Attendance/app.py

from flask import *
import pyrebase
from datetime import datetime
import pytz
import os
from dotenv import load_dotenv
import requests
from manage import manage
from upload import upload
load_dotenv()
app = Flask(__name__)
app.register_blueprint(manage)
app.register_blueprint(upload)

app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY')
config = {
    "apiKey": os.environ.get('apiKey'),
    "authDomain": os.environ.get('authDomain'),
    "databaseURL": os.environ.get('databaseURL'),
    "storageBucket": os.environ.get('storageBucket'),
    "serviceAccount": os.environ.get('serviceAccount'),
    "messagingSenderId": os.environ.get('messagingSenderId'),
    "appId": os.environ.get('appId'),
    "measurementId": os.environ.get('measurementId'),
}
firebase = pyrebase.initialize_app(config)
db = firebase.database()
auth = firebase.auth()
tz = pytz.timezone('Asia/Taipei')


def check_login_status():
    return ('is_logged_in' not in session or
            session['is_logged_in'] == False or
            (datetime.now(tz) - session['loginTime']).total_seconds() > 3600)


def verify_recaptcha(response):
    return True
    data = {
        'secret': os.environ.get('RECAPTCHA_SECRET'),
        'response': response,
        'remoteip': request.remote_addr
    }
    r = requests.post(
        'https://www.google.com/recaptcha/api/siteverify', data=data)
    print(r.json())
    return r.json()['success']


@ app.route('/', methods=['GET', 'POST'])
def index():
    if request.method == 'GET':
        if check_login_status():
            return render_template('login.html')
        return redirect('/select')
    elif request.method == 'POST':
        email = request.form['username']
        if check_login_status():
            try:
                if (verify_recaptcha("")):
                    user = auth.sign_in_with_email_and_password(
                        email, request.form['password'])
                    usrData = db.child("Users").child(user['localId']).child("permission").get(
                        user['idToken']).val()
                    if (usrData == 'realPerson'):
                        print("RealPerson Login SUCC:", email, flush=True)
                        session['is_logged_in'] = True
                        session['email'] = user['email']
                        session['uid'] = user['localId']
                        session['token'] = user['idToken']
                        session['refreshToken'] = user['refreshToken']
                        session['loginTime'] = datetime.now(tz)
                        return redirect('/select')
                    if (usrData == 'admin'):
                        print("Admin Login SUCC:", email, flush=True)
                        session['subuser_type'] = 'admin'
                        session['is_logged_in'] = True
                        session['email'] = user['email']
                        session['uid'] = user['localId']
                        session['token'] = user['idToken']
                        session['refreshToken'] = user['refreshToken']
                        session['loginTime'] = datetime.now(tz)
                        session['showUpload'] = db.child("Users").child(
                            session['uid']).child("showUpload").get(session['token']).val()
                        return redirect('/manage')
                    raise Exception("not real person or admin")
                else:
                    print("ReC Error:", email, flush=True)
                    flash(
                        'reCAPTCHA 錯誤，請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
                    return redirect('/')
            except Exception as e:
                print("Error*Login:", email, str(e), flush=True)
                flash(
                    '帳號或密碼錯誤，請重新輸入<br>Incorrect username or password')
                return redirect('/')
        else:
            return redirect('/select')


@app.route('/select', methods=['GET', 'POST'])
def selSubUser():
    if check_login_status():
        print(session)
        session.clear()
        flash("Timeout. 遇時，請重新登入")
        return redirect('/')
    if 'subuser_type' in session and session['subuser_type'] == 'admin':
        return redirect('/manage')
    if request.method == 'GET':
        usrData = db.child("Users").child(session['uid']).get(
            session['token']).val()
        session['subuser_type'] = ''
        return render_template('selSubUser.html', data=usrData['accounts'], name=usrData['name'])
    else:
        data = request.form['subuser_sel'].split('^')
        try:
            if (verify_recaptcha("")):
                if (data[0] == 'homeroom'):
                    session['homeroom'] = data[1] + '^' + data[2]
                    session['subuser_type'] = 'homeroom'
                elif (data[0] == 'group'):
                    session['category'] = data[1]
                    session['class'] = data[2]
                    session['subuser_type'] = 'group'
                return redirect('/manage')
            else:
                print("ReC Error:", data, flush=True)
                flash(
                    'reCAPTCHA 錯誤，請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
                return redirect('/select')
        except Exception as e:
            print("Error*select:", session['email'], str(json.loads(e.args[1])[
                  'error']['message']), flush=True)
            flash(str(json.loads(e.args[1])[
                  'error']['message']))
            return redirect('/select')


