from flask import flash, redirect, render_template, request, url_for from flask_login import login_required, login_user, logout_user from . import auth from .. import db from .forms import LoginForm, PasswordResetRequestForm, RegistrationForm from ..email import send_email from ..models import User @auth.route('/login', methods=['GET', 'POST']) def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user is not None and user.verify_password(form.password.data): login_user(user, form.remember_me.data) next = request.args.get('next') if next is None or not next.startswith('/'): next = url_for('main.index') return redirect(next) flash('Invalid username or password.') return render_template('auth/login.html.j2', form=form, title='Log in') @auth.route('/logout') @login_required def logout(): logout_user() flash('You have been logged out.') return redirect(url_for('main.index')) @auth.route('/register', methods=['GET', 'POST']) def register(): form = RegistrationForm() if form.validate_on_submit(): user = User(email=form.email.data, username=form.username.data, password=form.password.data) db.session.add(user) db.session.commit() flash('Successfully registered! You can now login.') return redirect(url_for('auth.login')) return render_template('auth/register.html.j2') @auth.route('/reset', methods=['GET', 'POST']) def password_reset_request(): form = PasswordResetRequestForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data.lower()).first() if user: token = user.generate_reset_token() send_email(user.email, 'Reset Your Password', 'auth/email/reset_password', user=user, token=token) flash('An email with instructions to reset your password has been ' 'sent to you.') return redirect(url_for('auth.login')) return render_template('auth/reset_password.html.j2', form=form, title='Password Reset')