108536490: Adding the login manager and csrf token.

Still need to figure out how to override the load_user method, currently it is not working.
2026-05-05 16:38:59 -04:00 · 2015-11-27 16:25:56 +00:00
parent 7f96ef5a25
commit 48b7a7dc37
12 changed files with 130 additions and 27 deletions
--- a/app/init.py
+++ b/app/init.py
@@ -4,11 +4,15 @@ from flask import Flask
 from flask._compat import string_types
 from flask.ext import assets
 from flask.ext.sqlalchemy import SQLAlchemy
+from flask_login import LoginManager
+from flask_wtf import CsrfProtect
 from webassets.filter import get_filter

 from config import configs

 db = SQLAlchemy()
+login_manager = LoginManager()
+csrf = CsrfProtect()


 def create_app(config_name):
@@ -18,6 +22,8 @@ def create_app(config_name):
    application.config.from_object(configs[config_name])
    db.init_app(application)
    init_app(application)
+    csrf.init_app(application)
+    login_manager.init_app(application)

    from app.main import main as main_blueprint
    application.register_blueprint(main_blueprint)
--- a/app/main/encryption.py
+++ b/app/main/encryption.py
@@ -3,5 +3,5 @@ from flask import current_app


 def encrypt(value):
-    key = current_app.config['SECRET_KEY']
+    key = current_app.config['PASS_SECRET_KEY']
    return hashlib.sha256((key + value).encode('UTF-8')).hexdigest()
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -5,7 +5,7 @@ from wtforms.validators import DataRequired, Email, Length

 class LoginForm(Form):
    email_address = StringField('Email address', validators=[
-        Length(255),
+        Length(min=5, max=255),
        DataRequired(message='Email cannot be empty'),
        Email(message='Please enter a valid email address')
    ])
--- a/app/main/views/index.py
+++ b/app/main/views/index.py
@@ -1,4 +1,5 @@
 from flask import render_template
+from flask_login import login_required

 from app.main import main

@@ -19,36 +20,43 @@ def helloworld():


@main.route("/register")
+@login_required
 def register():
    return render_template('register.html')


@main.route("/register-from-invite")
+@login_required
 def registerfrominvite():
    return render_template('register-from-invite.html')


@main.route("/verify")
+@login_required
 def verify():
    return render_template('verify.html')


@main.route("/verify-mobile")
+@login_required
 def verifymobile():
    return render_template('verify-mobile.html')


@main.route("/dashboard")
+@login_required
 def dashboard():
    return render_template('dashboard.html')


@main.route("/add-service")
+@login_required
 def addservice():
    return render_template('add-service.html')


@main.route("/two-factor")
+@login_required
 def twofactor():
    return render_template('two-factor.html')

--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -1,6 +1,6 @@
 from datetime import datetime

-from flask import render_template, redirect, url_for, jsonify
+from flask import render_template, redirect, jsonify
 from flask_login import login_user

 from app.main import main
@@ -19,25 +19,36 @@ def render_sign_in():
 def process_sign_in():
    form = LoginForm()
    if form.validate_on_submit():
-        user = users_dao.get_user_by_email(form.email_address)
+        user = users_dao.get_user_by_email(form.email_address.data)
        if user is None:
            return jsonify(authorization=False), 404
-        if user.password == encrypt(form.password):
+        if user.password == encrypt(form.password.data):
            login_user(user)
        else:
            return jsonify(authorization=False), 404
-
+    else:
+        return jsonify(form.errors), 404
    return redirect('/two-factor')


-@main.route('/create_user', methods=(['POST']))
+@main.route('/temp-create-users', methods=(['GET']))
+def render_create_user():
+    return render_template('temp-create-users.html', form=LoginForm())
+
+
+@main.route('/temp-create-users', methods=(['POST']))
 def create_user_for_test():
    form = LoginForm()
-    user = Users(email_address=form.email_address,
-                 name=form.email_address,
-                 password=form.password,
-                 created_at=datetime.now(),
-                 role_id=1)
-    users_dao.insert_user(user)
+    if form.validate_on_submit():
+        user = Users(email_address=form.email_address.data,
+                     name=form.email_address.data,
+                     password=form.password.data,
+                     created_at=datetime.now(),
+                     mobile_number='+447651234534',
+                     role_id=1)
+        users_dao.insert_user(user)

-    return 'created'
+        return redirect('/sign-in')
+    else:
+        print(form.errors)
+        return redirect(form.errors), 400
--- a/app/models.py
+++ b/app/models.py
@@ -43,6 +43,30 @@ class Users(db.Model):

        return filter_null_value_fields(serialized)

+    def is_authenticated(self):
+        return True
+
+    def is_active(self):
+        return True
+
+    def is_locked(self):
+        if self.failed_login_count <= current_app.config['MAX_FAILED_LOGIN_COUNT']:
+            return False
+        else:
+            return True
+
+    def is_anonymous(self):
+        return False
+
+    def get_id(self):
+        return self.id
+
+    @staticmethod
+    def load_user(user_id):
+        user = Users.query.filter_by(id=user_id).first()
+        if user.is_active():
+            return user
+

 def filter_null_value_fields(obj):
    return dict(
--- a/app/templates/signin.html
+++ b/app/templates/signin.html
@@ -13,7 +13,7 @@ Sign in
 		<p>If you do not have an account, you can <a href="register">register</a>.</p>

 		<form autocomplete="off" action="" method="post">
-
+			{{ form.hidden_tag() }}
 			<p>
 			<label class="form-label">Email address</label>
 			{{ form.email_address(class="form-control-2-3", autocomplete="off") }} <br>
@@ -27,7 +27,7 @@ Sign in
 			</p>

 			<p>
-			<a class="button" href="two-factor" role="button">Continue</a>
+			<button class="button" href="two-factor" role="button">Continue</button>
 			</p>
 		</form>
 	</div>
--- a/app/templates/temp-create-users.html
+++ b/app/templates/temp-create-users.html
@@ -0,0 +1,33 @@
+{% extends "admin_template.html" %}
+
+{% block page_title %}
+Temp create users
+{% endblock %}
+
+{% block content %}
+
+<div class="grid-row">
+	<div class="column-two-thirds">
+		<h1 class="heading-xlarge">Temporary page to create user</h1>
+
+		<p>This is a temporary page to create users, the name will be the same as the email address.</p>
+
+		 <form autocomplete="off" action="" method="post">
+            {{ form.hidden_tag() }}
+			<p>
+			<label class="form-label">Email address</label>
+			{{ form.email_address(class="form-control-2-3", autocomplete="off") }} <br>
+			</p>
+			<p>
+			<label class="form-label">Password</label>
+				 {{ form.password(class="form-control-1-4", autocomplete="off") }} <br>
+			</p>
+
+			<p>
+			<button class="button" href="sign-in" role="button">Create User</button>
+			</p>
+		</form>
+	</div>
+</div>
+
+{% endblock %}