from flask import Blueprint, render_template, redirect, url_for, flash, request, current_app, jsonify, session from flask_login import login_user, logout_user, login_required, current_user from urllib.parse import urlparse from app import db from app.models import User from app.routes import auth_bp from flask_wtf import FlaskForm from wtforms import StringField, PasswordField, BooleanField, SubmitField from wtforms.validators import DataRequired, Length, EqualTo, ValidationError from werkzeug.exceptions import BadRequest from werkzeug.security import generate_password_hash import logging # Setup logging logger = logging.getLogger(__name__) bp = Blueprint('auth', __name__) # Login form class LoginForm(FlaskForm): username = StringField('Username', validators=[DataRequired()]) password = PasswordField('Password', validators=[DataRequired()]) remember_me = BooleanField('Remember Me') submit = SubmitField('Sign In') # Registration form class RegistrationForm(FlaskForm): username = StringField('Username', validators=[DataRequired(), Length(min=3, max=64)]) password = PasswordField('Password', validators=[DataRequired(), Length(min=8)]) password2 = PasswordField('Confirm Password', validators=[DataRequired(), EqualTo('password')]) submit = SubmitField('Register') def validate_username(self, username): user = User.query.filter_by(username=username.data).first() if user is not None: raise ValidationError('Please use a different username.') @bp.route('/login', methods=['GET', 'POST']) def login(): """User login page""" if current_user.is_authenticated: return redirect(url_for('dashboard.index')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if user is None or not user.verify_password(form.password.data): flash('Invalid username or password', 'error') return redirect(url_for('auth.login')) login_user(user, remember=form.remember_me.data) # Redirect to requested page or dashboard next_page = request.args.get('next') if not next_page or urlparse(next_page).netloc != '': next_page = url_for('dashboard.index') flash('Login successful!', 'success') return redirect(next_page) return render_template('auth/login.html', form=form) @bp.route('/logout') @login_required def logout(): """User logout""" logout_user() flash('You have been logged out.', 'info') return redirect(url_for('auth.login')) @bp.route('/register', methods=['GET', 'POST']) def register(): """User registration page""" if current_user.is_authenticated: return redirect(url_for('dashboard.index')) form = RegistrationForm() if form.validate_on_submit(): # Create new user user = User( username=form.username.data, ) # Try both ways to set password try: # First try with set_password method logger.info("Trying to set password with set_password method") if hasattr(user, 'set_password'): user.set_password(form.password.data) else: # Fall back to property setter logger.info("set_password not found, using password property instead") user.password = form.password.data except Exception as e: logger.error(f"Error setting password: {e}") # Ensure we set the password somehow user.password_hash = generate_password_hash(form.password.data) logger.info("Set password_hash directly") # Save to database db.session.add(user) db.session.commit() logger.info(f"User {user.username} registered successfully") flash('Registration successful! You can now log in.', 'success') return redirect(url_for('auth.login')) return render_template('auth/register.html', form=form) @auth_bp.route('/update_profile', methods=['POST']) @login_required def update_profile(): """Update user profile information""" username = request.form.get('username') if not username or username.strip() == '': flash('Username cannot be empty', 'error') return redirect(url_for('auth.profile')) # Check if username is already taken by another user existing_user = User.query.filter(User.username == username, User.id != current_user.id).first() if existing_user: flash('Username is already taken', 'error') return redirect(url_for('auth.profile')) # Update username current_user.username = username db.session.commit() flash('Profile updated successfully', 'success') return redirect(url_for('auth.profile')) @auth_bp.route('/change_password', methods=['POST']) @login_required def change_password(): """Change user password""" current_password = request.form.get('current_password') new_password = request.form.get('new_password') confirm_password = request.form.get('confirm_password') # Validate input if not all([current_password, new_password, confirm_password]): flash('All fields are required', 'error') return redirect(url_for('auth.profile')) if new_password != confirm_password: flash('New passwords do not match', 'error') return redirect(url_for('auth.profile')) # Check current password if not current_user.check_password(current_password): flash('Current password is incorrect', 'error') return redirect(url_for('auth.profile')) # Set new password current_user.set_password(new_password) db.session.commit() flash('Password changed successfully', 'success') return redirect(url_for('auth.profile')) @auth_bp.route('/update_preferences', methods=['POST']) @login_required def update_preferences(): """Update user preferences like theme""" theme_preference = request.form.get('theme_preference', 'system') # Store in session for now, but could be added to user model session['theme_preference'] = theme_preference flash('Preferences updated successfully', 'success') return redirect(url_for('auth.profile')) @bp.route('/profile') @login_required def profile(): """User profile page""" return render_template('auth/profile.html', user=current_user)