From 6f6ff87a858773c5cef83951f3e501c39fb9281b Mon Sep 17 00:00:00 2001
From: trinkey <owreaser@gmail.com>
Date: Mon, 23 Dec 2024 13:22:07 -0500
Subject: [PATCH] aurhg

---
 config.py                          |  2 --
 tauth/migrations/0001_initial.py   |  2 +-
 tauth/models.py                    |  2 +-
 tauth/templates/index.html         |  4 +++-
 tauth/templates/noauth/signup.html |  5 ++--
 tauth/urls.py                      |  8 +++++--
 tauth/views/__init__.py            |  5 ++--
 tauth/views/api.py                 | 35 ++++++++++++++++++++++++++--
 tauth/views/templates.py           | 37 ++++++++++++++++++++++--------
 9 files changed, 78 insertions(+), 22 deletions(-)

diff --git a/config.py b/config.py
index d46a695..a495f42 100644
--- a/config.py
+++ b/config.py
@@ -1,4 +1,2 @@
-ALLOW_NEW_USERS = True
-
 tCOMMON_URL_INTERNAL = "http://localhost:8888"
 tCOMMON_TOKEN = "Secret tCommon-specific token"
diff --git a/tauth/migrations/0001_initial.py b/tauth/migrations/0001_initial.py
index a441369..a6fdbf2 100644
--- a/tauth/migrations/0001_initial.py
+++ b/tauth/migrations/0001_initial.py
@@ -15,7 +15,7 @@ class Migration(migrations.Migration):
 
     operations = [
         migrations.CreateModel(
-            name='TUser',
+            name='tUser',
             fields=[
                 ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, serialize=False, to=settings.AUTH_USER_MODEL)),
             ],
diff --git a/tauth/models.py b/tauth/models.py
index 11542d8..fc1cb2a 100644
--- a/tauth/models.py
+++ b/tauth/models.py
@@ -2,5 +2,5 @@ from django.contrib.auth.models import User
 from django.db import models
 
 
-class TUser(models.Model):
+class tUser(models.Model):
     user = models.OneToOneField(User, on_delete=models.CASCADE, primary_key=True)
diff --git a/tauth/templates/index.html b/tauth/templates/index.html
index 67b627c..9d6cbc8 100644
--- a/tauth/templates/index.html
+++ b/tauth/templates/index.html
@@ -1,10 +1,12 @@
 {% extends "base.html" %}
 
 {% block body %}
-  <h1>Welcome back, {{ username }}!</h1>
+  <h1>Hey there, {{ username }}!</h1>
   <hr>
   <p>Available services:</p>
   <ul class="left inline-block no-margin">
     {% if config.services.message %}<li><a href="{{ config.services.message.url.pub }}{{ login_token }}">tMessage</a></li>{% endif %}
   </ul>
+  <hr class="sub">
+  <small><a href="/logout/">Log out</a></small>
 {% endblock %}
diff --git a/tauth/templates/noauth/signup.html b/tauth/templates/noauth/signup.html
index 6cfeea5..e636e11 100644
--- a/tauth/templates/noauth/signup.html
+++ b/tauth/templates/noauth/signup.html
@@ -2,10 +2,10 @@
 
 {% block body %}
   <h1>Sign Up</h1>
-  {{ error }}
+  <div id="error">{{ error }}</div>
   <hr>
   <p>
-    <form method="POST">
+    <form method="POST" onsubmit="if (document.getElementById('password').value !== document.getElementById('confirm').value) {event.preventDefault(); document.getElementById('error').innerText = 'Passwords don\'t match!';}">
       {% csrf_token %}
       <p>
         <div><input name="username" id="username" required type="text" pattern="[a-z0-9A-Z_][a-z0-9A-Z_\-]{0,28}[a-z0-9A-Z_]" maxlength="30" placeholder="Username"></div>
@@ -28,6 +28,7 @@
           </ul>
         </small></label>
       </p>
+      <p><div><input id="confirm" required type="password" placeholder="Confirm password" maxlength="100"></div></p>
       <p><input type="submit" value="Sign Up"></p>
       <p><a href="/login/{{ login_extra }}">Already have an account?</a></p>
     </form>
diff --git a/tauth/urls.py b/tauth/urls.py
index 0f2a3c0..d52a48b 100644
--- a/tauth/urls.py
+++ b/tauth/urls.py
@@ -1,13 +1,17 @@
 from django.contrib import admin
 from django.urls import path
 
-from .views import index, is_logged_in, login, redirect, signup
+from .views import (auth, get_username, index, login, logout, redirect, signup,
+                    username_exists)
 
 urlpatterns = [
     path("", index),
     path("login/", login),
     path("signup/", signup),
+    path("logout/", logout),
+    path("auth/", auth),
     path("redirect/", redirect),
-    path("api/authenticated/", is_logged_in),
+    path("api/authenticated/", get_username),
+    path("api/username/", username_exists),
     path("django-admin/", admin.site.urls)
 ]
diff --git a/tauth/views/__init__.py b/tauth/views/__init__.py
index a19f9ba..61bbed8 100644
--- a/tauth/views/__init__.py
+++ b/tauth/views/__init__.py
@@ -1,2 +1,3 @@
-from .api import is_logged_in  # noqa: F401
-from .templates import index, login, redirect, signup  # noqa: F401
+from .api import get_username, username_exists  # noqa: F401
+from .templates import (auth, index, login, logout, redirect,  # noqa: F401
+                        signup)
diff --git a/tauth/views/api.py b/tauth/views/api.py
index ad63615..2f48f77 100644
--- a/tauth/views/api.py
+++ b/tauth/views/api.py
@@ -1,18 +1,21 @@
 import json
 
