Migrate app to use WTForms for auth form validation

- Not finished yet, major styling breakage in this commit - Also encapsulated GET & POST requests of /login and /signup routes into one route.
2025-12-06 17:16:20 -06:00 · 2022-03-29 02:30:19 -05:00
parent 2e8688f59b
commit 3b5307ab47
11 changed files with 148 additions and 159 deletions
--- a/auth.py
+++ b/auth.py
@@ -1,4 +1,4 @@
-from flask import Blueprint, flash, redirect, request, url_for
+from flask import Blueprint, flash, redirect, request, url_for, render_template
 from flask_login import login_required, login_user, logout_user, current_user
 from werkzeug.security import check_password_hash, generate_password_hash

@@ -14,7 +14,7 @@ def edit_profile_post(username: str):
    form = EditProfileForm(request.form)
    user = User.query.filter_by(username=username).first_or_404()

-    if current_user.is_admin or user.id == current_user.id
+    if current_user.is_admin or user.id == current_user.id:
        if form.validate():
            user.about_me = form.about_me.data
            db.session.commit()
@@ -22,38 +22,45 @@ def edit_profile_post(username: str):
    return redirect(url_for('main.view_user', username=user.username))


-@blueprint.route('/login', methods=['POST'])
-def login_post():
+@blueprint.route('/login', methods=['GET', 'POST'])
+def login():
    form = LoginForm(request.form)
-    user = User.query.filter_by(username=form.data.username).first()

-    # check if the user actually exists, and compare password given
-    if not user or not check_password_hash(user.password, form.password.data):
-        flash('Please check your login details and try again.')
-        return redirect(url_for('main.login'))
+    if request.method == 'POST' and form.validate():
+        user = User.query.filter_by(username=form.username.data).first()

-    login_user(user, remember=form.remember.data)
-    return redirect(url_for('main.index'))
+        # check if the user actually exists, and compare password given
+        if not user or not check_password_hash(user.password, form.password.data):
+            flash('Please check your login details and try again.')
+            return redirect(url_for('auth.login'))
+
+        login_user(user, remember=form.remember.data)
+        return redirect(url_for('auth.index'))
+
+    return render_template('pages/auth/login.html', form=form)


-@blueprint.route('/signup', methods=['POST'])
-def signup_post():
+@blueprint.route('/signup', methods=['GET', 'POST'])
+def signup():
    # validate and add user to db
    form = RegistrationForm(request.form)

-    user = User.query.filter_by(username=form.username.data).first()  # Check if the username is already in use
-    if user:  # redirect back to sign-up page
-        flash('This username is already in use.')
-        return redirect(url_for('main.signup'))
+    if request.method == 'POST' and form.validate():
+        user = User.query.filter_by(username=form.username.data).first()  # Check if the username is already in use
+        if user:  # redirect back to sign-up page
+            flash('This username is already in use.')
+            return redirect(url_for('auth.signup'))

-    # Create new user with form data
-    new_user = User(username=form.username.data, name=form.name.data, password=generate_password_hash(form.password.data, method='sha256'))
+        # Create new user with form data
+        new_user = User(username=form.username.data, name=form.name.data,
+                        password=generate_password_hash(form.password.data, method='sha256'))
+        # Add new user to db
+        db.session.add(new_user)
+        db.session.commit()

-    # Add new user to db
-    db.session.add(new_user)
-    db.session.commit()
+        return redirect(url_for('auth.login'))

-    return redirect(url_for('main.login'))
+    return render_template('pages/auth/signup.html', form=form)


@blueprint.route('/logout')