Attendance/app.py

229 lines
9.5 KiB
Python
Raw Permalink Normal View History

2021-10-06 07:44:08 -07:00
from functions import *
2021-09-26 06:37:34 -07:00
from manage import manage
from upload import upload
load_dotenv()
2021-09-09 06:29:31 -07:00
app = Flask(__name__)
2021-09-26 06:37:34 -07:00
app.register_blueprint(manage)
app.register_blueprint(upload)
2021-09-09 06:29:31 -07:00
app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY')
2021-09-23 07:21:59 -07:00
2021-10-15 05:32:24 -07:00
@app.after_request
def add_header(response):
response.headers['SameSite'] = "Strict"
return response
2021-09-24 22:31:36 -07:00
@ app.route('/', methods=['GET', 'POST'])
def index():
if request.method == 'GET':
if check_login_status():
2021-09-24 22:31:36 -07:00
return render_template('login.html')
return redirect('/select')
elif request.method == 'POST':
email = request.form['username']
if check_login_status():
try:
2021-10-01 19:38:28 -07:00
if (verify_recaptcha("")):
2021-09-23 07:21:59 -07:00
user = auth.sign_in_with_email_and_password(
2021-10-01 08:08:10 -07:00
email, request.form['password'])
usrData = db.child("Users").child(user['localId']).child("permission").get(
user['idToken']).val()
if (usrData == 'realPerson'):
print("RealPerson Login SUCC:", email, flush=True)
session['is_logged_in'] = True
session['email'] = user['email']
session['uid'] = user['localId']
session['token'] = user['idToken']
session['refreshToken'] = user['refreshToken']
session['loginTime'] = datetime.now(tz)
return redirect('/select')
if (usrData == 'admin'):
print("Admin Login SUCC:", email, flush=True)
session['subuser_type'] = 'admin'
session['is_logged_in'] = True
session['email'] = user['email']
session['uid'] = user['localId']
session['token'] = user['idToken']
session['refreshToken'] = user['refreshToken']
session['loginTime'] = datetime.now(tz)
session['showUpload'] = db.child("Users").child(
session['uid']).child("showUpload").get(session['token']).val()
return redirect('/manage')
raise Exception("not real person or admin")
2021-09-23 07:21:59 -07:00
else:
2021-10-01 08:08:10 -07:00
print("ReC Error:", email, flush=True)
2021-09-24 22:31:36 -07:00
flash(
'reCAPTCHA 錯誤,請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
return redirect('/')
except Exception as e:
2021-10-02 23:03:54 -07:00
print("Error*Login:", email, str(e), flush=True)
2021-10-01 08:10:07 -07:00
flash(
2021-09-24 22:31:36 -07:00
'帳號或密碼錯誤,請重新輸入<br>Incorrect username or password')
2021-10-01 08:10:07 -07:00
return redirect('/')
else:
return redirect('/select')
@app.route('/select', methods=['GET', 'POST'])
def selSubUser():
if check_login_status():
print(session)
session.clear()
flash("Timeout. 遇時,請重新登入")
return redirect('/')
2021-10-06 07:44:08 -07:00
refresh_token()
if 'subuser_type' in session and session['subuser_type'] == 'admin':
return redirect('/manage')
if request.method == 'GET':
usrData = db.child("Users").child(session['uid']).get(
session['token']).val()
session['subuser_type'] = ''
return render_template('selSubUser.html', data=usrData['accounts'], name=usrData['name'])
else:
data = request.form['subuser_sel'].split('^')
try:
if (verify_recaptcha("")):
if (data[0] == 'homeroom'):
session['homeroom'] = data[1] + '^' + data[2]
session['subuser_type'] = 'homeroom'
elif (data[0] == 'group'):
session['category'] = data[1]
session['class'] = data[2]
session['subuser_type'] = 'group'
return redirect('/manage')
else:
print("ReC Error:", data, flush=True)
flash(
'reCAPTCHA 錯誤,請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
return redirect('/select')
except Exception as e:
2021-10-02 23:03:54 -07:00
print("Error*select:", session['email'], str(json.loads(e.args[1])[
'error']['message']), flush=True)
flash(str(json.loads(e.args[1])[
'error']['message']))
return redirect('/select')
@app.route('/chgPassword', methods=['POST', 'GET'])
def chgPassword():
data = {}
if request.method == 'GET':
if not check_login_status():
2021-10-06 07:44:08 -07:00
refresh_token()
return render_template('chgPassword.html')
else:
return abort(404)
elif request.method == 'POST':
oldEmail = session['email']
delUser = False
if not check_login_status():
2021-10-06 07:44:08 -07:00
refresh_token()
try:
if (verify_recaptcha("")):
oldUsr = auth.sign_in_with_email_and_password(
oldEmail, request.form['password'])
print("chgPwd oldUser:", oldEmail, flush=True)
old = {}
old['uid'] = oldUsr['localId']
old['token'] = oldUsr['idToken']
data = db.child("Users").child(
oldUsr['localId']).get(oldUsr['idToken']).val()
print("data:", data, flush=True)
auth.delete_user_account(oldUsr['idToken'])
delUser = True
newUsr = auth.create_user_with_email_and_password(
request.form['new_username'], request.form['new_password'])
db.child("Users").child(newUsr['localId']).set(
data, newUsr['idToken'])
session.clear()
flash(
'修改密碼成功,請重新登入<br>Password changed successfully. Please login again.')
