2019-12-08 22:43:49 +01:00
|
|
|
from typing import Dict, Any
|
2022-10-15 20:56:30 +02:00
|
|
|
from flask import (
|
|
|
|
Blueprint,
|
|
|
|
request,
|
|
|
|
redirect,
|
|
|
|
Response,
|
|
|
|
url_for,
|
|
|
|
make_response,
|
|
|
|
render_template,
|
|
|
|
)
|
2019-12-08 22:43:49 +01:00
|
|
|
|
2021-03-19 01:47:37 +01:00
|
|
|
from bemani.common import CardCipher, CardCipherException, AESCipher, Time
|
2022-10-15 20:56:30 +02:00
|
|
|
from bemani.frontend.app import (
|
|
|
|
loginrequired,
|
|
|
|
loginprohibited,
|
|
|
|
success,
|
|
|
|
error,
|
|
|
|
jsonify,
|
|
|
|
valid_email,
|
|
|
|
valid_username,
|
|
|
|
valid_pin,
|
|
|
|
render_react,
|
|
|
|
)
|
2019-12-08 22:43:49 +01:00
|
|
|
from bemani.frontend.templates import templates_location
|
|
|
|
from bemani.frontend.static import static_location
|
2021-05-20 00:38:00 +02:00
|
|
|
from bemani.frontend.types import g
|
|
|
|
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
account_pages = Blueprint(
|
2022-10-15 20:56:30 +02:00
|
|
|
"account_pages",
|
2019-12-08 22:43:49 +01:00
|
|
|
__name__,
|
|
|
|
template_folder=templates_location,
|
|
|
|
static_folder=static_location,
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/login", methods=["POST"])
|
2019-12-08 22:43:49 +01:00
|
|
|
@loginprohibited
|
|
|
|
def login() -> Response:
|
2022-10-15 20:56:30 +02:00
|
|
|
username = request.form["username"]
|
|
|
|
password = request.form["password"]
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
userid = g.data.local.user.from_username(username)
|
|
|
|
if userid is None:
|
2022-10-15 20:56:30 +02:00
|
|
|
error("Unrecognized username or password!")
|
|
|
|
return Response(
|
|
|
|
render_template(
|
|
|
|
"account/login.html",
|
|
|
|
**{"title": "Log In", "show_navigation": False, "username": username},
|
|
|
|
)
|
|
|
|
)
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
if g.data.local.user.validate_password(userid, password):
|
2021-08-20 06:43:59 +02:00
|
|
|
aes = AESCipher(g.config.secret_key)
|
2019-12-08 22:43:49 +01:00
|
|
|
sessionID = g.data.local.user.create_session(userid, expiration=90 * 86400)
|
2022-10-15 20:56:30 +02:00
|
|
|
response = make_response(redirect(url_for("home_pages.viewhome")))
|
2019-12-08 22:43:49 +01:00
|
|
|
response.set_cookie(
|
2022-10-15 20:56:30 +02:00
|
|
|
"SessionID",
|
2019-12-08 22:43:49 +01:00
|
|
|
aes.encrypt(sessionID),
|
2021-03-19 01:47:37 +01:00
|
|
|
expires=Time.now() + (90 * Time.SECONDS_IN_DAY),
|
2019-12-08 22:43:49 +01:00
|
|
|
)
|
|
|
|
return response
|
|
|
|
else:
|
2022-10-15 20:56:30 +02:00
|
|
|
error("Unrecognized username or password!")
|
|
|
|
return Response(
|
|
|
|
render_template(
|
|
|
|
"account/login.html",
|
|
|
|
**{"title": "Log In", "show_navigation": False, "username": username},
|
|
|
|
)
|
|
|
|
)
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/login")
|
2019-12-08 22:43:49 +01:00
|
|
|
@loginprohibited
|
|
|
|
def viewlogin() -> Response:
|
2022-10-15 20:56:30 +02:00
|
|
|
return Response(
|
|
|
|
render_template(
|
|
|
|
"account/login.html", **{"title": "Log In", "show_navigation": False}
|
|
|
|
)
|
|
|
|
)
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
|
|
|
|
def register_display(card_number: str, username: str, email: str) -> Response:
|
2022-10-15 20:56:30 +02:00
|
|
|
return Response(
|
|
|
|
render_template(
|
|
|
|
"account/register.html",
|
|
|
|
**{
|
|
|
|
"title": "Register New Account",
|
|
|
|
"show_navigation": False,
|
|
|
|
"card_number": card_number,
|
|
|
|
"username": username,
|
|
|
|
"email": email,
|
|
|
|
},
|
|
|
|
)
|
|
|
|
)
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/register", methods=["POST"])
|
2019-12-08 22:43:49 +01:00
|
|
|
@loginprohibited
|
|
|
|
def register() -> Response:
|
2022-10-15 20:56:30 +02:00
|
|
|
card_number = request.form["card_number"]
|
|
|
|
pin = request.form["pin"]
|
|
|
|
username = request.form["username"]
|
|
|
|
email = request.form["email"]
|
|
|
|
password1 = request.form["password1"]
|
|
|
|
password2 = request.form["password2"]
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# First, try to convert the card to a valid E004 ID
|
|
|
|
try:
|
|
|
|
cardid = CardCipher.decode(card_number)
|
|
|
|
except CardCipherException:
|
2022-10-15 20:56:30 +02:00
|
|
|
error("Invalid card number!")
