/server/sql_app/api/auth.py - Diff - Automatická detekce a dokumentace připojených USB zařízení (ZF) - Bug Thugs - Redmine

« Předchozí | Další »

Revize cbd239c6

Přidáno uživatelem Matěj Zeman před asi 2 roky(ů)

ID cbd239c6c463b12d81e19d33ee2a53bd68e64c40
Rodič 5dc6d077
Potomek 2552e614

Added signup and users table in database. Passwords are hashed. Added view for changing users roles.

     from fastapi.responses import HTMLResponse, RedirectResponse
     from fastapi.templating import Jinja2Templates
     from fastapi_jwt_auth import AuthJWT
     from sqlalchemy.orm import Session
     from sql_app import crud
     from passlib.context import CryptContext
     from pydantic import BaseModel
     from ..database import SessionLocal, engine
     # Path to html templates used in this file
     templates = Jinja2Templates(directory="templates/auth")
     pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
     # prefix used for all endpoints in this file
     auth = APIRouter(prefix="")
     # Dependency
     def get_db():
         db = SessionLocal()
         try:
             yield db
         finally:
             db.close()
     class Settings(BaseModel):
         authjwt_secret_key: str = "secret"
-...
     def get_config():
         return Settings()
     # admin username and password
     fake_users_db = {
         "admin": {
-...
+    }
     def verify_password(plain_password, hashed_password):
         return pwd_context.verify(plain_password, hashed_password)
     def get_hash_password(password):
         return pwd_context.hash(password)
     def auth_user(db, username: str, password: str):
         user = crud.find_user(db, username)
         if not user:
             return None
         if not verify_password(password, user.password):
             return None
         return user
     @auth.get("/signup", response_class=HTMLResponse)
     async def signup_get(request: Request):
         """
         return html template for signup
         """
         return templates.TemplateResponse("signup.html", {"request": request})
     @auth.post("/signup", response_class=HTMLResponse)
     async def signup(username: str = Form(...), password: str = Form(...), db: Session = Depends(get_db)):
         """
         Endpoint called form signup template. Creates new user with role guest that can be changed by admin user
         """
         users = crud.get_users(db, 0, 100)
         users_names = []
         for u in users:
             users_names.append(u.username)
         if username not in users_names:
             new_user = crud.create_user(db, username, get_hash_password(password), "guest")
             if new_user is None:
                 print("something went wrong")
             return """
                 <html>
                     <head>
                         <title>Signup</title>
                     </head>
                     <body>
                         <h1>Signed in</h1>
                         <form action="/logs-web" method="get">
                             <input type="submit" value="Back" />
                         </form>
                     </body>
                 </html>
                 """
         else:
             return """
                         <html>
                             <head>
                                 <title>Signup</title>
                             </head>
                             <body>
                                 <h1>Username taken</h1>
                                 <form action="/logs-web" method="get">
                                     <input type="submit" value="Back" />
                                 </form>
                             </body>
                         </html>
                         """
     @auth.get("/login", response_class=HTMLResponse)
     async def login_get(request: Request):
         """
-...
     @auth.post("/login", response_class=HTMLResponse)
     async def login(username: str = Form(...), password: str = Form(...), Authorize: AuthJWT = Depends()):
     async def login(username: str = Form(...), password: str = Form(...), db: Session = Depends(get_db),
                     Authorize: AuthJWT = Depends()):
         """
         Endpoint called from login template. Checks if given username and password aligns with admin
         username and password and returns token for browser according to given username and password
         """
         user_dict = fake_users_db.get(username)
         if user_dict != None:
             if user_dict["username"] == username and user_dict["password"] == password:
         user = auth_user(db, username, password)
         if user != None:
             if user.role == "admin":
                 access_token = Authorize.create_access_token(subject="admin", expires_time=False)
                 refresh_token = Authorize.create_refresh_token(subject="admin", expires_time=False)
             else:
                 access_token = Authorize.create_access_token(subject="host", expires_time=False)
                 refresh_token = Authorize.create_refresh_token(subject="host", expires_time=False)
                 access_token = Authorize.create_access_token(subject="guest", expires_time=False)
                 refresh_token = Authorize.create_refresh_token(subject="guest", expires_time=False)
         else:
             access_token = Authorize.create_access_token(subject="host", expires_time=False)
             refresh_token = Authorize.create_refresh_token(subject="host", expires_time=False)
             usr = fake_users_db.get(username)
             if usr != None:
                 if usr["username"] == username and usr["password"] == password:
                     access_token = Authorize.create_access_token(subject="admin", expires_time=False)
                     refresh_token = Authorize.create_refresh_token(subject="admin", expires_time=False)
             else:
                 return """
                     <html>
                         <head>
                             <title>Login</title>
                         </head>
                         <body>
                             <h1>Wrong Username or Password</h1>
                             <form action="/login" method="get">
                                 <input type="submit" value="Back" />
                             </form>
                         </body>
                     </html>
                     """
         # Set the JWT cookies in the response
         Authorize.set_access_cookies(access_token)
-...
                     </form>
                 </body>
             </html>
             """
             """

Také k dispozici: Unified diff

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2022 » Automatická detekce a dokumentace připojených USB zařízení (ZF) - Bug Thugs

Revize cbd239c6

Přidáno uživatelem Matěj Zeman před asi 2 roky(ů)