-
Notifications
You must be signed in to change notification settings - Fork 0
/
views_auth.py
51 lines (44 loc) · 1.83 KB
/
views_auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import flask
import bcrypt
from init import app, db
import models
@app.route('/login')
def login():
return flask.render_template('login.html')
@app.route('/login', methods=['POST'])
def handle_login():
login = flask.request.form['user']
password = flask.request.form['password']
user = models.User.query.filter_by(login=login).first()
if user is not None:
pw_hash = bcrypt.hashpw(password.encode('utf8'), user.pw_hash)
if pw_hash == user.pw_hash:
flask.session['auth_user'] = user.id
return flask.redirect(flask.request.form['url'], 303)
return flask.render_template('login.html', state='bad')
@app.route('/create_user', methods=['POST'])
def create_user():
login = flask.request.form['user']
email = flask.request.form['email']
password = flask.request.form['password']
if password != flask.request.form['confirm']:
return flask.render_template('login.html', state='password-mismatch')
if len(login) > 20:
return flask.render_template('login.html', state='bad-username')
existing = models.User.query.filter_by(login=login).first()
if existing is not None:
return flask.render_template('login.html', state='username-used')
if set(' [~!@#$%^&*()_+{}":;\']+$').intersection(login):
return flask.render_template('login.html', state='bad-username')
if not login:
return flask.render_template('login.html', state='bad-username')
if not password:
return flask.render_template('login.html', state='bad-username')
user = models.User()
user.login = login
user.email = email
user.pw_hash = bcrypt.hashpw(password.encode('utf8'), bcrypt.gensalt(15))
db.session.add(user)
db.session.commit()
flask.session['auth_user'] = user.id
return flask.redirect(flask.url_for('show_user', uid=user.id), 303)