@app.route('/chgPassword', methods=['POST', 'GET'])
def chgPassword():
    data = {}
    if request.method == 'GET':
        if not check_login_status():
            return render_template('chgPassword.html')
        else:
            return abort(404)
    elif request.method == 'POST':
        oldEmail = session['email']
        delUser = False
        if not check_login_status():
            try:
                if (verify_recaptcha("")):
                    oldUsr = auth.sign_in_with_email_and_password(
                        oldEmail, request.form['password'])
                    print("chgPwd oldUser:", oldEmail, flush=True)
                    old = {}
                    old['uid'] = oldUsr['localId']
                    old['token'] = oldUsr['idToken']
                    data = db.child("Users").child(
                        oldUsr['localId']).get(oldUsr['idToken']).val()
                    print("data:", data, flush=True)

                    auth.delete_user_account(oldUsr['idToken'])
                    delUser = True

                    newUsr = auth.create_user_with_email_and_password(
                        request.form['new_username'], request.form['new_password'])
                    db.child("Users").child(newUsr['localId']).set(
                        data, newUsr['idToken'])
                    session.clear()
                    flash(
                        '修改密碼成功，請重新登入<br>Password changed successfully. Please login again.')
                    return redirect('/')
                else:
                    print("ReC Error:", oldEmail, flush=True)
                    flash(
                        'reCAPTCHA 錯誤，請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
                    return redirect('/chgPassword')
            except Exception as e:
                if delUser:
                    try:
                        usr = auth.create_user_with_email_and_password(
                            oldEmail, request.form['password'])
                        db.child("Users").child(usr['localId']).set(
                            data, usr['idToken'])
                    except:
                        pass
                print("Error*chgPassword:", oldEmail, str(json.loads(e.args[1])[
                    'error']['message']), flush=True)
                flash(str(json.loads(e.args[1])[
                    'error']['message']))
                return redirect('/chgPassword')


@app.route('/forgotPassword', methods=['GET', 'POST'])
def forgotPassword():
    if request.method == 'GET':
        return render_template('forgotPassword.html')
    elif request.method == 'POST':
        email = request.form['username']
        try:
            if (verify_recaptcha("")):
                auth.send_password_reset_email(email)
                print("forgotPassword email sent:", email, flush=True)
                flash(
                    '重置密碼信件已寄出，請至信箱收取<br>Password reset email has been sent to your email. Please check your email.')
                return redirect('/')
            else:
                print("ReC Error:", email, flush=True)
                flash(
                    'reCAPTCHA 錯誤，請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
                return redirect('/forgotPassword')
        except Exception as e:
            print("Error*forgotPassword:", email, str(json.loads(e.args[1])[
                  'error']['message']), flush=True)
            flash(str(json.loads(e.args[1])[
                  'error']['message']))
            return redirect('/forgotPassword')


@app.route('/resetPassword', methods=['GET', 'POST'])
def resetPassword():
    if request.method == 'GET':
        session['oobCode'] = request.args.get('oobCode')
        return render_template('verifiedChgPassword.html')
    else:
        try:
            if (verify_recaptcha("")):
                auth.verify_password_reset_code(
                    session['oobCode'], request.form['password'])
                print("resetPassword success:", flush=True)
                session.clear()
                flash('重置密碼成功，請重新登入<br>Password reset success. Please login again.')
                return redirect('/')
            else:
                print("ReC Error:", flush=True)
                flash(
                    'reCAPTCHA 錯誤，請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')
                return redirect('/resetPassword')
        except Exception as e:
            print("Error*resetPassword:", session['oobCode'], str(json.loads(e.args[1])[
                  'error']['message']), flush=True)
            flash(str(json.loads(e.args[1])[
                  'error']['message']))
            return redirect('/resetPassword')


