Skip to content

Commit e1b11ae

Browse files
GitTimeraiderGitTimeraider
authored
Create auth.py
1 parent c64300b commit e1b11ae

File tree

1 file changed

+65
-0
lines changed

1 file changed

+65
-0
lines changed

app/auth.py

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
from flask import Blueprint, render_template, redirect, url_for, flash, request
2+
from flask_login import login_user, logout_user, login_required, current_user
3+
from werkzeug.security import generate_password_hash
4+
from app.models import db, User
5+
import pyotp
6+
import qrcode
7+
import io
8+
import base64
9+
10+
auth_bp = Blueprint('auth', __name__)
11+
12+
@auth_bp.route('/login', methods=['GET', 'POST'])
13+
def login():
14+
if request.method == 'POST':
15+
username = request.form.get('username')
16+
password = request.form.get('password')
17+
totp_token = request.form.get('totp_token', '')
18+
19+
user = User.query.filter_by(username=username).first()
20+
21+
if user and user.check_password(password):
22+
if user.totp_enabled and not user.verify_totp(totp_token):
23+
flash('Invalid 2FA token', 'error')
24+
return redirect(url_for('auth.login'))
25+
26+
login_user(user)
27+
return redirect(url_for('main.dashboard'))
28+
29+
flash('Invalid credentials', 'error')
30+
31+
return render_template('login.html')
32+
33+
@auth_bp.route('/logout')
34+
@login_required
35+
def logout():
36+
logout_user()
37+
return redirect(url_for('auth.login'))
38+
39+
@auth_bp.route('/setup-2fa', methods=['GET', 'POST'])
40+
@login_required
41+
def setup_2fa():
42+
if request.method == 'POST':
43+
if 'enable' in request.form:
44+
secret = current_user.generate_totp_secret()
45+
current_user.totp_enabled = True
46+
db.session.commit()
47+
48+
# Generate QR code
49+
qr = qrcode.QRCode(version=1, box_size=10, border=5)
50+
qr.add_data(current_user.get_totp_uri())
51+
qr.make(fit=True)
52+
img = qr.make_image(fill_color="black", back_color="white")
53+
54+
buf = io.BytesIO()
55+
img.save(buf, format='PNG')
56+
qr_code = base64.b64encode(buf.getvalue()).decode()
57+
58+
return {'qr_code': qr_code, 'secret': secret}
59+
60+
elif 'disable' in request.form:
61+
current_user.totp_enabled = False
62+
current_user.totp_secret = None
63+
db.session.commit()
64+
65+
return redirect(url_for('main.dashboard'))

0 commit comments

Comments
 (0)