From 2b849ca0ca4703aeca83176ce03d3a5ab8cedde9 Mon Sep 17 00:00:00 2001
From: piair <piair338@gmail.com>
Date: Sun, 18 Jun 2023 15:55:45 +0200
Subject: [PATCH] implemented different secret and password for each instances

---
 Flask/app.py                         | 44 ++++++++++++++++++----
 Flask/templates/change_password.html | 56 ++++++++++++++++++++++++++++
 2 files changed, 93 insertions(+), 7 deletions(-)
 create mode 100644 Flask/templates/change_password.html

diff --git a/Flask/app.py b/Flask/app.py
index cd83a06..e161620 100644
--- a/Flask/app.py
+++ b/Flask/app.py
@@ -5,12 +5,25 @@ from apscheduler.schedulers.background import BackgroundScheduler
 from apscheduler.triggers.cron import CronTrigger
 from flask_login import LoginManager, UserMixin, login_required, login_user, logout_user 
 import json
-password = "RandomPassword"
-secret = "fe18d16cff64b8124792b8d512cecf90b79c4947707815ecf5c70446fdbc5101"
 
+global password
+with open("./user_data/flask.json", "r") as inFile:
+    data = json.load(inFile)   
+
+password = data["password"]
+secret = data["secret"]
+if secret == "":
+    import secrets
+    secret = secrets.token_hex()
+    with open("./user_data/flask.json", "w") as inFile:
+        data = {
+            "password": password, 
+            "secret": secret
+        }
+        json.dump(data, inFile)   
 
 """
-Automatic start of MsRewards
+#Automatic start of MsRewards
 """
 scheduler = BackgroundScheduler()
 scheduler.start()
@@ -32,15 +45,14 @@ scheduler.add_job(
 
 
 """
-Flask app
+#Flask app
 """
 
 app = Flask(__name__)
 
 """
-Login stuff
+#Login stuff
 """
-# TODO : changer le secret
 # config
 app.config.update(
     SECRET_KEY = secret
@@ -61,12 +73,15 @@ class User(UserMixin):
         return "%d/%s/%s" % (self.id, self.name, self.password)
 
 users = [User(1)]
+
 @app.route("/login/", methods=["GET", "POST"])
 def login():
     if request.method == 'POST':
         if request.form['password'] == password:
             user = User(id)
             login_user(user)
+            if password == "ChangeMe":
+                return(render_template("change_password.html"))
             return(render_template("override.html"))
         else:
             return abort(401)
@@ -74,6 +89,21 @@ def login():
         return(render_template("login.html"))
 
 
+@app.route("/change_password/", methods=["GET", "POST"])
+@login_required
+def change_password():
+    global password
+    if request.method == 'POST':
+        password = request.form["password"]
+        with open("./user_data/flask.json", "w") as inFile:
+            data = {
+                "password": password, 
+                "secret": secret
+            }
+            json.dump(data, inFile)   
+    return(render_template("override.html"))
+    
+
 # handle login failed
 @app.errorhandler(401)
 def page_not_found(e):
@@ -86,7 +116,7 @@ def load_user(userid):
     return User(userid)
 
 """
-end of login stuff
+#end of login stuff
 """
 
 @app.route("/", methods=["post"])
diff --git a/Flask/templates/change_password.html b/Flask/templates/change_password.html
new file mode 100644
index 0000000..9a39f38
--- /dev/null
+++ b/Flask/templates/change_password.html
@@ -0,0 +1,56 @@
+{% extends "base.html" %}
+{% block left_pannel %}
+
+<table>
+    <tr>
+        <td>
+            <button class="unselected" onclick="location.href = '/override';">override</button>
+        </td>
+    </tr>
+    <tr>
+        <td>
+            <button class="unselected" onclick="location.href = '/accounts';">accounts</button>
+        </td>  
+    </tr>
+    <tr>
+        <td>
+            <button class="unselected" onclick="location.href = '/discord';">discord</button>
+        </td>
+    </tr>
+    <tr>
+        <td>
+            <button class="unselected" onclick="location.href = '/database';">database</button>
+        </td>
+    </tr>
+    <tr>
+        <td>
+            <button class="unselected" onclick="location.href = '/proxy';">proxy</button>
+        </td>  
+    </tr>
+    <tr>
+        <td>
+            <button class="unselected" onclick="location.href = '/settings';">settings</button>
+        </td>
+    </tr>
+</table>
+{% endblock %}
+{% block content %}
+
+{%if not current_user.is_authenticated %}
+    <h1>Already logged in</h1>
+{% else %}
+    
+    <form method="post" action="/change_password/">
+        <table>
+            <tr>
+                <td class="comlumn-name">Change password</td>
+                <td><input type="text" name="password"></td>
+            </tr>
+            <tr>
+                <td></td>
+                <td><input type="submit"  name="NewPassword" value="send" class="button"/></td>
+            </tr>
+        </table>
+    </form>
+{% endif %}
+{% endblock %}
\ No newline at end of file