""" Authentication routes for user management. """ from datetime import datetime from flask import render_template, redirect, url_for, flash, request, current_app from flask_login import login_user, logout_user, login_required, current_user from werkzeug.urls import url_parse from app.auth import auth_bp from app.auth.forms import LoginForm, RegistrationForm, ResetPasswordRequestForm, ResetPasswordForm from app.models.user import User from app.extensions import db, limiter from app.utils.email import send_password_reset_email @auth_bp.route("/login", methods=["GET", "POST"]) @limiter.limit("10/minute") def login(): """User login route.""" if current_user.is_authenticated: return redirect(url_for("core.index")) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if user is None or not user.check_password(form.password.data): if user: user.record_login(success=False) flash("Invalid username or password", "danger") return render_template("auth/login.html", form=form) if not user.active: flash("This account has been deactivated", "danger") return render_template("auth/login.html", form=form) if user.is_account_locked(): flash("This account is temporarily locked due to too many failed login attempts", "danger") return render_template("auth/login.html", form=form) user.record_login(success=True) login_user(user, remember=form.remember_me.data) next_page = request.args.get("next") if not next_page or url_parse(next_page).netloc != "": next_page = url_for("core.index") return redirect(next_page) return render_template("auth/login.html", form=form) @auth_bp.route("/logout") @login_required def logout(): """User logout route.""" logout_user() flash("You have been logged out", "info") return redirect(url_for("auth.login")) @auth_bp.route("/register", methods=["GET", "POST"]) @limiter.limit("5/hour") def register(): """User registration route.""" if current_user.is_authenticated: return redirect(url_for("core.index")) form = RegistrationForm() if form.validate_on_submit(): user = User( username=form.username.data, email=form.email.data ) user.set_password(form.password.data) db.session.add(user) db.session.commit() flash("Registration successful! You can now log in.", "success") return redirect(url_for("auth.login")) return render_template("auth/register.html", form=form) @auth_bp.route("/reset-password-request", methods=["GET", "POST"]) @limiter.limit("5/hour") def reset_password_request(): """Request a password reset.""" if current_user.is_authenticated: return redirect(url_for("core.index")) form = ResetPasswordRequestForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user: send_password_reset_email(user) # Always show the same message to prevent user enumeration flash("If your email address is registered, you will receive instructions to reset your password", "info") return redirect(url_for("auth.login")) return render_template("auth/reset_password_request.html", form=form) @auth_bp.route("/reset-password/", methods=["GET", "POST"]) @limiter.limit("5/hour") def reset_password(token): """Reset password with token.""" if current_user.is_authenticated: return redirect(url_for("core.index")) user = User.query.filter_by(reset_token=token).first() if not user or not user.is_reset_token_valid(token): flash("The password reset link is invalid or has expired", "danger") return redirect(url_for("auth.login")) form = ResetPasswordForm() if form.validate_on_submit(): user.set_password(form.password.data) user.clear_reset_token() flash("Your password has been reset", "success") return redirect(url_for("auth.login")) return render_template("auth/reset_password.html", form=form)