aboutsummaryrefslogtreecommitdiff
path: root/pyaggr3g470r/views
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2015-08-04 19:00:58 +0200
committerCédric Bonhomme <cedric@cedricbonhomme.org>2015-08-04 19:00:58 +0200
commit0a116f556a4d8c2eabe3a07bc9b560538d2d530d (patch)
tree1a8e10402e4bb59dc7c217fa28d54bde009fd79f /pyaggr3g470r/views
parentUpdated NEWS.rst file. (diff)
downloadnewspipe-0a116f556a4d8c2eabe3a07bc9b560538d2d530d.tar.gz
newspipe-0a116f556a4d8c2eabe3a07bc9b560538d2d530d.tar.bz2
newspipe-0a116f556a4d8c2eabe3a07bc9b560538d2d530d.zip
Secure back redirects with WTForms.
Diffstat (limited to 'pyaggr3g470r/views')
-rw-r--r--pyaggr3g470r/views/views.py15
1 files changed, 8 insertions, 7 deletions
diff --git a/pyaggr3g470r/views/views.py b/pyaggr3g470r/views/views.py
index 29b865e0..69c2b50b 100644
--- a/pyaggr3g470r/views/views.py
+++ b/pyaggr3g470r/views/views.py
@@ -38,7 +38,8 @@ from bootstrap import application as app, db
from flask import render_template, request, flash, session, \
url_for, redirect, g, current_app, make_response
from flask.ext.login import LoginManager, login_user, logout_user, \
- login_required, current_user, AnonymousUserMixin
+ login_required, current_user, AnonymousUserMixin, \
+ login_url
from flask.ext.principal import Principal, Identity, AnonymousIdentity, \
identity_changed, identity_loaded, Permission,\
RoleNeed, UserNeed
@@ -65,6 +66,10 @@ admin_permission = Permission(RoleNeed('admin'))
login_manager = LoginManager()
login_manager.init_app(app)
+login_manager.login_message = gettext('Authentication required.')
+login_manager.login_message_category = "info"
+login_manager.login_view = 'login'
+
logger = logging.getLogger(__name__)
#
@@ -98,7 +103,6 @@ def load_user(id):
# Return an instance of the User model
return UserController().get(id=id)
-
#
# Custom error pages.
#
@@ -110,7 +114,7 @@ def authentication_required(e):
@app.errorhandler(403)
def authentication_failed(e):
flash(gettext('Forbidden.'), 'danger')
- return redirect(url_for('home'))
+ return redirect(url_for('login'))
@app.errorhandler(404)
def page_not_found(e):
@@ -151,10 +155,8 @@ def login():
"""
if g.user is not None and g.user.is_authenticated():
return redirect(url_for('home'))
-
g.user = AnonymousUserMixin()
form = SigninForm()
-
if form.validate_on_submit():
user = UserController().get(email=form.email.data)
login_user(user)
@@ -162,10 +164,9 @@ def login():
session['email'] = form.email.data
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
- return redirect(url_for('home'))
+ return form.redirect('home')
return render_template('login.html', form=form)
-
@app.route('/logout')
@login_required
def logout():
bgstack15