2015-10-10 17:42:44 +02:00
|
|
|
#!/usr/bin/python3
|
2015-09-03 19:35:09 +02:00
|
|
|
|
2015-10-10 17:42:44 +02:00
|
|
|
import os
|
|
|
|
import sys
|
|
|
|
sys.path.insert(0, os.path.abspath(os.path.dirname(__file__) + '/' + '../..'))
|
|
|
|
|
|
|
|
from ffmap.web.api import api
|
|
|
|
from ffmap.web.filters import filters
|
2017-11-05 19:48:29 +01:00
|
|
|
from ffmap.mysqltools import FreifunkMySQL
|
2015-11-11 15:27:50 +01:00
|
|
|
from ffmap import stattools
|
2016-02-29 18:51:58 +01:00
|
|
|
from ffmap.usertools import *
|
2017-12-11 23:16:05 +01:00
|
|
|
from ffmap.routertools import delete_router, ban_router
|
2015-11-18 14:48:14 +01:00
|
|
|
from ffmap.web.helpers import *
|
2017-11-19 00:51:23 +01:00
|
|
|
from ffmap.config import CONFIG
|
2017-12-10 19:25:46 +01:00
|
|
|
from ffmap.misc import writelog, writefulllog
|
2015-10-07 16:19:07 +02:00
|
|
|
|
2016-02-29 18:51:58 +01:00
|
|
|
from flask import Flask, render_template, request, Response, redirect, url_for, flash, session
|
2015-11-06 18:19:21 +01:00
|
|
|
import bson
|
2015-09-03 19:35:09 +02:00
|
|
|
from bson.json_util import dumps as bson2json
|
2015-10-02 23:53:47 +02:00
|
|
|
from bson.objectid import ObjectId
|
2016-02-29 18:51:58 +01:00
|
|
|
import base64
|
2017-11-05 19:48:29 +01:00
|
|
|
import datetime
|
2015-09-03 19:35:09 +02:00
|
|
|
|
|
|
|
app = Flask(__name__)
|
2015-10-07 16:19:07 +02:00
|
|
|
app.register_blueprint(api, url_prefix='/api')
|
|
|
|
app.register_blueprint(filters)
|
|
|
|
|
2015-09-03 19:35:09 +02:00
|
|
|
tileurls = {
|
2017-11-15 23:17:59 +01:00
|
|
|
"routers": "/tiles/routers",
|
|
|
|
"routers_v2": "/tiles/routers_v2",
|
2015-10-10 17:42:44 +02:00
|
|
|
"hoods": "/tiles/hoods",
|
2017-11-15 23:31:43 +01:00
|
|
|
"hoods_v2": "/tiles/hoods_v2",
|
2015-09-03 19:35:09 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
@app.route('/')
|
|
|
|
def index():
|
2015-10-02 23:53:47 +02:00
|
|
|
return render_template("index.html")
|
|
|
|
|
2017-08-18 15:50:31 +02:00
|
|
|
@app.route('/apidoc')
|
|
|
|
def apidoc():
|
|
|
|
return render_template("apidoc.html")
|
|
|
|
|
2015-10-02 23:53:47 +02:00
|
|
|
@app.route('/map')
|
|
|
|
def router_map():
|
2015-09-03 19:35:09 +02:00
|
|
|
return render_template("map.html", tileurls=tileurls)
|
|
|
|
|
2015-10-02 23:53:47 +02:00
|
|
|
@app.route('/routers')
|
|
|
|
def router_list():
|
2017-11-10 14:34:49 +01:00
|
|
|
where, tuple, query_str = parse_router_list_search_query(request.args)
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql = FreifunkMySQL()
|
|
|
|
|
|
|
|
routers = mysql.fetchall("""
|
2017-11-23 13:23:06 +01:00
|
|
|
SELECT router.id, hostname, status, hood, contact, nickname, hardware, router.created, sys_uptime, clients, reset
|
2017-11-05 19:48:29 +01:00
|
|
|
FROM router
|
|
|
|
LEFT JOIN users ON router.contact = users.email
|
|
|
|
{}
|
|
|
|
ORDER BY hostname ASC
|
|
|
|
""".format(where),tuple)
|
|
|
|
mysql.close()
|
2017-11-16 14:16:33 +01:00
|
|
|
routers = mysql.utcawaretuple(routers,"created")
|
2017-11-05 19:48:29 +01:00
|
|
|
|
|
|
|
return render_template("router_list.html", query_str=query_str, routers=routers, numrouters=len(routers))
|
2015-10-02 23:53:47 +02:00
|
|
|
|
