Commit 0d5fa8e6 authored by Alain Takoudjou's avatar Alain Takoudjou

Add password recovery code for session

parent 513b01cd
......@@ -5,7 +5,7 @@ import logging.handlers
import os
import sys
import subprocess
import hashlib
from datetime import timedelta
class Parser(OptionParser):
"""
......@@ -118,7 +118,8 @@ def serve(config):
workspace = workdir,
instance_profile='instance.cfg',
software_profile='software.cfg',
SECRET_KEY=os.urandom(24),
SECRET_KEY="123456",
PERMANENT_SESSION_LIFETIME=timedelta(days=31),
)
if not os.path.exists(workdir):
os.mkdir(workdir)
......
......@@ -43,7 +43,7 @@ textarea {
}
body {
background: #2281C1;/*url("../images/1307251316-background-stripes.gif") repeat #9C9C9C;*/
background: #1E73BD;/*#1862C4 url("../images/1307251316-background-stripes.gif") repeat #9C9C9C;*/
font-family: 'Helvetica Neue',Tahoma,Helvetica,Arial,sans-serif;
color: #000000;
font-size: 13px;
......@@ -711,4 +711,6 @@ padding:10px; font-size:14px; color:#03406A}
.login-button{width:140px; margin:0 auto;}
.login-element{float:left; min-width:120px;}
.login-label{padding:5px; font-size:16px;}
.login-input{width:220px;}
\ No newline at end of file
.login-input{width:220px;}
.information{display:block; float:left; height:16px; margin-top:10px; margin-left:10px; font-weight:bold}
.account{margin-left:60px;}
\ No newline at end of file
......@@ -6,6 +6,10 @@ $(document).ready( function() {
$("#error").Popup("Invalid user name. Please check it!", {type:'alert', duration:3000});
return false;
}
else if ($("input#username").val().length <6){
$("#error").Popup("Username must have at least 6 characters", {type:'alert', duration:3000});
return false;
}
if($("input#name").val() === ""){
$("#error").Popup("Please enter your name and surname!", {type:'alert', duration:3000});
return false;
......@@ -18,6 +22,10 @@ $(document).ready( function() {
$("#error").Popup("Please enter your new password!", {type:'alert', duration:3000});
return false;
}
if ($("input#password").val() !== "" && $("input#password").val().length <6){
$("#error").Popup("The password must have at least 6 characters", {type:'alert', duration:3000});
return false;
}
if($("input#password").val() !== ""){
if($("input#password").val() === "" || !$("input#password").val().match(/^[\w\d\._-]+$/)){
$("#error").Popup("Please enter your new password!", {type:'alert', duration:3000});
......@@ -29,13 +37,17 @@ $(document).ready( function() {
}
haspwd = true;
}
if(!$("input#rcode").val().match(/^[\w\d]+$/)){
$("#error").Popup("Please enter your password recovery code.", {type:'alert', duration:3000});
return false;
}
if(send) return false;
send = true;
$.ajax({
type: "POST",
url: $SCRIPT_ROOT + '/updateAccount',
data: {name: $("input#name").val(), username:$("input#username").val(), email:$("input#email").val(),
password:((haspwd) ? $("input#password").val():"")},
password:((haspwd) ? $("input#password").val():""), rcode:$("input#rcode").val()},
success: function(data){
if(data.code ==1){
location.href = $SCRIPT_ROOT+"/"
......
......@@ -6,7 +6,7 @@
{% endblock %}
{% block body %}
<h2 class='title'>Your personal informations</h2><br/>
<form>
<form class="account">
<div class='form'>
<label for="name">Your name: </label>
<input type='text' name='name' id='name' value='{{name}}'/>
......@@ -24,15 +24,23 @@
<input type='password' name='cpassword' id='cpassword' value=''/>
<div class='clear'></div>
<br/>
<label for="rcode">Password Recover code:</label>
<input type='password' name='rcode' id='rcode' value=''/>
<span class="information"><a href="#" id="information" rel="tooltip">help?</a></span>
<div class='clear'></div>
<br/>
<label></label>
<input type="submit" name="update" id ="update" value="Update" class="button"/>
<input type="submit" name="update" id ="update" value="Update Account" class="button"/>
<div class='clear'></div>
<br/><br/><br/>
</div>
<div id="file_info" class="file_info">{% if username %}leave passwords blank to preserve your current password...{%else%}
Before starting, please fill your personal informations... {%endif%}
</div>
<br/>
<input type="hidden" name="hasAccount" id="hasAccount" value="{{name}}"/>
</form>
{% if username %}<div id="file_info" class="file_info">leave passwords blank to preserve your current password...
