mirror of
https://github.com/Derpy-Leggies/OnlyLegs.git
synced 2024-12-29 10:56:10 +00:00
110 lines
3 KiB
Python
110 lines
3 KiB
Python
"""
|
|
OnlyLegs - Authentication
|
|
User registration, login and logout and locking access to pages behind a login
|
|
"""
|
|
import re
|
|
import logging
|
|
|
|
from flask import Blueprint, flash, redirect, request, url_for, abort, jsonify
|
|
from werkzeug.security import check_password_hash, generate_password_hash
|
|
|
|
from flask_login import login_user, logout_user, login_required
|
|
|
|
from onlylegs.extensions import db
|
|
from onlylegs.models import User
|
|
|
|
|
|
blueprint = Blueprint("auth", __name__, url_prefix="/auth")
|
|
|
|
|
|
@blueprint.route("/login", methods=["POST"])
|
|
def login():
|
|
"""
|
|
Log in a registered user by adding the user id to the session
|
|
"""
|
|
error = []
|
|
|
|
username = request.form["username"].strip()
|
|
password = request.form["password"].strip()
|
|
remember = bool(request.form["remember-me"])
|
|
|
|
user = User.query.filter_by(username=username).first()
|
|
|
|
if not user or not check_password_hash(user.password, password):
|
|
logging.error("Login attempt from %s", request.remote_addr)
|
|
error.append("Username or Password is incorrect!")
|
|
|
|
if error:
|
|
abort(403)
|
|
|
|
login_user(user, remember=remember)
|
|
|
|
logging.info("User %s logged in from %s", username, request.remote_addr)
|
|
flash(["Logged in successfully!", "4"])
|
|
return "ok", 200
|
|
|
|
|
|
@blueprint.route("/register", methods=["POST"])
|
|
def register():
|
|
"""
|
|
Register a new user
|
|
"""
|
|
error = []
|
|
|
|
# Thanks Fennec for reminding me to strip out the whitespace lol
|
|
username = request.form["username"].strip()
|
|
email = request.form["email"].strip()
|
|
password = request.form["password"].strip()
|
|
password_repeat = request.form["password-repeat"].strip()
|
|
|
|
email_regex = re.compile(r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b")
|
|
username_regex = re.compile(r"\b[A-Za-z0-9._-]+\b")
|
|
|
|
# Validate the form
|
|
if not username or not username_regex.match(username):
|
|
error.append("Username is invalid!")
|
|
|
|
if not email or not email_regex.match(email):
|
|
error.append("Email is invalid!")
|
|
|
|
if not password:
|
|
error.append("Password is empty!")
|
|
elif len(password) < 8:
|
|
error.append("Password is too short! Longer than 8 characters pls")
|
|
|
|
if not password_repeat:
|
|
error.append("Enter password again!")
|
|
elif password_repeat != password:
|
|
error.append("Passwords do not match!")
|
|
|
|
user_exists = User.query.filter_by(username=username).first()
|
|
if user_exists:
|
|
error.append("User already exists!")
|
|
|
|
# If there are errors, return them
|
|
if error:
|
|
print(error)
|
|
return jsonify(error), 400
|
|
|
|
register_user = User(
|
|
username=username,
|
|
email=email,
|
|
password=generate_password_hash(password, method="sha256"),
|
|
)
|
|
db.session.add(register_user)
|
|
db.session.commit()
|
|
|
|
logging.info("User %s registered", username)
|
|
return "ok", 200
|
|
|
|
|
|
@blueprint.route("/logout")
|
|
@login_required
|
|
def logout():
|
|
"""
|
|
Clear the current session, including the stored user id
|
|
"""
|
|
logout_user()
|
|
flash(["Goodbye!!!", "4"])
|
|
return redirect(url_for("gallery.index"))
|