2017-12-10 19:10:39 +01:00
|
|
|
# router by mac (short link version)
|
|
|
|
@app.route('/mac/<mac>')
|
|
|
|
def router_mac(mac):
|
|
|
|
mysql = FreifunkMySQL()
|
|
|
|
res_routers = mysql.fetchall("""
|
|
|
|
SELECT id
|
|
|
|
FROM router
|
|
|
|
INNER JOIN router_netif ON router.id = router_netif.router
|
|
|
|
WHERE mac = %s
|
|
|
|
GROUP BY mac, id
|
|
|
|
""",(mac.lower(),))
|
|
|
|
mysql.close()
|
|
|
|
if len(res_routers) != 1:
|
|
|
|
return redirect(url_for("router_list", q="mac:%s" % mac))
|
|
|
|
else:
|
|
|
|
return redirect(url_for("router_info", dbid=res_routers[0]["id"]))
|
|
|
|
|
2015-11-19 22:37:06 +01:00
|
|
|
@app.route('/routers/<dbid>', methods=['GET', 'POST'])
|
2015-10-02 23:53:47 +02:00
|
|
|
def router_info(dbid):
|
2015-11-06 18:19:21 +01:00
|
|
|
try:
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql = FreifunkMySQL()
|
|
|
|
router = mysql.findone("""SELECT * FROM router WHERE id = %s LIMIT 1""",(dbid,))
|
2017-12-09 00:01:28 +01:00
|
|
|
mac = None
|
2017-11-05 19:48:29 +01:00
|
|
|
|
|
|
|
if router:
|
2017-11-10 13:23:27 +01:00
|
|
|
if request.args.get('fffconfig', None) != None:
|
|
|
|
mysql.close()
|
|
|
|
s = "\nconfig fff 'system'\n"
|
|
|
|
s += " option hostname '{}'\n".format(router["hostname"])
|
|
|
|
s += " option description '{}'\n".format(router["description"])
|
|
|
|
s += " option latitude '{}'\n".format(router["lat"] if router["lat"] else "")
|
|
|
|
s += " option longitude '{}'\n".format(router["lng"] if router["lng"] else "")
|
|
|
|
s += " option position_comment '{}'\n".format(router["position_comment"])
|
|
|
|
s += " option contact '{}'\n".format(router["contact"])
|
|
|
|
return Response(s,mimetype='text/plain')
|
|
|
|
|
2017-11-16 14:16:33 +01:00
|
|
|
router = mysql.utcaware(router,["created","last_contact"])
|
2017-11-05 19:48:29 +01:00
|
|
|
|
|
|
|
router["user"] = mysql.findone("SELECT nickname FROM users WHERE email = %s",(router["contact"],),"nickname")
|
|
|
|
router["netifs"] = mysql.fetchall("""SELECT * FROM router_netif WHERE router = %s""",(dbid,))
|
|
|
|
for n in router["netifs"]:
|
|
|
|
n["ipv6_addrs"] = mysql.fetchall("""SELECT ipv6 FROM router_ipv6 WHERE router = %s AND netif = %s""",(dbid,n["netif"],),"ipv6")
|
2017-12-09 00:01:28 +01:00
|
|
|
if n["netif"]=="br-mesh":
|
|
|
|
mac = n["mac"]
|
2017-11-05 19:48:29 +01:00
|
|
|
|
|
|
|
router["neighbours"] = mysql.fetchall("""
|
|
|
|
SELECT nb.mac, nb.quality, nb.net_if, r.hostname, r.id
|
|
|
|
FROM router_neighbor AS nb
|
2017-11-16 22:07:30 +01:00
|
|
|
LEFT JOIN (
|
2017-11-05 19:48:29 +01:00
|
|
|
SELECT router, mac FROM router_netif GROUP BY mac, router
|
|
|
|
) AS net ON nb.mac = net.mac
|
2017-11-16 22:07:30 +01:00
|
|
|
LEFT JOIN router as r ON net.router = r.id
|
2017-11-16 22:13:32 +01:00
|
|
|
WHERE nb.router = %s
|
|
|
|
ORDER BY nb.quality DESC
|
|
|
|
""",(dbid,))
|
2017-11-05 19:48:29 +01:00
|
|
|
# FIX SQL: only one from router_netif
|
|
|
|
|
|
|
|
router["events"] = mysql.fetchall("""SELECT * FROM router_events WHERE router = %s""",(dbid,))
|
2017-11-16 14:16:33 +01:00
|
|
|
router["events"] = mysql.utcawaretuple(router["events"],"time")
|
2017-11-05 19:48:29 +01:00
|
|
|
|
|
|
|
