def login():
form = UserLoginForm(request.form)
if request.method == "POST" and form.validate():
cur = mysql.connection.cursor()
# Get form data
email = form.email.data
pin_candidate = form.pin.data
result = cur.execute("SELECT * FROM User WHERE email = %s", [email])
if result > 0:
data = cur.fetchone()
pin = data['pin']
# Successful Login
if pin_candidate == pin:
# Store current users email
session['email'] = email
print(session['email'])
return redirect(url_for('index'))
# Failed pin
else:
flash('Pin is incorrect', 'danger')
return render_template('login.html', form=form)
# Failed Email
else:
flash('No user exists with that email', 'danger')
return render_template('login.html', form=form)
return render_template('login.html', form=form)
def login():
"""
Get requests return a log in form
Post requests authenticate the user, and redirects to the home page.
:return:
"""
form = UserLoginForm()
if request.method == 'POST':
# When the request is post, we want to send a JSON back
if not form.validate():
# If the form isn't properly validated, return a json saying why
return jsonify(
{
'success': False,
'errors': form.errors
}
)
# We get here if form has been validated, login the user
user = User.query.filter_by(username=form.username.data).first()
remember = form.remember
login_user(user, remember=remember)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('home')
return jsonify(
{
'success': True,
'nextpage': next_page
}
)
return render_template('login-form.html', form=form)
def login():
if request.method == 'POST':
form = UserLoginForm(request.form)
if form.validate():
user = User.query.filter_by(name=form.name.data).first()
if user is not None:
if user.password == form.password.data:
session['name'] = form.name.data
if session['name'] == "admin":
return redirect(url_for('admin'))
return redirect(url_for('list'))
return redirect(url_for('login'))
else:
flash('All fields are required.')
form = UserLoginForm()
return render_template('login.html', form=form)
def login():
if request.method == 'POST':
form = UserLoginForm(request.form)
if form.validate():
user = User.query.filter_by(name=form.name.data).first()
if user is not None:
if user.password == form.password.data:
session['name'] = form.name.data
if session['name'] == "admin":
return redirect(url_for('admin'))
return redirect(url_for('list'))
return redirect(url_for('login'))
else:
flash('All fields are required.')
form = UserLoginForm()
return render_template('login.html', form=form)
def login():
# chiamata post -> controllo credenziali
if request.method == 'POST':
form = UserLoginForm(request.form)
if form.validate():
user = login_user(form)
if user:
if session['user']['active']:
logging(session['user']['user_id'], 'LOGIN')
if session['user']['superuser'] == True:
return redirect(
url_for('admin.index')) #amministratore
return redirect(url_for('main.index')) #utente comune
else:
session.pop('user', None)
return render_template(
'login/not_allowed.html') #utente non valido
else:
flash('Invalid credentials!')
return render_template('login/login.html',
form=form) #credenziali errate
# chiamata get -> controllo utente in sessione
else:
if 'user' in session:
if session['user']['active']:
if session['user']['authenticated'] == True and session[
'user']['superuser'] == False:
return redirect(url_for('main.index')) #utente comune
elif session['user']['authenticated'] == True and session[
'user']['superuser'] == True:
return redirect(url_for('admin.index')) #amministratore
else:
return render_template(
'login/not_allowed.html') #utente non valido
return render_template('login/login.html',
form=UserLoginForm()) #pagina log in
def login():
error = None
form = UserLoginForm()
if request.method == 'POST':
if form.validate():
user = query_db('SELECT * from users WHERE username = ?', [form.username.data], one=True)
if user is None:
error = 'Invalid username/password.'
elif not check_password_hash(user['pw_hash'], form.password.data):
error = 'Invalid username/password.'
else:
session['personal_name'] = user['name']
session['logged_in'] = True
session['uid'] = user['uid']
session['role'] = user['role']
return redirect(url_for('two_factor_auth'))
else:
error = 'Invalid username/password.'
return render_template('login.html', error=error, form=form)
def login():
""" Handle user login.
Takes in { user: { username, password }}
Returns JWT token if authenticated; otherwise, returns error messages
{ token }
"""
user_data = request.json.get("user")
form = UserLoginForm(data=user_data)
if form.validate():
user = User.authenticate(form.username.data, form.password.data)
if user:
return do_login(user)
return (jsonify(errors=["Invalid credentials."]), 401)
else:
errors = []
for field in form:
for error in field.errors:
errors.append(error)
return (jsonify(errors=errors), 400)