+from django.contrib.auth.models import User
 from django.core.handlers.wsgi import WSGIRequest
 from django.http import HttpResponse
 
 from tauth.settings import config
 
 
-def is_logged_in(request: WSGIRequest) -> HttpResponse:
+def get_username(request: WSGIRequest) -> HttpResponse:
     try:
         if request.GET.get("token") == config["services"][request.GET.get("service")]["token"]:
+            authenticated = request.user.is_authenticated
             return HttpResponse(
                 json.dumps({
                     "success": True,
-                    "auth": request.user.is_authenticated
+                    "authenticated": authenticated,
+                    "username": request.user.get_username() if authenticated else None
                 }),
                 content_type="application/json"
             )
@@ -26,3 +29,31 @@ def is_logged_in(request: WSGIRequest) -> HttpResponse:
         content_type="application/json",
         status=401
     )
+
+def username_exists(request: WSGIRequest) -> HttpResponse:
+    try:
+        if request.GET.get("token") == config["services"][request.GET.get("service")]["token"]:
+            exists = True
+            try:
+                User.objects.get(username=request.GET.get("username"))
+            except User.DoesNotExist:
+                exists = False
+
+            return HttpResponse(
+                json.dumps({
+                    "success": True,
+                    "exists": exists
+                }),
+                content_type="application/json"
+            )
+
+    except KeyError:
+        ...
+
+    return HttpResponse(
+        json.dumps({
+            "success": False
+        }),
+        content_type="application/json",
+        status=401
+    )
diff --git a/tauth/views/templates.py b/tauth/views/templates.py
index dc0a1dd..18c45bd 100644
--- a/tauth/views/templates.py
+++ b/tauth/views/templates.py
@@ -1,4 +1,5 @@
 import re
+from datetime import datetime
 
 from django.contrib.auth import authenticate
 from django.contrib.auth import login as set_auth
@@ -7,13 +8,21 @@ from django.contrib.auth.models import User
 from django.core.handlers.wsgi import WSGIRequest
 from django.http import HttpResponse, HttpResponseRedirect
 
-from config import ALLOW_NEW_USERS
-from tauth.models import TUser
+from tauth.models import tUser
 from tauth.settings import config
 
 from .helper import render_template
 
 
+def auth(request: WSGIRequest) -> HttpResponseRedirect:
+    resp = HttpResponseRedirect("/")
+    if "remove" in request.GET:
+        resp.set_cookie("sessionid", "", max_age=0, expires=datetime(0, 0, 0))
+    else:
+        resp.set_cookie("sessionid", request.GET.get("sessionid") or "")
+
+    return resp
+
 def index(request: WSGIRequest) -> HttpResponse:
     if request.user.is_authenticated:
         return render_template(
@@ -23,14 +32,14 @@ def index(request: WSGIRequest) -> HttpResponse:
 
     return render_template(
         request, "noauth/index.html",
-        new_users=ALLOW_NEW_USERS
+        new_users=config["new_users"]
     )
 
 def signup(request: WSGIRequest) -> HttpResponse:
     if request.user.is_authenticated:
         return HttpResponseRedirect("/")
 
-    if ALLOW_NEW_USERS:
+    if config["new_users"]:
         if request.method == "POST":
             username = (request.POST.get("username") or "").lower().strip()
             password = (request.POST.get("password") or "")
@@ -42,6 +51,9 @@ def signup(request: WSGIRequest) -> HttpResponse:
             elif len(password) < 6 or len(password) > 100 or not (any([i.isalpha() for i in password]) and any([i.isnumeric() for i in password]) and any([not i.isalnum() for i in password])):
                 error = "Invalid password"
 
+            elif username.lower() in password.lower():
+                error = "Password can't contain username"
+
             else:
                 try:
                     u = User.objects.create_user(
@@ -51,7 +63,7 @@ def signup(request: WSGIRequest) -> HttpResponse:
                 except User.DoesNotExist:
                     error = "Username already in use"
                 else:
-                    TUser.objects.create(user=u)
+                    tUser.objects.create(user=u)
                     set_auth(request, u)
                     to = request.GET.get("to")
 
@@ -103,7 +115,7 @@ def login(request: WSGIRequest) -> HttpResponse:
             return render_template(
                 request, "noauth/login.html",
                 title="Log In",
-                new_users=ALLOW_NEW_USERS,
+                new_users=config["new_users"],
                 error="Username or password is incorrect",
                 login_extra=f"?to={request.GET.get('to')}" if "to" in request.GET else "",
                 repopulate={
@@ -123,16 +135,23 @@ def login(request: WSGIRequest) -> HttpResponse:
     return render_template(
         request, "noauth/login.html",
         title="Log In",
-        new_users=ALLOW_NEW_USERS,
+        new_users=config["new_users"],
         login_extra=f"?to={request.GET.get('to')}" if "to" in request.GET else ""
     )
 
 def redirect(request: WSGIRequest) -> HttpResponseRedirect:
     to = request.GET.get("to")
 
-    print(request.COOKIES)
-
     if to and to in config["services"] and config["services"][to]:
         return HttpResponseRedirect(config["services"][to]["url"]["pub"] + (f"/auth/?sessionid={request.COOKIES.get('sessionid')}" if "reauth" in request.GET else ""))
 
     return HttpResponseRedirect("/")
+
+def logout(request: WSGIRequest) -> HttpResponseRedirect:
+    remove_auth(request)
+    to = request.GET.get("to")
+
+    if to and to in config["services"] and config["services"][to]:
+        return HttpResponseRedirect(config["services"][to]["url"]["pub"] + "/auth/?remove")
+
+    return HttpResponseRedirect("/")