Commit 0d5fa8e6 authored by Alain Takoudjou's avatar Alain Takoudjou

Add password recovery code for session

parent 513b01cd
...@@ -5,7 +5,7 @@ import logging.handlers ...@@ -5,7 +5,7 @@ import logging.handlers
import os import os
import sys import sys
import subprocess import subprocess
import hashlib from datetime import timedelta
class Parser(OptionParser): class Parser(OptionParser):
""" """
...@@ -118,7 +118,8 @@ def serve(config): ...@@ -118,7 +118,8 @@ def serve(config):
workspace = workdir, workspace = workdir,
instance_profile='instance.cfg', instance_profile='instance.cfg',
software_profile='software.cfg', software_profile='software.cfg',
SECRET_KEY=os.urandom(24), SECRET_KEY="123456",
PERMANENT_SESSION_LIFETIME=timedelta(days=31),
) )
if not os.path.exists(workdir): if not os.path.exists(workdir):
os.mkdir(workdir) os.mkdir(workdir)
......
...@@ -43,7 +43,7 @@ textarea { ...@@ -43,7 +43,7 @@ textarea {
} }
body { body {
background: #2281C1;/*url("../images/1307251316-background-stripes.gif") repeat #9C9C9C;*/ background: #1E73BD;/*#1862C4 url("../images/1307251316-background-stripes.gif") repeat #9C9C9C;*/
font-family: 'Helvetica Neue',Tahoma,Helvetica,Arial,sans-serif; font-family: 'Helvetica Neue',Tahoma,Helvetica,Arial,sans-serif;
color: #000000; color: #000000;
font-size: 13px; font-size: 13px;
...@@ -712,3 +712,5 @@ padding:10px; font-size:14px; color:#03406A} ...@@ -712,3 +712,5 @@ padding:10px; font-size:14px; color:#03406A}
.login-element{float:left; min-width:120px;} .login-element{float:left; min-width:120px;}
.login-label{padding:5px; font-size:16px;} .login-label{padding:5px; font-size:16px;}
.login-input{width:220px;} .login-input{width:220px;}
.information{display:block; float:left; height:16px; margin-top:10px; margin-left:10px; font-weight:bold}
.account{margin-left:60px;}
\ No newline at end of file
...@@ -6,6 +6,10 @@ $(document).ready( function() { ...@@ -6,6 +6,10 @@ $(document).ready( function() {
$("#error").Popup("Invalid user name. Please check it!", {type:'alert', duration:3000}); $("#error").Popup("Invalid user name. Please check it!", {type:'alert', duration:3000});
return false; return false;
} }
else if ($("input#username").val().length <6){
$("#error").Popup("Username must have at least 6 characters", {type:'alert', duration:3000});
return false;
}
if($("input#name").val() === ""){ if($("input#name").val() === ""){
$("#error").Popup("Please enter your name and surname!", {type:'alert', duration:3000}); $("#error").Popup("Please enter your name and surname!", {type:'alert', duration:3000});
return false; return false;
...@@ -18,6 +22,10 @@ $(document).ready( function() { ...@@ -18,6 +22,10 @@ $(document).ready( function() {
$("#error").Popup("Please enter your new password!", {type:'alert', duration:3000}); $("#error").Popup("Please enter your new password!", {type:'alert', duration:3000});
return false; return false;
} }
if ($("input#password").val() !== "" && $("input#password").val().length <6){
$("#error").Popup("The password must have at least 6 characters", {type:'alert', duration:3000});
return false;
}
if($("input#password").val() !== ""){ if($("input#password").val() !== ""){
if($("input#password").val() === "" || !$("input#password").val().match(/^[\w\d\._-]+$/)){ if($("input#password").val() === "" || !$("input#password").val().match(/^[\w\d\._-]+$/)){
$("#error").Popup("Please enter your new password!", {type:'alert', duration:3000}); $("#error").Popup("Please enter your new password!", {type:'alert', duration:3000});
...@@ -29,13 +37,17 @@ $(document).ready( function() { ...@@ -29,13 +37,17 @@ $(document).ready( function() {
} }
haspwd = true; haspwd = true;
} }
if(!$("input#rcode").val().match(/^[\w\d]+$/)){
$("#error").Popup("Please enter your password recovery code.", {type:'alert', duration:3000});
return false;
}
if(send) return false; if(send) return false;
send = true; send = true;
$.ajax({ $.ajax({
type: "POST", type: "POST",
