def sign_up():
form = SignUpForm()
if current_user.is_authenticated:
redirect(url_for('main.index'))
if request.method == 'GET':
return render_template('auth/sign_up.html', form=form)
else:
if form.validate_on_submit():
u = User()
u.username = form.username.data
u.email = form.email.data
u.set_password_hash(form.password.data)
db.session.add(u)
db.session.commit()
send_confirmation_email(u, 'Confirm email.', 'emails/confirm_user')
flash(
'User successfully created. Please confirm email and then you will be able to sign in.'
)
flash(
f'Notice that Your confirmation link expires in {current_app.config["EXPIRATION_TIME"]} minutes!'
)
return render_template('auth/info.html')
else:
return render_template('auth/sign_up.html', form=form)
def sign_up():
"""sign up for the Staffjoy application"""
if is_native():
return redirect(url_for("auth.native_login"))
if not current_app.config.get("ALLOW_COMPANY_SIGNUPS"):
return redirect(url_for("main.index"))
form = SignUpForm()
if form.validate_on_submit():
user = User(email=form.email.data.lower().strip(),
username=form.username.data.lower().strip(),
password=form.password.data,
name=form.name.data.strip())
try:
db.session.add(user)
db.session.commit()
except:
db.session.rollback()
raise Exception("Dirty session")
user.flush_associated_shift_caches()
token = user.generate_confirmation_token()
user.send_email(
"Confirm Your Account",
render_template("email/confirm-account.html",
user=user,
token=token), True)
flash("A confirmation email has been sent to you by email.", "success")
return redirect(url_for("auth.login"))
return render_template("auth.html", form_title="Sign Up", form=form)
def sign_up():
form = SignUpForm()
if form.validate_on_submit():
name = form.name.data
email = form.email.data
password = form.password.data
#authenticate a user
try:
user = User.create(name, email, password)
login_user(user, remember=True)
# Sign up successful
flash(
'User {}, created with id={}'.format(current_user.email,
current_user.id), 'teal')
return redirect(url_for('main.index'))
except Exception as e:
# Sign up unsuccessful
if type(e.args[0]) == str:
error = e.args[0] # weird bug where not returning json
else:
error_json = e.args[1]
error = json.loads(error_json)['error']['message']
flash("Error: {}".format(error), 'red')
return render_template('auth/sign_up.html', title='Sign Up', form=form)
def signup():
form = SignUpForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(username=form.username.data, password=hashed_password)
db.session.add(user)
db.session.commit()
flash('Account Created.')
return redirect(url_for('auth.login'))
return render_template('signup.html', form=form)
def signup():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = SignUpForm()
if form.validate_on_submit():
user = User(username=form.username.data, email=form.email.data)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('auth.login'))
return render_template('auth/signup.html', form=form)
def signup():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = SignUpForm()
if form.validate_on_submit():
user = User(username=form.username.data, email=form.email.data)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
flash("Congratulations, you're now signed up!")
return redirect(url_for('auth.login')) # upon signing up, send to login page (why not send directly to index?)
return render_template('auth/signup.html', title='Sign Up', form=form)
def sign_up():
form = SignUpForm()
if not form.validate():
return UnprocessableEntityResponse(
fields=dict(form.errors.items())).jsonify()
username = request.form.get("username")
password = request.form.get("password")
user = User(username=username, password=password)
db.session.add(user)
db.session.commit()
return jsonify({"data": {"username": username, "password": password}})
def signup():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = SignUpForm()
if form.validate_on_submit():
user = User(username=form.username.data, email=form.email.data)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
flash('Grattis du är nu registrerad!')
return redirect(url_for('auth.login'))
return render_template('auth/signup.html', title='Ny användare', form=form)
def signup():
form = SignUpForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(form.password.data).decode(
"utf-8"
)
user = User(username=form.username.data, password=hashed_password)
db.session.add(user)
db.session.commit()
flash("Account Created.")
return redirect(url_for("auth.login"))
print(form.errors)
return render_template("signup.html", form=form)
def sign_up():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = SignUpForm()
if form.validate_on_submit():
user = User(username=form.username.data, email=form.email.data)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
flash(_('Nice, you successfully signed up!'))
return redirect(url_for('auth.login'))
return render_template('auth/sign_up.html', title=_('Sign Up'), form=form)
def signup():
if current_user.is_authenticated:
return redirect(page_not_found("e"))
form = SignUpForm()
if form.validate_on_submit():
user = User(username=form.username.data,
email=form.email.data,
password=form.password.data)
db.session.add(user)
db.session.commit()
flash(f'Hello {user.username}! Please login', 'info')
return redirect(url_for('auth.login'))
return render_template("signup.html", form=form)
def sign_up():
form = SignUpForm()
if form.validate_on_submit():
username = form.username.data
password = form.password.data
email = form.email.data
error = sign_up_validation(username, password, email)
if error:
flash('Something went wrong, Try again')
return redirect(url_for('auth.sign_up'))
return redirect(url_for('auth.confirm_sign_up'))
return render_template('/auth/sign-up.html', form=form)
def signup():
# Prevent access from already logged in users
if current_user.is_authenticated:
return redirect(url_for('main.home'))
# Validate signup form
# Requirements: Password min 10 char, Username 2-15 char atleast 1 letter
form = SignUpForm()
if form.validate_on_submit():
# If validation was successful, add user to db
# and redirect to login page
user = User(username=form.username.data, email=form.email.data)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
flash('Registration successful!')
