137 řádky
3.8 KiB
Python
137 řádky
3.8 KiB
Python
# -*- coding: utf-8 -*-
|
|
from __future__ import unicode_literals
|
|
|
|
"""Endpoints for user login and out."""
|
|
|
|
from flask import Blueprint, request, redirect, url_for, session, flash
|
|
import re
|
|
|
|
import rophako.model.user as User
|
|
from rophako.utils import template
|
|
|
|
mod = Blueprint("account", __name__, url_prefix="/account")
|
|
|
|
@mod.route("/")
|
|
def index():
|
|
return redirect(url_for(".login"))
|
|
|
|
|
|
@mod.route("/login", methods=["GET", "POST"])
|
|
def login():
|
|
"""Log into an account."""
|
|
|
|
if request.method == "POST":
|
|
username = request.form.get("username", "")
|
|
password = request.form.get("password", "")
|
|
|
|
# Lowercase the username.
|
|
username = username.lower()
|
|
|
|
if User.check_auth(username, password):
|
|
# OK!
|
|
db = User.get_user(username=username)
|
|
session["login"] = True
|
|
session["username"] = username
|
|
session["uid"] = db["uid"]
|
|
session["name"] = db["name"]
|
|
session["role"] = db["role"]
|
|
|
|
# Redirect them to a local page?
|
|
url = request.form.get("url", "")
|
|
if url.startswith("/"):
|
|
return redirect(url)
|
|
|
|
return redirect(url_for("index"))
|
|
else:
|
|
flash("Authentication failed.")
|
|
return redirect(url_for(".login"))
|
|
|
|
return template("account/login.html")
|
|
|
|
|
|
@mod.route("/logout")
|
|
def logout():
|
|
"""Log out the user."""
|
|
session["login"] = False
|
|
session["username"] = "guest"
|
|
session["uid"] = 0
|
|
session["name"] = "Guest"
|
|
session["role"] = "user"
|
|
|
|
flash("You have been signed out.")
|
|
return redirect(url_for(".login"))
|
|
|
|
|
|
@mod.route("/setup", methods=["GET", "POST"])
|
|
def setup():
|
|
"""Initial setup to create the Admin user account."""
|
|
|
|
# This can't be done if users already exist on the CMS!
|
|
if User.exists(uid=1):
|
|
flash("This website has already been configured (users already created).")
|
|
return redirect(url_for("index"))
|
|
|
|
if request.method == "POST":
|
|
# Submitting the form.
|
|
username = request.form.get("username", "")
|
|
name = request.form.get("name", "")
|
|
pw1 = request.form.get("password1", "")
|
|
pw2 = request.form.get("password2", "")
|
|
|
|
# Default name = username.
|
|
if name == "":
|
|
name = username
|
|
|
|
# Lowercase the user.
|
|
username = username.lower()
|
|
if User.exists(username=username):
|
|
flash("That username already exists.")
|
|
return redirect(url_for(".setup"))
|
|
|
|
# Validate the form.
|
|
errors = validate_create_form(username, pw1, pw2)
|
|
if errors:
|
|
for error in errors:
|
|
flash(error)
|
|
return redirect(url_for(".setup"))
|
|
|
|
# Create the account.
|
|
uid = User.create(
|
|
username=username,
|
|
password=pw1,
|
|
name=name,
|
|
role="admin",
|
|
)
|
|
|
|
flash("Admin user created! Please log in now.".format(uid))
|
|
return redirect(url_for(".login"))
|
|
|
|
|
|
return template("account/setup.html")
|
|
|
|
|
|
def validate_create_form(username, pw1=None, pw2=None, skip_passwd=False):
|
|
"""Validate the submission of a create-user form.
|
|
|
|
Returns a list of error messages if there were errors, otherwise
|
|
it returns None."""
|
|
errors = list()
|
|
|
|
if len(username) == 0:
|
|
errors.append("You must provide a username.")
|
|
|
|
if re.search(r'[^A-Za-z0-9-_]', username):
|
|
errors.append("Usernames can only contain letters, numbers, dashes or underscores.")
|
|
|
|
if not skip_passwd:
|
|
if len(pw1) < 3:
|
|
errors.append("You should use at least 3 characters in your password.")
|
|
|
|
if pw1 != pw2:
|
|
errors.append("Your passwords don't match.")
|
|
|
|
if len(errors):
|
|
return errors
|
|
else:
|
|
return None
|