router["stats"] = mysql.fetchall("""SELECT * FROM router_stats WHERE router = %s""",(dbid,))
|
|
|
|
for s in router["stats"]:
|
2017-12-04 20:11:19 +01:00
|
|
|
s["time"] = mysql.utcawareint(s["time"])
|
2017-11-16 11:19:30 +01:00
|
|
|
|
|
|
|
netiffetch = mysql.fetchall("""
|
|
|
|
SELECT netif, rx, tx, time FROM router_stats_netif WHERE router = %s
|
|
|
|
""",(dbid,))
|
|
|
|
|
|
|
|
for ns in netiffetch:
|
2017-12-04 20:11:19 +01:00
|
|
|
ns["time"] = mysql.utcawareint(ns["time"])
|
2017-11-16 11:19:30 +01:00
|
|
|
|
|
|
|
neighfetch = mysql.fetchall("""
|
|
|
|
SELECT quality, mac, time FROM router_stats_neighbor WHERE router = %s
|
|
|
|
""",(dbid,))
|
|
|
|
|
|
|
|
for ns in neighfetch:
|
2017-12-04 20:11:19 +01:00
|
|
|
ns["time"] = mysql.utcawareint(ns["time"])
|
2017-11-05 19:48:29 +01:00
|
|
|
|
|
|
|
if request.method == 'POST':
|
|
|
|
if request.form.get("act") == "delete":
|
|
|
|
user = None
|
|
|
|
# a router may not have a owner, but admin users still can delete it
|
|
|
|
if ("user" in router):
|
|
|
|
user = router["user"]
|
|
|
|
if is_authorized(user, session):
|
|
|
|
#if True:
|
|
|
|
delete_router(mysql,dbid)
|
|
|
|
flash("<b>Router <i>%s</i> deleted!</b>" % router["hostname"], "success")
|
|
|
|
mysql.close()
|
|
|
|
return redirect(url_for("index"))
|
|
|
|
else:
|
|
|
|
flash("<b>You are not authorized to perform this action!</b>", "danger")
|
2017-12-11 23:16:05 +01:00
|
|
|
elif request.form.get("act") == "ban":
|
|
|
|
if session.get('admin'):
|
|
|
|
if mac:
|
|
|
|
ban_router(mysql,dbid)
|
|
|
|
delete_router(mysql,dbid)
|
|
|
|
flash("<b>Router <i>%s</i> banned!</b>" % router["hostname"], "success")
|
|
|
|
mysql.close()
|
|
|
|
return redirect(url_for("index"))
|
|
|
|
else:
|
|
|
|
flash("<b>Router has no br-mesh and thus cannot be banned!</b>", "danger")
|
|
|
|
else:
|
|
|
|
flash("<b>You are not authorized to perform this action!</b>", "danger")
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql.close()
|
|
|
|
else:
|
|
|
|
mysql.close()
|
|
|
|
return "Router not found"
|
|
|
|
|
|
|
|
if request.args.get('json', None) != None:
|
|
|
|
del router["stats"]
|
|
|
|
#FIXME: Only as admin
|
|
|
|
return Response(bson2json(router, sort_keys=True, indent=4), mimetype='application/json')
|
|
|
|
else:
|
2017-12-09 00:01:28 +01:00
|
|
|
return render_template("router.html", router=router, mac=mac, tileurls=tileurls, netifstats=netiffetch, neighstats=neighfetch)
|
2017-11-22 23:36:04 +01:00
|
|
|
except Exception as e:
|
|
|
|
writelog(CONFIG["debug_dir"] + "/fail_router.txt", str(e))
|
2017-12-10 19:25:46 +01:00
|
|
|
import traceback
|
|
|
|
writefulllog("Warning: Failed to display router details page: %s\n__%s" % (e, traceback.format_exc().replace("\n", "\n__")))
|
2015-10-02 23:53:47 +02:00
|
|
|
|
2016-02-29 18:51:58 +01:00
|
|
|
@app.route('/users')
|
|
|
|
def user_list():
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql = FreifunkMySQL()
|
2017-11-15 13:43:52 +01:00
|
|
|
users = mysql.fetchall("SELECT id, nickname, email, created, admin FROM users ORDER BY nickname COLLATE utf8_unicode_ci ASC")
|
2017-11-05 19:48:29 +01:00
|
|
|
user_routers = stattools.router_user_sum(mysql)
|
|
|
|
mysql.close()
|
2017-11-16 14:16:33 +01:00
|
|
|