|
2019-12-08 22:43:49 +01:00
|
|
|
return register_display(card_number, username, email)
|
|
|
|
|
|
|
|
# Now, see if this card ID exists already
|
|
|
|
userid = g.data.local.user.from_cardid(cardid)
|
|
|
|
if userid is None:
|
2022-10-15 20:56:30 +02:00
|
|
|
error("This card has not been used on the network yet!")
|
2019-12-08 22:43:49 +01:00
|
|
|
return register_display(card_number, username, email)
|
|
|
|
|
|
|
|
# Now, make sure this user doesn't already have an account
|
|
|
|
user = g.data.local.user.get_user(userid)
|
|
|
|
if user.username is not None or user.email is not None:
|
2022-10-15 20:56:30 +02:00
|
|
|
error("This card is already in use!")
|
2019-12-08 22:43:49 +01:00
|
|
|
return register_display(card_number, username, email)
|
|
|
|
|
|
|
|
# Now, see if the pin is correct
|
|
|
|
if not g.data.local.user.validate_pin(userid, pin):
|
2022-10-15 20:56:30 +02:00
|
|
|
error("The entered PIN does not match the PIN on the card!")
|
2019-12-08 22:43:49 +01:00
|
|
|
return register_display(card_number, username, email)
|
|
|
|
|
|
|
|
# Now, see if the username is valid
|
|
|
|
if not valid_username(username):
|
2022-10-15 20:56:30 +02:00
|
|
|
error("Invalid username!")
|
2019-12-08 22:43:49 +01:00
|
|
|
return register_display(card_number, username, email)
|
|
|
|
|
|
|
|
# Now, check whether the username is already in use
|
|
|
|
if g.data.local.user.from_username(username) is not None:
|
2022-10-15 20:56:30 +02:00
|
|
|
error("The chosen username is already in use!")
|
2019-12-08 22:43:49 +01:00
|
|
|
return register_display(card_number, username, email)
|
|
|
|
|
|
|
|
# Now, see if the email address is valid
|
|
|
|
if not valid_email(email):
|
2022-10-15 20:56:30 +02:00
|
|
|
error("Invalid email address!")
|
2019-12-08 22:43:49 +01:00
|
|
|
return register_display(card_number, username, email)
|
|
|
|
|
|
|
|
# Now, make sure that the passwords match
|
|
|
|
if password1 != password2:
|
2022-10-15 20:56:30 +02:00
|
|
|
error("Passwords do not match each other!")
|
2019-12-08 22:43:49 +01:00
|
|
|
return register_display(card_number, username, email)
|
|
|
|
|
|
|
|
# Now, make sure passwords are long enough
|
|
|
|
if len(password1) < 6:
|
2022-10-15 20:56:30 +02:00
|
|
|
error("Password is not long enough!")
|
2019-12-08 22:43:49 +01:00
|
|
|
return register_display(card_number, username, email)
|
|
|
|
|
|
|
|
# Now, create the account.
|
|
|
|
user.username = username
|
|
|
|
user.email = email
|
|
|
|
g.data.local.user.put_user(user)
|
|
|
|
g.data.local.user.update_password(userid, password1)
|
|
|
|
|
|
|
|
# Now, log them into that created account!
|
2021-08-20 06:43:59 +02:00
|
|
|
aes = AESCipher(g.config.secret_key)
|
2019-12-08 22:43:49 +01:00
|
|
|
sessionID = g.data.local.user.create_session(userid)
|
2022-10-15 20:56:30 +02:00
|
|
|
success("Successfully registered account!")
