2023-03-04 13:45:26 +00:00
|
|
|
"""
|
2023-03-11 22:14:03 +00:00
|
|
|
OnlyLegs - Authentication
|
2023-03-04 13:45:26 +00:00
|
|
|
User registration, login and logout and locking access to pages behind a login
|
|
|
|
|
"""
|
|
|
|
|
import re
|
|
|
|
|
import logging
|
|
|
|
|
|
2023-04-04 14:00:00 +00:00
|
|
|
from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify
|
2023-01-10 12:39:29 +00:00
|
|
|
from werkzeug.security import check_password_hash, generate_password_hash
|
2023-03-01 23:29:34 +00:00
|
|
|
|
2023-04-03 18:04:49 +00:00
|
|
|
from flask_login import login_user, logout_user, login_required
|
2023-03-04 13:45:26 +00:00
|
|
|
|
2023-04-03 18:04:49 +00:00
|
|
|
from sqlalchemy.orm import sessionmaker
|
2023-03-04 13:45:26 +00:00
|
|
|
from gallery import db
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
blueprint = Blueprint('auth', __name__, url_prefix='/auth')
|
2023-03-03 00:26:46 +00:00
|
|
|
db_session = sessionmaker(bind=db.engine)
|
|
|
|
|
db_session = db_session()
|
2023-03-01 23:29:34 +00:00
|
|
|
|
|
|
|
|
|
2023-04-03 18:04:49 +00:00
|
|
|
@blueprint.route('/login', methods=['POST'])
|
|
|
|
|
def login():
|
2023-03-04 13:45:26 +00:00
|
|
|
"""
|
2023-04-03 18:04:49 +00:00
|
|
|
Log in a registered user by adding the user id to the session
|
2023-03-04 13:45:26 +00:00
|
|
|
"""
|
2023-04-03 18:04:49 +00:00
|
|
|
error = []
|
2023-04-04 14:00:00 +00:00
|
|
|
|
2023-04-03 18:04:49 +00:00
|
|
|
username = request.form['username'].strip()
|
|
|
|
|
password = request.form['password'].strip()
|
2023-04-05 18:58:17 +00:00
|
|
|
remember = bool(request.form['remember-me'])
|
2023-03-04 13:45:26 +00:00
|
|
|
|
2023-04-03 18:04:49 +00:00
|
|
|
user = db_session.query(db.Users).filter_by(username=username).first()
|
2023-01-10 12:39:29 +00:00
|
|
|
|
2023-04-05 16:35:59 +00:00
|
|
|
if not user or not check_password_hash(user.password, password):
|
2023-04-04 14:00:00 +00:00
|
|
|
logging.error('Login attempt from %s', request.remote_addr)
|
2023-04-03 18:04:49 +00:00
|
|
|
error.append('Username or Password is incorrect!')
|
2023-01-10 12:39:29 +00:00
|
|
|
|
2023-04-03 18:04:49 +00:00
|
|
|
if error:
|
|
|
|
|
abort(403)
|
2023-01-10 12:39:29 +00:00
|
|
|
|
2023-04-04 17:46:07 +00:00
|
|
|
login_user(user, remember=remember)
|
2023-03-01 23:29:34 +00:00
|
|
|
|
2023-04-03 18:04:49 +00:00
|
|
|
logging.info('User %s logged in from %s', username, request.remote_addr)
|
|
|
|
|
flash(['Logged in successfully!', '4'])
|
2023-04-05 16:35:59 +00:00
|
|
|
return 'ok', 200
|
2023-03-04 13:45:26 +00:00
|
|
|
|
2023-01-10 12:39:29 +00:00
|
|
|
|
2023-01-25 15:13:56 +00:00
|
|
|
@blueprint.route('/register', methods=['POST'])
|
2023-01-10 12:39:29 +00:00
|
|
|
def register():
|
2023-03-04 13:45:26 +00:00
|
|
|
"""
|
|
|
|
|
Register a new user
|
|
|
|
|
"""
|
2023-04-03 18:04:49 +00:00
|
|
|
error = []
|
2023-04-04 14:00:00 +00:00
|
|
|
|
2023-04-01 16:59:17 +00:00
|
|
|
# Thanks Fennec for reminding me to strip out the whitespace lol
|
|
|
|
|
username = request.form['username'].strip()
|
|
|
|
|
email = request.form['email'].strip()
|
|
|
|
|
password = request.form['password'].strip()
|
|
|
|
|
password_repeat = request.form['password-repeat'].strip()
|
2023-03-04 13:45:26 +00:00
|
|
|
|
|
|
|
|
email_regex = re.compile(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b')
|
2023-04-01 16:59:17 +00:00
|
|
|
username_regex = re.compile(r'\b[A-Za-z0-9._-]+\b')
|
2023-03-04 13:45:26 +00:00
|
|
|
|
2023-04-03 18:04:49 +00:00
|
|
|
# Validate the form
|
2023-03-04 13:45:26 +00:00
|
|
|
if not username or not username_regex.match(username):
|
|
|
|
|
error.append('Username is invalid!')
