET_RPC_PASS) + w = Wallet( + port=config.XMR_WALLET_RPC_PORT, + user=config.XMR_WALLET_RPC_USER, + password=config.XMR_WALLET_RPC_PASS, + timeout=5 + ) res = w._backend.raw_request(method, data) return res - except: - raise Exception('there was a problem i dont feel like writing good code for right now') + except Exception as e: + raise Exception('there was a problem i dont feel like writing good code for right now', e) class EnumArrayField(pwpg.ArrayField): @@ -54,6 +59,9 @@ class EnumArrayField(pwpg.ArrayField): """python -> database""" if not isinstance(value, (tuple, list)): raise TypeError("Wrong type, must be a list of enums") + # if isinstance(value, tuple): + # value = value[0] + data = [] for enum in value: if not isinstance(enum, self.enum_class): diff --git a/xmrbackers/models.py b/xmrbackers/models.py index 4af50e0..2b56c64 100644 --- a/xmrbackers/models.py +++ b/xmrbackers/models.py @@ -66,7 +66,6 @@ class User(pw.Model): def generate_challenge(self): self.challenge = token_urlsafe(24) self.save() - return self.challenge class Meta: database = db diff --git a/xmrbackers/routes/auth.py b/xmrbackers/routes/auth.py index 06ec32c..58a71a0 100644 --- a/xmrbackers/routes/auth.py +++ b/xmrbackers/routes/auth.py @@ -73,19 +73,20 @@ async def challenge(handle): 'address': user.wallet_address, 'signature': form.signature.data } - res = make_wallet_rpc('verify', data) - print(res) - from quart import jsonify - return jsonify(res) - # # Check if user doesn't exist - # user = User.select().where( - # User.handle == form.handle.data - # ).first() - # if not user: - # await flash('That handle does not exist.') - # return redirect(url_for('auth.login')) - return redirect(url_for('main.index')) - + try: + res = make_wallet_rpc('verify', data) + if res['good']: + user.generate_challenge() + login_user(user) + await flash('Successful login!') + return redirect(url_for('main.index')) + else: + await flash('Invalid signature. Try again.') + return redirect(url_for('auth.challenge', handle=handle)) + except Exception as e: + await flash(f'Issue with checking the signature provided: {e}') + return redirect(url_for('auth.challenge', handle=handle)) + return await render_template( 'auth/challenge.html', user=user, @@ -99,29 +100,3 @@ async def logout(): else: await flash('Not authenticated!') return redirect(url_for('main.index')) - -# @auth_bp.route("/reset/", methods=["GET", "POST"]) -# def reset(hash): -# hash = PasswordReset.query.filter(PasswordReset.hash==hash).first() -# if not hash: -# flash('Invalid password reset hash') -# return redirect(url_for('auth.login')) -# -# if hash.hours_elapsed() > hash.expiration_hours or hash.expired: -# flash('Reset hash has expired') -# return redirect(url_for('auth.login')) -# -# form = ResetPassword() -# if form.validate_on_submit(): -# try: -# user = User.query.get(hash.user) -# user.password = bcrypt.generate_password_hash(form.password.data).decode('utf8') -# hash.expired = True -# db.session.commit() -# flash('Password reset successfully') -# return redirect(url_for('auth.login')) -# except: -# flash('Error resetting password') -# return redirect(url_for('auth.login')) -# -# return render_template('auth/reset.html', form=form) diff --git a/xmrbackers/templates/auth/challenge.html b/xmrbackers/templates/auth/challenge.html index aa1a11c..4b6c692 100644 --- a/xmrbackers/templates/auth/challenge.html +++ b/xmrbackers/templates/auth/challenge.html @@ -35,7 +35,6 @@ - diff --git a/xmrbackers/templates/auth/login.html b/xmrbackers/templates/auth/login.html index 40af071..4b7e4b3 100644 --- a/xmrbackers/templates/auth/login.html +++ b/xmrbackers/templates/auth/login.html @@ -32,7 +32,6 @@ - diff --git a/xmrbackers/templates/auth/register.html b/xmrbackers/templates/auth/register.html index 7c167c5..8bcccb7 100644 --- a/xmrbackers/templates/auth/register.html +++ b/xmrbackers/templates/auth/register.html @@ -32,7 +32,6 @@ - diff --git a/xmrbackers/templates/includes/footer.html b/xmrbackers/templates/includes/footer.html index 9fc962b..bfaf3f5 100644 --- a/xmrbackers/templates/includes/footer.html +++ b/xmrbackers/templates/includes/footer.html @@ -1,3 +1,14 @@ +
+ + +