A Python content management system designed for kirsle.net featuring a blog, comments and photo albums. https://rophako.kirsle.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

136 lines
3.8 KiB

# -*- coding: utf-8 -*-
from __future__ import unicode_literals
"""Endpoints for user login and out."""
from flask import Blueprint, request, redirect, url_for, session, flash
import re
import rophako.model.user as User
from rophako.utils import template
mod = Blueprint("account", __name__, url_prefix="/account")
def index():
return redirect(url_for(".login"))
@mod.route("/login", methods=["GET", "POST"])
def login():
"""Log into an account."""
if request.method == "POST":
username = request.form.get("username", "")
password = request.form.get("password", "")
# Lowercase the username.
username = username.lower()
if User.check_auth(username, password):
# OK!
db = User.get_user(username=username)
session["login"] = True
session["username"] = username
session["uid"] = db["uid"]
session["name"] = db["name"]
session["role"] = db["role"]
# Redirect them to a local page?
url = request.form.get("url", "")
if url.startswith("/"):
return redirect(url)
return redirect(url_for("index"))
flash("Authentication failed.")
return redirect(url_for(".login"))
return template("account/login.html")
def logout():
"""Log out the user."""
session["login"] = False
session["username"] = "guest"
session["uid"] = 0
session["name"] = "Guest"
session["role"] = "user"
flash("You have been signed out.")
return redirect(url_for(".login"))
@mod.route("/setup", methods=["GET", "POST"])
def setup():
"""Initial setup to create the Admin user account."""
# This can't be done if users already exist on the CMS!
if User.exists(uid=1):
flash("This website has already been configured (users already created).")
return redirect(url_for("index"))
if request.method == "POST":
# Submitting the form.
username = request.form.get("username", "")
name = request.form.get("name", "")
pw1 = request.form.get("password1", "")
pw2 = request.form.get("password2", "")
# Default name = username.
if name == "":
name = username
# Lowercase the user.
username = username.lower()
if User.exists(username=username):
flash("That username already exists.")
return redirect(url_for(".setup"))
# Validate the form.
errors = validate_create_form(username, pw1, pw2)
if errors:
for error in errors:
return redirect(url_for(".setup"))
# Create the account.
uid = User.create(
flash("Admin user created! Please log in now.".format(uid))
return redirect(url_for(".login"))
return template("account/setup.html")
def validate_create_form(username, pw1=None, pw2=None, skip_passwd=False):
"""Validate the submission of a create-user form.
Returns a list of error messages if there were errors, otherwise
it returns None."""
errors = list()
if len(username) == 0:
errors.append("You must provide a username.")
if re.search(r'[^A-Za-z0-9-_]', username):
errors.append("Usernames can only contain letters, numbers, dashes or underscores.")
if not skip_passwd:
if len(pw1) < 3:
errors.append("You should use at least 3 characters in your password.")
if pw1 != pw2:
errors.append("Your passwords don't match.")
if len(errors):
return errors
return None