users = mysql.utcawaretuple(users,"created")
|
2017-11-05 19:48:29 +01:00
|
|
|
|
2016-02-29 18:51:58 +01:00
|
|
|
return render_template("user_list.html",
|
2017-11-05 19:48:29 +01:00
|
|
|
user_routers = user_routers,
|
|
|
|
users = users,
|
|
|
|
users_count = len(users)
|
2016-02-29 18:51:58 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
@app.route('/users/<nickname>', methods=['GET', 'POST'])
|
|
|
|
def user_info(nickname):
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql = FreifunkMySQL()
|
|
|
|
user = mysql.findone("SELECT * FROM users WHERE nickname = %s LIMIT 1",(nickname,))
|
|
|
|
user["created"] = mysql.utcaware(user["created"])
|
|
|
|
if not user:
|
|
|
|
mysql.close()
|
2016-02-29 18:51:58 +01:00
|
|
|
return "User not found"
|
2017-11-19 15:20:01 +01:00
|
|
|
if request.method == 'POST':
|
|
|
|
if is_authorized(user["nickname"], session):
|
|
|
|
if request.form.get("action") == "changepw":
|
|
|
|
if request.form["password"] != request.form["password_rep"]:
|
|
|
|
flash("<b>Passwords did not match!</b>", "danger")
|
|
|
|
elif request.form["password"] == "":
|
|
|
|
flash("<b>Password must not be empty!</b>", "danger")
|
|
|
|
else:
|
|
|
|
set_user_password(mysql, user["nickname"], request.form["password"])
|
|
|
|
flash("<b>Password changed!</b>", "success")
|
|
|
|
elif request.form.get("action") == "changemail":
|
|
|
|
if request.form["email"] != request.form["email_rep"]:
|
|
|
|
flash("<b>E-Mail addresses do not match!</b>", "danger")
|
|
|
|
elif not "@" in request.form["email"]:
|
|
|
|
flash("<b>Invalid E-Mail addresse!</b>", "danger")
|
|
|
|
else:
|
|
|
|
try:
|
|
|
|
set_user_email(mysql, user["nickname"], request.form["email"])
|
|
|
|
flash("<b>E-Mail changed!</b>", "success")
|
|
|
|
if not session.get('admin'):
|
|
|
|
password = base64.b32encode(os.urandom(10)).decode()
|
|
|
|
set_user_password(mysql, user["nickname"], password)
|
|
|
|
send_email(
|
|
|
|
recipient = request.form['email'],
|
|
|
|
subject = "Password for %s" % user['nickname'],
|
|
|
|
content = "Hello %s,\n\n" % user["nickname"] +
|
|
|
|
"You changed your email address on https://monitoring.freifunk-franken.de/\n" +
|
|
|
|
"To verify your new email address your password was changed to %s\n" % password +
|
|
|
|
"... and sent to your new address. Please log in and change it.\n\n" +
|
|
|
|
"Regards,\nFreifunk Franken Monitoring System"
|
|
|
|
)
|
|
|
|
mysql.close()
|
|
|
|
return logout()
|
|
|
|
else:
|
|
|
|
# force db data reload
|
|
|
|
mysql.findone("SELECT * FROM users WHERE nickname = %s LIMIT 1",(nickname,))
|
|
|
|
except AccountWithEmailExists:
|
|
|
|
flash("<b>There is already an account with this E-Mail Address!</b>", "danger")
|
|
|
|
elif request.form.get("action") == "changeadmin":
|
|
|
|
if session.get('admin'):
|
|
|
|
set_user_admin(mysql, nickname, request.form.get("admin") == "true")
|
|
|
|
# force db data reload
|
|
|
|
mysql.findone("SELECT * FROM users WHERE nickname = %s LIMIT 1",(nickname,))
|
|
|
|
elif request.form.get("action") == "deleteaccount":
|
|
|
|
if session.get('admin'):
|
|
|
|
mysql.execute("DELETE FROM users WHERE nickname = %s LIMIT 1",(nickname,))
|
|
|
|
mysql.commit()
|
|
|
|
