mirror of
https://github.com/Derpy-Leggies/OnlyLegs.git
synced 2025-06-29 03:26:16 +00:00
Submitted to PyLints needs :3
This commit is contained in:
parent
4cfcd178f1
commit
7ed3b455dd
12 changed files with 509 additions and 460 deletions
146
gallery/auth.py
146
gallery/auth.py
|
|
@ -1,56 +1,84 @@
|
|||
"""
|
||||
OnlyLegs - Authentification
|
||||
User registration, login and logout and locking access to pages behind a login
|
||||
"""
|
||||
import re
|
||||
import uuid
|
||||
import logging
|
||||
|
||||
import functools
|
||||
from flask import Blueprint, flash, g, redirect, request, session, url_for, abort, jsonify, current_app
|
||||
from flask import Blueprint, flash, g, redirect, request, session, url_for, abort, jsonify
|
||||
from werkzeug.security import check_password_hash, generate_password_hash
|
||||
|
||||
from gallery import db
|
||||
from sqlalchemy.orm import sessionmaker
|
||||
from sqlalchemy import exc
|
||||
|
||||
from gallery import db
|
||||
|
||||
|
||||
blueprint = Blueprint('auth', __name__, url_prefix='/auth')
|
||||
db_session = sessionmaker(bind=db.engine)
|
||||
db_session = db_session()
|
||||
|
||||
from .logger import logger
|
||||
|
||||
import re
|
||||
import uuid
|
||||
def login_required(view):
|
||||
"""
|
||||
Decorator to check if a user is logged in before accessing a page
|
||||
"""
|
||||
@functools.wraps(view)
|
||||
def wrapped_view(**kwargs):
|
||||
if g.user is None or session.get('uuid') is None:
|
||||
logging.error('Authentification failed')
|
||||
session.clear()
|
||||
return redirect(url_for('gallery.index'))
|
||||
|
||||
blueprint = Blueprint('auth', __name__, url_prefix='/auth')
|
||||
return view(**kwargs)
|
||||
|
||||
return wrapped_view
|
||||
|
||||
|
||||
@blueprint.before_app_request
|
||||
def load_logged_in_user():
|
||||
"""
|
||||
Runs before every request and checks if a user is logged in
|
||||
"""
|
||||
user_id = session.get('user_id')
|
||||
user_uuid = session.get('uuid')
|
||||
|
||||
if user_id is None or user_uuid is None:
|
||||
# This is not needed as the user is not logged in anyway, also spams the server logs with useless data
|
||||
#add_log(103, 'Auth error before app request')
|
||||
g.user = None
|
||||
session.clear()
|
||||
else:
|
||||
is_alive = db_session.query(db.sessions).filter_by(session_uuid=user_uuid).first()
|
||||
|
||||
if is_alive is None:
|
||||
logger.add(103, 'Session expired')
|
||||
logging.info('Session expired')
|
||||
flash(['Session expired!', '3'])
|
||||
session.clear()
|
||||
else:
|
||||
g.user = db_session.query(db.users).filter_by(id=user_id).first()
|
||||
|
||||
|
||||
|
||||
@blueprint.route('/register', methods=['POST'])
|
||||
def register():
|
||||
"""
|
||||
Register a new user
|
||||
"""
|
||||
username = request.form['username']
|
||||
email = request.form['email']
|
||||
password = request.form['password']
|
||||
password_repeat = request.form['password-repeat']
|
||||
|
||||
error = []
|
||||
|
||||
if not username:
|
||||
error.append('Username is empty!')
|
||||
email_regex = re.compile(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b')
|
||||
username_regex = re.compile(r'\b[A-Za-z0-9._%+-]+\b')
|
||||
|
||||
if not email:
|
||||
error.append('Email is empty!')
|
||||
elif not re.match(
|
||||
r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b', email):
|
||||
|
||||
if not username or not username_regex.match(username):
|
||||
error.append('Username is invalid!')
|
||||
|
||||
if not email or not email_regex.match(email):
|
||||
error.append('Email is invalid!')
|
||||
|
||||
if not password:
|
||||
|
|
@ -59,73 +87,77 @@ def register():
|
|||
error.append('Password is too short! Longer than 8 characters pls')
|
||||
|
||||
if not password_repeat:
|
||||
error.append('Password repeat is empty!')
|
||||
error.append('Enter password again!')
