diff options
author | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2015-08-04 19:00:58 +0200 |
---|---|---|
committer | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2015-08-04 19:00:58 +0200 |
commit | 0a116f556a4d8c2eabe3a07bc9b560538d2d530d (patch) | |
tree | 1a8e10402e4bb59dc7c217fa28d54bde009fd79f /pyaggr3g470r/views | |
parent | Updated NEWS.rst file. (diff) | |
download | newspipe-0a116f556a4d8c2eabe3a07bc9b560538d2d530d.tar.gz newspipe-0a116f556a4d8c2eabe3a07bc9b560538d2d530d.tar.bz2 newspipe-0a116f556a4d8c2eabe3a07bc9b560538d2d530d.zip |
Secure back redirects with WTForms.
Diffstat (limited to 'pyaggr3g470r/views')
-rw-r--r-- | pyaggr3g470r/views/views.py | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/pyaggr3g470r/views/views.py b/pyaggr3g470r/views/views.py index 29b865e0..69c2b50b 100644 --- a/pyaggr3g470r/views/views.py +++ b/pyaggr3g470r/views/views.py @@ -38,7 +38,8 @@ from bootstrap import application as app, db from flask import render_template, request, flash, session, \ url_for, redirect, g, current_app, make_response from flask.ext.login import LoginManager, login_user, logout_user, \ - login_required, current_user, AnonymousUserMixin + login_required, current_user, AnonymousUserMixin, \ + login_url from flask.ext.principal import Principal, Identity, AnonymousIdentity, \ identity_changed, identity_loaded, Permission,\ RoleNeed, UserNeed @@ -65,6 +66,10 @@ admin_permission = Permission(RoleNeed('admin')) login_manager = LoginManager() login_manager.init_app(app) +login_manager.login_message = gettext('Authentication required.') +login_manager.login_message_category = "info" +login_manager.login_view = 'login' + logger = logging.getLogger(__name__) # @@ -98,7 +103,6 @@ def load_user(id): # Return an instance of the User model return UserController().get(id=id) - # # Custom error pages. # @@ -110,7 +114,7 @@ def authentication_required(e): @app.errorhandler(403) def authentication_failed(e): flash(gettext('Forbidden.'), 'danger') - return redirect(url_for('home')) + return redirect(url_for('login')) @app.errorhandler(404) def page_not_found(e): @@ -151,10 +155,8 @@ def login(): """ if g.user is not None and g.user.is_authenticated(): return redirect(url_for('home')) - g.user = AnonymousUserMixin() form = SigninForm() - if form.validate_on_submit(): user = UserController().get(email=form.email.data) login_user(user) @@ -162,10 +164,9 @@ def login(): session['email'] = form.email.data identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) - return redirect(url_for('home')) + return form.redirect('home') return render_template('login.html', form=form) - @app.route('/logout') @login_required def logout(): |