from app import db, logger from app.email import send_email from app.models import User from flask import (current_app, flash, redirect, render_template, request, url_for) from flask_login import current_user, login_user, login_required, logout_user from . import auth from .forms import (LoginForm, ResetPasswordForm, ResetPasswordRequestForm, RegistrationForm) import os import shutil @auth.before_app_request def before_request(): """ Checks if a user is unconfirmed when visiting specific sites. Redirects to unconfirmed view if user is unconfirmed. """ if (current_user.is_authenticated and not current_user.confirmed and request.blueprint != 'auth' and request.endpoint != 'static'): return redirect(url_for('auth.unconfirmed')) @auth.route('/login', methods=['GET', 'POST']) def login(): if current_user.is_authenticated: return redirect(url_for('main.dashboard')) login_form = LoginForm(prefix='login-form') if login_form.validate_on_submit(): user = User.query.filter_by(username=login_form.user.data).first() if user is None: user = User.query.filter_by(email=login_form.user.data).first() if user is not None and user.verify_password(login_form.password.data): login_user(user, login_form.remember_me.data) next = request.args.get('next') if next is None or not next.startswith('/'): next = url_for('main.dashboard') return redirect(next) flash('Invalid email/username or password.') return render_template('auth/login.html.j2', login_form=login_form, title='Log in') @auth.route('/logout') @login_required def logout(): logout_user() flash('You have been logged out.') return redirect(url_for('main.index')) @auth.route('/register', methods=['GET', 'POST']) def register(): if current_user.is_authenticated: return redirect(url_for('main.dashboard')) registration_form = RegistrationForm(prefix='registration-form') if registration_form.validate_on_submit(): user = User(email=registration_form.email.data.lower(), password=registration_form.password.data, username=registration_form.username.data) db.session.add(user) db.session.commit() user_dir = os.path.join(current_app.config['NOPAQUE_STORAGE'], str(user.id)) if os.path.exists(user_dir): shutil.rmtree(user_dir) os.mkdir(user_dir) token = user.generate_confirmation_token() send_email(user.email, 'Confirm Your Account', 'auth/email/confirm', token=token, user=user) flash('A confirmation email has been sent to you by email.') return redirect(url_for('auth.login')) return render_template('auth/register.html.j2', registration_form=registration_form, title='Register') @auth.route('/confirm/') @login_required def confirm(token): if current_user.confirmed: return redirect(url_for('main.dashboard')) if current_user.confirm(token): db.session.commit() flash('You have confirmed your account. Thanks!') return redirect(url_for('main.dashboard')) else: flash('The confirmation link is invalid or has expired.') return redirect(url_for('auth.unconfirmed')) @auth.route('/unconfirmed') def unconfirmed(): if current_user.is_anonymous: return redirect(url_for('main.index')) elif current_user.confirmed: return redirect(url_for('main.dashboard')) return render_template('auth/unconfirmed.html.j2', title='Unconfirmed') @auth.route('/confirm') @login_required def resend_confirmation(): token = current_user.generate_confirmation_token() send_email(current_user.email, 'Confirm Your Account', 'auth/email/confirm', token=token, user=current_user) flash('A new confirmation email has been sent to you by email.') return redirect(url_for('auth.unconfirmed')) @auth.route('/reset', methods=['GET', 'POST']) def reset_password_request(): if current_user.is_authenticated: return redirect(url_for('main.dashboard')) reset_password_request_form = ResetPasswordRequestForm( prefix='reset-password-request-form' ) if reset_password_request_form.validate_on_submit(): submitted_email = reset_password_request_form.email.data user = User.query.filter_by(email=submitted_email.lower()).first() if user: token = user.generate_reset_token() send_email(user.email, 'Reset Your Password', 'auth/email/reset_password', token=token, user=user) flash('An email with instructions to reset your password has been ' 'sent to you.') return redirect(url_for('auth.login')) return render_template( 'auth/reset_password_request.html.j2', reset_password_request_form=reset_password_request_form, title='Password Reset' ) @auth.route('/reset/', methods=['GET', 'POST']) def reset_password(token): if current_user.is_authenticated: return redirect(url_for('main.dashboard')) reset_password_form = ResetPasswordForm(prefix='reset-password-form') if reset_password_form.validate_on_submit(): if User.reset_password(token, reset_password_form.password.data): db.session.commit() flash('Your password has been updated.') return redirect(url_for('auth.login')) else: return redirect(url_for('main.index')) return render_template('auth/reset_password.html.j2', reset_password_form=reset_password_form, title='Password Reset')