90 lines
3.1 KiB
Python
90 lines
3.1 KiB
Python
from flask import Blueprint, render_template, redirect, url_for, flash, request
|
|
from flask_login import login_user, logout_user, current_user, login_required
|
|
from werkzeug.security import generate_password_hash, check_password_hash
|
|
from app.core.extensions import db
|
|
from app.core.auth import User
|
|
import re
|
|
from app.core.csrf_utils import csrf # Import from centralized location
|
|
|
|
bp = Blueprint("auth", __name__, url_prefix="/auth")
|
|
|
|
|
|
@bp.route("/login", methods=["GET", "POST"])
|
|
def login():
|
|
"""User login"""
|
|
if current_user.is_authenticated:
|
|
return redirect(url_for("dashboard.dashboard_home"))
|
|
|
|
if request.method == "POST":
|
|
email = request.form.get("email")
|
|
password = request.form.get("password")
|
|
remember = "remember" in request.form
|
|
|
|
user = User.query.filter_by(email=email).first()
|
|
|
|
if not user or not user.check_password(password):
|
|
flash("Invalid email or password", "danger")
|
|
return render_template("auth/login.html", title="Login")
|
|
|
|
login_user(user, remember=remember)
|
|
|
|
next_page = request.args.get("next")
|
|
if not next_page or not next_page.startswith("/"):
|
|
next_page = url_for("dashboard.dashboard_home")
|
|
|
|
return redirect(next_page)
|
|
|
|
return render_template("auth/login.html", title="Login")
|
|
|
|
|
|
@bp.route("/register", methods=["GET", "POST"])
|
|
@csrf.exempt # Remove for production! Temporary allow registration without CSRF
|
|
def register():
|
|
"""User registration"""
|
|
if current_user.is_authenticated:
|
|
return redirect(url_for("dashboard.dashboard_home"))
|
|
|
|
if request.method == "POST":
|
|
email = request.form.get("email")
|
|
username = request.form.get("username")
|
|
password = request.form.get("password")
|
|
password_confirm = request.form.get("password_confirm")
|
|
|
|
# Validate form data
|
|
error = None
|
|
if not email or not username or not password:
|
|
error = "All fields are required."
|
|
elif not re.match(r"[^@]+@[^@]+\.[^@]+", email):
|
|
error = "Please enter a valid email address."
|
|
elif password != password_confirm:
|
|
error = "Passwords do not match."
|
|
elif User.query.filter_by(email=email).first():
|
|
error = "Email address already registered."
|
|
elif User.query.filter_by(username=username).first():
|
|
error = "Username already taken."
|
|
|
|
if error:
|
|
flash(error, "danger")
|
|
else:
|
|
# Create new user
|
|
new_user = User(email=email, username=username)
|
|
new_user.set_password(password)
|
|
|
|
db.session.add(new_user)
|
|
db.session.commit()
|
|
|
|
# Log the user in automatically
|
|
login_user(new_user)
|
|
flash("Registration successful! Welcome!", "success")
|
|
return redirect(url_for("dashboard.dashboard_home"))
|
|
|
|
return render_template("auth/register.html", title="Register")
|
|
|
|
|
|
@bp.route("/logout")
|
|
@login_required
|
|
def logout():
|
|
"""User logout"""
|
|
logout_user()
|
|
flash("You have been logged out", "info")
|
|
return redirect(url_for("auth.login"))
|