diff options
Diffstat (limited to 'apioforum/auth.py')
-rw-r--r-- | apioforum/auth.py | 76 |
1 files changed, 69 insertions, 7 deletions
diff --git a/apioforum/auth.py b/apioforum/auth.py index d19ad57..f558025 100644 --- a/apioforum/auth.py +++ b/apioforum/auth.py @@ -1,9 +1,10 @@ from flask import ( Blueprint, session, request, url_for, render_template, redirect, - flash, + flash, g ) +from werkzeug.security import check_password_hash, generate_password_hash from .db import get_db - +import functools bp = Blueprint("auth", __name__, url_prefix="/auth") @@ -14,22 +15,78 @@ def login(): password = request.form["password"] db = get_db() err = None + user = db.execute( + "SELECT password FROM users WHERE username = ?;",(username,) + ).fetchone() if not username: - err = "Username required" + err = "username required" elif not password: - err = "Password required" - elif username != "bee" or password != "form": - err = "Invalid login" + err = "password required" + elif user is None or not check_password_hash(user['password'], password): + err = "invalid login" if err is None: session.clear() - session['user'] = 'bee' + session['user'] = username return redirect(url_for('auth.cool')) flash(err) return render_template("auth/login.html.j2") +@bp.route("/register", methods=("GET","POST")) +def register(): + if request.method == "POST": + username = request.form["username"] + password = request.form["password"] + db = get_db() + err = None + if not username: + err = "Username required" + elif not password: + err = "Password required" + elif db.execute( + "SELECT 1 FROM users WHERE username = ?;", (username,) + ).fetchone() is not None: + err = f"User {username} is already registered." + + if err is None: + db.execute( + "INSERT INTO users (username, password) VALUES (?,?);", + (username,generate_password_hash(password)) + ) + db.commit() + flash("successfully created account") + session['user'] = username + return redirect(url_for("auth.cool")) + + flash(err) + + return render_template("auth/register.html.j2") + +@bp.route("/logout") +def logout(): + session.clear() + return redirect(url_for("auth.cool")) + +@bp.before_app_request +def load_user(): + username = session.get("user") + if username is None: + g.user = None + else: + g.user = get_db().execute( + "SELECT * FROM users WHERE username = ?;", (username,) + ).fetchone() + +def login_required(view): + @functools.wraps(view) + def wrapped(**kwargs): + print(g.user) + if g.user is None: + return redirect(url_for("auth.login")) + return view(**kwargs) + return wrapped @bp.route("/cool") def cool(): @@ -38,3 +95,8 @@ def cool(): return "you are not logged in" else: return f"you are logged in as {user}" + +@bp.route("/cooler") +@login_required +def cooler(): + return "bee" |