contentmatcher/auth.py

110 lines
3.2 KiB
Python
Raw Normal View History

2022-05-13 18:23:15 +02:00
import functools
from flask import (
Blueprint, flash, g, redirect, render_template, request, session, url_for
)
2022-06-04 21:56:18 +02:00
from hashlib import md5
2022-06-14 14:47:12 +02:00
from create_db import User, get_session
from share import get_all_shared
2022-05-13 18:23:15 +02:00
bp = Blueprint('auth', __name__, url_prefix='/auth')
@bp.route('/register', methods=('GET', 'POST'))
def register():
2022-06-14 14:47:12 +02:00
dbsession = get_session()
2022-05-13 18:23:15 +02:00
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
2022-06-15 11:10:05 +02:00
mail = request.form['email']
2022-05-13 18:23:15 +02:00
error = None
2022-06-15 11:10:05 +02:00
#@TODO check if this really is an email.
2022-05-13 18:23:15 +02:00
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
2022-06-15 11:10:05 +02:00
elif not mail:
2022-07-07 18:14:21 +02:00
error = 'Please enter your email adress.'
elif dbsession.query(User).filter(User.username == username).first() != None:
2022-07-07 18:14:21 +02:00
error = "Username already exists, please choose another one."
2022-06-15 11:10:05 +02:00
elif dbsession.query(User).filter(User.email == mail).first() != None:
2022-07-07 18:14:21 +02:00
error = "This email adress is already in use, please choose another one."
2022-05-13 18:23:15 +02:00
if error is None:
try:
user = User(username=username, password=md5(password.encode("utf-8")).hexdigest(), email=mail, settings = "")
2022-05-15 22:12:18 +02:00
dbsession.add(user)
dbsession.commit()
#Preden zapremo naj user dobi vse shared karte od prej.
new_user = dbsession.query(User).filter(User.username == username).first()
new_user_id = new_user.id
get_all_shared(new_user_id)
dbsession.close()
2022-05-15 22:12:18 +02:00
except Exception as e:
error = f"napaka pri registraciji {username} je {e}"
2022-05-13 18:23:15 +02:00
else:
return redirect(url_for("auth.login"))
flash(error)
2022-08-12 19:51:55 +02:00
return render_template('register.html')
2022-05-13 18:23:15 +02:00
@bp.route('/login', methods=('GET', 'POST'))
def login():
if request.method == 'POST':
2022-06-14 14:47:12 +02:00
dbsession = get_session()
2022-05-13 18:23:15 +02:00
username = request.form['username']
password = request.form['password']
error = None
2022-05-17 21:27:51 +02:00
user = dbsession.query(User).filter(User.username == username).first()
2022-05-13 18:23:15 +02:00
if user is None:
error = 'Incorrect username.'
2022-05-17 21:27:51 +02:00
elif not user.password == md5(password.encode("utf-8")).hexdigest(): #compare input pw has and bd pw hash
2022-05-13 18:23:15 +02:00
error = 'Incorrect password.'
if error is None:
session.clear()
2022-05-17 21:27:51 +02:00
session['user_id'] = user.id
2022-05-20 00:01:56 +02:00
session['username'] = user.username
2022-06-04 21:56:18 +02:00
return redirect(url_for("menu.index")) #TODO ne dela
2022-05-13 18:23:15 +02:00
flash(error)
2022-08-12 19:51:55 +02:00
return render_template('login.html')
2022-05-13 18:23:15 +02:00
@bp.before_app_request
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
2022-05-15 22:12:18 +02:00
g.user = None
2022-05-13 18:23:15 +02:00
@bp.route('/logout')
def logout():
session.clear()
return redirect(url_for('index'))
def login_required(view):
@functools.wraps(view)
def wrapped_view(**kwargs):
if g.user is None:
return redirect(url_for('auth.login'))
return view(**kwargs)
return wrapped_view