Added recaptcha

This commit is contained in:
Aaron Lee 2021-09-23 22:21:59 +08:00
parent f566884b44
commit 18f62768e0
3 changed files with 45 additions and 12 deletions

35
app.py
View file

@ -9,6 +9,7 @@ import pandas as pd
import base64 import base64
from random import randint from random import randint
from dotenv import load_dotenv from dotenv import load_dotenv
import requests
load_dotenv() load_dotenv()
app = Flask(__name__) app = Flask(__name__)
@ -45,6 +46,17 @@ def check_permission():
db.child("Users").child(session['uid']).child("showUpload").get().val() == '1') db.child("Users").child(session['uid']).child("showUpload").get().val() == '1')
def verify_recaptcha(response):
data = {
'secret': os.environ.get('RECAPTCHA_SECRET'),
'response': response,
'remoteip': request.remote_addr
}
r = requests.post(
'https://www.google.com/recaptcha/api/siteverify', data=data)
return r.json()['success']
def manageProcess(fCommand, fData): def manageProcess(fCommand, fData):
if (check_login_status()): if (check_login_status()):
return redirect('/logout') return redirect('/logout')
@ -218,7 +230,7 @@ def manageProcess(fCommand, fData):
return redirect('/logout') return redirect('/logout')
@ app.route('/', methods=['GET', 'POST']) @ app.route('/', methods=['GET'])
def index(): def index():
if request.method == 'GET': if request.method == 'GET':
if check_login_status(): if check_login_status():
@ -227,15 +239,18 @@ def index():
elif request.method == 'POST': elif request.method == 'POST':
if check_login_status(): if check_login_status():
try: try:
user = auth.sign_in_with_email_and_password( if (verify_recaptcha(request.form['g-recaptcha-response'])):
request.form['username'] + "@group-attendance.fhjh.tp.edu.tw", request.form['password']) user = auth.sign_in_with_email_and_password(
session['is_logged_in'] = True request.form['username'] + "@group-attendance.fhjh.tp.edu.tw", request.form['password'])
session['email'] = user['email'] session['is_logged_in'] = True
session['uid'] = user['localId'] session['email'] = user['email']
session['token'] = user['idToken'] session['uid'] = user['localId']
session['refreshToken'] = user['refreshToken'] session['token'] = user['idToken']
session['loginTime'] = datetime.now(tz) session['refreshToken'] = user['refreshToken']
return redirect('/manage') session['loginTime'] = datetime.now(tz)
return redirect('/manage')
else:
return render_template('login.html', error=True)
except Exception as e: except Exception as e:
return render_template('login.html', error=True) return render_template('login.html', error=True)
else: else:

View file

@ -137,4 +137,14 @@ div.showTime {
border:1px solid black; border:1px solid black;
color:rgb(77, 77, 77); color:rgb(77, 77, 77);
background:rgb(179, 255, 169); background:rgb(179, 255, 169);
}
.grecaptcha-badge {
display: none;
}
.disclaimer {
color: rgb(160, 160, 160);
font-size: 0.7524em;
margin-bottom: 20px;
} }

View file

@ -19,6 +19,7 @@
gtag('config', 'G-H6D61RSBHR'); gtag('config', 'G-H6D61RSBHR');
</script> </script>
<script src="https://www.google.com/recaptcha/api.js"></script>
</head> </head>
<body> <body>
@ -28,7 +29,7 @@
<div class="row"> <div class="row">
<div class="col"></div> <div class="col"></div>
<div class="col-md-5"> <div class="col-md-5">
<form action="/" method="post"> <form action="/" id="loginForm" method="post">
<div class="form-group row" style="margin-bottom: 10px;"> <div class="form-group row" style="margin-bottom: 10px;">
<div class="col-3 center"><label for="username" style="font-size: 19px">Username 帳號: </label> <div class="col-3 center"><label for="username" style="font-size: 19px">Username 帳號: </label>
</div> </div>
@ -41,9 +42,15 @@
<div class="col-9 center-input"><input type="password" class="form-control" name="password" <div class="col-9 center-input"><input type="password" class="form-control" name="password"
id="password"></div> id="password"></div>
</div> </div>
<button type="submit" class="btn btn-primary btn-block" onclick="loadingAnimation()">Login <button class="btn btn-primary btn-block g-recaptcha"
data-sitekey="6LevCYccAAAAAAQ8XL6Bay_Nn22OyX9-9Shhi62M" data-callback='loadingAnimation'>Login
登入</button> 登入</button>
</form> </form>
<div class="disclaimer">
This site is protected by reCAPTCHA and the Google
<a target="_blank" href="https://policies.google.com/privacy">Privacy Policy</a> and
<a target="_blank" href="https://policies.google.com/terms">Terms of Service</a> apply.
</div>
{% if error %} {% if error %}
<div class="alert alert-danger" role="alert"> <div class="alert alert-danger" role="alert">
帳號或密碼錯誤,請重新輸入<br> 帳號或密碼錯誤,請重新輸入<br>
@ -69,6 +76,7 @@
<script type=" text/javascript" src="/static/jquery.min.js"></script> <script type=" text/javascript" src="/static/jquery.min.js"></script>
<script> <script>
function loadingAnimation() { function loadingAnimation() {
$('#loginForm').submit();
$('.container').hide(); $('.container').hide();
$('#loading').show(); $('#loading').show();
} }