2016-01-05 17:08:50 +00:00
|
|
|
from flask import (
|
2018-02-20 11:22:17 +00:00
|
|
|
Markup,
|
|
|
|
|
abort,
|
2016-03-14 16:30:48 +00:00
|
|
|
flash,
|
2018-02-20 11:22:17 +00:00
|
|
|
redirect,
|
|
|
|
|
render_template,
|
2016-03-30 16:16:34 +01:00
|
|
|
request,
|
2018-02-20 11:22:17 +00:00
|
|
|
session,
|
|
|
|
|
url_for,
|
2016-03-30 16:16:34 +01:00
|
|
|
)
|
2018-02-20 11:22:17 +00:00
|
|
|
from flask_login import current_user
|
2016-03-17 13:07:52 +00:00
|
|
|
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
from app import login_manager
|
2016-03-30 16:16:34 +01:00
|
|
|
from app.main import main
|
2015-12-08 15:30:55 +00:00
|
|
|
from app.main.forms import LoginForm
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
from app.models.user import InvitedUser, User
|
2020-05-26 17:39:25 +01:00
|
|
|
from app.utils import hide_from_search_engines
|
2015-11-27 09:47:29 +00:00
|
|
|
|
|
|
|
|
|
2016-01-05 14:30:06 +00:00
|
|
|
@main.route('/sign-in', methods=(['GET', 'POST']))
|
2020-05-26 17:39:25 +01:00
|
|
|
@hide_from_search_engines
|
2016-01-05 14:30:06 +00:00
|
|
|
def sign_in():
|
2016-05-04 13:01:55 +01:00
|
|
|
if current_user and current_user.is_authenticated:
|
2018-11-15 15:38:43 +00:00
|
|
|
return redirect(url_for('main.show_accounts_or_dashboard'))
|
2016-02-23 15:45:19 +00:00
|
|
|
|
2016-01-27 12:22:32 +00:00
|
|
|
form = LoginForm()
|
2017-12-06 20:24:25 +00:00
|
|
|
|
2016-01-27 12:22:32 +00:00
|
|
|
if form.validate_on_submit():
|
2016-03-30 16:16:34 +01:00
|
|
|
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
user = User.from_email_address_and_password_or_none(
|
|
|
|
|
form.email_address.data, form.password.data
|
|
|
|
|
)
|
|
|
|
|
|
2016-03-29 12:13:36 +01:00
|
|
|
if user and user.state == 'pending':
|
2016-09-06 15:44:33 +01:00
|
|
|
return redirect(url_for('main.resend_email_verification'))
|
2016-03-30 16:16:34 +01:00
|
|
|
|
|
|
|
|
if user and session.get('invited_user'):
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
invited_user = InvitedUser.from_session()
|
|
|
|
|
if user.email_address.lower() != invited_user.email_address.lower():
|
2019-09-13 09:44:04 +01:00
|
|
|
flash("You cannot accept an invite for another person.")
|
2016-03-30 16:16:34 +01:00
|
|
|
session.pop('invited_user', None)
|
|
|
|
|
abort(403)
|
|
|
|
|
else:
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
invited_user.accept_invite()
|
|
|
|
|
if user and user.sign_in():
|
|
|
|
|
if user.sms_auth:
|
|
|
|
|
return redirect(url_for('.two_factor', next=request.args.get('next')))
|
|
|
|
|
if user.email_auth:
|
|
|
|
|
return redirect(url_for('.two_factor_email_sent'))
|
2017-11-07 16:11:31 +00:00
|
|
|
|
2016-01-28 16:36:36 +00:00
|
|
|
# Vague error message for login in case of user not known, locked, inactive or password not verified
|
2017-10-18 14:51:26 +01:00
|
|
|
flash(Markup(
|
|
|
|
|
(
|
|
|
|
|
"The email address or password you entered is incorrect."
|
2020-02-24 11:59:07 +00:00
|
|
|
" <a href={password_reset}>Forgotten your password?</a>"
|
2016-04-26 12:26:41 +01:00
|
|
|
).format(password_reset=url_for('.forgot_password'))
|
2016-04-26 12:14:06 +01:00
|
|
|
))
|
2016-01-05 14:30:06 +00:00
|
|
|
|
2017-02-17 14:06:09 +00:00
|
|
|
other_device = current_user.logged_in_elsewhere()
|
|
|
|
|
return render_template(
|
|
|
|
|
'views/signin.html',
|
|
|
|
|
form=form,
|
|
|
|
|
again=bool(request.args.get('next')),
|
|
|
|
|
other_device=other_device
|
|
|
|
|
)
|
2017-02-16 13:33:32 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@login_manager.unauthorized_handler
|
|
|
|
|
def sign_in_again():
|
|
|
|
|
return redirect(
|
|
|
|
|
url_for('main.sign_in', next=request.path)
|
|
|
|
|
)
|