url: $SCRIPT_ROOT + '/updateAccount', url: $SCRIPT_ROOT + '/updateAccount',
data: {name: $("input#name").val(), username:$("input#username").val(), email:$("input#email").val(), data: {name: $("input#name").val(), username:$("input#username").val(), email:$("input#email").val(),
password:((haspwd) ? $("input#password").val():"")}, password:((haspwd) ? $("input#password").val():""), rcode:$("input#rcode").val()},
success: function(data){ success: function(data){
if(data.code ==1){ if(data.code ==1){
location.href = $SCRIPT_ROOT+"/" location.href = $SCRIPT_ROOT+"/"
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
{% endblock %} {% endblock %}
{% block body %} {% block body %}
<h2 class='title'>Your personal informations</h2><br/> <h2 class='title'>Your personal informations</h2><br/>
<form> <form class="account">
<div class='form'> <div class='form'>
<label for="name">Your name: </label> <label for="name">Your name: </label>
<input type='text' name='name' id='name' value='{{name}}'/> <input type='text' name='name' id='name' value='{{name}}'/>
...@@ -24,15 +24,23 @@ ...@@ -24,15 +24,23 @@
<input type='password' name='cpassword' id='cpassword' value=''/> <input type='password' name='cpassword' id='cpassword' value=''/>
<div class='clear'></div> <div class='clear'></div>
<br/> <br/>
<label for="rcode">Password Recover code:</label>
<input type='password' name='rcode' id='rcode' value=''/>
<span class="information"><a href="#" id="information" rel="tooltip">help?</a></span>
<div class='clear'></div>
<br/>
<label></label> <label></label>
<input type="submit" name="update" id ="update" value="Update" class="button"/> <input type="submit" name="update" id ="update" value="Update Account" class="button"/>
<div class='clear'></div> <div class='clear'></div>
<br/><br/><br/> <br/><br/><br/>
</div> </div>
<div id="file_info" class="file_info">{% if username %}leave passwords blank to preserve your current password...{%else%}
Before starting, please fill your personal informations... {%endif%}
</div>
<br/>
<input type="hidden" name="hasAccount" id="hasAccount" value="{{name}}"/> <input type="hidden" name="hasAccount" id="hasAccount" value="{{name}}"/>
</form> </form>
{% if username %}<div id="file_info" class="file_info">leave passwords blank to preserve your current password...
</div><br/>{%endif%}
<div id="tooltip-information" style="display:none; float:left">
<p style="font-size:12px;">
Please find this information in your slaprunner<br/> instance parameters.
</p>
</div>
{% endblock %} {% endblock %}
...@@ -18,11 +18,11 @@ ...@@ -18,11 +18,11 @@
<div class="tabDetails"> <div class="tabDetails">
<div id="tab1" class="tabContents"> <div id="tab1" class="tabContents">
<div id="repository" style="margin-left:40px;"> <div id="repository" style="margin-left:40px;">
<label for='name'>Project name*: </label> <label for='name'>Project name: </label>
<input type="text" name="name" id="name" size='20' value="Enter the project name..." /> <input type="text" name="name" id="name" size='20' value="Enter the project name..." />
<label for='repo'>&nbsp;url*: &nbsp;&nbsp;</label> <label for='repo'>&nbsp;url: &nbsp;&nbsp;</label>
<input type="text" name="repo" id="repo" size='25' value="Enter the url of your repository..." /><br/> <input type="text" name="repo" id="repo" size='25' value="Enter the url of your repository..." /><br/>
<label for='user'>Your name: &nbsp;&nbsp;&nbsp;&nbsp;</label> <label for='user'>Your name: &nbsp;&nbsp;&nbsp;</label>
<input type="text" name="user" id="user" size='20' value="{{name}}" /> <input type="text" name="user" id="user" size='20' value="{{name}}" />
<label for='email'>Email: </label> <label for='email'>Email: </label>
<input type="text" name="email" id="email" size='25' value="{% if not email %}Enter your email adress...{% else %}{{email}}{%endif%}" /> <input type="text" name="email" id="email" size='25' value="{% if not email %}Enter your email adress...{% else %}{{email}}{%endif%}" />
......
