From 542c6ff92f29cb9c83f3c217f29646d25a1a4a20 Mon Sep 17 00:00:00 2001 From: Frederick Yin Date: Tue, 23 Nov 2021 17:22:20 +0800 Subject: Config option accept_new_user; logout --- jimbrella/auth.py | 68 +++++++++++++++++++++++------------------------------ jimbrella/config.py | 2 ++ 2 files changed, 31 insertions(+), 39 deletions(-) (limited to 'jimbrella') diff --git a/jimbrella/auth.py b/jimbrella/auth.py index 2c33807..2d8b1cc 100644 --- a/jimbrella/auth.py +++ b/jimbrella/auth.py @@ -1,4 +1,4 @@ -from flask import Blueprint, request, session, render_template, redirect, url_for +from flask import Blueprint, request, session, render_template, redirect, url_for, abort from werkzeug.security import generate_password_hash, check_password_hash from .users import Users from .exceptions import UsernameTakenError @@ -16,52 +16,42 @@ def show_error(action, message): ) -@bp.route("/login", methods=["GET", "POST"]) -def login(): +@bp.route("/", methods=["GET", "POST"]) +def auth(action): + if action not in ["login", "register"]: + abort(404) + if request.method == "GET": - return render_template("auth.html", action="login") - # validate login information + # display login/register page + return render_template("auth.html", action=action) + # validate login information username = request.form.get("username") password = request.form.get("password") if not all([username, password]): - return show_erro("login", "Please fill in both the username and password.") - - user = users.find(username) - if user is None: - return show_error("login", f"User {username} does not exist.") - - if not check_password_hash(user["password"], password): - return show_error("login", "Incorrect password. Sorry.") + return show_error(action, "Please fill in both the username and password.") + + if action == "login": + user = users.find(username) + if user is None: + return show_error("login", f"User {username} does not exist.") + + if not check_password_hash(user["password"], password): + return show_error("login", "Incorrect password. Sorry.") + else: + if not ACCEPT_NEW_USERS: + return show_error("register", "Sorry, but user registrations are closed.") + try: + users.register(username, generate_password_hash(password), "en-US") + except UsernameTakenError as e: + return show_error("register", e.message) # give access session.clear() session["username"] = username return redirect(url_for("admin.index")) - -@bp.route("/register", methods=["GET", "POST"]) -def register(): - if request.method == "GET": - return render_template("auth.html", action="register") - - username = request.form.get("username") - password = request.form.get("password") - if not all([username, password]): - return render_template( - "auth.html", - action="register", - error="Please fill in both the username and password.", - ) - - try: - users.register(username, generate_password_hash(password), "en-US") - except UsernameTakenError as e: - return render_template( - "auth.html", - action="register", - error=e.message, - ) - - session["username"] = username - return redirect(url_for("admin.index")) +@bp.route("/logout") +def logout(): + session.pop("username", None) + return redirect(url_for("auth.auth", action="login")) diff --git a/jimbrella/config.py b/jimbrella/config.py index e59aabc..dd4aa00 100644 --- a/jimbrella/config.py +++ b/jimbrella/config.py @@ -13,6 +13,8 @@ f.close() FLASK_SECRET_KEY = config["flask"]["secret_key"] +ACCEPT_NEW_USERS = config["user"]["accept_new_users"] + JFORM_TAKEAWAY_URL = config["jform"]["takeaway_url"] JFORM_GIVEBACK_URL = config["jform"]["giveback_url"] JFORM_BOOKMARK_DIR = config["jform"]["bookmark_dir"] -- cgit v1.2.3