Fix: Dockerfile and routes error handling

Moved copying .env in dockerfile to avoid cache invalidation. Removed
try and except in confirm2fa because it did nothing. Checking if next is
None or '' before returning and removed data deletions in route
functions.

Dockerfile

@@ -5,11 +5,11 @@ RUN useradd microblog
 WORKDIR /home/microblog
 
 COPY requirements.txt requirements.txt
-COPY .env .env
 RUN python -m venv venv
 RUN venv/bin/pip install -r requirements.txt
 RUN venv/bin/pip install gunicorn pymysql cryptography
 
+COPY .env .env
 COPY app app
 COPY migrations migrations
 COPY microblog.py config.py boot.sh ./

app/auth/forms.py

@@ -20,12 +20,6 @@ class Enable2faForm(FlaskForm):
     verification_phone = StringField('Phone', validators=[DataRequired()])
     submit = SubmitField('Enable 2FA')
 
-    def validate_verification_phone(self, verification_phone):
-        try:
-            return
-        except:
-            print("An exception occurred")
-
 
 class Disable2faForm(FlaskForm):
     submit = SubmitField('Disable 2FA')

app/auth/routes.py

@@ -22,6 +22,8 @@ def login():
             flash(_('Invalid username or password'))
             return redirect(url_for('auth.login'))
         next_page = request.args.get('next')
+        if not next_page or url_parse(next_page).netloc != '':
+            next_page = url_for('main.index')
         if user.two_factor_enabled():
             request_verification_token(user.verification_phone)
             session['username'] = user.username
@@ -30,19 +32,16 @@ def login():
                 'auth.verify_2fa', next=next_page,
                 remember='1' if form.remember_me.data else '0'))
         login_user(user, remember=form.remember_me.data)
-        if not next_page or url_parse(next_page).netloc != '':
-            next_page = url_for('main.index')
         return redirect(next_page)
     return render_template('auth/login.html', title=_('Sign In'), form=form)
 
 
-@bp.route('/verify2fa', methods=['GET', 'POST'])
+@bp.route('/verify_2fa', methods=['GET', 'POST'])
 def verify_2fa():
     form = Confirm2faForm()
     if form.validate_on_submit():
         phone = session['phone']
         if check_verification_token(phone, form.token.data):
-            del session['phone']
             if current_user.is_authenticated:
                 current_user.verification_phone = phone
                 db.session.commit()
@@ -50,10 +49,11 @@ def verify_2fa():
                 return redirect(url_for('main.index'))
             else:
                 username = session['username']
-                del session['username']
                 user = User.query.filter_by(username=username).first()
                 next_page = request.args.get('next')
                 remember = request.args.get('remember', '0') == '1'
+                if not next_page or url_parse(next_page).netloc != '':
+                    next_page = url_for('main.index')
                 login_user(user, remember=remember)
                 return redirect(next_page)
         form.token.errors.append('Invalid token')