flash("<b>User <i>%s</i> deleted!</b>" % nickname, "success")
|
|
|
|
mysql.close()
|
|
|
|
return redirect(url_for("user_list"))
|
|
|
|
else:
|
|
|
|
flash("<b>You are not authorized to perform this action!</b>", "danger")
|
|
|
|
routers = mysql.fetchall("""
|
2017-11-23 13:23:06 +01:00
|
|
|
SELECT id, hostname, status, hood, firmware, hardware, created, sys_uptime, clients, reset
|
2017-11-19 15:20:01 +01:00
|
|
|
FROM router
|
|
|
|
WHERE contact = %s
|
|
|
|
ORDER BY hostname ASC
|
|
|
|
""",(user["email"],))
|
|
|
|
mysql.close()
|
|
|
|
routers = mysql.utcawaretuple(routers,"created")
|
|
|
|
return render_template("user.html", user=user, routers=routers, routers_count=len(routers))
|
2016-02-29 18:51:58 +01:00
|
|
|
|
2015-11-11 15:27:50 +01:00
|
|
|
@app.route('/statistics')
|
|
|
|
def global_statistics():
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql = FreifunkMySQL()
|
|
|
|
hoods = stattools.hoods(mysql)
|
|
|
|
|
|
|
|
stats = mysql.fetchall("SELECT * FROM stats_global")
|
2017-12-04 20:11:19 +01:00
|
|
|
stats = mysql.utcawaretupleint(stats,"time")
|
2017-11-05 19:48:29 +01:00
|
|
|
|
2017-11-23 12:10:49 +01:00
|
|
|
numnew = len(hoods)-18
|
|
|
|
if numnew < 1:
|
|
|
|
numnew = 1
|
|
|
|
|
2017-11-05 19:48:29 +01:00
|
|
|
newest_routers = mysql.fetchall("""
|
|
|
|
SELECT id, hostname, hood, created
|
|
|
|
FROM router
|
|
|
|
WHERE hardware <> 'Legacy'
|
|
|
|
ORDER BY created DESC
|
|
|
|
LIMIT %s
|
2017-11-23 12:10:49 +01:00
|
|
|
""",(numnew,))
|
2017-11-16 14:16:33 +01:00
|
|
|
newest_routers = mysql.utcawaretuple(newest_routers,"created")
|
2017-11-05 19:48:29 +01:00
|
|
|
|
|
|
|
clients = stattools.total_clients(mysql)
|
|
|
|
router_status = stattools.router_status(mysql)
|
|
|
|
router_models = stattools.router_models(mysql)
|
|
|
|
router_firmwares = stattools.router_firmwares(mysql)
|
|
|
|
hoods_sum = stattools.hoods_sum(mysql)
|
|
|
|
mysql.close()
|
|
|
|
|
2015-11-11 15:27:50 +01:00
|
|
|
return render_template("statistics.html",
|
2017-11-09 10:04:24 +01:00
|
|
|
selecthood = "All Hoods",
|
2017-11-05 19:48:29 +01:00
|
|
|
stats = stats,
|
|
|
|
clients = clients,
|
|
|
|
router_status = router_status,
|
|
|
|
router_models = router_models,
|
|
|
|
router_firmwares = router_firmwares,
|
2015-11-11 15:27:50 +01:00
|
|
|
hoods = hoods,
|
2017-11-05 19:48:29 +01:00
|
|
|
hoods_sum = hoods_sum,
|
|
|
|
newest_routers = newest_routers
|
2015-11-11 15:27:50 +01:00
|
|
|
)
|
2017-11-09 10:04:24 +01:00
|
|
|
|
|
|
|
@app.route('/hoodstatistics/<selecthood>')
|
|
|
|
def global_hoodstatistics(selecthood):
|
|
|
|
mysql = FreifunkMySQL()
|
|
|
|
hoods = stattools.hoods(mysql)
|
|
|
|
|
|
|
|
stats = mysql.fetchall("SELECT * FROM stats_hood WHERE hood = %s",(selecthood,))
|
2017-12-04 20:11:19 +01:00
|
|
|
stats = mysql.utcawaretupleint(stats,"time")
|
2017-11-09 10:04:24 +01:00
|
|
|
|
2017-11-23 12:10:49 +01:00
|
|
|
numnew = len(hoods)-18
|
|
|
|
if numnew < 1:
|
|
|
|
numnew = 1
|
|
|
|
|
2017-11-09 10:04:24 +01:00
|
|
|
newest_routers = mysql.fetchall("""
|
|
|
|
SELECT id, hostname, hood, created
|
|
|
|
FROM router
|
|
|
|
WHERE hardware <> 'Legacy' AND hood = %s
|
|
|
|
ORDER BY created DESC
|
|
|
|
LIMIT %s
|
2017-11-23 12:10:49 +01:00
|
|
|
