Added more views

This commit is contained in:
Vivek Santayana 2022-06-12 22:48:13 +01:00
parent 22878b5398
commit a58f267586
3 changed files with 72 additions and 20 deletions

View File

@ -1,4 +1,4 @@
from ..forms.admin import Login, Register from ..forms.admin import CreateUser, Login, Register, ResetPassword, UpdatePassword
from ..models import User from ..models import User
from ..tools.auth import disable_if_logged_in, require_account_creation from ..tools.auth import disable_if_logged_in, require_account_creation
@ -6,6 +6,7 @@ from flask import Blueprint, flash, jsonify, render_template, redirect, request,
from flask.helpers import url_for from flask.helpers import url_for
from flask_login import current_user, login_required from flask_login import current_user, login_required
import secrets
admin = Blueprint( admin = Blueprint(
name='admin', name='admin',
@ -43,7 +44,8 @@ def _login():
return jsonify({'success': f'Successfully logged in.'}), 200 return jsonify({'success': f'Successfully logged in.'}), 200
return jsonify({'error': f'The password you entered is incorrect.'}), 401 return jsonify({'error': f'The password you entered is incorrect.'}), 401
return jsonify({'error': f'The username you entered does not exist.'}), 401 return jsonify({'error': f'The username you entered does not exist.'}), 401
errors = [*form.username.errors, *form.password.errors]
return jsonify({ 'error': errors}), 400
if 'remembered_username' in session: form.username.data = session.pop('remembered_username') if 'remembered_username' in session: form.username.data = session.pop('remembered_username')
next = request.args.get('next') next = request.args.get('next')
return render_template('/admin/auth/login.html', form=form, next=next) return render_template('/admin/auth/login.html', form=form, next=next)
@ -52,7 +54,7 @@ def _login():
@login_required @login_required
def _logout(): def _logout():
current_user.logout() current_user.logout()
return redirect(url_for('views._login')) return redirect(url_for('admin._login'))
@admin.route('/register/', methods=['GET','POST']) @admin.route('/register/', methods=['GET','POST'])
@disable_if_logged_in @disable_if_logged_in
@ -66,24 +68,75 @@ def _register():
new_user.set_username = request.form.get('username').lower() new_user.set_username = request.form.get('username').lower()
new_user.set_email = request.form.get('email').lower() new_user.set_email = request.form.get('email').lower()
new_user.set_password = request.form.get('password').lower() new_user.set_password = request.form.get('password').lower()
success, message = new_user.register() success, message = new_user.register()
if success: if success:
flash(message=f'{message} Please log in to continue.', category='success') flash(message=f'{message} Please log in to continue.', category='success')
session['remembered_username'] = request.form.get('username').lower() session['remembered_username'] = request.form.get('username').lower()
return jsonify({'success': message}), 200 return jsonify({'success': message}), 200
flash(message=message, category='error') flash(message=message, category='error')
return jsonify({'error': message}), 401 return jsonify({'error': message}), 401
errors = [*form.username.errors, *form.email.errors, *form.password.errors, *form.password_reenter.errors]
return jsonify({ 'error': errors}), 400
return render_template('admin/auth/register.html') return render_template('admin/auth/register.html')
@admin.route('/reset/') @admin.route('/reset/')
def _reset(): def _reset():
return 'Reset Page' form = ResetPassword()
if request.method == 'POST':
if form.validate_on_submit():
user = None
users = User.query.all()
for _user in users:
if _user.get_username() == request.form.get('username'):
user = _user
break
if not user: return jsonify({'error': 'The user account does not exist.'}), 400
if not user.get_email() == request.form.get('email'): return jsonify({'error': 'The email address does not match the user account.'}), 400
return user.reset_password()
errors = [*form.username.errors, *form.email.errors]
return jsonify({ 'error': errors}), 400
token = request.args.get('token')
if token:
user = User.query.filter_by(reset_token=token).first()
if not user: return redirect(url_for('admin._reset'))
verification_token = user.verification_token
user.clear_reset_tokens()
if request.args.get('verification') == verification_token:
form = UpdatePassword()
return render_template('/auth/update_password.html', form=form, user=user.id)
flash('The verification of your password reset request failed and the token has been invalidated. Please make a new reset password request.', 'error')
return render_template('/admin/auth/reset.html', form=form)
@admin.route('/update_password/', methods=['POST']) @admin.route('/update_password/', methods=['POST'])
def _update_password(): def _update_password():
return 'Password Update' form = UpdatePassword()
if form.validate_on_submit():
user = request.form.get('user')
user = User.query.filter_by(id=user).first()
user.update(password=request.form.get('password'))
session['remembered_username'] = user.get_username()
flash('Your password has been reset.', 'success')
return jsonify({'success':'Your password has been reset'}), 200
errors = [*form.password.errors, *form.password_reenter.errors]
return jsonify({ 'error': errors}), 401
@admin.route('/settings/users/') @admin.route('/settings/users/', methods=['GET', 'POST'])
@login_required
def _users(): def _users():
return 'Manage Users' form = CreateUser()
users = User.query.all()
if request.method == 'POST':
if form.validate_on_submit():
password = request.form.get('password')
new_user = User()
new_user.set_username = request.form.get('username').lower()
new_user.set_password = secrets.token_hex(12) if not password else password
new_user.set_email = request.form.get('email')
success, message = new_user.register(notify=request.form.get('notify'))
if success: return jsonify({'success': message}), 200
return jsonify({'error': message}), 401
errors = [*form.username.errors, *form.email.errors, *form.password.errors]
return jsonify({ 'error': errors}), 401
return render_template('/admin/settings/users.html', form = form, users = users)

