-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathbroken-auth.py
64 lines (51 loc) · 1.81 KB
/
broken-auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
from flask import Flask, render_template, request, redirect, session, url_for
import datetime
app = Flask(__name__, template_folder='templates')
app.secret_key = b'secret_key'
# Simulated user data
users = {
'user1': {'password': 'password1'},
'user2': {'password': 'password2'},
}
# Simulated active sessions
active_sessions = {}
# Add a route for the root URL
@app.route('/')
def index():
return render_template('index.html')
# Route to simulate login
@app.route('/login', methods=['POST'])
def login():
username = request.form.get('username')
password = request.form.get('password')
if username in users and users[username]['password'] == password:
session['username'] = username
active_sessions[username] = datetime.datetime.now()
return redirect(url_for('dashboard'))
return 'Invalid username or password'
# Route to simulate the dashboard
@app.route('/dashboard')
def dashboard():
if 'username' in session:
username = session['username']
active_sessions[username] = datetime.datetime.now()
return f'Welcome, {username}! This is your dashboard.'
return redirect(url_for('login'))
# Route to simulate automatic logout after 5 seconds of inactivity
@app.before_request
def check_session_timeout():
if 'username' in session:
username = session['username']
last_active_time = active_sessions.get(username, datetime.datetime.now())
current_time = datetime.datetime.now()
if (current_time - last_active_time).days > 5000:
del session['username']
return redirect(url_for('login'))
# Route to simulate logout
@app.route('/logout')
def logout():
if 'username' in session:
del session['username']
return redirect(url_for('login'))
if __name__ == '__main__':
app.run(debug=True)