@ app.route('/logout', methods=['GET'])
def logout():
    session.clear()
    return redirect('/')


if __name__ == '__main__':
    app.run(debug=True)
first commit 2021-09-09 06:29:31 -07:00			`from flask import *`
			`import pyrebase`
			`from datetime import datetime`
			`import pytz`
			`import os`
Day 2, added homeroom vie, date selection, and signatures (pending homeroom confirmation) 2021-09-10 07:30:39 -07:00			`from dotenv import load_dotenv`
Added recaptcha 2021-09-23 07:21:59 -07:00			`import requests`
Separate py files 2021-09-26 06:37:34 -07:00			`from manage import manage`
			`from upload import upload`
Day 2, added homeroom vie, date selection, and signatures (pending homeroom confirmation) 2021-09-10 07:30:39 -07:00			`load_dotenv()`
first commit 2021-09-09 06:29:31 -07:00			`app = Flask(__name__)`
Separate py files 2021-09-26 06:37:34 -07:00			`app.register_blueprint(manage)`
			`app.register_blueprint(upload)`
first commit 2021-09-09 06:29:31 -07:00
			`app.config['SECRET_KEY'] = os.environ.get('SECRET_KEY')`
			`config = {`
			`"apiKey": os.environ.get('apiKey'),`
			`"authDomain": os.environ.get('authDomain'),`
			`"databaseURL": os.environ.get('databaseURL'),`
			`"storageBucket": os.environ.get('storageBucket'),`
			`"serviceAccount": os.environ.get('serviceAccount'),`
			`"messagingSenderId": os.environ.get('messagingSenderId'),`
			`"appId": os.environ.get('appId'),`
			`"measurementId": os.environ.get('measurementId'),`
			`}`
			`firebase = pyrebase.initialize_app(config)`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`db = firebase.database()`
first commit 2021-09-09 06:29:31 -07:00			`auth = firebase.auth()`
			`tz = pytz.timezone('Asia/Taipei')`


			`def check_login_status():`
			`return ('is_logged_in' not in session or`
			`session['is_logged_in'] == False or`
			`(datetime.now(tz) - session['loginTime']).total_seconds() > 3600)`


Added recaptcha 2021-09-23 07:21:59 -07:00			`def verify_recaptcha(response):`
Disable recaptcha 2021-10-01 19:38:28 -07:00			`return True`
Added recaptcha 2021-09-23 07:21:59 -07:00			`data = {`
			`'secret': os.environ.get('RECAPTCHA_SECRET'),`
			`'response': response,`
			`'remoteip': request.remote_addr`
			`}`
			`r = requests.post(`
			`'https://www.google.com/recaptcha/api/siteverify', data=data)`
Fix typo 2021-10-01 19:40:39 -07:00			`print(r.json())`
Added recaptcha 2021-09-23 07:21:59 -07:00			`return r.json()['success']`