""",(selecthood,numnew,))
|
2017-11-16 14:16:33 +01:00
|
|
|
newest_routers = mysql.utcawaretuple(newest_routers,"created")
|
2017-11-09 10:04:24 +01:00
|
|
|
|
|
|
|
clients = stattools.total_clients(mysql)
|
|
|
|
router_status = stattools.router_status(mysql)
|
|
|
|
router_models = stattools.router_models(mysql,selecthood)
|
|
|
|
router_firmwares = stattools.router_firmwares(mysql,selecthood)
|
|
|
|
hoods_sum = stattools.hoods_sum(mysql)
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql.close()
|
2017-11-09 10:04:24 +01:00
|
|
|
|
|
|
|
return render_template("statistics.html",
|
|
|
|
selecthood = selecthood,
|
|
|
|
stats = stats,
|
|
|
|
clients = clients,
|
|
|
|
router_status = router_status,
|
|
|
|
router_models = router_models,
|
|
|
|
router_firmwares = router_firmwares,
|
|
|
|
hoods = hoods,
|
|
|
|
hoods_sum = hoods_sum,
|
|
|
|
newest_routers = newest_routers
|
|
|
|
)
|
2015-10-10 17:42:44 +02:00
|
|
|
|
2016-02-29 18:51:58 +01:00
|
|
|
@app.route('/register', methods=['GET', 'POST'])
|
|
|
|
def register():
|
|
|
|
if request.method == 'POST':
|
|
|
|
try:
|
|
|
|
password = base64.b32encode(os.urandom(10)).decode()
|
|
|
|
register_user(request.form['user'], request.form['email'], password)
|
|
|
|
send_email(
|
|
|
|
recipient = request.form['email'],
|
|
|
|
subject = "Password for %s" % request.form['user'],
|
2016-07-26 22:14:13 +02:00
|
|
|
content = "Hello %s,\n\n" % request.form['user'] +
|
2017-11-05 19:48:29 +01:00
|
|
|
"You created an account on https://monitoring.freifunk-franken.de/\n" +
|
|
|
|
"To verify your new email address your password was autogenerated to %s\n" % password +
|
|
|
|
"... and sent to your address. Please log in and change it.\n\n" +
|
|
|
|
"Regards,\nFreifunk Franken Monitoring System"
|
2016-02-29 18:51:58 +01:00
|
|
|
)
|
|
|
|
flash("<b>Registration successful!</b> - Your password was sent to %s" % request.form['email'], "success")
|
|
|
|
except AccountWithEmailExists:
|
|
|
|
flash("<b>There is already an account with this E-Mail Address!</b>", "danger")
|
|
|
|
except AccountWithNicknameExists:
|
|
|
|
flash("<b>There is already an active account with this Nickname!</b>", "danger")
|
|
|
|
return render_template("register.html")
|
|
|
|
|
|
|
|
@app.route('/resetpw', methods=['GET', 'POST'])
|
|
|
|
def resetpw():
|
|
|
|
try:
|
|
|
|
if request.method == 'POST':
|
|
|
|
token = base64.b32encode(os.urandom(10)).decode()
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql = FreifunkMySQL()
|
|
|
|
user = mysql.findone("SELECT nickname FROM users WHERE email = %s",(request.form['email'],))
|
|
|
|
reset_user_password(mysql, request.form['email'], token)
|
2016-02-29 18:51:58 +01:00
|
|
|
send_email(
|
|
|
|
recipient = request.form['email'],
|
|
|
|
subject = "Password reset link",
|
2016-07-26 22:14:13 +02:00
|
|
|
content = "Hello %s,\n\n" % user["nickname"] +
|
|
|
|
"You attemped to reset your password on https://monitoring.freifunk-franken.de/\n" +
|
|
|
|
"To verify you a reset link was sent to you:\n" +
|
|
|
|
"%s\n" % url_for('resetpw', email=request.form['email'], token=token, _external=True) +
|
|
|
|
"Clicking this link will reset your password and send the new password to your email address.\n\n" +
