104 lines
4.1 KiB
Python
104 lines
4.1 KiB
Python
from flask import render_template, request, flash, redirect, url_for
|
|
from flask_login import login_user, logout_user, login_required, current_user
|
|
from models import db, User
|
|
from functools import wraps
|
|
|
|
def require_password_change(f):
|
|
@wraps(f)
|
|
def decorated_function(*args, **kwargs):
|
|
if current_user.is_authenticated and current_user.check_password('changeme'):
|
|
flash('Please change your password before continuing.', 'warning')
|
|
return redirect(url_for('auth.change_password'))
|
|
return f(*args, **kwargs)
|
|
return decorated_function
|
|
|
|
def init_routes(auth_bp):
|
|
@auth_bp.route('/login', methods=['GET', 'POST'])
|
|
def login():
|
|
if current_user.is_authenticated:
|
|
return redirect(url_for('main.dashboard'))
|
|
|
|
if request.method == 'POST':
|
|
email = request.form.get('email')
|
|
password = request.form.get('password')
|
|
remember = True if request.form.get('remember') else False
|
|
|
|
user = User.query.filter_by(email=email).first()
|
|
|
|
if not user or not user.check_password(password):
|
|
flash('Please check your login details and try again.', 'danger')
|
|
return redirect(url_for('auth.login'))
|
|
|
|
login_user(user, remember=remember)
|
|
|
|
# Check if user is using default password
|
|
if password == 'changeme':
|
|
flash('Please change your password before continuing.', 'warning')
|
|
return redirect(url_for('auth.change_password'))
|
|
|
|
next_page = request.args.get('next')
|
|
if next_page:
|
|
return redirect(next_page)
|
|
return redirect(url_for('main.dashboard'))
|
|
|
|
return render_template('auth/login.html')
|
|
|
|
@auth_bp.route('/register', methods=['GET', 'POST'])
|
|
def register():
|
|
if current_user.is_authenticated:
|
|
return redirect(url_for('main.dashboard'))
|
|
|
|
if request.method == 'POST':
|
|
email = request.form.get('email')
|
|
username = request.form.get('username')
|
|
password = request.form.get('password')
|
|
|
|
user = User.query.filter_by(email=email).first()
|
|
if user:
|
|
flash('Email address already exists', 'danger')
|
|
return redirect(url_for('auth.register'))
|
|
|
|
user = User.query.filter_by(username=username).first()
|
|
if user:
|
|
flash('Username already exists', 'danger')
|
|
return redirect(url_for('auth.register'))
|
|
|
|
new_user = User(email=email, username=username)
|
|
new_user.set_password(password)
|
|
|
|
db.session.add(new_user)
|
|
db.session.commit()
|
|
|
|
login_user(new_user)
|
|
return redirect(url_for('main.dashboard'))
|
|
|
|
return render_template('auth/register.html')
|
|
|
|
@auth_bp.route('/logout')
|
|
@login_required
|
|
def logout():
|
|
logout_user()
|
|
return redirect(url_for('auth.login'))
|
|
|
|
@auth_bp.route('/change-password', methods=['GET', 'POST'])
|
|
@login_required
|
|
def change_password():
|
|
if request.method == 'POST':
|
|
current_password = request.form.get('current_password')
|
|
new_password = request.form.get('new_password')
|
|
confirm_password = request.form.get('confirm_password')
|
|
|
|
if not current_user.check_password(current_password):
|
|
flash('Current password is incorrect.', 'danger')
|
|
return redirect(url_for('auth.change_password'))
|
|
|
|
if new_password != confirm_password:
|
|
flash('New passwords do not match.', 'danger')
|
|
return redirect(url_for('auth.change_password'))
|
|
|
|
current_user.set_password(new_password)
|
|
db.session.commit()
|
|
flash('Password changed successfully!', 'success')
|
|
return redirect(url_for('main.dashboard'))
|
|
|
|
return render_template('auth/change_password.html') |