WP6
/
expub_compendium
ウォッチ 1
スター 0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
59 コミット
3 ブランチ
ツリー: 1db5b850f4
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'1db5b850f4' から
${ noResults }
expub_compendium/web/app/auth.py

73 行
2.7KB
Raw Blame 履歴 

  1. # @name: auth.py

  2. # @creation_date: 2021-10-20

  3. # @license: The MIT License <https://opensource.org/licenses/MIT>

  4. # @author: Simon Bowie <ad7588@coventry.ac.uk>

  5. # @purpose: auth route for authorisation functions like logging in, signing up, and logging out

  6. # @acknowledgements:

  7. # https://www.digitalocean.com/community/tutorials/how-to-add-authentication-to-your-app-with-flask-login

  8. 

  9. from flask import Blueprint, render_template, redirect, url_for, request, flash

  10. from werkzeug.security import generate_password_hash, check_password_hash

  11. from flask_login import login_user, logout_user, login_required

  12. from .models import User

  13. from . import db

  14. 

  15. auth = Blueprint('auth', __name__)

  16. 

  17. # routes for login page

  18. @auth.route('/login')

  19. def login():

  20.     return render_template('login.html')

  21. 

  22. @auth.route('/login', methods=['POST'])

  23. def login_post():

  24.     email = request.form.get('email')

  25.     password = request.form.get('password')

  26.     remember = True if request.form.get('remember') else False

  27. 

  28.     # SQLAlchemy query to get user data based on their email

  29.     user = User.query.filter_by(email=email).first()

  30. 

  31.     # check if the user actually exists

  32.     # take the user-supplied password, hash it, and compare it to the hashed password in the database

  33.     if not user or not check_password_hash(user.password, password):

  34.         flash('Please check your login details and try again.')

  35.         return redirect(url_for('auth.login')) # if the user doesn't exist or password is wrong, reload the page

  36. 

  37.     # if the above check passes, then we know the user has the right credentials

  38.     login_user(user, remember=remember)

  39.     return redirect(url_for('main.profile'))

  40. 

  41. # routes for signup page

  42. @auth.route('/signup')

  43. def signup():

  44.     return render_template('signup.html')

  45. 

  46. @auth.route('/signup', methods=['POST'])

  47. def signup_post():

  48.     email = request.form.get('email')

  49.     name = request.form.get('name')

  50.     password = request.form.get('password')

  51. 

  52.     user = User.query.filter_by(email=email).first() # if this returns a user, then the email already exists in database

  53. 

  54.     if user: # if a user is found, we want to redirect back to signup page so user can try again

  55.         flash('Email address already exists')

  56.         return redirect(url_for('auth.signup'))

  57. 

  58.     # create a new user with the form data. Hash the password so the plaintext version isn't saved.

  59.     new_user = User(email=email, name=name, password=generate_password_hash(password, method='sha256'))

  60. 

  61.     # add the new user to the database

  62.     db.session.add(new_user)

  63.     db.session.commit()

  64. 

  65.     return redirect(url_for('auth.login'))

  66. 

  67. # route for logout function

  68. @auth.route('/logout')

  69. @login_required

  70. def logout():

  71.     logout_user()

  72.     return redirect(url_for('main.index'))