2016-11-07 23:57:07 +01:00
|
|
|
# imports
|
2016-11-10 20:25:23 +01:00
|
|
|
|
2016-11-07 23:57:07 +01:00
|
|
|
import requests
|
2016-11-10 20:25:23 +01:00
|
|
|
from configparser import ConfigParser
|
2016-11-07 23:57:07 +01:00
|
|
|
from bottle import route, run, template, error, get, \
|
|
|
|
post, request, response, redirect, \
|
|
|
|
static_file
|
|
|
|
|
|
|
|
|
2016-11-10 20:25:23 +01:00
|
|
|
# config
|
|
|
|
|
|
|
|
configfile = "app.conf"
|
|
|
|
config = ConfigParser()
|
|
|
|
config.read(configfile)
|
|
|
|
|
|
|
|
if config['DEFAULT']['miab_admin']:
|
|
|
|
miab_admin = config['DEFAULT']['miab_admin']
|
|
|
|
else:
|
|
|
|
miab_admin = "norealadmin@domain.ltd"
|
|
|
|
|
|
|
|
if config['DEFAULT']['miab_passwd']:
|
|
|
|
miab_passwd = config['DEFAULT']['miab_passwd']
|
|
|
|
else:
|
|
|
|
miab_passwd = "norealpassword"
|
|
|
|
|
|
|
|
if config['DEFAULT']['miab_url']:
|
|
|
|
miab_url = config['DEFAULT']['miab_url']
|
|
|
|
else:
|
|
|
|
miab_url = "https://norealmiab.domain.tld"
|
|
|
|
|
|
|
|
if config['DEFAULT']['app_name']:
|
|
|
|
app_name = config['DEFAULT']['app_name']
|
|
|
|
else:
|
|
|
|
app_name = "Accounts"
|
|
|
|
|
|
|
|
if config['DEFAULT']['static_files']:
|
|
|
|
static_files = config['DEFAULT']['static_files']
|
|
|
|
else:
|
|
|
|
static_files = "static"
|
|
|
|
|
|
|
|
if config['DEFAULT']['cookie_secret']:
|
|
|
|
cookie_secret = config['DEFAULT']['cookie_secret']
|
|
|
|
else:
|
|
|
|
cookie_secret = "norealsecretDTR46SNI2390LGFsnDTRLASED2309h"
|
|
|
|
|
|
|
|
if config['DEFAULT']['cookie_max_age']:
|
|
|
|
cookie_max_age = int(config['DEFAULT']['cookie_max_age'])
|
|
|
|
else:
|
|
|
|
cookie_max_age=1800
|
|
|
|
|
|
|
|
if config['DEFAULT']['cookie_name']:
|
|
|
|
cookie_name = config['DEFAULT']['cookie_name']
|
|
|
|
else:
|
|
|
|
cookie_name = "accounts"
|
|
|
|
|
2016-11-07 23:57:07 +01:00
|
|
|
|
|
|
|
# functions
|
|
|
|
|
|
|
|
# verify session
|
|
|
|
# if valid we return the username
|
|
|
|
def logged_in():
|
|
|
|
#read remote cookie
|
2016-11-09 00:17:30 +01:00
|
|
|
username = request.get_cookie(cookie_name, secret=cookie_secret)
|
2016-11-07 23:57:07 +01:00
|
|
|
if username:
|
|
|
|
return username
|
|
|
|
else:
|
|
|
|
return False
|
|
|
|
|
|
|
|
# do actual authentication against Mail-in-a-box
|
|
|
|
def miab_auth(username, password):
|
|
|
|
#authenticate against miab api
|
|
|
|
a = requests.get(miab_url + "/mail/users", auth=(username, password))
|
|
|
|
# if valid set cookie and return True
|
|
|
|
if a.text == 'You are not an administrator.\n' or a.status_code == 200:
|
2016-11-09 00:17:30 +01:00
|
|
|
response.set_cookie(cookie_name, username, secret=cookie_secret, max_age=cookie_max_age)
|
2016-11-07 23:57:07 +01:00
|
|
|
return True
|
|
|
|
else:
|
|
|
|
#or False
|
|
|
|
return False
|
|
|
|
|
2016-11-09 00:17:30 +01:00
|
|
|
# change password for Mail-in-a-box
|
|
|
|
def miab_password(username, password):
|
|
|
|
return True
|
|
|
|
|
2016-11-07 23:57:07 +01:00
|
|
|
|
|
|
|
# routing
|
|
|
|
|
|
|
|
@get('/')
|
|
|
|
def home():
|
|
|
|
username = logged_in()
|
2016-11-09 00:17:30 +01:00
|
|
|
message = request.get_cookie(cookie_name + "_message", secret=cookie_secret)
|
2016-11-07 23:57:07 +01:00
|
|
|
if username:
|
|
|
|
# render homepage
|
2016-11-09 00:17:30 +01:00
|
|
|
return template('default', username=username, app_name=app_name, message=message)
|
2016-11-07 23:57:07 +01:00
|
|
|
else:
|
|
|
|
redirect('/login')
|
|
|
|
|
|
|
|
@get('/login')
|
|
|
|
@get('/login/')
|
|
|
|
def login():
|
|
|
|
if logged_in():
|
|
|
|
redirect('/')
|
|
|
|
else:
|
|
|
|
#render login page
|
2016-11-10 00:43:06 +01:00
|
|
|
message = request.get_cookie(cookie_name + "_message", secret=cookie_secret)
