7 files changed, 86 insertions, 18 deletions

diff --git a/app.py b/app.py
index 1bf035f..c43f0be 100644
--- a/app.py
+++ b/app.py
@@ -1,8 +1,7 @@
 # -*- coding: utf-8 -*-
 import os
-from flask import Flask, request
-from flask_login import login_required, login_user, logout_user
-from utils import templated, login_manager
+from flask import Flask, request, redirect, url_for, flash, session
+from utils import templated, login_required, encrypt_password, decrypt_password, login_user, logout_user
 from forms import RegisterForm, LoginForm
 
 
@@ -10,7 +9,6 @@ app = Flask(__name__)
 app.config.from_object('default_settings')
 if 'SPLINE_ACCOUNT_WEB_SETTINGS' in os.environ:
     app.config.from_envvar('SPLINE_ACCOUNT_WEB_SETTINGS')
-login_manager.setup_app(app)
 
 
 @app.route('/', methods=['GET', 'POST'])
@@ -18,8 +16,11 @@ login_manager.setup_app(app)
 def index():
     form = LoginForm(request.form)
     if request.method == 'POST' and form.validate():
-        login_user(form.username.data)
-        return redirect(url_for('index'))
+        if login_user(form.username.data, form.password.data):
+            flash(u'Erfolgreich eingeloggt (%s)' % session['username'])
+            return redirect(url_for('index'))
+        else:
+            flash(u'Ungültiger Benutzername und/oder Passwort', 'error')
 
     return {'form': form}
 
@@ -45,13 +46,14 @@ def settings():
 
 
 @app.route('/logout')
-@login_required
 def logout():
     logout_user()
     return redirect(url_for('index'))
 
 
-
+@app.route('/debug')
+def debug():
+    raise Exception()
 
 
 if __name__ == '__main__':
diff --git a/default_settings.py b/default_settings.py
index bcd641a..61b0dee 100644
--- a/default_settings.py
+++ b/default_settings.py
@@ -1 +1,4 @@
 SECRET_KEY = 'remember to change this to something more random and private'
+
+# CHANGE THIS! (e.g. os.urandom(32) )
+PASSWORD_ENCRYPTION_KEY = '.\x14\xa7\x1b\xa2:\x1b\xb7\xbck\x1bD w\xab\x87a\xb4\xb7\xca\xf1\x06\xb0\x9f?q\x13\x05\x8dY\xe5<'
diff --git a/requirements.txt b/requirements.txt
index 1e537a1..327efd6 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,2 @@
 Flask==0.6
 python-ldap
-Flask-Login
diff --git a/templates/base.html b/templates/base.html
index 6e4e403..decff78 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -12,7 +12,27 @@
     {%- endfor %}
   </head>
   <body>
+
     <h1>{% if title %}{{ title }}{% else %}spline accounts{% endif %}</h1>
+
+    {%- if session.username %}
+    <p>Logged in as {{ session.username }}. <a href="{{ url_for('logout') }}">Log out</a></p>
+    {%- else %}
+    <p>Not logged in. <a href="{{ url_for('index') }}">Log in</a></p>
+    {%- endif %}
+
+    {% with messages = get_flashed_messages() %}
+      {% if messages %}
+        <ul class=flashes>
+        {% for message in messages %}
+          <li>{{ message }}</li>
+        {% endfor %}
+        </ul>
+      {% endif %}
+    {% endwith %}
+
     {% block content %}{% endblock %}
+
+    <pre>{{ session.__repr__() }}</pre>
   </body>
 </html>
diff --git a/templates/index.html b/templates/index.html
index 74ffb6b..cb9c238 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -2,10 +2,14 @@
 {%- from '_macros.html' import render_field %}
 {%- block content %}
 <p>Willkommen bei <strong>spline accounts</strong>!</p>
+{%- if session.username %}
+<p>Hallo {{ session.username }}. <a href="{{ url_for('settings') }}">Einstellungen</a></p>
+{%- else %}
 <p><a href="/register">Account erstellen</a></p>
 <form action="" method="post">
   {{ render_field(form.username) }}
   {{ render_field(form.password) }}
   <input type="submit" value="Login" />
 </form>
+{%- endif %}
 {%- endblock %}
diff --git a/templates/login.html b/templates/login.html
deleted file mode 100644
index e69de29..0000000
--- a/templates/login.html
+++ /dev/null
diff --git a/utils.py b/utils.py
index 56d1f89..a252d61 100644
--- a/utils.py
+++ b/utils.py
@@ -1,7 +1,9 @@
 # -*- coding: utf-8 -*-
 from functools import wraps
-from flask import request, render_template
-from flask_login import LoginManager, UserMixin
+from flask import request, render_template, session
+from random import randint
+from Crypto.Cipher import AES
+
 
 # from http://flask.pocoo.org/docs/patterns/viewdecorators/#templating-decorator
 def templated(template=None):
@@ -21,13 +23,51 @@ def templated(template=None):
         return decorated_function
     return decorator
 
-login_manager = LoginManager()
-@login_manager.user_loader
-def load_user(username):
-    raise NotImplemented()
 
+def login_user(username, password):
+#    if not ldap_bind():
+#        return False
+
+    session['username'] = username
+    session['password'] = encrypt_password(password)
+
+    #ldap_unbind()
+
+    return True
+
+
+def logout_user():
+    session.pop('username', None)
+    session.pop('password', None)
+
+
+def pad(s, numbytes=32, padding='\0'):
+    return s + (numbytes - len(s) % numbytes) * padding
+
+def encrypt_password(password):
+    """
+    Encrypt the given password with `config.PASSWORD_ENCRYPTION_KEY`.
+    The key must be 32 bytes long.
+    """
+    assert len(app.config['PASSWORD_ENCRYPTION_KEY']) == 32
+
+    iv = ''.join(chr(randint(0, 0xff)) for i in range(16))
+    encryptor = AES.new(app.config['PASSWORD_ENCRYPTION_KEY'], AES.MODE_CBC, iv)
+    return iv + encryptor.encrypt(pad(password))
+
+def decrypt_password(ciphertext):
+    """
+    Decrypt the given password with `config.PASSWORD_ENCRYPTION_KEY`.
+    """
+    iv = ciphertext[:16]
+    encryptor = AES.new(app.config['PASSWORD_ENCRYPTION_KEY'], AES.MODE_CBC, iv)
+    return encryptor.decrypt(ciphertext[16:]).rstrip('\0')
+
+
+def login_required(func):
+    #TODO
+    return func
 
-class User(UserMixin):
-    def __init__(self, username):
-        self.username = username
 
+# circular import
+from app import app