Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

3 anos atrás
3 anos atrás
3 anos atrás
3 anos atrás
3 anos atrás
3 anos atrás
3 anos atrás
3 anos atrás
3 anos atrás
3 anos atrás
3 anos atrás
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273
  1. # @name: auth.py
  2. # @creation_date: 2021-10-20
  3. # @license: The MIT License <https://opensource.org/licenses/MIT>
  4. # @author: Simon Bowie <ad7588@coventry.ac.uk>
  5. # @purpose: auth route for authorisation functions like logging in, signing up, and logging out
  6. # @acknowledgements:
  7. # https://www.digitalocean.com/community/tutorials/how-to-add-authentication-to-your-app-with-flask-login
  8. from flask import Blueprint, render_template, redirect, url_for, request, flash
  9. from werkzeug.security import generate_password_hash, check_password_hash
  10. from flask_login import login_user, logout_user, login_required
  11. from .models import User
  12. from . import db
  13. import os
  14. auth = Blueprint('auth', __name__)
  15. # routes for login page
  16. @auth.route('/login')
  17. def login():
  18. return render_template('login.html')
  19. @auth.route('/login', methods=['POST'])
  20. def login_post():
  21. email = request.form.get('email')
  22. password = request.form.get('password')
  23. remember = True if request.form.get('remember') else False
  24. # SQLAlchemy query to get user data based on their email
  25. user = User.query.filter_by(email=email).first()
  26. # check if the user actually exists
  27. # take the user-supplied password, hash it, and compare it to the hashed password in the database
  28. if not user or not check_password_hash(user.password, password):
  29. flash('Please check your login details and try again.')
  30. return redirect(url_for('auth.login',_external=True,_scheme=os.environ.get('SSL_SCHEME'))) # if the user doesn't exist or password is wrong, reload the page
  31. # if the above check passes, then we know the user has the right credentials
  32. login_user(user, remember=remember)
  33. return redirect(url_for('main.profile',_external=True,_scheme=os.environ.get('SSL_SCHEME')))
  34. # routes for signup page
  35. @auth.route('/signup')
  36. def signup():
  37. return render_template('signup.html')
  38. @auth.route('/signup', methods=['POST'])
  39. def signup_post():
  40. email = request.form.get('email')
  41. name = request.form.get('name')
  42. password = request.form.get('password')
  43. user = User.query.filter_by(email=email).first() # if this returns a user, then the email already exists in database
  44. if user: # if a user is found, we want to redirect back to signup page so user can try again
  45. flash('Email address already exists')
  46. return redirect(url_for('auth.signup',_external=True,_scheme=os.environ.get('SSL_SCHEME')))
  47. # create a new user with the form data. Hash the password so the plaintext version isn't saved.
  48. new_user = User(email=email, name=name, password=generate_password_hash(password, method='sha256'))
  49. # add the new user to the database
  50. db.session.add(new_user)
  51. db.session.commit()
  52. return redirect(url_for('auth.login',_external=True,_scheme=os.environ.get('SSL_SCHEME')))
  53. # route for logout function
  54. @auth.route('/logout')
  55. @login_required
  56. def logout():
  57. logout_user()
  58. return redirect(url_for('main.index',_external=True,_scheme=os.environ.get('SSL_SCHEME')))