diff options
| author | Frederick Yin <fkfd@fkfd.me> | 2021-10-27 23:07:55 +0800 |
|---|---|---|
| committer | Frederick Yin <fkfd@fkfd.me> | 2021-10-27 23:07:55 +0800 |
| commit | a42cefbbee178498afdd65ae0f774c2cdd99493f (patch) | |
| tree | 6db5b3f5edcd7fc98458478713b0f14e51e9c466 /jimbrella/auth.py | |
| parent | 4d35e9f2a36d1e0c938a985d4afffcb6ee99c193 (diff) | |
Admin console requires login to admin account
Diffstat (limited to 'jimbrella/auth.py')
| -rw-r--r-- | jimbrella/auth.py | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/jimbrella/auth.py b/jimbrella/auth.py index ca0f64a..2c33807 100644 --- a/jimbrella/auth.py +++ b/jimbrella/auth.py @@ -1,11 +1,19 @@ -from flask import Blueprint, request, render_template, redirect, url_for +from flask import Blueprint, request, session, render_template, redirect, url_for from werkzeug.security import generate_password_hash, check_password_hash from .users import Users from .exceptions import UsernameTakenError from .config import * bp = Blueprint("auth", __name__, url_prefix="/") -db = Users(USERS_PATH) +users = Users(USERS_PATH) + + +def show_error(action, message): + return render_template( + "auth.html", + action=action, + error=message, + ) @bp.route("/login", methods=["GET", "POST"]) @@ -17,11 +25,19 @@ def login(): username = request.form.get("username") password = request.form.get("password") if not all([username, password]): - return render_template( - "auth.html", - action="login", - error="Please fill in both the username and password.", - ) + return show_erro("login", "Please fill in both the username and password.") + + user = users.find(username) + if user is None: + return show_error("login", f"User {username} does not exist.") + + if not check_password_hash(user["password"], password): + return show_error("login", "Incorrect password. Sorry.") + + # give access + session.clear() + session["username"] = username + return redirect(url_for("admin.index")) @bp.route("/register", methods=["GET", "POST"]) @@ -39,7 +55,7 @@ def register(): ) try: - db.register(username, generate_password_hash(password), "en-US") + users.register(username, generate_password_hash(password), "en-US") except UsernameTakenError as e: return render_template( "auth.html", @@ -47,4 +63,5 @@ def register(): error=e.message, ) + session["username"] = username return redirect(url_for("admin.index")) |