import uuidimport hashlibfrom flask import Flask, request, make_response, redi

1. import uuid
2. import hashlib
3. from flask import Flask, request, make_response, redirect
4. import xmltodict
5. from xml.etree import ElementTree as xml
6.  
7.  
8. Server = Flask(__name__)
9.  
10. _email = 'email@email.com' #email to be sent via xml to test
11. _password = 'keineahnung' #password to be sent via xml to test
12.  
13.  
14.  
15. #if one of the values above does not match the values sent through the xml
16. #file
17. #the method LoginError will be called and the xml file loginError will be
18. #sent as response
19.  
20. @Server.route('/', methods=['GET'])
21. # This is a test I wanted to implement to check via browser if I can
22. #redirect the user to the login page
23.  
24. def api_root():
25.  
26. for name in request.cookies:
27.  
28. #search if the cookie with the user email already exists
29.  
30. value = request.cookies.get('sessionid')
31. if value == hashlib.md5(_email.encode('utf')).hexdigest():
32. print('Logged')
33.  
34. return 'Welcome back, '+_email
35.  
36. return redirect('/login', code=302)
37.  
38. @Server.route('/login', methods = ['GET','POST'])
39. def Login():
40.  
41. if request.method == 'GET':
42. #Test the cookie session via browser
43. return LoginPassed(_email)
44. #Pass automatically the right email so the cookie can be created
45. else:
46.  
47. xmlFile = xmltodict.parse(request.data) #Converts the xml to json dict
48. user = xmlFile['LOGIN']['BENUTZER']
49. password = xmlFile['LOGIN']['PASSWORT']
50.  
51. for name in request.cookies:
52. #search if the cookie with the user email already exists
53.  
54. value = request.cookies.get('sessionid')
55. if value == hashlib.md5(user.encode('utf')).hexdigest():
56. print('Logged')
57. redirect('/loginPassed.xml', code=302)
58. return 'Welcome back, '+user
59. return LoginError()
60.  
61. #if a post request is made the login file is decoded into a json dictionary
62. #the user email and password sent through the file are checked against the
63. _email and _password constant values
64.  
65. if request.method == 'POST':
66. if user == _email:
67. if password == _password:
68. return LoginPassed(user)
69. return LoginError()
70.  
71.  
72. #if email or password does not match this function will be called
73. # a loginError.xml will be returned
74.  
75. @Server.route('/loginError.xml', methods=['GET', 'POST'])
76. def LoginError():
77. print('Login Failed')
78. redirect('/loginError.xml', code=302)
79. response = make_response(open('LoginError.xml').read())
80. response.headers["Content-type"] = "text/xml"
81. return response
82.  
83. #If login data is correct the app.route delivers the loginPassed.xml file
84. # and creates a new session_id and cookie for the user
85.  
86. @Server.route('/loginPassed.xml', methods=['GET', 'POST'])
87. def LoginPassed(user):
88. print('Loged w success')
89. _cookieExpireOn = 60 #cookie expires in 60 seconds
90. sessionid = hashlib.md5(user.encode('utf')).hexdigest()
91. #generates the session id for the cookie
92. response = make_response(open('LoginPassed.xml').read())
93.  
94. response.headers["SESSION"] = sessionid
95. #includes the session on the header
96. response.set_cookie('sessionid', sessionid, path= '/login',
97. max_age=_cookieExpireOn, secure=False, httponly=True)
98. #creates the session cookie using email
99. return response
100.  
101. #initializes the app
102. if __name__ == '__main__':
103.  
104. Server.run(host='0.0.0.0', port=80)