wip

2025-03-30 19:57:41 +02:00 · 2025-03-30 19:57:41 +02:00 · 097b3dbf09
commit 097b3dbf09
parent 6dd38036e7
34 changed files with 1719 additions and 520 deletions
--- a/app/routes/auth.py
+++ b/app/routes/auth.py
@ -8,7 +8,7 @@ bp = Blueprint('auth', __name__, url_prefix='/auth')

@bp.route('/login', methods=['GET', 'POST'])
 def login():
-    # If already logged in, redirect to dashboard
+    """User login"""
    if current_user.is_authenticated:
        return redirect(url_for('dashboard.dashboard_home'))
    
@ -19,58 +19,64 @@ def login():
        
        user = User.query.filter_by(email=email).first()
        
-        if user and user.check_password(password):
-            login_user(user, remember=remember)
-            next_page = request.args.get('next')
-            if next_page:
-                return redirect(next_page)
-            return redirect(url_for('dashboard.dashboard_home'))
+        if not user or not user.check_password(password):
+            flash('Invalid email or password', 'danger')
+            return render_template('auth/login.html', title='Login')
        
-        flash('Invalid email or password', 'danger')
+        login_user(user, remember=remember)
+        
+        next_page = request.args.get('next')
+        if not next_page or not next_page.startswith('/'):
+            next_page = url_for('dashboard.dashboard_home')
+            
+        return redirect(next_page)
    
    return render_template('auth/login.html', title='Login')

@bp.route('/register', methods=['GET', 'POST'])
 def register():
-    # If already logged in, redirect to dashboard
+    """User registration"""
    if current_user.is_authenticated:
        return redirect(url_for('dashboard.dashboard_home'))
    
    if request.method == 'POST':
        email = request.form.get('email')
+        username = request.form.get('username')
        password = request.form.get('password')
-        password_confirm = request.form.get('password_confirm')
        
-        # Check if email already exists
-        existing_user = User.query.filter_by(email=email).first()
-        if existing_user:
-            flash('Email already registered', 'danger')
+        # Validation
+        if not email or not username or not password:
+            flash('All fields are required', 'danger')
            return render_template('auth/register.html', title='Register')
        
-        # Check if passwords match
-        if password != password_confirm:
-            flash('Passwords do not match', 'danger')
+        if User.query.filter_by(email=email).first():
+            flash('Email already registered', 'danger')
+            return render_template('auth/register.html', title='Register')
+            
+        if User.query.filter_by(username=username).first():
+            flash('Username already taken', 'danger')
            return render_template('auth/register.html', title='Register')
        
        # Create new user
-        user = User(email=email)
+        user = User(email=email, username=username)
        user.set_password(password)
        
-        # Make first user an admin
-        if User.query.count() == 0:
-            user.is_admin = True
-        
        db.session.add(user)
        db.session.commit()
        
-        flash('Registration successful! Please log in.', 'success')
-        return redirect(url_for('auth.login'))
+        flash('Registration successful! You are now logged in.', 'success')
+        
+        # Auto-login after registration
+        login_user(user)
+        
+        return redirect(url_for('dashboard.dashboard_home'))
    
    return render_template('auth/register.html', title='Register')

@bp.route('/logout')
@login_required
 def logout():
+    """User logout"""
    logout_user()
    flash('You have been logged out', 'info')
    return redirect(url_for('auth.login'))