wip

2025-03-30 23:42:24 +02:00 · 2025-03-30 23:42:24 +02:00 · 5c16964b76
commit 5c16964b76
parent 3b2f1db4ce
47 changed files with 2080 additions and 1053 deletions
--- a/app/routes/auth.py
+++ b/app/routes/auth.py
@ -3,75 +3,87 @@ from flask_login import login_user, logout_user, current_user, login_required
 from werkzeug.security import generate_password_hash, check_password_hash
 from app.core.extensions import db
 from app.core.auth import User
+import re
+from flask_wtf.csrf import CSRFProtect

-bp = Blueprint('auth', __name__, url_prefix='/auth')
+bp = Blueprint("auth", __name__, url_prefix="/auth")
+csrf = CSRFProtect()

-@bp.route('/login', methods=['GET', 'POST'])
+
+@bp.route("/login", methods=["GET", "POST"])
 def login():
    """User login"""
    if current_user.is_authenticated:
-        return redirect(url_for('dashboard.dashboard_home'))
-    
-    if request.method == 'POST':
-        email = request.form.get('email')
-        password = request.form.get('password')
-        remember = 'remember' in request.form
-        
-        user = User.query.filter_by(email=email).first()
-        
-        if not user or not user.check_password(password):
-            flash('Invalid email or password', 'danger')
-            return render_template('auth/login.html', title='Login')
-        
-        login_user(user, remember=remember)
-        
-        next_page = request.args.get('next')
-        if not next_page or not next_page.startswith('/'):
-            next_page = url_for('dashboard.dashboard_home')
-            
-        return redirect(next_page)
-    
-    return render_template('auth/login.html', title='Login')
+        return redirect(url_for("dashboard.dashboard_home"))

-@bp.route('/register', methods=['GET', 'POST'])
+    if request.method == "POST":
+        email = request.form.get("email")
+        password = request.form.get("password")
+        remember = "remember" in request.form
+
+        user = User.query.filter_by(email=email).first()
+
+        if not user or not user.check_password(password):
+            flash("Invalid email or password", "danger")
+            return render_template("auth/login.html", title="Login")
+
+        login_user(user, remember=remember)
+
+        next_page = request.args.get("next")
+        if not next_page or not next_page.startswith("/"):
+            next_page = url_for("dashboard.dashboard_home")
+
+        return redirect(next_page)
+
+    return render_template("auth/login.html", title="Login")
+
+
+@bp.route("/register", methods=["GET", "POST"])
+@csrf.exempt  # Remove for production! Temporary allow registration without CSRF
 def register():
    """User registration"""
    if current_user.is_authenticated:
-        return redirect(url_for('dashboard.dashboard_home'))
-    
-    if request.method == 'POST':
-        email = request.form.get('email')
-        password = request.form.get('password')
-        
-        # Validation
-        if not email or not password:
-            flash('Email and password are required', 'danger')
-            return render_template('auth/register.html', title='Register')
-        
-        if User.query.filter_by(email=email).first():
-            flash('Email already registered', 'danger')
-            return render_template('auth/register.html', title='Register')
-        
-        # Create new user
-        user = User(email=email)
-        user.set_password(password)
-        
-        db.session.add(user)
-        db.session.commit()
-        
-        flash('Registration successful! You are now logged in.', 'success')
-        
-        # Auto-login after registration
-        login_user(user)
-        
-        return redirect(url_for('dashboard.dashboard_home'))
-    
-    return render_template('auth/register.html', title='Register')
+        return redirect(url_for("dashboard.dashboard_home"))

-@bp.route('/logout')
+    if request.method == "POST":
+        email = request.form.get("email")
+        username = request.form.get("username")
+        password = request.form.get("password")
+        password_confirm = request.form.get("password_confirm")
+
+        # Validate form data
+        error = None
+        if not email or not username or not password:
+            error = "All fields are required."
+        elif not re.match(r"[^@]+@[^@]+\.[^@]+", email):
+            error = "Please enter a valid email address."
+        elif password != password_confirm:
+            error = "Passwords do not match."
+        elif User.query.filter_by(email=email).first():
+            error = "Email address already registered."
+        elif User.query.filter_by(username=username).first():
+            error = "Username already taken."
+
+        if error:
+            flash(error, "danger")
+        else:
+            # Create new user
+            new_user = User(email=email, username=username)
+            new_user.set_password(password)
+
+            db.session.add(new_user)
+            db.session.commit()
+
+            flash("Registration successful! You can now log in.", "success")
+            return redirect(url_for("auth.login"))
+
+    return render_template("auth/register.html", title="Register")
+
+
+@bp.route("/logout")
@login_required
 def logout():
    """User logout"""
    logout_user()
-    flash('You have been logged out', 'info')
-    return redirect(url_for('auth.login')) 
+    flash("You have been logged out", "info")
+    return redirect(url_for("auth.login"))