Fix: Dockerfile and routes error handling

Moved copying .env in dockerfile to avoid cache invalidation. Removed try and except in confirm2fa because it did nothing. Checking if next is None or '' before returning and removed data deletions in route functions.
2023-03-10 18:33:38 -05:00 · 2023-03-10 18:33:38 -05:00 · c72f13d35b
parent 5352537c6d
commit c72f13d35b
3 changed files with 6 additions and 12 deletions
--- a/2
+++ b/2
@ -5,11 +5,11 @@ RUN useradd microblog
 WORKDIR /home/microblog

 COPY requirements.txt requirements.txt
-COPY .env .env
 RUN python -m venv venv
 RUN venv/bin/pip install -r requirements.txt
 RUN venv/bin/pip install gunicorn pymysql cryptography

+COPY .env .env
 COPY app app
 COPY migrations migrations
 COPY microblog.py config.py boot.sh ./
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@ -20,12 +20,6 @@ class Enable2faForm(FlaskForm):
    verification_phone = StringField('Phone', validators=[DataRequired()])
    submit = SubmitField('Enable 2FA')

-    def validate_verification_phone(self, verification_phone):
-        try:
-            return
-        except:
-            print("An exception occurred")
-

 class Disable2faForm(FlaskForm):
    submit = SubmitField('Disable 2FA')
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@ -22,6 +22,8 @@ def login():
            flash(_('Invalid username or password'))
            return redirect(url_for('auth.login'))
        next_page = request.args.get('next')
+        if not next_page or url_parse(next_page).netloc != '':
+            next_page = url_for('main.index')
        if user.two_factor_enabled():
            request_verification_token(user.verification_phone)
            session['username'] = user.username
@ -30,19 +32,16 @@ def login():
                'auth.verify_2fa', next=next_page,
                remember='1' if form.remember_me.data else '0'))
        login_user(user, remember=form.remember_me.data)
-        if not next_page or url_parse(next_page).netloc != '':
-            next_page = url_for('main.index')
        return redirect(next_page)
    return render_template('auth/login.html', title=_('Sign In'), form=form)


-@bp.route('/verify2fa', methods=['GET', 'POST'])
+@bp.route('/verify_2fa', methods=['GET', 'POST'])
 def verify_2fa():
    form = Confirm2faForm()
    if form.validate_on_submit():
        phone = session['phone']
        if check_verification_token(phone, form.token.data):
-            del session['phone']
            if current_user.is_authenticated:
                current_user.verification_phone = phone
                db.session.commit()
@ -50,10 +49,11 @@ def verify_2fa():
                return redirect(url_for('main.index'))
            else:
                username = session['username']
-                del session['username']
                user = User.query.filter_by(username=username).first()
                next_page = request.args.get('next')
                remember = request.args.get('remember', '0') == '1'
+                if not next_page or url_parse(next_page).netloc != '':
+                    next_page = url_for('main.index')
                login_user(user, remember=remember)
                return redirect(next_page)
        form.token.errors.append('Invalid token')