diff options
| author | Frederick Yin <fkfd@fkfd.me> | 2021-11-23 17:22:20 +0800 |
|---|---|---|
| committer | Frederick Yin <fkfd@fkfd.me> | 2021-11-23 17:22:20 +0800 |
| commit | 542c6ff92f29cb9c83f3c217f29646d25a1a4a20 (patch) | |
| tree | 8233d34042703468fe4efd1e1ad0b0aa7d8928bb | |
| parent | 27293255bfaa418cd6e6031f77493a78a10a18bc (diff) | |
Config option accept_new_user; logout
| -rw-r--r-- | jimbrella/auth.py | 68 | ||||
| -rw-r--r-- | jimbrella/config.py | 2 |
2 files changed, 31 insertions, 39 deletions
diff --git a/jimbrella/auth.py b/jimbrella/auth.py index 2c33807..2d8b1cc 100644 --- a/jimbrella/auth.py +++ b/jimbrella/auth.py @@ -1,4 +1,4 @@ -from flask import Blueprint, request, session, render_template, redirect, url_for +from flask import Blueprint, request, session, render_template, redirect, url_for, abort from werkzeug.security import generate_password_hash, check_password_hash from .users import Users from .exceptions import UsernameTakenError @@ -16,52 +16,42 @@ def show_error(action, message): ) -@bp.route("/login", methods=["GET", "POST"]) -def login(): +@bp.route("/<action>", methods=["GET", "POST"]) +def auth(action): + if action not in ["login", "register"]: + abort(404) + if request.method == "GET": - return render_template("auth.html", action="login") - # validate login information + # display login/register page + return render_template("auth.html", action=action) + # validate login information username = request.form.get("username") password = request.form.get("password") if not all([username, password]): - return show_erro("login", "Please fill in both the username and password.") - - user = users.find(username) - if user is None: - return show_error("login", f"User {username} does not exist.") - - if not check_password_hash(user["password"], password): - return show_error("login", "Incorrect password. Sorry.") + return show_error(action, "Please fill in both the username and password.") + + if action == "login": + user = users.find(username) + if user is None: + return show_error("login", f"User {username} does not exist.") + + if not check_password_hash(user["password"], password): + return show_error("login", "Incorrect password. Sorry.") + else: + if not ACCEPT_NEW_USERS: + return show_error("register", "Sorry, but user registrations are closed.") + try: + users.register(username, generate_password_hash(password), "en-US") + except UsernameTakenError as e: + return show_error("register", e.message) # give access session.clear() session["username"] = username return redirect(url_for("admin.index")) - -@bp.route("/register", methods=["GET", "POST"]) -def register(): - if request.method == "GET": - return render_template("auth.html", action="register") - - username = request.form.get("username") - password = request.form.get("password") - if not all([username, password]): - return render_template( - "auth.html", - action="register", - error="Please fill in both the username and password.", - ) - - try: - users.register(username, generate_password_hash(password), "en-US") - except UsernameTakenError as e: - return render_template( - "auth.html", - action="register", - error=e.message, - ) - - session["username"] = username - return redirect(url_for("admin.index")) +@bp.route("/logout") +def logout(): + session.pop("username", None) + return redirect(url_for("auth.auth", action="login")) diff --git a/jimbrella/config.py b/jimbrella/config.py index e59aabc..dd4aa00 100644 --- a/jimbrella/config.py +++ b/jimbrella/config.py @@ -13,6 +13,8 @@ f.close() FLASK_SECRET_KEY = config["flask"]["secret_key"] +ACCEPT_NEW_USERS = config["user"]["accept_new_users"] + JFORM_TAKEAWAY_URL = config["jform"]["takeaway_url"] JFORM_GIVEBACK_URL = config["jform"]["giveback_url"] JFORM_BOOKMARK_DIR = config["jform"]["bookmark_dir"] |