auth.py

   1 # LibreVax
   2 # Copyright (C) 2024 Dr. Agnibho Mondal
   3 # This file is part of LibreVax.
   4 # LibreVax is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
   5 # LibreVax is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
   6 # You should have received a copy of the GNU General Public License along with LibreVax. If not, see <https://www.gnu.org/licenses/>.
   7
   8 from flask import session
   9 from collections import namedtuple
  10 import bcrypt, base64
  11
  12 _auth=namedtuple("auth", ["NONE", "ALL"])
  13 auth=_auth("NONE", "ALL")
  14
  15 def login(cursor, user, password, center):
  16     try:
  17         result=cursor.execute("SELECT * FROM users WHERE user=?", (user,))
  18         record=result.fetchone()
  19         if(record is not None and bcrypt.checkpw(password.encode("utf-8"), base64.b64decode(record["hash"]))):
  20             session["user"]=record["user"]
  21             session["auth"]=_parse_auth(record["auth"])
  22             result=cursor.execute("SELECT * FROM multicenter WHERE mid=?", (center,))
  23             record=result.fetchone()
  24             session["mid"]=record["mid"]
  25             session["center"]=record["center"]
  26             return True
  27         else:
  28             return False
  29     except Exception as e:
  30         raise(e)
  31         return False
  32
  33 def change(cursor, user, new, old=None):
  34     try:
  35         if(old is not None):
  36             result=cursor.execute("SELECT * FROM users WHERE user=?", (user,))
  37             record=result.fetchone()
  38             if(record is not None and bcrypt.checkpw(old.encode("utf-8"), base64.b64decode(record["hash"]))):
  39                 cursor.execute("UPDATE users SET hash=? WHERE user=?", (base64.b64encode(bcrypt.hashpw(new.encode("utf-8"), bcrypt.gensalt())), user))
  40                 return True
  41             else:
  42                 return False
  43         else:
  44             cursor.execute("UPDATE users SET hash=? WHERE user=?", (base64.b64encode(bcrypt.hashpw(new.encode("utf-8"), bcrypt.gensalt())), user))
  45             return True
  46     except Exception as e:
  47         raise(e)
  48         return False
  49
  50 def new(cursor, user, pwd):
  51     try:
  52         cursor.execute("INSERT INTO users (user, hash) VALUES (?, ?)", (user, base64.b64encode(bcrypt.hashpw(pwd.encode("utf-8"), bcrypt.gensalt()))))
  53         return True
  54     except Exception as e:
  55         raise(e)
  56         return False
  57
  58 def switch(cursor, center):
  59     try:
  60         result=cursor.execute("SELECT * FROM multicenter WHERE mid=?", (center["center"],))
  61         record=result.fetchone()
  62         session["mid"]=record["mid"]
  63         session["center"]=record["center"]
  64         return True
  65     except Exception as e:
  66         raise(e)
  67         return False
  68
  69 def list(cursor):
  70     try:
  71         result=cursor.execute("SELECT * FROM users")
  72         record=result.fetchall()
  73         return record
  74     except Exception as e:
  75         return False
  76
  77 def _parse_auth(text):
  78     if(text.upper()==auth.ALL):
  79         return auth.ALL
  80     else:
  81         return auth.NONE
  82
  83 def access():
  84     try:
  85         return session["auth"]
  86     except:
  87         return "none"
  88
  89 def logout():
  90     try:
  91         del session["user"]
  92         del session["auth"]
  93         del session["mid"]
  94         del session["center"]
  95     except:
  96         pass