|
||||
elif password_repeat != password:
|
||||
error.append('Passwords do not match!')
|
||||
|
||||
if not error:
|
||||
try:
|
||||
tr = db.users(username, email, generate_password_hash(password))
|
||||
db_session.add(tr)
|
||||
db_session.commit()
|
||||
except Exception as e:
|
||||
error.append(f"User {username} is already registered!")
|
||||
else:
|
||||
logger.add(103, f"User {username} registered")
|
||||
return 'gwa gwa'
|
||||
if error:
|
||||
return jsonify(error)
|
||||
|
||||
return jsonify(error)
|
||||
|
||||
try:
|
||||
db_session.add(db.users(username, email, generate_password_hash(password)))
|
||||
db_session.commit()
|
||||
except exc.IntegrityError:
|
||||
return f'User {username} is already registered!'
|
||||
except Exception as err:
|
||||
logging.error('User %s could not be registered: %s', username, err)
|
||||
return 'Something went wrong!'
|
||||
|
||||
logging.info('User %s registered', username)
|
||||
return 'gwa gwa'
|
||||
|
||||
|
||||
@blueprint.route('/login', methods=['POST'])
|
||||
def login():
|
||||
"""
|
||||
Log in a registered user by adding the user id to the session
|
||||
"""
|
||||
username = request.form['username']
|
||||
password = request.form['password']
|
||||
error = None
|
||||
|
||||
user = db_session.query(db.users).filter_by(username=username).first()
|
||||
error = []
|
||||
|
||||
|
||||
if user is None:
|
||||
logger.add(101, f"User {username} does not exist from {request.remote_addr}")
|
||||
abort(403)
|
||||
logging.error('User %s does not exist. Login attempt from %s',
|
||||
username, request.remote_addr)
|
||||
error.append('Username or Password is incorrect!')
|
||||
elif not check_password_hash(user.password, password):
|
||||
logger.add(102, f"User {username} password error from {request.remote_addr}")
|
||||
logging.error('User %s entered wrong password. Login attempt from %s',
|
||||
username, request.remote_addr)
|
||||
error.append('Username or Password is incorrect!')
|
||||
|
||||
if error:
|
||||
abort(403)
|
||||
|
||||
|
||||
try:
|
||||
session.clear()
|
||||
session['user_id'] = user.id
|
||||
session['uuid'] = str(uuid.uuid4())
|
||||
|
||||
tr = db.sessions(user.id, session.get('uuid'), request.remote_addr, request.user_agent.string, 1)
|
||||
db_session.add(tr)
|
||||
|
||||
db_session.add(db.sessions(user.id,
|
||||
session.get('uuid'),
|
||||
request.remote_addr,
|
||||
request.user_agent.string,
|
||||
1))
|
||||
db_session.commit()
|
||||
except error as err:
|
||||
logger.add(105, f"User {username} auth error: {err}")
|
||||
except Exception as err:
|
||||
logging.error('User %s could not be logged in: %s', username, err)
|
||||
abort(500)
|
||||
|
||||
if error is None:
|
||||
logger.add(100, f"User {username} logged in from {request.remote_addr}")
|
||||
flash(['Logged in successfully!', '4'])
|
||||
return 'gwa gwa'
|
||||
|
||||
abort(500)
|
||||
logging.info('User %s logged in from %s', username, request.remote_addr)
|
||||
flash(['Logged in successfully!', '4'])
|
||||
return 'gwa gwa'
|
||||
|
||||
|
||||
@blueprint.route('/logout')
|
||||
def logout():
|
||||
logger.add(103, f"User {g.user.username} - id: {g.user.id} logged out")
|
||||
"""
|
||||
Clear the current session, including the stored user id
|
||||
"""
|
||||
logging.info('User (%s) %s logged out', session.get('user_id'), g.user.username)
|
||||
session.clear()
|
||||
return redirect(url_for('index'))
|
||||
|
||||
|
||||
def login_required(view):
|
||||
@functools.wraps(view)
|
||||
def wrapped_view(**kwargs):
|
||||
if g.user is None or session.get('uuid') is None:
|
||||
logger.add(103, "Auth error")
|
||||
session.clear()
|
||||
return redirect(url_for('gallery.index'))
|
||||
|
||||
return view(**kwargs)
|
||||
|
||||
return wrapped_view
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue