From b32ca6c0f5968f5e9f59847db5012e3ef7f98631 Mon Sep 17 00:00:00 2001 From: Cédric Bonhomme Date: Wed, 2 Mar 2016 08:25:52 +0100 Subject: Code update. Some problems with CSRF token on Chromium... --- src/web/views/session_mgmt.py | 57 ++++++++++--------------------------------- 1 file changed, 13 insertions(+), 44 deletions(-) (limited to 'src/web/views/session_mgmt.py') diff --git a/src/web/views/session_mgmt.py b/src/web/views/session_mgmt.py index f1b16927..65be856c 100644 --- a/src/web/views/session_mgmt.py +++ b/src/web/views/session_mgmt.py @@ -1,10 +1,7 @@ -#! /usr/bin/env python -# -*- coding: utf-8 -*- - import json -import datetime import logging +from werkzeug.exceptions import NotFound from flask import (render_template, flash, session, request, url_for, redirect, current_app) from flask.ext.babel import gettext @@ -13,8 +10,6 @@ from flask.ext.login import LoginManager, logout_user, \ from flask.ext.principal import (Principal, AnonymousIdentity, UserNeed, identity_changed, identity_loaded, session_identity_loader) -from werkzeug import generate_password_hash -from sqlalchemy.exc import IntegrityError import conf from web.views.common import admin_role, api_role, login_user_bundle @@ -41,20 +36,15 @@ def on_identity_loaded(sender, identity): identity.provides.add(UserNeed(current_user.id)) if current_user.is_admin: identity.provides.add(admin_role) - #if current_user.is_api: - #identity.provides.add(api_role) + if current_user.is_api: + identity.provides.add(api_role) + @login_manager.user_loader -def load_user(id): - # Return an instance of the User model - return UserController().get(id=id) +def load_user(user_id): + return UserController(user_id, ignore_context=True).get( + id=user_id, is_active=True) -"""@current_app.before_request -def before_request(): - if current_user.is_authenticated: - current_user.last_seen = datetime.datetime.utcnow() - db.session.add(current_user) - db.session.commit()""" @current_app.route('/login', methods=['GET', 'POST']) def login(): @@ -66,6 +56,7 @@ def login(): return form.redirect('home') return render_template('login.html', form=form) + @current_app.route('/logout') @login_required def logout(): @@ -82,42 +73,20 @@ def logout(): return redirect(url_for('login')) + @current_app.route('/signup', methods=['GET', 'POST']) def signup(): - """ - Signup page. - """ if not conf.SELF_REGISTRATION: flash(gettext("Self-registration is disabled."), 'warning') return redirect(url_for('home')) - if current_user is not None and current_user.is_authenticated: + if current_user.is_authenticated: return redirect(url_for('home')) form = SignupForm() - if form.validate_on_submit(): - role_user = Role.query.filter(Role.name == "user").first() - user = User(nickname=form.nickname.data, - email=form.email.data, - pwdhash=generate_password_hash(form.password.data)) - user.roles = [role_user] - db.session.add(user) - try: - db.session.commit() - except IntegrityError: - flash(gettext('Email already used.'), 'warning') - return render_template('signup.html', form=form) - - # Send the confirmation email - try: - notifications.new_account_notification(user) - except Exception as error: - flash(gettext('Problem while sending activation email: %(error)s', - error=error), 'danger') - return redirect(url_for('home')) - - flash(gettext('Your account has been created. ' - 'Check your mail to confirm it.'), 'success') + user = UserController().create(login=form.login.data, + email=form.email.data, password=form.password.data) + login_user_bundle(user) return redirect(url_for('home')) return render_template('signup.html', form=form) -- cgit