From: Agnibho Mondal <mondal@agnibho.com>
Date: Wed, 13 Mar 2024 16:40:17 +0000 (+0530)
Subject: Updated user management
X-Git-Url: https://code.agnibho.com/repo?a=commitdiff_plain;h=6ca61c2e139d38037896aa5202ad8e12d7f52b43;p=librevax.git

Updated user management
---

diff --git a/auth.py b/auth.py
index 88cc17f..e6e8188 100644
--- a/auth.py
+++ b/auth.py
@@ -30,7 +30,7 @@ def login(cursor, user, password, center):
         raise(e)
         return False
 
-def change(cursor, user, new, old=None):
+def changePass(cursor, user, new, old=None):
     try:
         if(old is not None):
             result=cursor.execute("SELECT * FROM users WHERE user=?", (user,))
@@ -47,9 +47,31 @@ def change(cursor, user, new, old=None):
         raise(e)
         return False
 
-def new(cursor, user, pwd):
+def changeAuth(cursor, user, auth):
     try:
-        cursor.execute("INSERT INTO users (user, hash) VALUES (?, ?)", (user, base64.b64encode(bcrypt.hashpw(pwd.encode("utf-8"), bcrypt.gensalt()))))
+        result=cursor.execute("SELECT * FROM users WHERE user=?", (user,))
+        record=result.fetchone()
+        if(record is not None):
+            cursor.execute("UPDATE users SET auth=? WHERE user=?", (auth, user))
+            return True
+        else:
+            return False
+        return True
+    except Exception as e:
+        raise(e)
+        return False
+
+def new(cursor, user, pwd, auth):
+    try:
+        cursor.execute("INSERT INTO users (user, hash, auth) VALUES (?, ?, ?)", (user, base64.b64encode(bcrypt.hashpw(pwd.encode("utf-8"), bcrypt.gensalt())), auth))
+        return True
+    except Exception as e:
+        raise(e)
+        return False
+
+def delete(cursor, user):
+    try:
+        cursor.execute("DELETE FROM users WHERE user=?", (user,))
         return True
     except Exception as e:
         raise(e)
@@ -75,9 +97,13 @@ def list(cursor):
         return False
 
 def _parse_auth(text):
-    if(text.upper()==auth.ALL):
-        return auth.ALL
-    else:
+    try:
+        if(text.upper()==auth.ALL):
+            return auth.ALL
+        else:
+            return auth.NONE
+        return auth.NONE
+    except Exception as e:
         return auth.NONE
 
 def access():
diff --git a/librevax.py b/librevax.py
index 34351d1..91fd266 100644
--- a/librevax.py
+++ b/librevax.py
@@ -17,6 +17,7 @@ app.config.from_file("config/config.json", load=json.load)
 @app.before_request
 def preload():
     g.user=session.get("user", None)
+    g.auth=session.get("auth", None)
     g.mid=session.get("mid", None)
     g.center=session.get("center", None)
     g.enable_delete=app.config.get("ENABLE_DELETE", False) or g.user=="admin"
@@ -71,13 +72,13 @@ def admin(msg=None):
     if(not ok):
         raise Exception(mc)
     users=auth.list(cursor)
-    return render_template("admin.html", users=users, center=mc, msg=msg)
+    return render_template("admin.html", users=users, auth=auth.auth, center=mc, msg=msg)
 
 @app.post("/newuser")
 def newuser():
     try:
         cursor=get_db().cursor()
-        if(auth.new(cursor, request.form["user"], request.form["pwd"])):
+        if(auth.new(cursor, request.form["user"], request.form["pwd"], request.form["auth"])):
             return admin(msg="New user added")
         else:
             return admin(msg="Failed to add")
@@ -106,6 +107,36 @@ def changepass():
         raise(e)
         return render_template("error.html", data=e)
 
