docupulse/routes/auth.py

from flask import render_template, request, flash, redirect, url_for
from flask_login import login_user, logout_user, login_required, current_user
from models import db, User
from functools import wraps
from utils import log_event
from datetime import datetime

def require_password_change(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if current_user.is_authenticated and current_user.check_password('changeme'):
            flash('Please change your password before continuing.', 'warning')
            return redirect(url_for('auth.change_password'))
        return f(*args, **kwargs)
    return decorated_function

def init_routes(auth_bp):
    @auth_bp.route('/login', methods=['GET', 'POST'])
    def login():
        if current_user.is_authenticated:
            return redirect(url_for('main.dashboard'))
            
        if request.method == 'POST':
            email = request.form.get('email')
            password = request.form.get('password')
            remember = True if request.form.get('remember') else False
            
            user = User.query.filter_by(email=email).first()
            
            if not user or not user.check_password(password):
                # Log failed login attempt
                log_event('user_login', {
                    'email': email,
                    'success': False,
                    'reason': 'invalid_credentials'
                })
                flash('Please check your login details and try again.', 'danger')
                return redirect(url_for('auth.login'))
            
            login_user(user, remember=remember)
            
            # Log successful login
            log_event('user_login', {
                'user_id': user.id,
                'email': email,
                'success': True,
                'remember': remember,
                'using_default_password': password == 'changeme'
            }, user.id)
            
            # Check if user is using default password
            if password == 'changeme':
                flash('Please change your password before continuing.', 'warning')
                return redirect(url_for('auth.change_password'))
            
            next_page = request.args.get('next')
            if next_page:
                return redirect(next_page)
            return redirect(url_for('main.dashboard'))
            
        return render_template('auth/login.html')

    @auth_bp.route('/register', methods=['GET', 'POST'])
    def register():
        if current_user.is_authenticated:
            return redirect(url_for('main.dashboard'))
            
        if request.method == 'POST':
            email = request.form.get('email')
            username = request.form.get('username')
            password = request.form.get('password')
            
            user = User.query.filter_by(email=email).first()
            if user:
                flash('Email address already exists', 'danger')
                return redirect(url_for('auth.register'))
                
            user = User.query.filter_by(username=username).first()
            if user:
                flash('Username already exists', 'danger')
                return redirect(url_for('auth.register'))
                
            new_user = User(email=email, username=username)
            new_user.set_password(password)
            
            db.session.add(new_user)
            db.session.commit()
            
            # Log user registration
            log_event('user_register', {
                'email': email,
                'username': username,
                'timestamp': datetime.utcnow().isoformat(),
                'ip_address': request.remote_addr,
                'user_agent': request.user_agent.string,
                'registration_method': 'web_form'
            }, new_user.id)
            
            login_user(new_user)
            return redirect(url_for('main.dashboard'))
            
        return render_template('auth/register.html')

    @auth_bp.route('/logout')
    @login_required
    def logout():
        # Log logout event
        log_event('user_logout', {
            'user_id': current_user.id,
            'email': current_user.email
        }, current_user.id)
        
        logout_user()
        return redirect(url_for('auth.login'))

    @auth_bp.route('/change-password', methods=['GET', 'POST'])
    @login_required
    def change_password():
        if request.method == 'POST':
            current_password = request.form.get('current_password')
            new_password = request.form.get('new_password')
            confirm_password = request.form.get('confirm_password')
            
            if not current_user.check_password(current_password):
                flash('Current password is incorrect.', 'danger')
                return redirect(url_for('auth.change_password'))
                
            if new_password != confirm_password:
                flash('New passwords do not match.', 'danger')
                return redirect(url_for('auth.change_password'))
                
            current_user.set_password(new_password)
            db.session.commit()
            
            # Log password change
            log_event('user_update', {
                'user_id': current_user.id,
                'email': current_user.email,
                'update_type': 'password_change'
            }, current_user.id)
            
            flash('Password changed successfully!', 'success')
            return redirect(url_for('main.dashboard'))
            
        return render_template('auth/change_password.html')