CDCC
/
registro_escolar
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

adding encryption to session id and email

Jose R Ortiz Ubarri 4 years ago
parent
7e2c2fe3c1
commit
9633172ba6
2 changed files with 19 additions and 7 deletions
Unified View Show Diff Stats
  1. 18
    5
      authlib.py
  2. 1
    2
      registro-run.py

+ 18
- 5
authlib.py View File

1
1
2 
-import hashlib, time
2 
+import hashlib, time, json
3 
+from cryptography.fernet import Fernet
3 
 from connect import connection, engine, metadata
 4 
 from connect import connection, engine, metadata
4 
 import sqlalchemy as db
 5 
 import sqlalchemy as db
5
6
9 
 class Auth:
 10 
 class Auth:
10 
     def __init__(self, session, expire=0):
 11 
     def __init__(self, session, expire=0):
11 
         self.session = session
 12 
         self.session = session
13 
+        self.id = None
14 
+        self.email = None
15 
+        self.fernet = Fernet(b'3UH3USxvBcFITpnVa2gvTUIMO5jbc8jqU_Q1O6SNBLs=')
16 
+
17 
+        if session.get("id"):
18 
+            value = json.loads(self.fernet.decrypt(session["id"]))
19 
+            self.id = value["id"]
20 
+            self.email = value["email"]
21 
+        # Remember to always change
12 
         self.expire=expire
 22 
         self.expire=expire
13
23
14 
     def checkAuth(self):
 24 
     def checkAuth(self):
21
31
22 
     def setAuth(self, id, email):
 32 
     def setAuth(self, id, email):
23 
         self.session["gallitosccom"] = True
 33 
         self.session["gallitosccom"] = True
24 
-        self.session["id"] = id
25 
-        self.session["email"] = email
34 
+        self.id = id
35 
+        self.email = email
36 
+        # self.session["id"] = id
37 
+        # self.session["email"] = email
38 
+        self.session["id"] = self.fernet(json.dumps({"id": id, "email": email}))
26 
         if self.expire:
 39 
         if self.expire:
27 
             self.session["tiempo"] = time.time()
 40 
             self.session["tiempo"] = time.time()
28
41
30 
         if self.session.get("gallitosccom"):
 43 
         if self.session.get("gallitosccom"):
31 
             self.session.pop("gallitosccom", None)
 44 
             self.session.pop("gallitosccom", None)
32 
             self.session.pop("id", None)
 45 
             self.session.pop("id", None)
33 
-            self.session.pop("email", None)
46 
+            # self.session.pop("email", None)
34
47
35 
     def do_login(self, username, password):
 48 
     def do_login(self, username, password):
36 
         password = hash_pass(password)
 49 
         password = hash_pass(password)
62 
         usuarios = db.Table('usuarios', metadata, autoload=True, autoload_with=engine)
 75 
         usuarios = db.Table('usuarios', metadata, autoload=True, autoload_with=engine)
63 
         role = db.Table(table, metadata, autoload=True, autoload_with=engine)
 76 
         role = db.Table(table, metadata, autoload=True, autoload_with=engine)
64 
         query = db.select([usuarios, role])
 77 
         query = db.select([usuarios, role])
65 
-        query = query.select_from(usuarios.join(role, usuarios.columns.id == role.columns.user_id)).where(role.columns.user_id == self.session["id"])
78 
+        query = query.select_from(usuarios.join(role, usuarios.columns.id == role.columns.user_id)).where(role.columns.user_id == self.id)
66 
         result = connection.execute(query).fetchone()
 79 
         result = connection.execute(query).fetchone()
67
80
68 
         if result:
 81 
         if result:

+ 1
- 2
registro-run.py View File

6
6
7 
 app = Flask(__name__)
 7 
 app = Flask(__name__)
8
8
9 
-secret = os.open("secret","r").read()
10 
-print(secret)
9 
+secret = open("secret","r").read()
11
10
12 
 @app.route('/', methods=['GET', 'POST'])
 11 
 @app.route('/', methods=['GET', 'POST'])
13 
 def index():
 12 
 def index():