CDCC
/
registro_escolar
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

adding encryption to session id and email

Jose R Ortiz Ubarri 4 years ago
parent
7e2c2fe3c1
commit
9633172ba6
2 changed files with 19 additions and 7 deletions
Split View Show Diff Stats
  1. 18
    5
      authlib.py
  2. 1
    2
      registro-run.py

+ 18
- 5
authlib.py View File 

@@ -1,5 +1,6 @@
1 1
2 
-import hashlib, time
2 
+import hashlib, time, json
3 
+from cryptography.fernet import Fernet
3 4 
 from connect import connection, engine, metadata
4 5 
 import sqlalchemy as db
5 6 
 
@@ -9,6 +10,15 @@ def hash_pass(password):
9 10 
 class Auth:
10 11 
     def __init__(self, session, expire=0):
11 12 
         self.session = session
13 
+        self.id = None
14 
+        self.email = None
15 
+        self.fernet = Fernet(b'3UH3USxvBcFITpnVa2gvTUIMO5jbc8jqU_Q1O6SNBLs=')
16 
+
17 
+        if session.get("id"):
18 
+            value = json.loads(self.fernet.decrypt(session["id"]))
19 
+            self.id = value["id"]
20 
+            self.email = value["email"]
21 
+        # Remember to always change
12 22 
         self.expire=expire
13 23
14 24 
     def checkAuth(self):
 
@@ -21,8 +31,11 @@ class Auth:
21 31
22 32 
     def setAuth(self, id, email):
23 33 
         self.session["gallitosccom"] = True
24 
-        self.session["id"] = id
25 
-        self.session["email"] = email
34 
+        self.id = id
35 
+        self.email = email
36 
+        # self.session["id"] = id
37 
+        # self.session["email"] = email
38 
+        self.session["id"] = self.fernet(json.dumps({"id": id, "email": email}))
26 39 
         if self.expire:
27 40 
             self.session["tiempo"] = time.time()
28 41 
 
@@ -30,7 +43,7 @@ class Auth:
30 43 
         if self.session.get("gallitosccom"):
31 44 
             self.session.pop("gallitosccom", None)
32 45 
             self.session.pop("id", None)
33 
-            self.session.pop("email", None)
46 
+            # self.session.pop("email", None)
34 47
35 48 
     def do_login(self, username, password):
36 49 
         password = hash_pass(password)
 
@@ -62,7 +75,7 @@ class Auth:
62 75 
         usuarios = db.Table('usuarios', metadata, autoload=True, autoload_with=engine)
63 76 
         role = db.Table(table, metadata, autoload=True, autoload_with=engine)
64 77 
         query = db.select([usuarios, role])
65 
-        query = query.select_from(usuarios.join(role, usuarios.columns.id == role.columns.user_id)).where(role.columns.user_id == self.session["id"])
78 
+        query = query.select_from(usuarios.join(role, usuarios.columns.id == role.columns.user_id)).where(role.columns.user_id == self.id)
66 79 
         result = connection.execute(query).fetchone()
67 80
68 81 
         if result:

+ 1
- 2
registro-run.py View File 

@@ -6,8 +6,7 @@ from authlib import *
6 6
7 7 
 app = Flask(__name__)
8 8
9 
-secret = os.open("secret","r").read()
10 
-print(secret)
9 
+secret = open("secret","r").read()
11 10
12 11 
 @app.route('/', methods=['GET', 'POST'])
13 12 
 def index():