...@@ -97,7 +97,7 @@ ...@@ -97,7 +97,7 @@
</div> </div>
{% if request.path != '/login' %} {% if request.path != '/login' %}
<div id="footer"> <div id="footer">
SlapOs web runner &copy; Vifib SARL 2011 - All right reserved - Creative Commons Shared Alike Non Commercial SlapOS web runner &copy; Vifib SARL 2011 - All right reserved - Creative Commons Shared Alike Non Commercial
</div> </div>
{%endif%} {%endif%}
</div> </div>
......
...@@ -54,8 +54,7 @@ def checkLogin(config, login, pwd): ...@@ -54,8 +54,7 @@ def checkLogin(config, login, pwd):
list=[username, password, email, complete_name] list=[username, password, email, complete_name]
""" """
user = getSession(config) user = getSession(config)
salt = "runner81" #to be changed current_pwd = hashlib.md5( pwd ).hexdigest()
current_pwd = hashlib.md5( salt + pwd ).hexdigest()
if user and current_pwd == user[1] and login == user[0]: if user and current_pwd == user[1] and login == user[0]:
return user return user
return False return False
...@@ -73,16 +72,11 @@ def getSession(config): ...@@ -73,16 +72,11 @@ def getSession(config):
Returns: Returns:
a list of user informations or False if fail to read data. a list of user informations or False if fail to read data.
""" """
user_path = os.path.join(config['runner_workdir'], '.users') user_path = os.path.join(config['etc_dir'], '.users')
user = "" user = ""
if os.path.exists(user_path): if os.path.exists(user_path):
user = open(user_path, 'r').read().split(';') user = open(user_path, 'r').read().split(';')
if type(user) == type(""): if type(user) == type(""):
#Error: try to restore data from backup
if os.path.exists(user_path+'.back'):
os.rename(user_path+'.back', user_path)
user = open(user_path, 'r').read().split(';')
else:
return False return False
return user return user
...@@ -98,12 +92,11 @@ def saveSession(config, session, account): ...@@ -98,12 +92,11 @@ def saveSession(config, session, account):
Returns: Returns:
True if all goes well or str (error message) if fail True if all goes well or str (error message) if fail
""" """
user = os.path.join(config['runner_workdir'], '.users') user = os.path.join(config['etc_dir'], '.users')
backup = False backup = False
try: try:
if account[1]: if account[1]:
salt = "runner81" #to be changed account[1] = hashlib.md5(account[1]).hexdigest()
account[1] = hashlib.md5(salt + account[1]).hexdigest()
else: else:
account[1] = session['account'][1] account[1] = session['account'][1]
if 'account' in session: if 'account' in session:
......
...@@ -18,7 +18,7 @@ def before_request(): ...@@ -18,7 +18,7 @@ def before_request():
account = getSession(app.config) account = getSession(app.config)
if account: if account:
if request.path != '/login' and request.path != '/doLogin' and \ if request.path != '/login' and request.path != '/doLogin' and \
not checkSession(app.config, session, account): not 'account' in session:
return redirect(url_for('login')) return redirect(url_for('login'))
session['title'] = getProjectTitle(app.config) session['title'] = getProjectTitle(app.config)
else: else:
...@@ -485,6 +485,10 @@ def updateAccount(): ...@@ -485,6 +485,10 @@ def updateAccount():
account.append(request.form['password'].strip()) account.append(request.form['password'].strip())
account.append(request.form['email'].strip()) account.append(request.form['email'].strip())
account.append(request.form['name'].strip()) account.append(request.form['name'].strip())
code = request.form['rcode'].strip()
recovery_code = open(os.path.join(app.config['etc_dir'], ".rcode"), "r").read()
if code != recovery_code:
return jsonify(code=0, result="Your password recovery code is not valid!")
result = saveSession(app.config, session, account) result = saveSession(app.config, session, account)
if type(result) == type(""): if type(result) == type(""):
return jsonify(code=0, result=result) return jsonify(code=0, result=result)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment