212 lines
7.3 KiB
Python
212 lines
7.3 KiB
Python
import mysql.connector
|
|
import hashlib
|
|
import os
|
|
import json
|
|
import smtplib
|
|
from email.mime.text import MIMEText
|
|
from email.mime.multipart import MIMEMultipart
|
|
from flask import Flask, request, render_template, jsonify, url_for
|
|
|
|
app = Flask(__name__)
|
|
|
|
def get_db_connection():
|
|
script_dir = Path(__file__).resolve().parent
|
|
config_path = script_dir / "../config.json"
|
|
|
|
with open(config_path) as config_file:
|
|
config = json.load(config_file)
|
|
|
|
return mysql.connector.connect(
|
|
host=config["SERVER_IP"],
|
|
user=config["USERNAME"],
|
|
password=config["PASSWORD"],
|
|
database=config["DATABASE"],
|
|
port=config["MYSQL_PORT"]
|
|
)
|
|
|
|
def get_config():
|
|
script_dir = Path(__file__).resolve().parent
|
|
config_path = script_dir / "../config.json"
|
|
|
|
with open(config_path) as config_file:
|
|
return json.load(config_file)
|
|
|
|
@app.route('/resetpassword')
|
|
def reset_password():
|
|
return render_template('resetpassword.html')
|
|
|
|
@app.route('/reset_password', methods=['POST'])
|
|
def handle_reset_password():
|
|
data = request.json
|
|
email = data.get('email')
|
|
|
|
if not email:
|
|
return jsonify({'success': False, 'message': 'Email is required.'}), 400
|
|
|
|
conn = get_db_connection()
|
|
cursor = conn.cursor(dictionary=True)
|
|
|
|
try:
|
|
cursor.execute("SELECT id FROM account WHERE email = %s", (email,))
|
|
account = cursor.fetchone()
|
|
|
|
if not account:
|
|
return jsonify({'success': False, 'message': 'Email not found.'}), 404
|
|
|
|
token = os.urandom(24).hex()
|
|
|
|
cursor.execute(
|
|
"INSERT INTO password_reset_tokens (account_id, token) VALUES (%s, %s)",
|
|
(account['id'], token)
|
|
)
|
|
conn.commit()
|
|
|
|
reset_link = url_for('reset_password_token', token=token, _external=True)
|
|
disable_link = url_for('disable_token', token=token, email=email, _external=True)
|
|
|
|
send_email(email, reset_link, disable_link, 'Azerothcore Password Reset Request')
|
|
|
|
return jsonify({'success': True, 'message': 'Password reset link has been sent to your email.'})
|
|
|
|
except mysql.connector.Error as err:
|
|
return jsonify({'success': False, 'message': str(err)}), 500
|
|
|
|
finally:
|
|
cursor.close()
|
|
conn.close()
|
|
|
|
def send_email(to_email, reset_link, disable_link, subject):
|
|
config = get_config()
|
|
from_email = config["SMTP_EMAIL_ADDRESS"]
|
|
from_password = config["SMTP_EMAIL_PASSWORD"]
|
|
|
|
msg = MIMEMultipart('alternative')
|
|
msg['From'] = from_email
|
|
msg['To'] = to_email
|
|
msg['Subject'] = subject
|
|
|
|
text_content = f'Click the link to reset your password: {reset_link}'
|
|
html_content = f"""
|
|
<html>
|
|
<body style="font-family: Arial, sans-serif; background-color: #f4f4f4; padding: 20px;">
|
|
<div style="max-width: 600px; margin: 0 auto; background: white; padding: 20px; border-radius: 10px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1);">
|
|
<h2 style="color: #333;">Password Reset Request</h2>
|
|
<p>Click the button below to reset your password:</p>
|
|
<a href="{reset_link}" style="display: inline-block; padding: 10px 20px; font-size: 16px; text-transform: uppercase; font-weight: bold; color: white; background-color: #007bff; text-decoration: none; border-radius: 5px;">Reset Password</a>
|
|
<p>If you did not request this email, click the button below to disable the token:</p>
|
|
<a href="{disable_link}" style="display: inline-block; padding: 10px 20px; font-size: 16px; text-transform: uppercase; font-weight: bold; color: white; background-color: #ff0000; text-decoration: none; border-radius: 5px;">Disable Token</a>
|
|
<p style="color: #999; margin-top: 20px;">If you have any questions, feel free to contact our support team.</p>
|
|
</div>
|
|
</body>
|
|
</html>
|
|
"""
|
|
|
|
part1 = MIMEText(text_content, 'plain')
|
|
part2 = MIMEText(html_content, 'html')
|
|
|
|
msg.attach(part1)
|
|
msg.attach(part2)
|
|
|
|
try:
|
|
with smtplib.SMTP('smtp.gmail.com', 587) as server:
|
|
server.starttls()
|
|
server.login(from_email, from_password)
|
|
server.sendmail(from_email, to_email, msg.as_string())
|
|
return True
|
|
except Exception as e:
|
|
print(f"Failed to send email: {e}")
|
|
return False
|
|
|
|
@app.route('/disable_token', methods=['GET'])
|
|
def disable_token():
|
|
token = request.args.get('token')
|
|
email = request.args.get('email')
|
|
|
|
if not token or not email:
|
|
return jsonify({'message': 'Invalid request.'}), 400
|
|
|
|
conn = get_db_connection()
|
|
cursor = conn.cursor()
|
|
|
|
try:
|
|
cursor.execute("DELETE FROM password_reset_tokens WHERE token = %s AND email = %s", (token, email))
|
|
conn.commit()
|
|
|
|
if cursor.rowcount == 0:
|
|
return jsonify({'message': 'Token not found or already disabled.'}), 404
|
|
|
|
return jsonify({'message': 'Token disabled successfully.'}), 200
|
|
|
|
except mysql.connector.Error as err:
|
|
return jsonify({'message': str(err)}), 500
|
|
|
|
finally:
|
|
cursor.close()
|
|
conn.close()
|
|
|
|
@app.route('/reset_password/<token>', methods=['GET', 'POST'])
|
|
def reset_password_token(token):
|
|
if request.method == 'POST':
|
|
data = request.form
|
|
password = data.get('password')
|
|
confirm_password = data.get('confirm_password')
|
|
|
|
if not password or not confirm_password:
|
|
return render_template('resetpassword.html', message='All fields are required.')
|
|
|
|
if password != confirm_password:
|
|
return render_template('resetpassword.html', message='Passwords do not match.')
|
|
|
|
conn = get_db_connection()
|
|
cursor = conn.cursor()
|
|
|
|
try:
|
|
cursor.execute("SELECT account_id FROM password_reset_tokens WHERE token = %s", (token,))
|
|
result = cursor.fetchone()
|
|
|
|
if not result:
|
|
return render_template('resetpassword.html', message='Invalid or expired token.')
|
|
|
|
account_id = result[0]
|
|
salt = os.urandom(32)
|
|
verifier = calculate_verifier("USERNAME", password, salt) # Update USERNAME appropriately
|
|
|
|
cursor.execute(
|
|
"UPDATE account SET salt = %s, verifier = %s WHERE id = %s",
|
|
(salt, verifier, account_id)
|
|
)
|
|
conn.commit()
|
|
|
|
cursor.execute("DELETE FROM password_reset_tokens WHERE token = %s", (token,))
|
|
conn.commit()
|
|
|
|
return redirect(url_for('success'))
|
|
|
|
finally:
|
|
cursor.close()
|
|
conn.close()
|
|
|
|
return render_template('resetpassword.html')
|
|
|
|
@app.route('/success')
|
|
def success():
|
|
return render_template('success.html')
|
|
|
|
def calculate_verifier(username, password, salt):
|
|
g = 7
|
|
N = int("894B645E89E1535BBDAD5B8B290650530801B18EBFBF5E8FAB3C82872A3E9BB7", 16)
|
|
|
|
username = username.upper()
|
|
password = password.upper()
|
|
|
|
h1 = hashlib.sha1(f"{username}:{password}".encode()).digest()
|
|
h2 = hashlib.sha1(salt + h1).digest()
|
|
|
|
h2_int = int.from_bytes(h2, 'little')
|
|
verifier_int = pow(g, h2_int, N)
|
|
|
|
verifier = verifier_int.to_bytes((verifier_int.bit_length() + 7) // 8, 'little')
|
|
return verifier
|
|
|
|
if __name__ == '__main__':
|
|
app.run(debug=True)
|