Browse Source

Create password on first login

* Password will be created on first login if no passwords.txt exists
* Remove name field, which isn't really doing anything valuable

This commit closes #39.
youtube-dl
Macoy Madson 1 year ago
parent
commit
8432a4fde5
7 changed files with 146 additions and 13 deletions
  1. +22
    -0
      .clang-format
  2. +30
    -4
      LikedSavedDownloaderServer.py
  3. +12
    -5
      PasswordManager.py
  4. +4
    -3
      templates/Login.html
  5. +36
    -0
      templates/LoginCreate.html
  6. +29
    -0
      webInterfaceNoAuth/LoginCreate.js
  7. +13
    -1
      webInterfaceNoAuth/index.css

+ 22
- 0
.clang-format View File

@ -0,0 +1,22 @@
# http://releases.llvm.org/6.0.0/tools/clang/docs/ClangFormatStyleOptions.html
BasedOnStyle: Google
AccessModifierOffset: -4
AllowShortBlocksOnASingleLine: false
AllowShortFunctionsOnASingleLine: None
AllowShortIfStatementsOnASingleLine: false
AllowShortLoopsOnASingleLine: false
BreakBeforeBraces: Allman
BraceWrapping:
AfterNamespace: false
BreakBeforeTernaryOperators: false
ColumnLimit: 100
ConstructorInitializerIndentWidth: 4
ContinuationIndentWidth: 4
IndentWidth: 4
Standard: Cpp11
TabWidth: 4
UseTab: ForIndentation
DerivePointerAlignment: false
PointerAlignment: Left
NamespaceIndentation: None
IndentCaseLabels: true

+ 30
- 4
LikedSavedDownloaderServer.py View File

@ -115,9 +115,15 @@ class LoginHandler(AuthHandler):
if not enable_authentication:
self.redirect("/")
else:
self.render("templates/Login.html",
next=self.get_argument("next", landingPage),
xsrf_form_html=self.xsrf_form_html())
if PasswordManager.havePasswordsBeenSet():
self.render("templates/Login.html",
next=self.get_argument("next", landingPage),
xsrf_form_html=self.xsrf_form_html())
else:
# New password setup
self.render("templates/LoginCreate.html",
next=self.get_argument("next", landingPage),
xsrf_form_html=self.xsrf_form_html())
def post(self):
global authenticated_users
@ -155,6 +161,25 @@ class LogoutHandler(AuthHandler):
else:
self.redirect("/")
class SetPasswordHandler(AuthHandler):
def get(self):
pass
def post(self):
if not enable_authentication:
self.redirect("/")
else:
print("Attempting to set password")
if PasswordManager.havePasswordsBeenSet():
print("Rejected: Password has already been set!")
elif self.get_argument("password") != self.get_argument("password_verify"):
print("Rejected: password doesn't match verify field!")
else:
PasswordManager.createPassword(self.get_argument("password"))
print("Success: Set password")
self.redirect("/login")
class AuthedStaticHandler(tornado.web.StaticFileHandler):
def get_current_user(self):
return login_get_current_user(self)
@ -590,7 +615,8 @@ def make_app():
# Login
(r'/login', LoginHandler),
(r'/logout', LogoutHandler),
(r'/setPassword', SetPasswordHandler),
# Configure the script
(r'/settings', SettingsHandler),


+ 12
- 5
PasswordManager.py View File

@ -16,6 +16,7 @@ import passlib.handlers.sha2_crypt
import passlib.handlers.bcrypt
import sys
import os
# Even if this file gets compromised, it'll still be hard to use for anything
passwordsFilename = "passwords.txt"
@ -44,6 +45,9 @@ def cachePasswords():
passwords = passwordsFile.readlines()
passwordsFile.close()
def havePasswordsBeenSet():
return os.path.exists(passwordsFilename)
def verify(password):
if not len(passwords):
cachePasswords()
@ -55,14 +59,17 @@ def verify(password):
return True
return False
def createPassword(password):
passwordHashed = password_context.hash(password)
passwordsOut = open(passwordsFilename, "a")
passwordsOut.write(passwordHashed + "\n")
passwordsOut.close()
if __name__ == "__main__":
if len(sys.argv) != 2:
print("Wrong number of arguments!\n"
"PasswordManager: Adds a password to the passwords file.\n"
"Usage:\n python PasswordManager.py \"your password\"")
else:
passwordHashed = password_context.hash(sys.argv[1])
passwordsOut = open(passwordsFilename, "a")
passwordsOut.write(passwordHashed + "\n")
passwordsOut.close()
createPassword(sys.argv[1])

