xevion/runnerspace
1
0
Fork 0
mirror of https://github.com/Xevion/runnerspace.git synced 2025-12-06 01:16:13 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add force login method for development, add CSRF tokens to login & signup forms

Browse Source
This commit is contained in:
Xevion
2022-03-29 16:35:26 -05:00
parent 311f061b10
commit bad80cf483
3 changed files with 15 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
auth.py
View File

@@ -1,4 +1,4 @@
from flask import Blueprint, flash, redirect, request, url_for, render_template from flask import Blueprint, flash, redirect, request, url_for, render_template, current_app
from flask_login import login_required, login_user, logout_user, current_user from flask_login import login_required, login_user, logout_user, current_user
from werkzeug.security import check_password_hash, generate_password_hash from werkzeug.security import check_password_hash, generate_password_hash
@@ -30,12 +30,14 @@ def login():
user = User.query.filter_by(username=form.username.data).first() user = User.query.filter_by(username=form.username.data).first()
# check if the user actually exists, and compare password given # check if the user actually exists, and compare password given
if not user or not check_password_hash(user.password, form.password.data): if user:
flash('Please check your login details and try again.') if check_password_hash(user.password, form.password.data) or (
return redirect(url_for('auth.login')) current_app.config['ENV'] == 'development' and form.password.data == 'sudo'):
login_user(user, remember=form.remember_me.data)
return redirect(url_for('main.index'))
login_user(user, remember=form.remember_me.data) flash('Please check your login details and try again.')
return redirect(url_for('main.index')) return redirect(url_for('auth.login'))
return render_template('pages/auth/login.html', form=form) return render_template('pages/auth/login.html', form=form)

1
templates/pages/auth/login.html
View File

@@ -10,6 +10,7 @@
{% endif %} {% endif %}
{% endwith %} {% endwith %}
<form method="POST" action="{{ url_for('auth.login') }}" class="login-form"> <form method="POST" action="{{ url_for('auth.login') }}" class="login-form">
{{ form.csrf_token }}
{{ render_field(form.username) }} {{ render_field(form.username) }}
{{ render_field(form.password) }} {{ render_field(form.password) }}
{{ render_field(form.remember_me) }} {{ render_field(form.remember_me) }}

13
templates/pages/auth/signup.html
View File

@@ -3,13 +3,12 @@
{% block content %} {% block content %}
<form method=post class="login-form"> <form method=post class="login-form">
<dl> {{ form.csrf_token }}
{{ render_field(form.username) }} {{ render_field(form.username) }}
{{ render_field(form.name) }} {{ render_field(form.name) }}
{{ render_field(form.password) }} {{ render_field(form.password) }}
{{ render_field(form.confirm) }} {{ render_field(form.confirm) }}
{{ render_field(form.accept_tos) }} {{ render_field(form.accept_tos) }}
</dl>
<input type=submit value=Register> <input type=submit value=Register>
</form> </form>