def signup():
"""View handler to create an account for new user (username & password).
Verification of user is responsibility of Auth Service
"""
if request.method == 'GET':
# return LOGIN page
return render_template('auth/signup.html')
provider = request.args.get('provider', constants.AUTH_BASIC)
payload = {key: request.form.get(key) for key in SIGNUP_FORM_KEYS}
payload['display_name'] = "{first_name} {last_name}".format(**payload)
FORBIDDEN_KEYS = ['hash', 'verification_code']
for key in FORBIDDEN_KEYS:
if key in payload:
payload.pop(key) # remove unwanted attributes in payload
auth_service = AuthService()
token, user_id = auth_service.signup(payload, provider=provider)
if token and user_id:
session['token'] = token
session['user_id'] = user_id
return redirect(url_for('menus.index'))
raise HTTPInternalServerError("error trying to signup")
def login():
"""View handler to login a user account, saving the SSO token in the request session"""
if request.method == 'GET':
# return LOGIN page
return render_template('auth/login.html')
# try to login user based on payload
provider = request.args.get('provider', constants.AUTH_BASIC)
redirect_url = request.args.get('redirect')
# get email & password from request.form
# NOTE: hashing done over on AuthService end, thus need to ensure SSL is used
auth_service = AuthService()
payload = {key: request.form.get(key) for key in LOGIN_FORM_KEYS[provider]}
token, user_id = auth_service.login(payload, provider=provider)
if token and user_id:
session['token'] = token
session['user_id'] = user_id
if redirect_url:
return redirect(redirect_url)
return redirect(url_for('accounts.index')) # defaults to accounts page
raise HTTPInternalServerError("error logging in")
def create_app():
app = Flask(__name__)
app.config.from_object("config")
# for gzip
Compress().init_app(app)
# import blueprints
from dashboard.views import main, auth, accounts, menus, restaurants, dashboard
# setup env, secret keys, etc.
app.secret_key = os.getenv("BENRI_SECRET") # recommended for setting up Flask session
env = os.getenv("BENRI_ENV") or "dev"
AuthService.set_env(env)
APIService.set_env(env)
# main views
app.register_blueprint(main.blueprint, url_prefix="/")
app.register_blueprint(auth.blueprint, url_prefix="/auth")
app.register_blueprint(dashboard.blueprint, url_prefix="/dashboard")
# user-specific views
app.register_blueprint(accounts.blueprint, url_prefix="/accounts")
app.register_blueprint(menus.blueprint, url_prefix="/menus")
app.register_blueprint(restaurants.blueprint, url_prefix="/restaurants")
@app.before_request
def _before_request():
pass
@app.errorhandler(exceptions.HTTPBadRequest)
def handle_http_bad_request(error):
response = jsonify(error.to_dict())
response.status_code = error.status_code
return response
@app.errorhandler(exceptions.HTTPUnauthorized)
def handle_http_unauthorized(error):
response = jsonify(error.to_dict())
response.status_code = error.status_code
return response
@app.errorhandler(exceptions.HTTPInvalidMethod)
def handle_http_invalid_method(error):
response = jsonify(error.to_dict())
response.status_code = error.status_code
return response
return app
