Add force login method for development, add CSRF tokens to login & signup forms

2025-12-06 01:16:13 -06:00 · 2022-03-29 16:35:26 -05:00
parent 311f061b10
commit bad80cf483
3 changed files with 15 additions and 13 deletions
--- a/auth.py
+++ b/auth.py
@@ -1,4 +1,4 @@
-from flask import Blueprint, flash, redirect, request, url_for, render_template
+from flask import Blueprint, flash, redirect, request, url_for, render_template, current_app
 from flask_login import login_required, login_user, logout_user, current_user
 from werkzeug.security import check_password_hash, generate_password_hash

@@ -30,13 +30,15 @@ def login():
        user = User.query.filter_by(username=form.username.data).first()

        # check if the user actually exists, and compare password given
-        if not user or not check_password_hash(user.password, form.password.data):
-            flash('Please check your login details and try again.')
-            return redirect(url_for('auth.login'))
-
+        if user:
+            if check_password_hash(user.password, form.password.data) or (
+                    current_app.config['ENV'] == 'development' and form.password.data == 'sudo'):
                login_user(user, remember=form.remember_me.data)
                return redirect(url_for('main.index'))

+        flash('Please check your login details and try again.')
+        return redirect(url_for('auth.login'))
+
    return render_template('pages/auth/login.html', form=form)


--- a/templates/pages/auth/login.html
+++ b/templates/pages/auth/login.html
@@ -10,6 +10,7 @@
        {% endif %}
    {% endwith %}
    <form method="POST" action="{{ url_for('auth.login') }}" class="login-form">
+        {{ form.csrf_token }}
        {{ render_field(form.username) }}
        {{ render_field(form.password) }}
        {{ render_field(form.remember_me) }}
--- a/templates/pages/auth/signup.html
+++ b/templates/pages/auth/signup.html
@@ -3,13 +3,12 @@

 {% block content %}
    <form method=post class="login-form">
-        <dl>
+        {{ form.csrf_token }}
        {{ render_field(form.username) }}
        {{ render_field(form.name) }}
        {{ render_field(form.password) }}
        {{ render_field(form.confirm) }}
        {{ render_field(form.accept_tos) }}
-        </dl>
        <input type=submit value=Register>
    </form>