|
|
|
|
response = make_response(redirect(url_for("home_pages.viewhome")))
|
|
|
|
response.set_cookie("SessionID", aes.encrypt(sessionID))
|
2019-12-08 22:43:49 +01:00
|
|
|
return response
|
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/register")
|
2019-12-08 22:43:49 +01:00
|
|
|
@loginprohibited
|
|
|
|
def viewregister() -> Response:
|
2022-10-15 20:56:30 +02:00
|
|
|
return Response(
|
|
|
|
render_template(
|
|
|
|
"account/register.html",
|
|
|
|
**{"title": "Register New Account", "show_navigation": False},
|
|
|
|
)
|
|
|
|
)
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/logout")
|
2019-12-08 22:43:49 +01:00
|
|
|
@loginrequired
|
|
|
|
def logout() -> Response:
|
|
|
|
g.data.local.user.destroy_session(g.sessionID)
|
2022-10-15 20:56:30 +02:00
|
|
|
response = make_response(redirect(url_for("account_pages.viewlogin")))
|
|
|
|
response.set_cookie("SessionID", "", expires=0)
|
|
|
|
success("Successfully logged out!")
|
2019-12-08 22:43:49 +01:00
|
|
|
return response
|
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/account")
|
2019-12-08 22:43:49 +01:00
|
|
|
@loginrequired
|
|
|
|
def viewaccount() -> Response:
|
|
|
|
user = g.data.local.user.get_user(g.userID)
|
|
|
|
return render_react(
|
2022-10-15 20:56:30 +02:00
|
|
|
"Account Management",
|
|
|
|
"account/account.react.js",
|
2019-12-08 22:43:49 +01:00
|
|
|
{
|
2022-10-15 20:56:30 +02:00
|
|
|
"email": user.email,
|
|
|
|
"username": user.username,
|
2019-12-08 22:43:49 +01:00
|
|
|
},
|
|
|
|
{
|
2022-10-15 20:56:30 +02:00
|
|
|
"updateemail": url_for("account_pages.updateemail"),
|
|
|
|
"updatepin": url_for("account_pages.updatepin"),
|
|
|
|
"updatepassword": url_for("account_pages.updatepassword"),
|
2019-12-08 22:43:49 +01:00
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/account/cards")
|
2019-12-08 22:43:49 +01:00
|
|
|
@loginrequired
|
|
|
|
def viewcards() -> Response:
|
|
|
|
cards = [CardCipher.encode(card) for card in g.data.local.user.get_cards(g.userID)]
|
|
|
|
return render_react(
|
2022-10-15 20:56:30 +02:00
|
|
|
"Card Management",
|
|
|
|
"account/cards.react.js",
|
2019-12-08 22:43:49 +01:00
|
|
|
{
|
2022-10-15 20:56:30 +02:00
|
|
|
"cards": cards,
|
2019-12-08 22:43:49 +01:00
|
|
|
},
|
|
|
|
{
|
2022-10-15 20:56:30 +02:00
|
|
|
"addcard": url_for("account_pages.addcard"),
|
|
|
|
"removecard": url_for("account_pages.removecard"),
|
|
|
|
"listcards": url_for("account_pages.listcards"),
|
2019-12-08 22:43:49 +01:00
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/account/cards/list")
|
2019-12-08 22:43:49 +01:00
|
|
|
@jsonify
|
|
|
|
@loginrequired
|
|
|
|
def listcards() -> Dict[str, Any]:
|
|
|
|
# Return new card list
|
|
|
|
cards = [CardCipher.encode(card) for card in g.data.local.user.get_cards(g.userID)]
|
|
|
|
return {
|
2022-10-15 20:56:30 +02:00
|
|
|
"cards": cards,
|
2019-12-08 22:43:49 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/account/cards/add", methods=["POST"])
|
2019-12-08 22:43:49 +01:00
|
|
|
@jsonify
|
|
|
|
@loginrequired
|
|
|
|
def addcard() -> Dict[str, Any]:
|
|
|
|
# Grab card, convert it
|
2022-10-15 20:56:30 +02:00
|
|
|
card = request.get_json()["card"]
|
2019-12-08 22:43:49 +01:00
|
|
|
try:
|
|
|
|
cardid = CardCipher.decode(card)
|
|
|
|
except CardCipherException:
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("Invalid card number!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# See if it is already claimed
|
|
|
|
userid = g.data.local.user.from_cardid(cardid)
|
|
|
|
if userid is not None:
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("This card is already in use!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# Add it to this user's account
|
|
|
|
g.data.local.user.add_card(g.userID, cardid)
|
|
|
|
|
|
|
|
# Return new card list
|
|
|
|
cards = [CardCipher.encode(card) for card in g.data.local.user.get_cards(g.userID)]
|
|
|
|
return {
|
2022-10-15 20:56:30 +02:00
|
|
|
"cards": cards,
|
2019-12-08 22:43:49 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/account/cards/remove", methods=["POST"])
|
2019-12-08 22:43:49 +01:00
|
|
|
@jsonify
|
|
|
|
@loginrequired
|
|
|
|
def removecard() -> Dict[str, Any]:
|
|
|
|
# Grab card, convert it
|
2022-10-15 20:56:30 +02:00
