Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # -*- coding: utf-8 -*-
- from flask import Flask, render_template_string, request, Response, session, redirect
- import logging, os, sys, time
- import random
- app = Flask(__name__)
- app.config["SECRET_KEY"] = "SECRETKEYSECRETKEYSECRETKEYSECRETKEYSECRETKEY"
- app.config["DEBUG"] = os.environ.get("FLASK_DEBUG", True)
- app.config["JSON_AS_ASCII"] = False
- html_login = """
- {% if auth_name %}
- {% set NAME = auth_name %}
- {% else %}
- {% set NAME = 'unknown' %}
- {% endif %}
- {% if not status %}
- {% set status = 'UNKNOWN' %}
- {% endif %}
- <!DOCTYPE html>
- <html>
- <head><title>AD AUTH</title></head>
- <body>
- <div> <h2>Hello, <small>{{NAME}}</small>.</h2><p>You are in {{status}} status.</p><p>and otp status is {{otp_status}}</p> </div>
- <div>
- <form action="/login" method="post">
- <input name="username" placeholder="username" type="text">
- <input type="password" name="password">
- <input type="submit" name="submit">
- </form>
- </div>
- </body>
- </html>
- """
- html_otp = """
- {% if auth_name %}
- {% set NAME = auth_name %}
- {% else %}
- {% set NAME = 'unknown' %}
- {% endif %}
- {% if not status %}
- {% set status = 'UNKNOWN' %}
- {% endif %}
- {% if not otp_status %}
- {% set otp_status = 'UNKNOWN' %}
- {% endif %}
- <!DOCTYPE html>
- <html>
- <head><title>AD AUTH</title></head>
- <body>
- <div> <h2>Hello, <small>{{NAME}}</small>.</h2><p>You are in {{status}} status.</p><p>and otp status is {{otp_status}}</p> </div>
- <div>
- <form action="/otp" method="post">
- <input name="otp" placeholder="otp" type="text">
- <input type="submit" name="submit">
- </form>
- </div>
- </body>
- </html>
- """
- html_result = """
- {% if auth_name %}
- {% set NAME = auth_name %}
- {% else %}
- {% set NAME = 'unknown' %}
- {% endif %}
- {% if not status %}
- {% set status = 'UNKNOWN' %}
- {% endif %}
- {% if not otp_status %}
- {% set otp_status = 'UNKNOWN' %}
- {% endif %}
- <!DOCTYPE html>
- <html>
- <head><title>AD AUTH</title></head>
- <body>
- <div>
- <h2>Hello, <small>{{NAME}}</small>.</h2>
- <p>You are in {{status}} status.</p>
- <p>and otp status is {{otp_status}}</p>
- <p><a href="/">Go to home?</a></p>
- </div>
- </body>
- </html>
- """
- def generate_code():
- return str(random.randrange(100000, 999999))
- def send_otp_code():
- otp_code = generate_code()
- app.logger.critical('OTP: %s' % otp_code)
- session['otp_code'] = otp_code
- return otp_code
- def validate_user(username, password):
- if username == 'foo' and password == 'bar':
- return True
- else:
- return False
- def validate_otp(otp_password):
- if otp_password == session['otp_code']:
- return True
- else:
- return False
- @app.route('/')
- def home():
- app.logger.info("route =>'/' - hit!")
- return render_template_string(html_login)
- @app.route('/login', methods=['GET','POST'])
- def login():
- app.logger.info("route =>'/login' - hit!")
- if request.method == 'GET':
- return redirect('/')
- else:
- session['auth_user'] = request.form['username']
- session['auth_pass'] = request.form['password']
- app.logger.info("login: %s" % session['auth_user'])
- status = validate_user(username=session['auth_user'], password=session['auth_pass'])
- if not status:
- session['status'] = 'UNAUTHORIZED'
- return render_template_string(html_login, auth_name=session['auth_user'], status=session['status'])
- else:
- session['status'] = 'AUTHORIZED'
- return redirect('/otp')
- @app.route('/otp', methods=['GET','POST'])
- def login_otp():
- app.logger.info("route =>'/otp' - hit!")
- if request.method == 'GET':
- send_otp_code()
- return render_template_string(html_otp, auth_name=session['auth_user'], status=session['status'])
- else:
- session['otp'] = request.form['otp']
- otp_status = validate_otp(session['otp'])
- if not otp_status:
- session['otp_status'] = 'INVALID'
- else:
- session['otp_status'] = 'VALID'
- return render_template_string(html_result, auth_name=session['auth_user'], status=session['status'], otp_status=session['otp_status'])
- if __name__ == '__main__':
- app.run(debug=True)
Add Comment
Please, Sign In to add comment