Add database authentication 2021-09-24 22:31:36 -07:00			`@ app.route('/', methods=['GET', 'POST'])`
Day 2, added homeroom vie, date selection, and signatures (pending homeroom confirmation) 2021-09-10 07:30:39 -07:00			`def index():`
			`if request.method == 'GET':`
			`if check_login_status():`
Add database authentication 2021-09-24 22:31:36 -07:00			`return render_template('login.html')`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`return redirect('/select')`
Day 2, added homeroom vie, date selection, and signatures (pending homeroom confirmation) 2021-09-10 07:30:39 -07:00			`elif request.method == 'POST':`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`email = request.form['username']`
Day 2, added homeroom vie, date selection, and signatures (pending homeroom confirmation) 2021-09-10 07:30:39 -07:00			`if check_login_status():`
			`try:`
Disable recaptcha 2021-10-01 19:38:28 -07:00			`if (verify_recaptcha("")):`
Added recaptcha 2021-09-23 07:21:59 -07:00			`user = auth.sign_in_with_email_and_password(`
Show log 2021-10-01 08:08:10 -07:00			`email, request.form['password'])`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`usrData = db.child("Users").child(user['localId']).child("permission").get(`
			`user['idToken']).val()`
			`if (usrData == 'realPerson'):`
			`print("RealPerson Login SUCC:", email, flush=True)`
			`session['is_logged_in'] = True`
			`session['email'] = user['email']`
			`session['uid'] = user['localId']`
			`session['token'] = user['idToken']`
			`session['refreshToken'] = user['refreshToken']`
			`session['loginTime'] = datetime.now(tz)`
			`return redirect('/select')`
			`if (usrData == 'admin'):`
			`print("Admin Login SUCC:", email, flush=True)`
			`session['subuser_type'] = 'admin'`
			`session['is_logged_in'] = True`
			`session['email'] = user['email']`
			`session['uid'] = user['localId']`
			`session['token'] = user['idToken']`
			`session['refreshToken'] = user['refreshToken']`
			`session['loginTime'] = datetime.now(tz)`
			`session['showUpload'] = db.child("Users").child(`
			`session['uid']).child("showUpload").get(session['token']).val()`
			`return redirect('/manage')`
			`raise Exception("not real person or admin")`
Added recaptcha 2021-09-23 07:21:59 -07:00			`else:`
Show log 2021-10-01 08:08:10 -07:00			`print("ReC Error:", email, flush=True)`
Add database authentication 2021-09-24 22:31:36 -07:00			`flash(`
			`'reCAPTCHA 錯誤，請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')`
			`return redirect('/')`
Day 2, added homeroom vie, date selection, and signatures (pending homeroom confirmation) 2021-09-10 07:30:39 -07:00			`except Exception as e:`
Change error message representation 2021-10-02 23:03:54 -07:00			`print("Error*Login:", email, str(e), flush=True)`
Indention error 2021-10-01 08:10:07 -07:00			`flash(`
Add database authentication 2021-09-24 22:31:36 -07:00			`'帳號或密碼錯誤，請重新輸入<br>Incorrect username or password')`
Indention error 2021-10-01 08:10:07 -07:00			`return redirect('/')`
Day 2, added homeroom vie, date selection, and signatures (pending homeroom confirmation) 2021-09-10 07:30:39 -07:00			`else:`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`return redirect('/select')`


			`@app.route('/select', methods=['GET', 'POST'])`
			`def selSubUser():`
			`if check_login_status():`
			`print(session)`
			`session.clear()`
			`flash("Timeout. 遇時，請重新登入")`
			`return redirect('/')`
			`if 'subuser_type' in session and session['subuser_type'] == 'admin':`
			`return redirect('/manage')`
			`if request.method == 'GET':`
			`usrData = db.child("Users").child(session['uid']).get(`
			`session['token']).val()`
			`session['subuser_type'] = ''`
			`return render_template('selSubUser.html', data=usrData['accounts'], name=usrData['name'])`
			`else:`
			`data = request.form['subuser_sel'].split('^')`
			`try:`
			`if (verify_recaptcha("")):`
			`if (data[0] == 'homeroom'):`
			`session['homeroom'] = data[1] + '^' + data[2]`
			`session['subuser_type'] = 'homeroom'`
			`elif (data[0] == 'group'):`
			`session['category'] = data[1]`
			`session['class'] = data[2]`
			`session['subuser_type'] = 'group'`
			`return redirect('/manage')`
			`else:`
			`print("ReC Error:", data, flush=True)`
			`flash(`
			`'reCAPTCHA 錯誤，請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')`
			`return redirect('/select')`
			`except Exception as e:`
Change error message representation 2021-10-02 23:03:54 -07:00			`print("Error*select:", session['email'], str(json.loads(e.args[1])[`
			`'error']['message']), flush=True)`
			`flash(str(json.loads(e.args[1])[`
			`'error']['message']))`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`return redirect('/select')`


			`@app.route('/chgPassword', methods=['POST', 'GET'])`
			`def chgPassword():`
			`data = {}`
			`if request.method == 'GET':`
			`if not check_login_status():`
			`return render_template('chgPassword.html')`
			`else:`
			`return abort(404)`
			`elif request.method == 'POST':`
			`oldEmail = session['email']`
			`delUser = False`
			`if not check_login_status():`
			`try:`
			`if (verify_recaptcha("")):`
			`oldUsr = auth.sign_in_with_email_and_password(`
			`oldEmail, request.form['password'])`
			`print("chgPwd oldUser:", oldEmail, flush=True)`
			`old = {}`
			`old['uid'] = oldUsr['localId']`
			`old['token'] = oldUsr['idToken']`
			`data = db.child("Users").child(`
			`oldUsr['localId']).get(oldUsr['idToken']).val()`
			`print("data:", data, flush=True)`