+@app.post("/changeauth")
+def changeauth():
+    try:
+        cursor=get_db().cursor()
+        if(g.auth==auth.auth.ALL and "user" in request.form.keys() and "auth" in request.form.keys()):
+            if(auth.changeAuth(cursor, request.form["user"], request.form["auth"])):
+                return admin(msg="Authorization changed")
+            else:
+                return admin(msg="Failed to change authorization")
+        else:
+            return admin(msg="Failed to change authorization")
+    except Exception as e:
+        raise(e)
+        return render_template("error.html", data=e)
+
+@app.post("/deluser")
+def deluser():
+    try:
+        cursor=get_db().cursor()
+        if("user" in request.form.keys()):
+            if(auth.delete(cursor, request.form["user"])):
+                return admin(msg="User deleted")
+            else:
+                return admin(msg="Failed to delete")
+        else:
+            return admin(msg="Failed to delete")
+    except Exception as e:
+        raise(e)
+        return render_template("error.html", data=e)
+
 @app.post("/switchcenter")
 def switchcenter():
     try:
diff --git a/templates/admin.html b/templates/admin.html
index 8b9e975..b96b406 100644
--- a/templates/admin.html
+++ b/templates/admin.html
@@ -12,6 +12,7 @@ You should have received a copy of the GNU General Public License along with Lib
 
 {% block content %}
 <div class="content">
+  {{auth.ALL}}
   {% if msg %}
   <div class="alert alert-info">
     <p>{{msg}}</p>
@@ -57,13 +58,20 @@ You should have received a copy of the GNU General Public License along with Lib
             <div class="card-body">
               <form method="post" action="newuser">
                 <div class="mb-2 row">
-                  <div class="col-sm-4">
+                  <div class="col-sm-3">
                     <input name="user" placeholder="Username" class="form-control">
                   </div>
-                  <div class="col-sm-4">
-                    <input name="pwd" placeholder="Password" class="form-control">
+                  <div class="col-sm-3">
+                    <input name="pwd" type="password" placeholder="Password" class="form-control">
                   </div>
-                  <div class="col-sm-4 d-grid">
+                  <div class="col-sm-3">
+                    <select name="auth" class="form-select">
+                      {% for i in auth %}
+                      <option>{{i}}</option>
+                      {% endfor %}
+                    </select>
+                  </div>
+                  <div class="col-sm-3 d-grid">
                     <button type="submit" class="btn btn-primary">Create</button>
                   </div>
                 </div>
@@ -74,6 +82,25 @@ You should have received a copy of the GNU General Public License along with Lib
             <div class="card-header">
               <h6>Existing User</h6>
             </div>
+            <div class="card-body">
+              <form method="post">
+                <div class="mb-2 row">
+                  <div class="col-sm-4">
+                    <select name="user" class="form-select mb-2">
+                      {% for i in users %}
+                      <option value="{{i["user"]}}">{{i["user"]}}</option>
+                      {% endfor %}
+                    </select>
+                  </div>
+                  <div class="col-sm-4">
+                    <input name="new" placeholder="Password" class="form-control">
+                  </div>
+                  <div class="col-sm-4 d-grid">
+                    <button type="submit" formaction="changepass" class="btn btn-success">Reset Password</button>
+                  </div>
+                </div>
+              </form>
+            </div>
             <div class="card-body">
               <form method="post">
                 <div class="mb-2 row">
@@ -85,13 +112,17 @@ You should have received a copy of the GNU General Public License along with Lib
                     </select>
                   </div>
                   <div class="col-sm-3">
-                    <input name="new" placeholder="Password" class="form-control">
+                    <select name="auth" class="form-select">
+                      {% for i in auth %}
+                      <option>{{i}}</option>
+                      {% endfor %}
+                    </select>
                   </div>
                   <div class="col-sm-3 d-grid">
-                    <button type="submit" formaction="changepass" class="btn btn-warning">Reset</button>
+                    <button type="submit" formaction="changeauth" class="btn btn-warning">Change</button>
                   </div>
                   <div class="col-sm-3 d-grid">
-                    <button type="submit" class="btn btn-danger">Delete</button>
+                    <button type="submit" formaction="deluser" class="btn btn-danger">Delete</button>
                   </div>
                 </div>
               </form>