暂无描述

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
  1. import hashlib, time, json
  2. from cryptography.fernet import Fernet
  3. from connect import connection, engine, metadata
  4. import sqlalchemy as db
  5. def hash_pass(password):
  6. return hashlib.sha256(password.encode()).hexdigest()
  7. class Auth:
  8. def __init__(self, session, expire=0):
  9. self.session = session
  10. self.id = None
  11. self.email = None
  12. self.session["fc"] = 0
  13. self.fernet = Fernet(b'3UH3USxvBcFITpnVa2gvTUIMO5jbc8jqU_Q1O6SNBLs=')
  14. if session.get("id"):
  15. value = json.loads(self.fernet.decrypt(session["id"]))
  16. self.id = value["id"]
  17. self.email = value["email"]
  18. # Remember to always change
  19. self.expire=expire
  20. def checkAuth(self):
  21. if self.expire and time.time() - self.session["tiempo"] > self.expire:
  22. self.delAuth()
  23. else:
  24. self.session["tiempo"] = time.time()
  25. return self.session.get("gallitosccom")
  26. def setAuth(self, id, email):
  27. self.session["gallitosccom"] = True
  28. self.id = id
  29. self.email = email
  30. self.session["id"] = self.fernet.encrypt(json.dumps({"id": id, "email": email}).encode())
  31. if self.expire:
  32. self.session["tiempo"] = time.time()
  33. def delAuth(self):
  34. if self.session.get("gallitosccom"):
  35. self.session.pop("gallitosccom", None)
  36. self.session.pop("id", None)
  37. # self.session.pop("email", None)
  38. def do_login(self, username, password):
  39. password = hash_pass(password)
  40. usuarios = db.Table('usuarios', metadata, autoload=True, autoload_with=engine)
  41. query = db.select([usuarios])
  42. if username.find("@") > 1:
  43. print("email")
  44. query = query.select_from(usuarios).where(usuarios.columns.email == username)
  45. else:
  46. print("username")
  47. query = query.select_from(usuarios).where(usuarios.columns.username == username)
  48. result = connection.execute(query).fetchone()
  49. if result and password == result["password"]:
  50. print(result)
  51. self.setAuth(result["id"], result["email"])
  52. # Añadir feature de last login.
  53. self.session["fc"] = 0
  54. return True
  55. #introduce an authentication fail delay
  56. time.sleep(self.session["fc"] * 2)
  57. self.session["fc"] += 1
  58. return False
  59. def checkRole(self, tipo):
  60. tables = {"admin": "administracion", "madre": "madres", "enfermera":"enfermeras", "facultad": "facultad", "estudiante": "estudiantes"}
  61. if tipo in tables:
  62. table = tables[tipo]
  63. else:
  64. return False
  65. usuarios = db.Table('usuarios', metadata, autoload=True, autoload_with=engine)
  66. role = db.Table(table, metadata, autoload=True, autoload_with=engine)
  67. query = db.select([usuarios, role])
  68. query = query.select_from(usuarios.join(role, usuarios.columns.id == role.columns.user_id)).where(role.columns.user_id == self.id)
  69. result = connection.execute(query).fetchone()
  70. if result:
  71. return True
  72. return False
  73. def do_logout(self):
  74. self.delAuth()