			`auth.delete_user_account(oldUsr['idToken'])`
			`delUser = True`

			`newUsr = auth.create_user_with_email_and_password(`
			`request.form['new_username'], request.form['new_password'])`
			`db.child("Users").child(newUsr['localId']).set(`
			`data, newUsr['idToken'])`
			`session.clear()`
			`flash(`
			`'修改密碼成功，請重新登入<br>Password changed successfully. Please login again.')`
			`return redirect('/')`
			`else:`
			`print("ReC Error:", oldEmail, flush=True)`
			`flash(`
			`'reCAPTCHA 錯誤，請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')`
			`return redirect('/chgPassword')`
			`except Exception as e:`
			`if delUser:`
			`try:`
			`usr = auth.create_user_with_email_and_password(`
			`oldEmail, request.form['password'])`
			`db.child("Users").child(usr['localId']).set(`
			`data, usr['idToken'])`
			`except:`
			`pass`
Change error message representation 2021-10-02 23:03:54 -07:00			`print("Error*chgPassword:", oldEmail, str(json.loads(e.args[1])[`
			`'error']['message']), flush=True)`
			`flash(str(json.loads(e.args[1])[`
			`'error']['message']))`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`return redirect('/chgPassword')`


Change error message representation 2021-10-02 23:03:54 -07:00			`@app.route('/forgotPassword', methods=['GET', 'POST'])`
			`def forgotPassword():`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`if request.method == 'GET':`
Change error message representation 2021-10-02 23:03:54 -07:00			`return render_template('forgotPassword.html')`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`elif request.method == 'POST':`
			`email = request.form['username']`
			`try:`
			`if (verify_recaptcha("")):`
			`auth.send_password_reset_email(email)`
Change error message representation 2021-10-02 23:03:54 -07:00			`print("forgotPassword email sent:", email, flush=True)`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`flash(`
			`'重置密碼信件已寄出，請至信箱收取<br>Password reset email has been sent to your email. Please check your email.')`
			`return redirect('/')`
			`else:`
			`print("ReC Error:", email, flush=True)`
			`flash(`
			`'reCAPTCHA 錯誤，請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')`
Change error message representation 2021-10-02 23:03:54 -07:00			`return redirect('/forgotPassword')`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`except Exception as e:`
Change error message representation 2021-10-02 23:03:54 -07:00			`print("Error*forgotPassword:", email, str(json.loads(e.args[1])[`
			`'error']['message']), flush=True)`
			`flash(str(json.loads(e.args[1])[`
			`'error']['message']))`
			`return redirect('/forgotPassword')`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00

			`@app.route('/resetPassword', methods=['GET', 'POST'])`
			`def resetPassword():`
			`if request.method == 'GET':`
			`session['oobCode'] = request.args.get('oobCode')`
			`return render_template('verifiedChgPassword.html')`
			`else:`
			`try:`
			`if (verify_recaptcha("")):`
			`auth.verify_password_reset_code(`
			`session['oobCode'], request.form['password'])`
			`print("resetPassword success:", flush=True)`
			`session.clear()`
			`flash('重置密碼成功，請重新登入<br>Password reset success. Please login again.')`
			`return redirect('/')`
			`else:`
			`print("ReC Error:", flush=True)`
			`flash(`
			`'reCAPTCHA 錯誤，請稍後再試一次<br>reCAPTCHA Failed. Please try again later.')`
			`return redirect('/resetPassword')`
			`except Exception as e:`
Change error message representation 2021-10-02 23:03:54 -07:00			`print("Error*resetPassword:", session['oobCode'], str(json.loads(e.args[1])[`
			`'error']['message']), flush=True)`
			`flash(str(json.loads(e.args[1])[`
			`'error']['message']))`
Add chgPassword AND mkusr with individual acc 2021-10-02 20:00:21 -07:00			`return redirect('/resetPassword')`
Day 2, added homeroom vie, date selection, and signatures (pending homeroom confirmation) 2021-09-10 07:30:39 -07:00

Prototype Finish 2021-09-12 02:39:09 -07:00			`@ app.route('/logout', methods=['GET'])`
first commit 2021-09-09 06:29:31 -07:00			`def logout():`
			`session.clear()`
			`return redirect('/')`


Day 2, added homeroom vie, date selection, and signatures (pending homeroom confirmation) 2021-09-10 07:30:39 -07:00			`if __name__ == '__main__':`
			`app.run(debug=True)`