summaryrefslogtreecommitdiff
path: root/jimbrella/auth.py
diff options
context:
space:
mode:
authorFrederick Yin <fkfd@fkfd.me>2021-11-23 17:22:20 +0800
committerFrederick Yin <fkfd@fkfd.me>2021-11-23 17:22:20 +0800
commit542c6ff92f29cb9c83f3c217f29646d25a1a4a20 (patch)
tree8233d34042703468fe4efd1e1ad0b0aa7d8928bb /jimbrella/auth.py
parent27293255bfaa418cd6e6031f77493a78a10a18bc (diff)
Config option accept_new_user; logout
Diffstat (limited to 'jimbrella/auth.py')
-rw-r--r--jimbrella/auth.py68
1 files changed, 29 insertions, 39 deletions
diff --git a/jimbrella/auth.py b/jimbrella/auth.py
index 2c33807..2d8b1cc 100644
--- a/jimbrella/auth.py
+++ b/jimbrella/auth.py
@@ -1,4 +1,4 @@
-from flask import Blueprint, request, session, render_template, redirect, url_for
+from flask import Blueprint, request, session, render_template, redirect, url_for, abort
from werkzeug.security import generate_password_hash, check_password_hash
from .users import Users
from .exceptions import UsernameTakenError
@@ -16,52 +16,42 @@ def show_error(action, message):
)
-@bp.route("/login", methods=["GET", "POST"])
-def login():
+@bp.route("/<action>", methods=["GET", "POST"])
+def auth(action):
+ if action not in ["login", "register"]:
+ abort(404)
+
if request.method == "GET":
- return render_template("auth.html", action="login")
- # validate login information
+ # display login/register page
+ return render_template("auth.html", action=action)
+ # validate login information
username = request.form.get("username")
password = request.form.get("password")
if not all([username, password]):
- return show_erro("login", "Please fill in both the username and password.")
-
- user = users.find(username)
- if user is None:
- return show_error("login", f"User {username} does not exist.")
-
- if not check_password_hash(user["password"], password):
- return show_error("login", "Incorrect password. Sorry.")
+ return show_error(action, "Please fill in both the username and password.")
+
+ if action == "login":
+ user = users.find(username)
+ if user is None:
+ return show_error("login", f"User {username} does not exist.")
+
+ if not check_password_hash(user["password"], password):
+ return show_error("login", "Incorrect password. Sorry.")
+ else:
+ if not ACCEPT_NEW_USERS:
+ return show_error("register", "Sorry, but user registrations are closed.")
+ try:
+ users.register(username, generate_password_hash(password), "en-US")
+ except UsernameTakenError as e:
+ return show_error("register", e.message)
# give access
session.clear()
session["username"] = username
return redirect(url_for("admin.index"))
-
-@bp.route("/register", methods=["GET", "POST"])
-def register():
- if request.method == "GET":
- return render_template("auth.html", action="register")
-
- username = request.form.get("username")
- password = request.form.get("password")
- if not all([username, password]):
- return render_template(
- "auth.html",
- action="register",
- error="Please fill in both the username and password.",
- )
-
- try:
- users.register(username, generate_password_hash(password), "en-US")
- except UsernameTakenError as e:
- return render_template(
- "auth.html",
- action="register",
- error=e.message,
- )
-
- session["username"] = username
- return redirect(url_for("admin.index"))
+@bp.route("/logout")
+def logout():
+ session.pop("username", None)
+ return redirect(url_for("auth.auth", action="login"))