return redirect('/')
else:
print("ReC Error:", oldEmail, flush=True)
flash(
'reCAPTCHA 錯誤,請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
return redirect('/chgPassword')
except Exception as e:
if delUser:
try:
usr = auth.create_user_with_email_and_password(
oldEmail, request.form['password'])
db.child("Users").child(usr['localId']).set(
data, usr['idToken'])
except:
pass
2021-10-02 23:03:54 -07:00
print("Error*chgPassword:", oldEmail, str(json.loads(e.args[1])[
'error']['message']), flush=True)
flash(str(json.loads(e.args[1])[
'error']['message']))
return redirect('/chgPassword')
2021-10-02 23:03:54 -07:00
@app.route('/forgotPassword', methods=['GET', 'POST'])
def forgotPassword():
if request.method == 'GET':
2021-10-02 23:03:54 -07:00
return render_template('forgotPassword.html')
elif request.method == 'POST':
email = request.form['username']
try:
if (verify_recaptcha("")):
auth.send_password_reset_email(email)
2021-10-02 23:03:54 -07:00
print("forgotPassword email sent:", email, flush=True)
flash(
'重置密碼信件已寄出,請至信箱收取<br>Password reset email has been sent to your email. Please check your email.')
return redirect('/')
else:
print("ReC Error:", email, flush=True)
flash(
'reCAPTCHA 錯誤,請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
2021-10-02 23:03:54 -07:00
return redirect('/forgotPassword')
except Exception as e:
2021-10-02 23:03:54 -07:00
print("Error*forgotPassword:", email, str(json.loads(e.args[1])[
'error']['message']), flush=True)
flash(str(json.loads(e.args[1])[
'error']['message']))
return redirect('/forgotPassword')
@app.route('/resetPassword', methods=['GET', 'POST'])
def resetPassword():
2021-10-04 07:01:32 -07:00
if request.args.get('oobCode') is None:
return abort(404)
if request.method == 'GET':
2021-10-04 07:01:32 -07:00
return render_template('verifiedChgPassword.html', oobCode=request.args.get('oobCode'))
else:
try:
if (verify_recaptcha("")):
auth.verify_password_reset_code(
2021-10-04 07:01:32 -07:00
request.args.get('oobCode'), request.form['password'])
print("resetPassword success:", flush=True)
session.clear()
flash('重置密碼成功,請重新登入<br>Password reset success. Please login again.')
return redirect('/')
else:
print("ReC Error:", flush=True)
flash(
'reCAPTCHA 錯誤,請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
return redirect('/resetPassword')
except Exception as e:
2021-10-04 07:01:32 -07:00
print("Error*resetPassword:", request.args.get('oobCode'), str(json.loads(e.args[1])[
2021-10-02 23:03:54 -07:00
'error']['message']), flush=True)
flash(str(json.loads(e.args[1])[
'error']['message']))
2021-10-04 07:01:32 -07:00
return redirect('/resetPassword?mode=resetPassword&oobCode=' + request.args.get('oobCode'))
2021-09-12 02:39:09 -07:00
@ app.route('/logout', methods=['GET'])
2021-09-09 06:29:31 -07:00
def logout():
session.clear()
return redirect('/')
if __name__ == '__main__':
app.run(debug=True)