View File

@ -30,6 +30,7 @@ class CreateUser(FlaskForm):
username = StringField('Username', validators=[InputRequired(), Length(min=4, max=15)]) username = StringField('Username', validators=[InputRequired(), Length(min=4, max=15)])
email = StringField('Email Address', validators=[InputRequired(), Email(message='You must enter a valid email address.'), Length(max=50)]) email = StringField('Email Address', validators=[InputRequired(), Email(message='You must enter a valid email address.'), Length(max=50)])
password = PasswordField('Password (Optional)', validators=[Optional(),Length(min=6, max=30, message='The password must be between 6 and 20 characters long.')]) password = PasswordField('Password (Optional)', validators=[Optional(),Length(min=6, max=30, message='The password must be between 6 and 20 characters long.')])
notify = BooleanField('Notify accout creation by email', render_kw={'checked': True})
class DeleteUser(FlaskForm): class DeleteUser(FlaskForm):
password = PasswordField('Confirm Your Password', validators=[InputRequired(), Length(min=6, max=30, message='The password must be between 6 and 20 characters long.')]) password = PasswordField('Confirm Your Password', validators=[InputRequired(), Length(min=6, max=30, message='The password must be between 6 and 20 characters long.')])

View File

@ -51,13 +51,11 @@ class User(UserMixin, db.Model):
def get_email(self): return decrypt(self.email) def get_email(self): return decrypt(self.email)
def register(self): def register(self, notify:bool=False):
users = User.query.all() users = User.query.all()
for user in users: for user in users:
if user.get_username() == self.get_username(): if user.get_username() == self.get_username(): return False, f'Username {self.get_username()} already in use.'
return False, f'Username {self.get_username()} already in use.' if user.get_email() == self.get_email(): return False, f'Email address {self.get_email()} already in use.'
elif user.get_email() == self.get_email():
return False, f'Email address {self.get_email()} already in use.'
db.session.add(self) db.session.add(self)
db.session.commit() db.session.commit()
write('users.log', f'User \'{self.get_username()}\' was created with id \'{self.id}\'.') write('users.log', f'User \'{self.get_username()}\' was created with id \'{self.id}\'.')