Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import uuid
- import hashlib
- from flask import Flask, request, make_response, redirect
- import xmltodict
- from xml.etree import ElementTree as xml
- Server = Flask(__name__)
- _email = 'email@email.com' #email to be sent via xml to test
- _password = 'keineahnung' #password to be sent via xml to test
- #if one of the values above does not match the values sent through the xml
- #file
- #the method LoginError will be called and the xml file loginError will be
- #sent as response
- @Server.route('/', methods=['GET'])
- # This is a test I wanted to implement to check via browser if I can
- #redirect the user to the login page
- def api_root():
- for name in request.cookies:
- #search if the cookie with the user email already exists
- value = request.cookies.get('sessionid')
- if value == hashlib.md5(_email.encode('utf')).hexdigest():
- print('Logged')
- return 'Welcome back, '+_email
- return redirect('/login', code=302)
- @Server.route('/login', methods = ['GET','POST'])
- def Login():
- if request.method == 'GET':
- #Test the cookie session via browser
- return LoginPassed(_email)
- #Pass automatically the right email so the cookie can be created
- else:
- xmlFile = xmltodict.parse(request.data) #Converts the xml to json dict
- user = xmlFile['LOGIN']['BENUTZER']
- password = xmlFile['LOGIN']['PASSWORT']
- for name in request.cookies:
- #search if the cookie with the user email already exists
- value = request.cookies.get('sessionid')
- if value == hashlib.md5(user.encode('utf')).hexdigest():
- print('Logged')
- redirect('/loginPassed.xml', code=302)
- return 'Welcome back, '+user
- return LoginError()
- #if a post request is made the login file is decoded into a json dictionary
- #the user email and password sent through the file are checked against the
- _email and _password constant values
- if request.method == 'POST':
- if user == _email:
- if password == _password:
- return LoginPassed(user)
- return LoginError()
- #if email or password does not match this function will be called
- # a loginError.xml will be returned
- @Server.route('/loginError.xml', methods=['GET', 'POST'])
- def LoginError():
- print('Login Failed')
- redirect('/loginError.xml', code=302)
- response = make_response(open('LoginError.xml').read())
- response.headers["Content-type"] = "text/xml"
- return response
- #If login data is correct the app.route delivers the loginPassed.xml file
- # and creates a new session_id and cookie for the user
- @Server.route('/loginPassed.xml', methods=['GET', 'POST'])
- def LoginPassed(user):
- print('Loged w success')
- _cookieExpireOn = 60 #cookie expires in 60 seconds
- sessionid = hashlib.md5(user.encode('utf')).hexdigest()
- #generates the session id for the cookie
- response = make_response(open('LoginPassed.xml').read())
- response.headers["SESSION"] = sessionid
- #includes the session on the header
- response.set_cookie('sessionid', sessionid, path= '/login',
- max_age=_cookieExpireOn, secure=False, httponly=True)
- #creates the session cookie using email
- return response
- #initializes the app
- if __name__ == '__main__':
- Server.run(host='0.0.0.0', port=80)
Add Comment
Please, Sign In to add comment