|
2023-03-01 23:29:34 +00:00
|
|
|
|
2023-03-04 13:45:26 +00:00
|
|
|
if not email or not email_regex.match(email):
|
2023-01-25 15:13:56 +00:00
|
|
|
error.append('Email is invalid!')
|
2023-03-01 23:29:34 +00:00
|
|
|
|
2023-01-25 15:13:56 +00:00
|
|
|
if not password:
|
|
|
|
|
error.append('Password is empty!')
|
|
|
|
|
elif len(password) < 8:
|
|
|
|
|
error.append('Password is too short! Longer than 8 characters pls')
|
2023-03-01 23:29:34 +00:00
|
|
|
|
2023-01-25 15:13:56 +00:00
|
|
|
if not password_repeat:
|
2023-03-04 13:45:26 +00:00
|
|
|
error.append('Enter password again!')
|
2023-01-25 15:13:56 +00:00
|
|
|
elif password_repeat != password:
|
|
|
|
|
error.append('Passwords do not match!')
|
2023-04-04 14:00:00 +00:00
|
|
|
|
2023-04-03 18:04:49 +00:00
|
|
|
user_exists = db_session.query(db.Users).filter_by(username=username).first()
|
|
|
|
|
if user_exists:
|
|
|
|
|
error.append('User already exists!')
|
2023-01-25 15:13:56 +00:00
|
|
|
|
2023-04-03 18:04:49 +00:00
|
|
|
# If there are errors, return them
|
2023-03-04 13:45:26 +00:00
|
|
|
if error:
|
2023-04-05 16:35:59 +00:00
|
|
|
print(error)
|
|
|
|
|
return jsonify(error), 400
|
2023-03-04 13:45:26 +00:00
|
|
|
|
2023-04-05 16:35:59 +00:00
|
|
|
register_user = db.Users(username=username, email=email,
|
|
|
|
|
password=generate_password_hash(password, method='sha256'))
|
2023-04-03 18:04:49 +00:00
|
|
|
db_session.add(register_user)
|
|
|
|
|
db_session.commit()
|
2023-03-04 13:45:26 +00:00
|
|
|
|
|
|
|
|
logging.info('User %s registered', username)
|
2023-04-05 16:35:59 +00:00
|
|
|
return 'ok', 200
|
2023-01-25 15:13:56 +00:00
|
|
|
|
|
|
|
|
|
2023-01-10 14:40:43 +00:00
|
|
|
@blueprint.route('/logout')
|
2023-04-03 18:04:49 +00:00
|
|
|
@login_required
|
2023-01-10 12:39:29 +00:00
|
|
|
def logout():
|
2023-03-04 13:45:26 +00:00
|
|
|
"""
|
|
|
|
|
Clear the current session, including the stored user id
|
|
|
|
|
"""
|
2023-04-03 18:04:49 +00:00
|
|
|
logout_user()
|
2023-04-05 16:35:59 +00:00
|
|
|
flash(['Goodbye!!!', '4'])
|
2023-03-12 18:19:43 +00:00
|
|
|
return redirect(url_for('gallery.index'))
|
