def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate:
user = User.query.filter_by(username = form.username.data).first()
if user:
if User.verify_hash(form.password.data, user.password):
flash('You have successfully logged in.', "success")
user.last_seen = datetime.utcnow()
db.session.commit()
session['logged_in'] = True
session['username'] = user.username
session['user_id'] = user.id
avatar = f'/letters/{user.username[0].upper()}.png'
session['avatar'] = avatar
response = make_response(redirect(url_for('index')))
return response
else:
flash('Username or Password Incorrect', "error")
return redirect(url_for('login'))
else: # just for development
hashed_password = User.generate_hash(form.password.data)
new_user = User(
username=form.username.data,
password=hashed_password
)
db.session.add(new_user)
db.session.commit()
session['logged_in'] = True
session['username'] = new_user.username
session['user_id'] = new_user.id
response = make_response(redirect(url_for('login')))
flash('User created', 'success')
return response
return render_template('login.html', form=form)
def callback():
code = request.args.get("code")
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET),
)
client.parse_request_body_response(json.dumps(token_response.json()))
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
response = make_response(redirect(url_for('index')))
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
picture = userinfo_response.json()["picture"]
users_name = userinfo_response.json()["given_name"]
exists = User.query.filter_by(google_auth_id=unique_id).first()
if exists:
session['logged_in']=True
session['username'] = exists.username
session['user_id'] = exists.id
return response
else:
passw = password_generator()
hashed_passw = User.generate_hash(passw)
'''
Send email with password to user!!!
'''
user = User(
google_auth_id=unique_id, username=users_name, email=users_email, avatar=picture, password=hashed_passw
)
db.session.add(user)
db.session.commit()
session['logged_in']=True
session['user_id'] = exists.id
return response
else:
return "User email not available or not verified by Google.", 400
def register():
form = RegisterForm(request.form)
if request.method == 'POST' and form.validate():
hashed_password = User.generate_hash(form.password.data)
new_user = User(
first_name = form.first_name.data,
last_name = form.last_name.data,
username = form.username.data,
email = form.email.data,
password = hashed_password )
db.session.add(new_user)
db.session.commit()
flash('You have successfully registered', 'success')
return redirect(url_for('login'))
else:
return render_template('register.html', form=form)
def post(self):
data = parser.parse_args()
if User.query.filter_by(username=data['username']).one_or_none():
return {
'message': 'User {} already exists'.format(data['username'])
}
new_user = User(username=data['username'],
password=User.generate_hash(data['password']))
try:
new_user.save_to_db()
access_token = create_access_token(identity=data['username'])
refresh_token = create_refresh_token(identity=data['username'])
return {
'message': 'User {} was created'.format(data['username']),
'access_token': access_token,
'refresh_token': refresh_token
}
except:
return {'message': 'Something went wrong'}, 500
def post(self):
data = parser.parse_args()
current_user = User.query.filter_by(
username=data['username']).one_or_none()
if not current_user:
return {
'message': 'User {} doesn\'t exist'.format(data['username'])
}
if User.verify_hash(data['password'], current_user.password):
access_token = create_access_token(identity=data['username'])
refresh_token = create_refresh_token(identity=data['username'])
session['user_id'] = current_user.id
return {
'message': 'Logged in as {}'.format(current_user.username),
'access_token': access_token,
'refresh_token': refresh_token
}
else:
return {'message': 'Wrong credentials'}
def delete(self):
return User.delete_all()
def get(self):
return User.return_all()