ERnTb38G

· 4 years ago · Aug 15, 2021, 07:00 PM
1@app.route('/login', methods=['GET', 'POST'])
2def login():
3    if request.method == 'POST':
4        postData = request.form
5        email = postData['email']
6        password = postData['password']
7
8        login_test = Member.query.filter_by(email=email).first()
9
10        if not login_test:
11            return render_template('login.html', currentUser=None, message='invalid')
12
13        else:
14            staff = True if postData['type'] == 'staff' else False
15            print(staff)
16            pass_check = login_test.check_password(password)
17            if not pass_check or (login_test.type == 'Customer' and staff) or (
18                    login_test.type == 'Staff' and not staff):
19                return render_template('login.html', currentUser=None, message='invalid')
20
21            else:
22                if 'vCodeType' in postData and postData['vCodeType'] != '':
23                    session['Vauthentication'] = 'passed'
24                    if postData['vCodeType'] == 'sms':
25                        session['vCodeType'] = 'sms'
26                        number = '+65' + login_test.contact
27                        vCodeGenerated = generateVerificationCode()
28                        print(vCodeGenerated)
29                        # message = client.messages \
30                        #     .create(
31                        #     body='Your ShakeShack verification code is: ' + vCodeGenerated,
32                        #     from_='+12056196653',
33                        #     to=number
34                        # )
35                        #
36                        # print(message.sid)
37
38                        session['vCodeGenerated'] = vCodeGenerated
39
40
41                    elif postData['vCodeType'] == 'email':
42                        session['vCodeType'] = 'email'
43                        vCodeGenerated = generateVerificationCode()
44                        msg = Message('Hello', sender='ShakeShackproject@gmail.com', recipients=[postData['email']])
45                        msg.body = 'Your ShakeShack verification code is: ' + vCodeGenerated
46                        global ENABLE_MAIL
47                        if ENABLE_MAIL:
48                            mail.send(msg)
49                        print(vCodeGenerated)
50                        session['vCodeGenerated'] = vCodeGenerated
51
52
53                    # CV2
54                    elif postData['vCodeType'] == 'face':
55                        resp = make_response(redirect(url_for('facialAuthentication')))
56                        resp.set_cookie('userLoginAttempt', login_test.userID)
57                        return resp
58
59                    elif postData['vCodeType'] == 'googleAuth':
60                        session['login_test_userID'] = login_test.userID
61                        return redirect(url_for('login_2fa'))
62
63
64                    if postData['resend'] == 'yes':
65                        session['resend'] = 'yes'
66                        session['Vauthentication'] = 'passed'
67                    elif postData['resend'] == 'no':
68                        session['resend'] = 'no'
69
70                    return render_template('login.html', currentUser=None, verificationCode=True, email=email,
71                                           password=password, isStaff=staff, )
72
73
74
75                elif 'vCode' in postData:
76                    vCode = postData['vCode']
77                    if vCode == session['vCodeGenerated']:
78
79                        secretkey = '6LdlLucaAAAAAEEI1cdPcYLBXG7L5xQUTs4fWnzx'
80                        ip = request.remote_addr
81                        postData = request.form
82                        token = postData['g-token']
83                        email = postData['email']
84                        password = postData['password']
85                        staff = True if postData['type'] == 'staff' else False
86                        url = f"https://www.google.com/recaptcha/api/siteverify?secret={secretkey}&response={token}&remoteip={ip}"
87                        requesty = requests.post(url)
88                        response = requesty.json()
89
90                        if response['success']:
91                            pass
92                        else:
93                            return jsonify({"GAY": "TRUE"})
94                        print(response)
95                        login_test = Member.query.filter_by(email=email).first()
96
97                        if login_test:
98                            if (login_test.type == 'Staff' and staff) or (login_test.type == 'Customer' and not staff):
99                                pass_check = login_test.check_password(password)
100                                if pass_check:
101                                    print('user found')
102                                    sessionID = id_gen()
103                                    output = customer_schema.dump(login_test)
104
105                                    new_login = login_test.userID
106                                    # Generate the ID using time stamp.
107                                    # json_login_test = json.dumps(login_test, default=loginEncoder)
108                                    # print(type(json_login_test))
109                                    activeSessions[sessionID] = new_login
110                                    print(output)
111
112                                    resp = make_response(redirect((url_for('home'))))
113                                    global SET_SECURE_COOKIE
114                                    encoded, encoded_hash = serializeEncode(sessionID)
115
116                                    # CSRF
117                                    resp.set_cookie('id', encoded, secure=SET_SECURE_COOKIE,
118                                                    max_age=365 * 24 * 60 * 60, samesite="Lax", httponly=True)
119                                    resp.set_cookie('_ver_hmac', encoded_hash, secure=SET_SECURE_COOKIE,
120                                                    max_age=365 * 24 * 60 * 60, samesite="Lax", httponly=True)
121
122                                    print(login_test.type)
123                                    access_token = getAccessToken(login_test.type)
124                                    set_access_cookies(resp, access_token, 365 * 24 * 60 * 60)
125
126                                    session['vCodeType'] = ''
127                                    return resp
128
129                                else:
130                                    print('Password incorrect')
131
132                            else:
133                                print('Staff/Customer authentication failed')
134
135                        else:
136                            print('Email not found')
137
138                    else:
139                        session['Vauthentication'] = 'Failed'
140                        return render_template('login.html', currentUser=None, verificationCode=True, email=email,
141                                               password=password, isStaff=staff, )
142
143    return render_template('login.html', currentUser=None, verificationCode=False)
144