def login():
"""
Login route allowing users to sign into the application to access its services.
:return:
"""
form = LoginForm()
if request.method == 'POST' and form.validate():
# Check if email has already been previously registered
# at the moment we don't turn email to lower case, so mis-matched cases will not be verified
user = Users.query.filter_by(email=(form.email.data).lower()).first()
if user is None:
flash('No account has been registered with this email.', 'warning')
return redirect(url_for('auth.login'))
if not user.check_password(form.password.data):
flash('Incorrect password.', 'danger')
return redirect(url_for('auth.login'))
from datetime import timedelta
login_user(user, remember=form.remember_me.data, duration=timedelta(minutes=5))
flash(f'Logged in successfully. Welcome, {user.first_name}!', 'success')
next = request.args.get('next')
if not is_safe_url(next):
return abort(400)
return redirect(next or url_for('main.index'))
return render_template('auth/login.html', form=form)
def login():
if current_user.is_authenticated:
redirect(url_for('index'))
form = LoginForm(request.form)
print(form.password)
if request.method == 'POST' and form.validate():
# Get the user
user = User.query.filter_by(email=form.email.data).first()
# Invalid login attempt
if user is None or not user.check_password(form.password.data):
print('problem')
flash('Invalid username or password')
return redirect(url_for('auth.login'))
print(user.name)
print(user.check_password(form.password.data))
# Log the user in :)
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('main.index')
return redirect(next_page)
else:
return render_template('login.html', title='Sign In', form=form)
async def post(self, request):
template = "/auth/login.html"
data = await request.form()
form = LoginForm(data)
if not form.validate():
context = {"request": request, "form": form}
return templates.TemplateResponse(template, context)
try:
qs = sa.select(User).where(User.email == form.email.data.lower())
result = await User.execute(qs)
user = result.scalars().one()
if user.check_password(form.password.data):
request.session["user"] = str(user.id)
user.last_login = datetime.utcnow()
await user.save()
return RedirectResponse(url="/",
status_code=status.HTTP_302_FOUND)
except NoResultFound:
pass
request.session.clear()
form.password.errors.append("Invalid email or password.")
context = {"request": request, "form": form}
return templates.TemplateResponse(template, context)
def create_user():
form = LoginForm(request.form)
if form.validate():
username = form.username.data
email = form.email.data
password = form.password.data
data = {"username": username, "email": email, 'password': password}
# flask-sqlalchemy默认开启了事务
user = User()
user.set_password(data['password'])
user.from_dict(data)
try:
db.session.add(user)
db.session.commit() # 事务提交
except:
db.session.rollback() # 事务回滚
# 返回值
user_dict = user_schema.dump(user)
return success_request(user_dict)
else:
error = form.errors
return bad_request(error)
def test_validate_invalid_password(self, user):
"""Invalid password."""
user.set_password('example')
user.save()
form = LoginForm(username=user.username, password='******')
assert form.validate() is False
assert 'Invalid password' in form.password.errors
def test_validate_success(self, user):
"""Login successful."""
user.set_password('example')
user.save()
form = LoginForm(username=user.username, password='******')
assert form.validate() is True
assert form.user == user
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
username_email = form.username_email.data
password = form.password.data
if is_email(username_email):
user = User.query.filter_by(email=username_email).first()
else:
user = User.query.filter_by(username=username_email).first()
if user is not None and user.verify_password(password) and user.active:
# log user in
login_user(user)
next_url = request.args.get('next')
# is_safe_url should check if the url is safe for redirects
if not is_safe_url(next_url):
return abort(400)
return redirect(next_url or url_for('admin.dashboard'))
else:
# when login details are incorrect
flash('Please check your credentials', 'danger')
data = {
'title': 'Login',
'form': form,
}
return render_template('auth/login.html', **data)
def test_validate_inactive_user(self, user):
"""Inactive user."""
user.active = False
user.set_password('example')
user.save()
# Correct username and password, but user is not activated
form = LoginForm(username=user.username, password='******')
assert form.validate() is False
assert 'User not activated' in form.username.errors
def test_user_login(self):
user = User(username='******',
email='*****@*****.**',
password='******',
is_active=True)
user.save()
form = LoginForm(username=user.username, password='******')
self.assertTrue(form.validate() is True)
def post(self):
try:
data = request.get_json()
loginForm = LoginForm(**data, meta={'csrf': False})
if loginForm.validate():
username = loginForm.data['username']
password = loginForm.data['password']
if User.objects(username=username):
user = User.objects.get(username=username)
if user.check_password(password):
if user.is_active():
user.refresh_last_login()
user.save()
token = encode_token(str(user.id))
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
TOKEN_NAME: token.decode()
}
return responseObject, 200
else:
responseObject = {
'status': 'fail',
'message': 'User is not active.'
}
return responseObject, 404
else:
responseObject = {
'status': 'fail',
'message': 'Bad password.'
}
return responseObject, 401
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
else:
responseObject = {
'status': 'fail',
'message': 'Bad format for request.'
}
return responseObject, 404
except Exception as e :
print(e)
responseObject = {
'status': 'fail',
'message': 'Try again'
}
return responseObject, 500
def login():
if current_user.is_authenticated == True:
return redirect(url_for('auth.dashboard'))
form = LoginForm()
if request.method == 'POST':
if form.validate():
check_user = User.objects(username=form.username.data).first()
if check_user:
if check_password_hash(check_user['password'], form.password.data):
login_user(check_user)
return redirect(url_for('auth.dashboard'))
return render_template('auth/login.html', form=form)
def login():
form = LoginForm()
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password')
return redirect(url_for('auth.login'))
login_user(user, remember=form.remember_me.data, duration=timedelta(minutes=1))
flash('{} logged in successfully'.format(user.name))
next = request.args.get('next')
if not is_safe_url(next):
return abort(400)
return redirect(next or url_for('main.index'))
return render_template('login.html', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.query.filter_by(username=form.username.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password')
return redirect(url_for('auth.login'))
login_user(user, remember=form.remember_me.data)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('main.index')
return redirect(next_page)
return render_template('auth/login.html', title='Sign In', form=form)
def login():
""" Login function validates user info with info in database """
form = LoginForm()
if request.method == 'POST' and form.validate():
user = User.query.filter_by(email=form.email.data).first()
if not user or not user.checkPassword(form.password.data):
flash('Email/Password incorrect. Try again.')
return redirect(url_for('auth.login'))
else:
session.clear()
session['id'] = user.id
session.permanent = form.remember.data
flash("Welcome g.user.username!")
return redirect(url_for('main.index'))
return render_template('auth/login.html', title='login', form=form)
def login(auth: AuthManager):
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
try:
auth.login(form.email.data, form.password.data)
except LoginException as e:
form.email.errors.append(str(e))
return render_template('auth/login.html', form=form)
resp = make_response(redirect(url_for('main.index')))
resp.set_cookie('auth_token',
jwt.create_token(current_user.profile),
max_age=60 * 60 * 24 * 360)
return resp
return render_template('auth/login.html', form=form)
def login():
form = LoginForm(request.form)
if current_user.is_authenticated is False:
if request.method == 'POST' and form.validate():
user = db_session.query(User).filter_by(
username=form.username.data).first()
valid_password = verify_password(user.username, form.password.data)
if user:
if valid_password:
login_user(user)
if user.permission:
session['User'] = '******'
flash('You are logged in as an Admin', 'success')
else:
session['User'] = '******'
flash('You are logged in as a User', 'success')
return redirect(url_for('auth.auth_index'))
else:
return redirect(url_for('auth.auth_index'))
return render_template('auth/login.html', form=form)
def login():
if current_user.is_authenticated:
flash('You are logged in')
return redirect(url_for('main.index', account='musicians'))
form = LoginForm()
if request.method == 'POST' and form.validate():
user = Profile.query.filter_by(email=form.email.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid email/password combination', 'error')
return redirect(url_for('auth.login'))
elif user.block == 1:
flash("You are blocked from Musician's Network")
return redirect(url_for('main.index'))
login_user(user,
remember=form.remember_me.data,
duration=timedelta(minutes=1))
next = request.args.get('next')
if not is_safe_url(next):
return abort(400)
return redirect(next or url_for('main.index', account='musicians'))
return render_template('login.html', form=form)
def login():
form = LoginForm(request.form)
if g.user is not None and g.user.is_authenticated:
print("User %s logged in" % g.user.name)
return redirect(url_for('admin.home'))
if request.method == "POST":
if form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user and check_password_hash(user.pw_hash, form.password.data):
user.authenticated = True
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
flash("Welcome %s" % user.name)
return redirect(url_for("admin.home"))
else:
mess = "Wrong email or password"
return jsonify({"error":mess}), 404
flash("Wrong email or password", 'error-message')
else:
return jsonify(form.errors), 400
return render_template("auth/login.html", form=form, title="Log in")
def test_validate_invalid_email_format(self):
# Ensure invalid email format throws error.
form = LoginForm(email='unknown', password='******', csrf_enabled=False)
self.assertFalse(form.validate())
def test_validate_success_login_form(self):
# Ensure correct data validates.
form = LoginForm(email='*****@*****.**', password='******', csrf_enabled=False)
self.assertTrue(form.validate())
def test_validate_unknown_username(self, db):
"""Unknown username."""
form = LoginForm(username='******', password='******')
assert form.validate() is False
assert 'Unknown username' in form.username.errors
assert form.user is None
def test_valid():
data = {"email": "*****@*****.**", "password": "******"}
form = LoginForm(DummyPostData(data))
assert form.validate()
assert form.data == data
def test_invalid(test_data):
form = LoginForm(DummyPostData(test_data))
assert form.validate() is False
assert "email" in form.errors
assert "password" in form.errors
