|
- # @name: auth.py
- # @version: 0.1
- # @creation_date: 2021-10-20
- # @license: The MIT License <https://opensource.org/licenses/MIT>
- # @author: Simon Bowie <ad7588@coventry.ac.uk>
- # @purpose: auth route for authorisation functions like logging in, signing up, and logging out
- # @acknowledgements:
- # https://www.digitalocean.com/community/tutorials/how-to-add-authentication-to-your-app-with-flask-login
-
- from flask import Blueprint, render_template, redirect, url_for, request, flash
- from werkzeug.security import generate_password_hash, check_password_hash
- from flask_login import login_user, logout_user, login_required
- from .models import User
- from . import db
-
- auth = Blueprint('auth', __name__)
-
- # routes for login page
- @auth.route('/login')
- def login():
- return render_template('login.html')
-
- @auth.route('/login', methods=['POST'])
- def login_post():
- email = request.form.get('email')
- password = request.form.get('password')
- remember = True if request.form.get('remember') else False
-
- # SQLAlchemy query to get user data based on their email
- user = User.query.filter_by(email=email).first()
-
- # check if the user actually exists
- # take the user-supplied password, hash it, and compare it to the hashed password in the database
- if not user or not check_password_hash(user.password, password):
- flash('Please check your login details and try again.')
- return redirect(url_for('auth.login')) # if the user doesn't exist or password is wrong, reload the page
-
- # if the above check passes, then we know the user has the right credentials
- login_user(user, remember=remember)
- return redirect(url_for('main.profile'))
-
- # routes for signup page
- @auth.route('/signup')
- def signup():
- return render_template('signup.html')
-
- @auth.route('/signup', methods=['POST'])
- def signup_post():
- email = request.form.get('email')
- name = request.form.get('name')
- password = request.form.get('password')
-
- user = User.query.filter_by(email=email).first() # if this returns a user, then the email already exists in database
-
- if user: # if a user is found, we want to redirect back to signup page so user can try again
- flash('Email address already exists')
- return redirect(url_for('auth.signup'))
-
- # create a new user with the form data. Hash the password so the plaintext version isn't saved.
- new_user = User(email=email, name=name, password=generate_password_hash(password, method='sha256'))
-
- # add the new user to the database
- db.session.add(new_user)
- db.session.commit()
-
- return redirect(url_for('auth.login'))
-
- # route for logout function
- @auth.route('/logout')
- @login_required
- def logout():
- logout_user()
- return redirect(url_for('main.index'))
|