rophako/rophako/modules/account/__init__.py
Noah Petherbridge 8a2d6a7c04 Refactor modules into a plugin-based system
All modules are now plugins. The config.py calls load_plugin for each
plugin it needs (some plugins may load others automatically). Also each
plugin keeps its own template folder which gets added to the template
search path, so i.e. if the photo plugin is unloaded completely, the URL
endpoints won't work either (with the old system, since the HTML
templates still existed in the default root the endpoints would still
serve pages, just without any Python logic behind them).
2014-07-23 14:21:53 -07:00

136 lines
3.7 KiB
Python

# -*- coding: utf-8 -*-
"""Endpoints for user login and out."""
from flask import Blueprint, request, redirect, url_for, session, flash
import re
import rophako.model.user as User
from rophako.utils import template
mod = Blueprint("account", __name__, url_prefix="/account")
@mod.route("/")
def index():
return redirect(url_for(".login"))
@mod.route("/login", methods=["GET", "POST"])
def login():
"""Log into an account."""
if request.method == "POST":
username = request.form.get("username", "")
password = request.form.get("password", "")
# Lowercase the username.
username = username.lower()
if User.check_auth(username, password):
# OK!
db = User.get_user(username=username)
session["login"] = True
session["username"] = username
session["uid"] = db["uid"]
session["name"] = db["name"]
session["role"] = db["role"]
# Redirect them to a local page?
url = request.form.get("url", "")
if url.startswith("/"):
return redirect(url)
return redirect(url_for("index"))
else:
flash("Authentication failed.")
return redirect(url_for(".login"))
return template("account/login.html")
@mod.route("/logout")
def logout():
"""Log out the user."""
session["login"] = False
session["username"] = "guest"
session["uid"] = 0
session["name"] = "Guest"
session["role"] = "user"
flash("You have been signed out.")
return redirect(url_for(".login"))
@mod.route("/setup", methods=["GET", "POST"])
def setup():
"""Initial setup to create the Admin user account."""
# This can't be done if users already exist on the CMS!
if User.exists(uid=1):
flash("This website has already been configured (users already created).")
return redirect(url_for("index"))
if request.method == "POST":
# Submitting the form.
username = request.form.get("username", "")
name = request.form.get("name", "")
pw1 = request.form.get("password1", "")
pw2 = request.form.get("password2", "")
# Default name = username.
if name == "":
name = username
# Lowercase the user.
username = username.lower()
if User.exists(username=username):
flash("That username already exists.")
return redirect(url_for(".setup"))
# Validate the form.
errors = validate_create_form(username, pw1, pw2)
if errors:
for error in errors:
flash(error)
return redirect(url_for(".setup"))
# Create the account.
uid = User.create(
username=username,
password=pw1,
name=name,
role="admin",
)
flash("Admin user created! Please log in now.".format(uid))
return redirect(url_for(".login"))
return template("account/setup.html")
def validate_create_form(username, pw1=None, pw2=None, skip_passwd=False):
"""Validate the submission of a create-user form.
Returns a list of error messages if there were errors, otherwise
it returns None."""
errors = list()
if len(username) == 0:
errors.append("You must provide a username.")
if re.search(r'[^A-Za-z0-9-_]', username):
errors.append("Usernames can only contain letters, numbers, dashes or underscores.")
if not skip_passwd:
if len(pw1) < 3:
errors.append("You should use at least 3 characters in your password.")
if pw1 != pw2:
errors.append("Your passwords don't match.")
if len(errors):
return errors
else:
return None