You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

165 lines
5.8 KiB

  1. from flask import render_template, redirect, request, url_for, flash
  2. from flask_login import login_user, logout_user, login_required, current_user
  3. from . import auth
  4. from .. import db
  5. from ..models import User
  6. from ..email import send_email
  7. from .forms import LoginForm, RegistrationForm, ChangePasswordForm, \
  8. PasswordResetRequestForm, PasswordResetForm, ChangeEmailForm
  9. @auth.before_app_request
  10. def before_request():
  11. if current_user.is_authenticated \
  12. and not current_user.confirmed \
  13. and request.blueprint != 'auth' \
  14. and request.endpoint != 'static':
  15. return redirect(url_for('auth.unconfirmed'))
  16. @auth.route('/unconfirmed')
  17. def unconfirmed():
  18. if current_user.is_anonymous or current_user.confirmed:
  19. return redirect(url_for('main.index'))
  20. return render_template('auth/unconfirmed.html')
  21. @auth.route('/login', methods=['GET', 'POST'])
  22. def login():
  23. form = LoginForm()
  24. if form.validate_on_submit():
  25. user = User.query.filter_by(email=form.email.data).first()
  26. if user is not None and user.verify_password(form.password.data):
  27. login_user(user, form.remember_me.data)
  28. next = request.args.get('next')
  29. if next is None or not next.startswith('/'):
  30. next = url_for('main.index')
  31. return redirect(next)
  32. flash('Invalid username or password')
  33. return render_template('auth/login.html', form=form)
  34. @auth.route('/logout')
  35. @login_required
  36. def logout():
  37. logout_user()
  38. flash('You have been logged out.')
  39. return redirect(url_for('main.index'))
  40. @auth.route('/register', methods=['GET', 'POST'])
  41. def register():
  42. form = RegistrationForm()
  43. if form.validate_on_submit():
  44. user = User(email=form.email.data,
  45. username=form.username.data,
  46. password=form.password.data)
  47. db.session.add(user)
  48. db.session.commit()
  49. token = user.generate_confirmation_token()
  50. send_email(user.email, 'Confirm your account',
  51. 'auth/email/confirm', user=user, token=token)
  52. flash('A confirmation email has been sent to you by email.')
  53. return redirect(url_for('main.index'))
  54. return render_template('auth/register.html', form=form)
  55. @auth.route('/confirm/<token>')
  56. @login_required
  57. def confirm(token):
  58. if current_user.confirmed:
  59. return redirect(url_for('main.index'))
  60. if current_user.confirm(token):
  61. db.session.commit()
  62. flash('You have confirmed your account. Thanks!')
  63. else:
  64. flash('The confirmationlink is invalid or has expired')
  65. return redirect(url_for('main.index'))
  66. @auth.route('/confirm')
  67. @login_required
  68. def resend_confirmation():
  69. token = current_user.generate_confirmation_token()
  70. send_email(current_user.email, 'Confirm your account',
  71. 'auth/email/confirm', user=current_user, token=token)
  72. flash('A new confirmation email has been sent to you by email.')
  73. return redirect(url_for('main.index'))
  74. @auth.route('/change-password', methods=['GET', 'POST'])
  75. @login_required
  76. def change_password():
  77. form = ChangePasswordForm()
  78. if form.validate_on_submit():
  79. if current_user.verify_password(form.old_password.data):
  80. current_user.password = form.password.data
  81. db.session.add(current_user)
  82. db.session.commit()
  83. flash('Your password has been updated')
  84. redirect(url_for('main.index'))
  85. else:
  86. flash('Invalid password.')
  87. return render_template('auth/change_password.html', form=form)
  88. @auth.route('/reset', methods=['GET', 'POST'])
  89. def password_reset_request():
  90. if not current_user.is_anonymous:
  91. redirect(url_for('main.index'))
  92. form = PasswordResetRequestForm()
  93. if form.validate_on_submit():
  94. user = User.query.filter_by(email=form.email.data).first()
  95. if user:
  96. token = user.generate_reset_token()
  97. send_email(user.email, 'Reset your password',
  98. 'auth/email/reset_password', user=user, token=token)
  99. flash('An email with instructions to reset your password has been '
  100. 'sent to you')
  101. return redirect(url_for('auth.login'))
  102. return render_template('auth/reset_password.html', form=form)
  103. @auth.route('/reset/<token>', methods=['GET', 'POST'])
  104. def password_reset(token):
  105. if not current_user.is_anonymous:
  106. redirect(url_for('main.index'))
  107. form = PasswordResetForm()
  108. if form.validate_on_submit():
  109. if User.reset_password(token, form.password.data):
  110. db.session.commit()
  111. flash('Your password has been updated.')
  112. return redirect(url_for('auth.login'))
  113. else:
  114. return redirect(url_for('main.index'))
  115. return render_template('auth/reset_password.html', form=form)
  116. @auth.route('/change-email', methods=['GET', 'POST'])
  117. @login_required
  118. def change_email_request():
  119. form = ChangeEmailForm()
  120. if form.validate_on_submit():
  121. if current_user.verify_password(form.password.data):
  122. new_email = form.email.data
  123. token = current_user.generate_email_change_token(new_email)
  124. send_email(new_email, 'Confirm your email address',
  125. 'auth/email/change_email',
  126. user=current_user, token=token)
  127. flash('An email with instructions to confirm your new email '
  128. 'address has been sent to you')
  129. return redirect(url_for('main.index'))
  130. else:
  131. flash('Invalid email or password')
  132. return render_template('auth/change_email.html', form=form)
  133. @auth.route('/change-email/<token>')
  134. @login_required
  135. def change_email(token):
  136. if current_user.change_email(token):
  137. db.session.commit()
  138. flash('Your email address has been updated.')
  139. else:
  140. flash('Invalid request.')
  141. return redirect(url_for('main.index'))