from flask import render_template, request, flash, redirect, url_for from flask_login import login_user, logout_user, login_required, current_user from models import db, User from functools import wraps from utils import log_event from datetime import datetime def require_password_change(f): @wraps(f) def decorated_function(*args, **kwargs): if current_user.is_authenticated and current_user.check_password('changeme'): flash('Please change your password before continuing.', 'warning') return redirect(url_for('auth.change_password')) return f(*args, **kwargs) return decorated_function def init_routes(auth_bp): @auth_bp.route('/login', methods=['GET', 'POST']) def login(): if current_user.is_authenticated: return redirect(url_for('main.dashboard')) if request.method == 'POST': email = request.form.get('email') password = request.form.get('password') remember = True if request.form.get('remember') else False user = User.query.filter_by(email=email).first() if not user or not user.check_password(password): # Log failed login attempt log_event('user_login', { 'email': email, 'success': False, 'reason': 'invalid_credentials' }) flash('Please check your login details and try again.', 'danger') return redirect(url_for('auth.login')) login_user(user, remember=remember) # Log successful login log_event('user_login', { 'user_id': user.id, 'email': email, 'success': True, 'remember': remember, 'using_default_password': password == 'changeme' }, user.id) # Check if user is using default password if password == 'changeme': flash('Please change your password before continuing.', 'warning') return redirect(url_for('auth.change_password')) next_page = request.args.get('next') if next_page: return redirect(next_page) return redirect(url_for('main.dashboard')) return render_template('auth/login.html') @auth_bp.route('/register', methods=['GET', 'POST']) def register(): if current_user.is_authenticated: return redirect(url_for('main.dashboard')) if request.method == 'POST': email = request.form.get('email') username = request.form.get('username') password = request.form.get('password') user = User.query.filter_by(email=email).first() if user: flash('Email address already exists', 'danger') return redirect(url_for('auth.register')) user = User.query.filter_by(username=username).first() if user: flash('Username already exists', 'danger') return redirect(url_for('auth.register')) new_user = User(email=email, username=username) new_user.set_password(password) db.session.add(new_user) db.session.commit() # Log user registration log_event('user_register', { 'email': email, 'username': username, 'timestamp': datetime.utcnow().isoformat(), 'ip_address': request.remote_addr, 'user_agent': request.user_agent.string, 'registration_method': 'web_form' }, new_user.id) login_user(new_user) return redirect(url_for('main.dashboard')) return render_template('auth/register.html') @auth_bp.route('/logout') @login_required def logout(): # Log logout event log_event('user_logout', { 'user_id': current_user.id, 'email': current_user.email }, current_user.id) logout_user() return redirect(url_for('auth.login')) @auth_bp.route('/change-password', methods=['GET', 'POST']) @login_required def change_password(): if request.method == 'POST': current_password = request.form.get('current_password') new_password = request.form.get('new_password') confirm_password = request.form.get('confirm_password') if not current_user.check_password(current_password): flash('Current password is incorrect.', 'danger') return redirect(url_for('auth.change_password')) if new_password != confirm_password: flash('New passwords do not match.', 'danger') return redirect(url_for('auth.change_password')) current_user.set_password(new_password) db.session.commit() # Log password change log_event('user_update', { 'user_id': current_user.id, 'email': current_user.email, 'update_type': 'password_change' }, current_user.id) flash('Password changed successfully!', 'success') return redirect(url_for('main.dashboard')) return render_template('auth/change_password.html')