|
|
|
|
"Regards,\nFreifunk Franken Monitoring System"
|
2016-02-29 18:51:58 +01:00
|
|
|
)
|
|
|
|
flash("<b>A password reset link was sent to %s</b>" % request.form['email'], "success")
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql.close()
|
2016-02-29 18:51:58 +01:00
|
|
|
elif "token" in request.args:
|
|
|
|
password = base64.b32encode(os.urandom(10)).decode()
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql = FreifunkMySQL()
|
|
|
|
reset_user_password(mysql, request.args['email'], request.args['token'], password)
|
|
|
|
user = mysql.findone("SELECT nickname FROM users WHERE email = %s",(request.args['email'],))
|
2016-02-29 18:51:58 +01:00
|
|
|
send_email(
|
|
|
|
recipient = request.args['email'],
|
2016-07-26 22:14:13 +02:00
|
|
|
subject = "Your new Password",
|
|
|
|
content = "Hello %s,\n\n" % user["nickname"] +
|
|
|
|
"You attemped to reset your password on https://monitoring.freifunk-franken.de/\n" +
|
|
|
|
"Your new Password: %s\n" % password +
|
|
|
|
"Please log in and change it\n\n" +
|
|
|
|
"Regards,\nFreifunk Franken Monitoring System"
|
2016-02-29 18:51:58 +01:00
|
|
|
)
|
|
|
|
flash("<b>Password reset successful!</b> - Your password was sent to %s" % request.args['email'], "success")
|
2017-11-05 19:48:29 +01:00
|
|
|
mysql.close()
|
2016-02-29 18:51:58 +01:00
|
|
|
except AccountNotExisting:
|
|
|
|
flash("<b>No Account found with this E-Mail address!</b>", "danger")
|
|
|
|
except InvalidToken:
|
|
|
|
flash("<b>Invalid password token!</b>", "danger")
|
|
|
|
return render_template("resetpw.html")
|
|
|
|
|
|
|
|
@app.route('/login', methods=['GET', 'POST'])
|
|
|
|
def login():
|
|
|
|
if request.method == 'POST':
|
|
|
|
referrer = request.form["referrer"]
|
|
|
|
user_login = check_login_details(request.form["user"], request.form["password"])
|
|
|
|
if user_login:
|
|
|
|
session['user'] = user_login["nickname"]
|
|
|
|
session['admin'] = user_login.get("admin", False)
|
|
|
|
return redirect(referrer)
|
|
|
|
else:
|
|
|
|
flash("<b>Invalid login details!</b>", "danger")
|
|
|
|
else:
|
|
|
|
referrer = request.referrer or url_for("index")
|
|
|
|
return render_template("login.html", referrer=referrer)
|
|
|
|
|
|
|
|
@app.route('/logout')
|
|
|
|
def logout():
|
|
|
|
session.pop('user', None)
|
|
|
|
return redirect(request.referrer or url_for("index"))
|
|
|
|
|
|
|
|
|
|
|
|
@app.context_processor
|
|
|
|
def register_helpers():
|
|
|
|
return {
|
|
|
|
"is_authorized_for": lambda owner: is_authorized(owner, session)
|
|
|
|
}
|
|
|
|
|
2015-11-19 22:37:06 +01:00
|
|
|
|
2016-03-10 13:57:36 +01:00
|
|
|
if not os.path.isfile("/var/lib/ffmap/secret_key"):
|
|
|
|
open("/var/lib/ffmap/secret_key", "wb").write(os.urandom(24))
|
|
|
|
os.chmod("/var/lib/ffmap/secret_key", 0o600)
|
|
|
|
|
|
|
|
app.secret_key = open("/var/lib/ffmap/secret_key", "rb").read()
|
2015-11-19 22:37:06 +01:00
|
|
|
|
2015-09-03 19:35:09 +02:00
|
|
|
if __name__ == '__main__':
|
2015-10-02 23:53:47 +02:00
|
|
|
app.run(host='0.0.0.0', debug=True)
|
2015-10-10 17:42:44 +02:00
|
|
|
else:
|
|
|
|
app.template_folder = "/usr/share/ffmap/templates"
|
|
|
|
app.static_folder = "/usr/share/ffmap/static"
|
|
|
|
#app.debug = True
|