refactor security to Flask-Security - Part 2
This commit is contained in:
Josako
@@ -1,10 +0,0 @@
|
||||
from flask_wtf import FlaskForm
|
||||
from wtforms import PasswordField, SubmitField, EmailField, BooleanField
|
||||
from wtforms.validators import DataRequired, Length, Email
|
||||
|
||||
|
||||
class LoginForm(FlaskForm):
|
||||
email = EmailField('Email', validators=[DataRequired(), Email()])
|
||||
password = PasswordField('Password', validators=[DataRequired(), Length(min=8)])
|
||||
remember_me = BooleanField('Remember me')
|
||||
submit = SubmitField('Login')
|
||||
@@ -1,46 +0,0 @@
|
||||
from datetime import datetime as dt, timezone as tz
|
||||
from flask import request, redirect, url_for, flash, render_template, Blueprint, jsonify, session
|
||||
from flask_security import login_user, logout_user
|
||||
|
||||
from ..models.user import User, Tenant
|
||||
from .auth_forms import LoginForm
|
||||
|
||||
auth_bp = Blueprint('auth_bp', __name__, template_folder='templates')
|
||||
|
||||
|
||||
@auth_bp.route('/login', methods=['GET', 'POST'])
|
||||
def login():
|
||||
form = LoginForm()
|
||||
if form.validate_on_submit():
|
||||
email = form.email.data
|
||||
password = form.password.data
|
||||
remember_me = True if form.remember_me.data else False
|
||||
|
||||
user = User.query.filter_by(email=email).first()
|
||||
tenant = Tenant.query.filter_by(id=user.tenant_id).first()
|
||||
if user and user.verify_and_update_password(password):
|
||||
if user.is_active:
|
||||
login_user(user, remember=remember_me)
|
||||
next_page = request.args.get('next')
|
||||
|
||||
session['tenant_id'] = user.tenant_id
|
||||
session['tenant_name'] = tenant.name
|
||||
|
||||
return redirect(next_page)
|
||||
else:
|
||||
flash('Account disabled. Please contact your administrator.', category='error')
|
||||
else:
|
||||
flash('Invalid email or password.', category='error')
|
||||
|
||||
return render_template('login.html', form=form)
|
||||
|
||||
|
||||
@auth_bp.route('/logout', methods=['POST'])
|
||||
def logout():
|
||||
logout_user()
|
||||
|
||||
# Clear session data
|
||||
session.pop('tenant_id', None)
|
||||
session.pop('tenant_name', None)
|
||||
|
||||
return redirect(url_for('/'))
|
||||
@@ -1,4 +1,5 @@
|
||||
# from . import user_bp
|
||||
import uuid
|
||||
from datetime import datetime as dt, timezone as tz
|
||||
from flask import request, redirect, url_for, flash, render_template, Blueprint, session
|
||||
from flask_security import hash_password
|
||||
@@ -67,6 +68,10 @@ def tenant():
|
||||
def user():
|
||||
form = UserForm()
|
||||
if form.validate_on_submit():
|
||||
if form.password.data != form.confirm_password.data:
|
||||
flash('Passwords do not match.')
|
||||
|
||||
# Handle the required attributes
|
||||
hashed_password = hash_password(form.password.data)
|
||||
new_user = User(
|
||||
user_name=form.user_name.data,
|
||||
@@ -79,6 +84,7 @@ def user():
|
||||
tenant_id=form.tenant_id.data
|
||||
)
|
||||
|
||||
new_user.fs_uniquifier = str(uuid.uuid4())
|
||||
timestamp = dt.now(tz.utc)
|
||||
new_user.created_at = timestamp
|
||||
new_user.updated_at = timestamp
|
||||
@@ -100,3 +106,18 @@ def user():
|
||||
flash(f'Failed to add user. Error: {str(e)}')
|
||||
|
||||
return render_template('user/user.html', form=form)
|
||||
|
||||
|
||||
@user_bp.route('/user/<int:user_id>', methods=['GET', 'POST'])
|
||||
def edit_user(user_id):
|
||||
user = User.query.get_or_404(user_id) # This will return a 404 if no user is found
|
||||
form = UserForm(obj=user)
|
||||
|
||||
if request.method == 'POST' and form.validate_on_submit():
|
||||
# Populate the user with form data
|
||||
form.populate_obj(user)
|
||||
db.session.commit()
|
||||
flash('User updated successfully.', 'success')
|
||||
return redirect(url_for('user_bp.user_profile', user_id=user.id)) # Assuming there's a user profile view to redirect to
|
||||
|
||||
return render_template('user/edit_user.html', form=form, user_id=user_id)
|
||||
|
||||
Reference in New Issue
Block a user