def authenticate(project_id=None):
"""Authentication form"""
form = AuthenticationForm()
# Try to get project_id from token first
token = request.args.get("token")
if token:
project_id = Project.verify_token(token, token_type="non_timed_token")
token_auth = True
else:
if not form.id.data and request.args.get("project_id"):
form.id.data = request.args["project_id"]
project_id = form.id.data
token_auth = False
if project_id is None:
# User doesn't provide project identifier or a valid token
# return to authenticate form
msg = _("You either provided a bad token or no project identifier.")
form.errors["id"] = [msg]
return render_template("authenticate.html", form=form)
project = Project.query.get(project_id)
if not project:
# If the user tries to connect to an unexisting project, we will
# provide them with a link to the creation form.
return render_template(
"authenticate.html", form=form, create_project=project_id
)
# if credentials are already in session, redirect
if session.get(project_id):
setattr(g, "project", project)
return redirect(url_for(".list_bills"))
# else do form authentication or token authentication
is_post_auth = request.method == "POST" and form.validate()
if (
is_post_auth
and check_password_hash(project.password, form.password.data)
or token_auth
):
# maintain a list of visited projects
if "projects" not in session:
session["projects"] = []
# add the project on the top of the list
session["projects"].insert(0, (project_id, project.name))
session[project_id] = True
# Set session to permanent to make language choice persist
session.permanent = True
session.update()
setattr(g, "project", project)
return redirect(url_for(".list_bills"))
if is_post_auth and not check_password_hash(project.password, form.password.data):
msg = _("This private code is not the right one")
form.errors["password"] = [msg]
return render_template("authenticate.html", form=form)
def home():
project_form = ProjectForm()
auth_form = AuthenticationForm()
is_demo_project_activated = current_app.config['ACTIVATE_DEMO_PROJECT']
is_public_project_creation_allowed = current_app.config['ALLOW_PUBLIC_PROJECT_CREATION']
return render_template("home.html", project_form=project_form,
is_demo_project_activated=is_demo_project_activated,
is_public_project_creation_allowed=is_public_project_creation_allowed,
auth_form=auth_form, session=session)
def authenticate(project_id=None):
"""Authentication form"""
form = AuthenticationForm()
if not form.id.data and request.args.get('project_id'):
form.id.data = request.args['project_id']
project_id = form.id.data
if project_id is None:
# User doesn't provide project identifier, return to authenticate form
msg = _("You need to enter a project identifier")
form.errors["id"] = [msg]
return render_template("authenticate.html", form=form)
else:
project = Project.query.get(project_id)
create_project = False # We don't want to create the project by default
if not project:
# But if the user try to connect to an unexisting project, we will
# propose him a link to the creation form.
if request.method == "POST":
form.validate()
else:
create_project = project_id
else:
# if credentials are already in session, redirect
if project_id in session and project.password == session[project_id]:
setattr(g, 'project', project)
return redirect(url_for(".list_bills"))
# else process the form
if request.method == "POST":
if form.validate():
if not form.password.data == project.password:
msg = _("This private code is not the right one")
form.errors['password'] = [msg]
else:
# maintain a list of visited projects
if "projects" not in session:
session["projects"] = []
# add the project on the top of the list
session["projects"].insert(0, (project_id, project.name))
session[project_id] = form.password.data
session.update()
setattr(g, 'project', project)
return redirect(url_for(".list_bills"))
return render_template("authenticate.html", form=form,
create_project=create_project)