+ 4
- 3
templates/Login.html View File

@ -10,11 +10,12 @@
<link rel="stylesheet" type="text/css" href="webInterfaceNoAuth/index.css">
</head>
<body>
<h1>Login Required</h1>
<h1>Login</h1>
<form action="/login" method="post">
<label>Name</label><input type="text" name="name" autofocus><br />
<label>Password</label><input type="password" name="password">
<!-- <label>Name</label><input type="text" name="name" autofocus><br /> -->
<input type="hidden" name="name" value="DefaultUser">
<label>Password</label><input type="password" name="password" autofocus>
<input type="hidden" name="next" value="{{ next }}"><br />
{% raw xsrf_form_html %}
<br /><input type="submit" value="Sign in">


+ 36
- 0
templates/LoginCreate.html View File

@ -0,0 +1,36 @@
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<!-- For mobile: set scale to native -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Login</title>
<link rel="stylesheet" type="text/css" href="webInterfaceNoAuth/index.css">
</head>
<body>
<h1>Create Password</h1>
<p>This looks like your first time running Content Collector. Please create a password.</p>
<form action="/setPassword" method="post">
<!-- <label>Name</label><input type="text" name="name" autofocus><br /> -->
<input type="hidden" name="name" value="DefaultUser">
<label>Password</label><input type="password" name="password" id="password" autofocus>
<label>Verify Password</label><input type="password" name="password_verify" id="verifyPassword">
<input type="hidden" name="next" value="{{ next }}"><br />
<p id="passwordStatus" style="display: none"></p>
{% raw xsrf_form_html %}
<br /><input type="submit" value="Set password" id="setPasswordSubmit">
</form>
<script type="text/javascript" src="webInterfaceNoAuth/LoginCreate.js"></script>
</body>
</html>

+ 29
- 0
webInterfaceNoAuth/LoginCreate.js View File

@ -0,0 +1,29 @@
var passwordField = document.getElementById('password');
var verifyPasswordField = document.getElementById('verifyPassword');
var statusField = document.getElementById('passwordStatus');
var setPasswordSubmitButton = document.getElementById('setPasswordSubmit');
var verifyPasswords =
function() {
if (!passwordField.value)
{
statusField.style.display = 'block';
statusField.innerText = 'Password must not be empty';
setPasswordSubmitButton.disabled = true;
}
else if (verifyPasswordField.value != passwordField.value)
{
statusField.style.display = 'block';
statusField.innerText = 'Passwords do not match';
setPasswordSubmitButton.disabled = true;
}
else
{
statusField.style.display = 'none';
setPasswordSubmitButton.disabled = false;
}
}
verifyPasswordField.onkeyup = verifyPasswords;
passwordField.onkeyup = verifyPasswords;

+ 13
- 1
webInterfaceNoAuth/index.css View File

@ -156,7 +156,10 @@ input[type=button], input[type=submit], input[type=reset], button {
font-size: large;
}
input[type=button]:hover, input[type=submit]:hover, input[type=reset]:hover, button:hover {
input[type=button]:hover,
input[type=submit]:hover,
input[type=reset]:hover,
button:hover {
border: 3px solid #c7c795;
}
@ -164,3 +167,12 @@ input[type=checkbox] {
transform: scale(1.3,1.3);
}
input[type=button]:disabled,
input[type=submit]:disabled,
input[type=reset]:disabled,
button:disabled {
border: 3px solid #c76464;
cursor:not-allowed;
background-color: #222222;
color: #aaaa9c;
}

Loading…
Cancel
Save