|
|
|
card = request.get_json()["card"]
|
2019-12-08 22:43:49 +01:00
|
|
|
try:
|
|
|
|
cardid = CardCipher.decode(card)
|
|
|
|
except CardCipherException:
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("Invalid card number!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# Make sure it is our card
|
|
|
|
userid = g.data.local.user.from_cardid(cardid)
|
|
|
|
if userid != g.userID:
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("This card is not yours to delete!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# Remove it from this user's account
|
|
|
|
g.data.local.user.destroy_card(g.userID, cardid)
|
|
|
|
|
|
|
|
# Return new card list
|
|
|
|
cards = [CardCipher.encode(card) for card in g.data.local.user.get_cards(g.userID)]
|
|
|
|
return {
|
2022-10-15 20:56:30 +02:00
|
|
|
"cards": cards,
|
2019-12-08 22:43:49 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/account/email/update", methods=["POST"])
|
2019-12-08 22:43:49 +01:00
|
|
|
@jsonify
|
|
|
|
@loginrequired
|
|
|
|
def updateemail() -> Dict[str, Any]:
|
2022-10-15 20:56:30 +02:00
|
|
|
email = request.get_json()["email"]
|
|
|
|
password = request.get_json()["password"]
|
2019-12-08 22:43:49 +01:00
|
|
|
user = g.data.local.user.get_user(g.userID)
|
|
|
|
if user is None:
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("Unable to find user to update!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# Make sure current password matches
|
|
|
|
if not g.data.local.user.validate_password(g.userID, password):
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("Current password is not correct!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
if not valid_email(email):
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("Invalid email address!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# Update and save
|
|
|
|
user.email = email
|
|
|
|
g.data.local.user.put_user(user)
|
|
|
|
|
|
|
|
# Return updated email
|
|
|
|
return {
|
2022-10-15 20:56:30 +02:00
|
|
|
"email": email,
|
2019-12-08 22:43:49 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/account/pin/update", methods=["POST"])
|
2019-12-08 22:43:49 +01:00
|
|
|
@jsonify
|
|
|
|
@loginrequired
|
|
|
|
def updatepin() -> Dict[str, Any]:
|
2022-10-15 20:56:30 +02:00
|
|
|
pin = request.get_json()["pin"]
|
2019-12-08 22:43:49 +01:00
|
|
|
user = g.data.local.user.get_user(g.userID)
|
|
|
|
if user is None:
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("Unable to find user to update!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
if not valid_pin(pin, "card"):
|
|
|
|
raise Exception("Invalid PIN, must be exactly 4 digits!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# Update and save
|
|
|
|
g.data.local.user.update_pin(g.userID, pin)
|
|
|
|
|
|
|
|
# Return nothing
|
|
|
|
return {}
|
|
|
|
|
|
|
|
|
2022-10-15 20:56:30 +02:00
|
|
|
@account_pages.route("/account/password/update", methods=["POST"])
|
2019-12-08 22:43:49 +01:00
|
|
|
@jsonify
|
|
|
|
@loginrequired
|
|
|
|
def updatepassword() -> Dict[str, Any]:
|
2022-10-15 20:56:30 +02:00
|
|
|
old = request.get_json()["old"]
|
|
|
|
new1 = request.get_json()["new1"]
|
|
|
|
new2 = request.get_json()["new2"]
|
2019-12-08 22:43:49 +01:00
|
|
|
user = g.data.local.user.get_user(g.userID)
|
|
|
|
if user is None:
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("Unable to find user to update!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# Make sure current password matches
|
|
|
|
if not g.data.local.user.validate_password(g.userID, old):
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("Current password is not correct!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# Now, make sure that the passwords match
|
|
|
|
if new1 != new2:
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("Passwords do not match each other!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# Now, make sure passwords are long enough
|
|
|
|
if len(new1) < 6:
|
2022-10-15 20:56:30 +02:00
|
|
|
raise Exception("Password is not long enough!")
|
2019-12-08 22:43:49 +01:00
|
|
|
|
|
|
|
# Update and save
|
|
|
|
g.data.local.user.update_password(g.userID, new1)
|
|
|
|
|
|
|
|
# Return nothing
|
|
|
|
return {}
|