|
|
|
|
return template('login', app_name=app_name, cookie_max_age=cookie_max_age, message=message)
|
2016-11-07 23:57:07 +01:00
|
|
|
|
|
|
|
# get login credentials
|
|
|
|
@post('/login')
|
|
|
|
def post_login():
|
|
|
|
username = request.forms.get('username')
|
|
|
|
password = request.forms.get('password')
|
|
|
|
if miab_auth(username, password):
|
2016-11-10 00:43:06 +01:00
|
|
|
message = { "message": "You have logged in successfully", "alert": "success" }
|
2016-11-09 00:17:30 +01:00
|
|
|
response.set_cookie(cookie_name + "_message", message, secret=cookie_secret, max_age=5)
|
2016-11-07 23:57:07 +01:00
|
|
|
redirect('/')
|
|
|
|
else:
|
|
|
|
redirect('/login')
|
|
|
|
|
|
|
|
# delete cookie
|
|
|
|
@get('/logout')
|
|
|
|
@get('/logout/')
|
|
|
|
def logout():
|
2016-11-09 00:17:30 +01:00
|
|
|
if logged_in():
|
|
|
|
response.delete_cookie(cookie_name)
|
2016-11-10 00:43:06 +01:00
|
|
|
message = { "message": "You have logged out successfully", "alert": "success" }
|
|
|
|
response.set_cookie(cookie_name + "_message", message, secret=cookie_secret, max_age=5)
|
2016-11-09 00:17:30 +01:00
|
|
|
redirect('/')
|
|
|
|
else:
|
|
|
|
redirect('/')
|
2016-11-07 23:57:07 +01:00
|
|
|
|
2016-11-09 00:17:30 +01:00
|
|
|
# serve static files
|
2016-11-07 23:57:07 +01:00
|
|
|
@get('/static/<filename:path>')
|
|
|
|
def send_static(filename):
|
|
|
|
return static_file(filename, root=static_files)
|
|
|
|
|
2016-11-09 00:17:30 +01:00
|
|
|
# change account password
|
|
|
|
@post('/password')
|
|
|
|
def post_password():
|
|
|
|
username = logged_in()
|
|
|
|
if username:
|
|
|
|
oldpassword = request.forms.get('oldpassword')
|
|
|
|
newpassword = request.forms.get('newpassword')
|
|
|
|
if miab_auth(username, oldpassword):
|
|
|
|
data = { "email": username, }
|
|
|
|
r = requests.post(miab_url + "/mail/users/remove", data=data, auth=(miab_admin, miab_passwd))
|
|
|
|
data = { "email": username, "password": newpassword }
|
|
|
|
a = requests.post(miab_url + "/mail/users/add", data=data, auth=(miab_admin, miab_passwd))
|
|
|
|
if r.status_code == 200 and a.status_code == 200:
|
2016-11-10 00:43:06 +01:00
|
|
|
message = { "message": "Your password has been changed successfully", "alert": "success" }
|
2016-11-09 00:17:30 +01:00
|
|
|
response.set_cookie(cookie_name + "_message", message, secret=cookie_secret, max_age=5)
|
|
|
|
redirect('/')
|
|
|
|
else:
|
2016-11-10 00:43:06 +01:00
|
|
|
message = { "message": "Something went wrong while changing your password", "alert": "danger" }
|
2016-11-09 00:17:30 +01:00
|
|
|
response.set_cookie(cookie_name + "_message", message, secret=cookie_secret, max_age=5)
|
|
|
|
redirect('/')
|
|
|
|
else:
|
2016-11-10 00:43:06 +01:00
|
|
|
message = { "message": "Your supplied password is wrong", "alert": "danger" }
|
2016-11-09 00:17:30 +01:00
|
|
|
response.set_cookie(cookie_name + "_message", message, secret=cookie_secret, max_age=5)
|
|
|
|
redirect('/')
|
|
|
|
else:
|
|
|
|
redirect('/login')
|
|
|
|
|
|
|
|
|
|
|
|
#@post('/delete')
|
|
|
|
#def delete_account():
|
|
|
|
# username = logged_in()
|
|
|
|
# password = #from form
|
|
|
|
# if miab_auth(username, password):
|
|
|
|
# #do the actual delete
|
|
|
|
# else:
|
|
|
|
# #render default and send flash error message
|
|
|
|
|
|
|
|
#@post('/alias/add')
|
|
|
|
#def add_alias():
|
|
|
|
# pass
|
|
|
|
|
|
|
|
#@post('/alias/delete')
|
|
|
|
#def delete_alias():
|
|
|
|
# pass
|
|
|
|
|
|
|
|
|
2016-11-07 23:57:07 +01:00
|
|
|
|
|
|
|
# run development webserver
|
|
|
|
run(host='localhost', port=8000, debug=True, reloader=True)
|
|
|
|
|
|
|
|
# run prod server
|
|
|
|
#run(host='localhost', port=8000)
|