</div><br/>{%endif%}
<div id="tooltip-information" style="display:none; float:left">
<p style="font-size:12px;">
Please find this information in your slaprunner<br/> instance parameters.
</p>
</div>
{% endblock %}
......@@ -18,11 +18,11 @@
<div class="tabDetails">
<div id="tab1" class="tabContents">
<div id="repository" style="margin-left:40px;">
<label for='name'>Project name*: </label>
<label for='name'>Project name: </label>
<input type="text" name="name" id="name" size='20' value="Enter the project name..." />
<label for='repo'>&nbsp;url*: &nbsp;&nbsp;</label>
<label for='repo'>&nbsp;url: &nbsp;&nbsp;</label>
<input type="text" name="repo" id="repo" size='25' value="Enter the url of your repository..." /><br/>
<label for='user'>Your name: &nbsp;&nbsp;&nbsp;&nbsp;</label>
<label for='user'>Your name: &nbsp;&nbsp;&nbsp;</label>
<input type="text" name="user" id="user" size='20' value="{{name}}" />
<label for='email'>Email: </label>
<input type="text" name="email" id="email" size='25' value="{% if not email %}Enter your email adress...{% else %}{{email}}{%endif%}" />
......
......@@ -97,7 +97,7 @@
</div>
{% if request.path != '/login' %}
<div id="footer">
SlapOs web runner &copy; Vifib SARL 2011 - All right reserved - Creative Commons Shared Alike Non Commercial
SlapOS web runner &copy; Vifib SARL 2011 - All right reserved - Creative Commons Shared Alike Non Commercial
</div>
{%endif%}
</div>
......
......@@ -54,8 +54,7 @@ def checkLogin(config, login, pwd):
list=[username, password, email, complete_name]
"""
user = getSession(config)
salt = "runner81" #to be changed
current_pwd = hashlib.md5( salt + pwd ).hexdigest()
current_pwd = hashlib.md5( pwd ).hexdigest()
if user and current_pwd == user[1] and login == user[0]:
return user
return False
......@@ -73,17 +72,12 @@ def getSession(config):
Returns:
a list of user informations or False if fail to read data.
"""
user_path = os.path.join(config['runner_workdir'], '.users')
user_path = os.path.join(config['etc_dir'], '.users')
user = ""
if os.path.exists(user_path):
user = open(user_path, 'r').read().split(';')
if type(user) == type(""):
#Error: try to restore data from backup
if os.path.exists(user_path+'.back'):
os.rename(user_path+'.back', user_path)
user = open(user_path, 'r').read().split(';')
else:
return False
return False
return user
def saveSession(config, session, account):
......@@ -98,12 +92,11 @@ def saveSession(config, session, account):
Returns:
True if all goes well or str (error message) if fail
"""
user = os.path.join(config['runner_workdir'], '.users')
user = os.path.join(config['etc_dir'], '.users')
backup = False
try:
if account[1]:
salt = "runner81" #to be changed
account[1] = hashlib.md5(salt + account[1]).hexdigest()
account[1] = hashlib.md5(account[1]).hexdigest()
else:
account[1] = session['account'][1]
if 'account' in session:
......
......@@ -18,7 +18,7 @@ def before_request():
account = getSession(app.config)
if account:
if request.path != '/login' and request.path != '/doLogin' and \
not checkSession(app.config, session, account):
not 'account' in session:
return redirect(url_for('login'))
session['title'] = getProjectTitle(app.config)
else:
......@@ -485,6 +485,10 @@ def updateAccount():
account.append(request.form['password'].strip())
account.append(request.form['email'].strip())
account.append(request.form['name'].strip())
code = request.form['rcode'].strip()
recovery_code = open(os.path.join(app.config['etc_dir'], ".rcode"), "r").read()
if code != recovery_code:
return jsonify(code=0, result="Your password recovery code is not valid!")
result = saveSession(app.config, session, account)
if type(result) == type(""):
return jsonify(code=0, result=result)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment