python-gallery/gallery/auth.py

"""
OnlyLegs - Authentification
User registration, login and logout and locking access to pages behind a login
"""
import re
import uuid
import logging
from datetime import datetime as dt

import functools
from flask import Blueprint, flash, g, redirect, request, session, url_for, abort, jsonify
from werkzeug.security import check_password_hash, generate_password_hash

from sqlalchemy.orm import sessionmaker
from sqlalchemy import exc

from gallery import db


blueprint = Blueprint('auth', __name__, url_prefix='/auth')
db_session = sessionmaker(bind=db.engine)
db_session = db_session()


def login_required(view):
    """
    Decorator to check if a user is logged in before accessing a page
    """
    @functools.wraps(view)
    def wrapped_view(**kwargs):
        if g.user is None or session.get('uuid') is None:
            logging.error('Authentification failed')
            session.clear()
            return redirect(url_for('gallery.index'))

        return view(**kwargs)

    return wrapped_view


@blueprint.before_app_request
def load_logged_in_user():
    """
    Runs before every request and checks if a user is logged in
    """
    user_id = session.get('user_id')
    user_uuid = session.get('uuid')

    if user_id is None or user_uuid is None:
        g.user = None
        session.clear()
    else:
        is_alive = db_session.query(db.Sessions).filter_by(session_uuid=user_uuid).first()

        if is_alive is None:
            logging.info('Session expired')
            flash(['Session expired!', '3'])
            session.clear()
        else:
            g.user = db_session.query(db.Users).filter_by(id=user_id).first()


@blueprint.route('/register', methods=['POST'])
def register():
    """
    Register a new user
    """
    username = request.form['username']
    email = request.form['email']
    password = request.form['password']
    password_repeat = request.form['password-repeat']

    error = []

    email_regex = re.compile(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b')
    username_regex = re.compile(r'\b[A-Za-z0-9._%+-]+\b')


    if not username or not username_regex.match(username):
        error.append('Username is invalid!')

    if not email or not email_regex.match(email):
        error.append('Email is invalid!')

    if not password:
        error.append('Password is empty!')
    elif len(password) < 8:
        error.append('Password is too short! Longer than 8 characters pls')

    if not password_repeat:
        error.append('Enter password again!')
    elif password_repeat != password:
        error.append('Passwords do not match!')

    if error:
        return jsonify(error)


    try:
        register_user = db.Users(username=username,
                                 email=email,
                                 password=generate_password_hash(password),
                                 created_at=dt.utcnow())
        db_session.add(register_user)
        db_session.commit()
    except exc.IntegrityError:
        return f'User {username} is already registered!'
    except Exception as err:
        logging.error('User %s could not be registered: %s', username, err)
        return 'Something went wrong!'

    logging.info('User %s registered', username)
    return 'gwa gwa'


@blueprint.route('/login', methods=['POST'])
def login():
    """
    Log in a registered user by adding the user id to the session
    """
    username = request.form['username']
    password = request.form['password']

    user = db_session.query(db.Users).filter_by(username=username).first()
    error = []


    if user is None:
        logging.error('User %s does not exist. Login attempt from %s',
                      username, request.remote_addr)
        error.append('Username or Password is incorrect!')
    elif not check_password_hash(user.password, password):
        logging.error('User %s entered wrong password. Login attempt from %s',
                      username, request.remote_addr)
        error.append('Username or Password is incorrect!')

    if error:
        abort(403)


    try:
        session.clear()
        session['user_id'] = user.id
        session['uuid'] = str(uuid.uuid4())

        session_query = db.Sessions(user_id=user.id,
                                   session_uuid=session.get('uuid'),
                                   ip_address=request.remote_addr,
                                   user_agent=request.user_agent.string,
                                   active=True,
                                   created_at=dt.utcnow())

        db_session.add(session_query)
        db_session.commit()
    except Exception as err:
        logging.error('User %s could not be logged in: %s', username, err)
        abort(500)

    logging.info('User %s logged in from %s', username, request.remote_addr)
    flash(['Logged in successfully!', '4'])
    return 'gwa gwa'


@blueprint.route('/logout')
def logout():
    """
    Clear the current session, including the stored user id
    """
    logging.info('User (%s) %s logged out', session.get('user_id'), g.user.username)
    session.clear()
    return redirect(url_for('index'))
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`"""`
			`OnlyLegs - Authentification`
			`User registration, login and logout and locking access to pages behind a login`
			`"""`
			`import re`
			`import uuid`
			`import logging`
Move most of the processing into the upload 2023-03-05 16:22:11 +00:00			`from datetime import datetime as dt`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00			`import functools`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`from flask import Blueprint, flash, g, redirect, request, session, url_for, abort, jsonify`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00			`from werkzeug.security import check_password_hash, generate_password_hash`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00
Switch to SQLAlchemy for database management Add Favicon 2023-03-03 00:26:46 +00:00			`from sqlalchemy.orm import sessionmaker`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`from sqlalchemy import exc`

			`from gallery import db`


			`blueprint = Blueprint('auth', __name__, url_prefix='/auth')`
Switch to SQLAlchemy for database management Add Favicon 2023-03-03 00:26:46 +00:00			`db_session = sessionmaker(bind=db.engine)`
			`db_session = db_session()`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00

Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`def login_required(view):`
			`"""`
			`Decorator to check if a user is logged in before accessing a page`
			`"""`
			`@functools.wraps(view)`
			`def wrapped_view(**kwargs):`
			`if g.user is None or session.get('uuid') is None:`
			`logging.error('Authentification failed')`
			`session.clear()`
			`return redirect(url_for('gallery.index'))`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`return view(**kwargs)`

			`return wrapped_view`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00

Rename routes to gallery Move methods to api.py Remove old db manager as its unused Remove old db tables as theres a new schema file Rename onlylegsSass to sassy, unused for now Update example.env to reflect new layout 2023-01-10 14:40:43 +00:00			`@blueprint.before_app_request`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00			`def load_logged_in_user():`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`"""`
			`Runs before every request and checks if a user is logged in`
			`"""`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00			`user_id = session.get('user_id')`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00			`user_uuid = session.get('uuid')`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00			`if user_id is None or user_uuid is None:`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00			`g.user = None`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00			`session.clear()`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00			`else:`
Move most of the processing into the upload 2023-03-05 16:22:11 +00:00			`is_alive = db_session.query(db.Sessions).filter_by(session_uuid=user_uuid).first()`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00
			`if is_alive is None:`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`logging.info('Session expired')`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00			`flash(['Session expired!', '3'])`
			`session.clear()`
			`else:`
Move most of the processing into the upload 2023-03-05 16:22:11 +00:00			`g.user = db_session.query(db.Users).filter_by(id=user_id).first()`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00			`@blueprint.route('/register', methods=['POST'])`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00			`def register():`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`"""`
			`Register a new user`
			`"""`
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00			`username = request.form['username']`
			`email = request.form['email']`
			`password = request.form['password']`
			`password_repeat = request.form['password-repeat']`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00			`error = []`

Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`email_regex = re.compile(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z\|a-z]{2,}\b')`
			`username_regex = re.compile(r'\b[A-Za-z0-9._%+-]+\b')`


			`if not username or not username_regex.match(username):`
			`error.append('Username is invalid!')`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`if not email or not email_regex.match(email):`
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00			`error.append('Email is invalid!')`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00			`if not password:`
			`error.append('Password is empty!')`
			`elif len(password) < 8:`
			`error.append('Password is too short! Longer than 8 characters pls')`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00			`if not password_repeat:`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`error.append('Enter password again!')`
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00			`elif password_repeat != password:`
			`error.append('Passwords do not match!')`

Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`if error:`
			`return jsonify(error)`

Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`try:`
Move most of the processing into the upload 2023-03-05 16:22:11 +00:00			`register_user = db.Users(username=username,`
			`email=email,`
			`password=generate_password_hash(password),`
Switched to keeping time with UTC for easier timezones Removed useless JS 2023-03-08 21:58:58 +00:00			`created_at=dt.utcnow())`
Move most of the processing into the upload 2023-03-05 16:22:11 +00:00			`db_session.add(register_user)`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`db_session.commit()`
			`except exc.IntegrityError:`
			`return f'User {username} is already registered!'`
			`except Exception as err:`
			`logging.error('User %s could not be registered: %s', username, err)`
			`return 'Something went wrong!'`

			`logging.info('User %s registered', username)`
			`return 'gwa gwa'`
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00

			`@blueprint.route('/login', methods=['POST'])`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00			`def login():`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`"""`
			`Log in a registered user by adding the user id to the session`
			`"""`
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00			`username = request.form['username']`
			`password = request.form['password']`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00
Move most of the processing into the upload 2023-03-05 16:22:11 +00:00			`user = db_session.query(db.Users).filter_by(username=username).first()`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`error = []`

Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00
			`if user is None:`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`logging.error('User %s does not exist. Login attempt from %s',`
			`username, request.remote_addr)`
			`error.append('Username or Password is incorrect!')`
Switch to SQLAlchemy for database management Add Favicon 2023-03-03 00:26:46 +00:00			`elif not check_password_hash(user.password, password):`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`logging.error('User %s entered wrong password. Login attempt from %s',`
			`username, request.remote_addr)`
			`error.append('Username or Password is incorrect!')`

			`if error:`
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00			`abort(403)`

Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00			`try:`
Unifying style of the gallery Fixed HTML and Sass layout Moved upload and login pages to popups Added deletion confirmation 2023-01-25 15:13:56 +00:00			`session.clear()`
Switch to SQLAlchemy for database management Add Favicon 2023-03-03 00:26:46 +00:00			`session['user_id'] = user.id`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00			`session['uuid'] = str(uuid.uuid4())`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00
Move most of the processing into the upload 2023-03-05 16:22:11 +00:00			`session_query = db.Sessions(user_id=user.id,`
			`session_uuid=session.get('uuid'),`
			`ip_address=request.remote_addr,`
			`user_agent=request.user_agent.string,`
			`active=True,`
Switched to keeping time with UTC for easier timezones Removed useless JS 2023-03-08 21:58:58 +00:00			`created_at=dt.utcnow())`
Move most of the processing into the upload 2023-03-05 16:22:11 +00:00
			`db_session.add(session_query)`
Switch to SQLAlchemy for database management Add Favicon 2023-03-03 00:26:46 +00:00			`db_session.commit()`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`except Exception as err:`
			`logging.error('User %s could not be logged in: %s', username, err)`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00			`abort(500)`

Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`logging.info('User %s logged in from %s', username, request.remote_addr)`
			`flash(['Logged in successfully!', '4'])`
			`return 'gwa gwa'`
Added settings page Added logging to a .log file Fixed Images loosing colour and rotation on thumbnail generation Added more info to README 2023-03-01 23:29:34 +00:00
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00
Rename routes to gallery Move methods to api.py Remove old db manager as its unused Remove old db tables as theres a new schema file Rename onlylegsSass to sassy, unused for now Update example.env to reflect new layout 2023-01-10 14:40:43 +00:00			`@blueprint.route('/logout')`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00			`def logout():`
Submitted to PyLints needs :3 2023-03-04 13:45:26 +00:00			`"""`
			`Clear the current session, including the stored user id`
			`"""`
			`logging.info('User (%s) %s logged out', session.get('user_id'), g.user.username)`
Update to reccommended file structure Use reccommended database structure Switch to SQLite and update scheme along with it 2023-01-10 12:39:29 +00:00			`session.clear()`
			`return redirect(url_for('index'))`