From a42cefbbee178498afdd65ae0f774c2cdd99493f Mon Sep 17 00:00:00 2001 From: Frederick Yin Date: Wed, 27 Oct 2021 23:07:55 +0800 Subject: Admin console requires login to admin account --- jimbrella/auth.py | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) (limited to 'jimbrella/auth.py') diff --git a/jimbrella/auth.py b/jimbrella/auth.py index ca0f64a..2c33807 100644 --- a/jimbrella/auth.py +++ b/jimbrella/auth.py @@ -1,11 +1,19 @@ -from flask import Blueprint, request, render_template, redirect, url_for +from flask import Blueprint, request, session, render_template, redirect, url_for from werkzeug.security import generate_password_hash, check_password_hash from .users import Users from .exceptions import UsernameTakenError from .config import * bp = Blueprint("auth", __name__, url_prefix="/") -db = Users(USERS_PATH) +users = Users(USERS_PATH) + + +def show_error(action, message): + return render_template( + "auth.html", + action=action, + error=message, + ) @bp.route("/login", methods=["GET", "POST"]) @@ -17,11 +25,19 @@ def login(): username = request.form.get("username") password = request.form.get("password") if not all([username, password]): - return render_template( - "auth.html", - action="login", - error="Please fill in both the username and password.", - ) + return show_erro("login", "Please fill in both the username and password.") + + user = users.find(username) + if user is None: + return show_error("login", f"User {username} does not exist.") + + if not check_password_hash(user["password"], password): + return show_error("login", "Incorrect password. Sorry.") + + # give access + session.clear() + session["username"] = username + return redirect(url_for("admin.index")) @bp.route("/register", methods=["GET", "POST"]) @@ -39,7 +55,7 @@ def register(): ) try: - db.register(username, generate_password_hash(password), "en-US") + users.register(username, generate_password_hash(password), "en-US") except UsernameTakenError as e: return render_template( "auth.html", @@ -47,4 +63,5 @@ def register(): error=e.message, ) + session["username"] = username return redirect(url_for("admin.index")) -- cgit v1.2.3