A Python content management system designed for kirsle.net featuring a blog, comments and photo albums. https://rophako.kirsle.net/
25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

136 lines
3.7 KiB

  1. # -*- coding: utf-8 -*-
  2. """Endpoints for user login and out."""
  3. from flask import Blueprint, request, redirect, url_for, session, flash
  4. import re
  5. import rophako.model.user as User
  6. from rophako.utils import template
  7. mod = Blueprint("account", __name__, url_prefix="/account")
  8. @mod.route("/")
  9. def index():
  10. return redirect(url_for(".login"))
  11. @mod.route("/login", methods=["GET", "POST"])
  12. def login():
  13. """Log into an account."""
  14. if request.method == "POST":
  15. username = request.form.get("username", "")
  16. password = request.form.get("password", "")
  17. # Lowercase the username.
  18. username = username.lower()
  19. if User.check_auth(username, password):
  20. # OK!
  21. db = User.get_user(username=username)
  22. session["login"] = True
  23. session["username"] = username
  24. session["uid"] = db["uid"]
  25. session["name"] = db["name"]
  26. session["role"] = db["role"]
  27. # Redirect them to a local page?
  28. url = request.form.get("url", "")
  29. if url.startswith("/"):
  30. return redirect(url)
  31. return redirect(url_for("index"))
  32. else:
  33. flash("Authentication failed.")
  34. return redirect(url_for(".login"))
  35. return template("account/login.html")
  36. @mod.route("/logout")
  37. def logout():
  38. """Log out the user."""
  39. session["login"] = False
  40. session["username"] = "guest"
  41. session["uid"] = 0
  42. session["name"] = "Guest"
  43. session["role"] = "user"
  44. flash("You have been signed out.")
  45. return redirect(url_for(".login"))
  46. @mod.route("/setup", methods=["GET", "POST"])
  47. def setup():
  48. """Initial setup to create the Admin user account."""
  49. # This can't be done if users already exist on the CMS!
  50. if User.exists(uid=1):
  51. flash("This website has already been configured (users already created).")
  52. return redirect(url_for("index"))
  53. if request.method == "POST":
  54. # Submitting the form.
  55. username = request.form.get("username", "")
  56. name = request.form.get("name", "")
  57. pw1 = request.form.get("password1", "")
  58. pw2 = request.form.get("password2", "")
  59. # Default name = username.
  60. if name == "":
  61. name = username
  62. # Lowercase the user.
  63. username = username.lower()
  64. if User.exists(username=username):
  65. flash("That username already exists.")
  66. return redirect(url_for(".setup"))
  67. # Validate the form.
  68. errors = validate_create_form(username, pw1, pw2)
  69. if errors:
  70. for error in errors:
  71. flash(error)
  72. return redirect(url_for(".setup"))
  73. # Create the account.
  74. uid = User.create(
  75. username=username,
  76. password=pw1,
  77. name=name,
  78. role="admin",
  79. )
  80. flash("Admin user created! Please log in now.".format(uid))
  81. return redirect(url_for(".login"))
  82. return template("account/setup.html")
  83. def validate_create_form(username, pw1=None, pw2=None, skip_passwd=False):
  84. """Validate the submission of a create-user form.
  85. Returns a list of error messages if there were errors, otherwise
  86. it returns None."""
  87. errors = list()
  88. if len(username) == 0:
  89. errors.append("You must provide a username.")
  90. if re.search(r'[^A-Za-z0-9-_]', username):
  91. errors.append("Usernames can only contain letters, numbers, dashes or underscores.")
  92. if not skip_passwd:
  93. if len(pw1) < 3:
  94. errors.append("You should use at least 3 characters in your password.")
  95. if pw1 != pw2:
  96. errors.append("Your passwords don't match.")
  97. if len(errors):
  98. return errors
  99. else:
  100. return None