return redirect(url_for('auth.login'))
return render_template('auth/signup.html', form=form)
def signup():
if current_user.is_active:
flash('Already logged in', 'info')
return redirect(url_for('index.home'))
# If sign in form is submitted
form = SignUpForm(request.form)
# Verify the sign in form
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if not user and form.password.data == form.password_confirm.data:
# SQL_I Safe Code
new_user = User(email=form.email.data,
password=PasswordLib().get_hashed_password(
form.password.data),
name=form.name.data,
company=form.company.data)
# Original SQL Alchemy function
# db.session.add(new_user)
# SQL_I Vulnerable Code
db.engine.execute(
"INSERT INTO auth_user (id, date_created, date_modified, name, email, password, status, company)\
VALUES ('%s', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, '%s', '%s', '%s', %d, '%s')"
% (new_user.id, new_user.name, new_user.email,
new_user.password, 1, new_user.company))
# SQL_I Protected Using Parameters
# db.engine.execute(
# "INSERT INTO auth_user (id, date_created, date_modified, name, email, password, status, company)\
# VALUES (?, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, ?, ?, ?, 1, ?)",
# new_user.id, new_user.name, new_user.email, new_user.password, new_user.company
# )
password_history = History(userid=new_user.id,
password=new_user.password)
db.session.add(password_history)
db.session.commit()
flash(f'Welcome {form.name.data}! user created successfully',
'info')
return redirect(url_for('index.home'))
if form.password.data != form.password_confirm.data:
flash('Password don\'t match!', 'error')
else:
flash('User already exists!', 'error')
return render_template("auth/signup.html", form=form)
def signup():
form = SignUpForm()
if form.validate_on_submit():
user = Users(username=form.username.data,
name=form.name.data,
surname=form.surname.data,
email=form.email.data,
password=form.password.data)
db.session.add(user)
db.session.commit()
token = user.generate_confirmation_token()
send_mail(user.email,
'Confirm Your Account',
'auth/email/confirm',
user=user,
token=token)
flash('A confirmation email has been sent to you by email.')
return redirect(url_for('auth.login'))
return render_template('auth/signup.html', form=form)
def setup():
# if there are users in the DB, the app is already set up
if User.query.all():
return redirect(url_for('index'))
form = SignUpForm()
if form.validate_on_submit():
user = User(form.email.data, form.password.data, form.name.data, 'superadmin')
db.session.add(user)
db.session.commit()
login_user(user)
flash("Super admin created successfully", 'success')
return redirect(url_for('index'))
return render_template(
'auth/setup.html',
form=form,
heading="Create super admin account"
)
def signup():
form = SignUpForm()
if form.validate_on_submit():
if User.query.filter_by(
username=form.username.data).first() is not None:
flash('This Username is Taken!', 'danger')
else:
new_account = User(form.username.data, form.email.data,
form.password.data)
db.session.add(new_account)
db.session.commit()
flash('Account Created! Log In Below:', 'success')
return redirect(url_for('auth.login'))
return render_template('auth/signup.html', form=form)
def sign_up():
signUpForm = SignUpForm()
if signUpForm.validate_on_submit():
if signUpForm.user_or_owner.data == 'user':
newProfile = User(name=signUpForm.firstName.data,
surname=signUpForm.lastName.data,
email=signUpForm.email.data,
password=hash_psw(signUpForm.password.data))
elif signUpForm.user_or_owner.data == 'owner':
newProfile = Owner(name=signUpForm.firstName.data,
surname=signUpForm.lastName.data,
email=signUpForm.email.data,
password=hash_psw(signUpForm.password.data))
newProfile.generate_confirmation_code()
db.session.add(newProfile)
db.session.commit()
send_confirm_email(destination_profile=newProfile,
confirmation_code=newProfile.confirmation_code)
return redirect(url_for('auth.confirm', email=newProfile.email))
return render_template('signup.html', form=signUpForm, title='Sign Up')
def signup():
form = SignUpForm()
token = request.args.get('invite')
invite = Invitation.get(token)
if token and not invite:
return render_template(
'error/generic.html',
message="The invite is invalid"
)
if invite is not None:
if User.query.filter_by(email=invite.invitee).first() is not None:
return render_template(
'error/generic.html',
message="Email belongs to an existing user"
)
if form.validate_on_submit():
if invite is None:
role_short = 'staff'
else:
role_short = invite.role.short
if form.email.data != invite.invitee:
return render_template(
'error/generic.html',
message="Email doesn't match invite email"
)
user = User(form.email.data, form.password.data, form.name.data, role_short)
db.session.add(user)
db.session.commit()
login_user(user)
flash("Sign up successful", 'success')
return redirect(url_for('index'))
if invite is not None:
form.email.data = invite.invitee
else:
flash('Signing up without an inivite defaults to staff member account', 'info')
return render_template('auth/signup.html', form=form)
def signup():
'''
Add user through signup form
GET: Serve sign-up page.
POST: Validate form, create account, redirect user to dashboard
'''
# username = request.args.get("user")
# email = request.args.get("email")
signup_form = SignUpForm()
if signup_form.validate_on_submit():
user_name = User.query.filter_by(
username=signup_form.username.data).first()
user_email = User.query.filter_by(email=signup_form.email.data).first()
# print(user_exist)
if user_name or user_email:
flash('A user already exists with that username or email')
else:
new_user = User(username=signup_form.username.data,
email=signup_form.email.data,
password=signup_form.password.data,
created_at=dt.now())
try:
db.session.add(new_user)
db.session.commit() # create new user
login_user(new_user) # log in as new created user
except TypeError as err:
flash('Problem creating user:{}'.format(err))
except Exception as err:
flash(err)
# redirect to daily-Log, uncomment when is ready!
# return redirect(url_for('dailylog.userlogshistory'))
return render_template('servicios.html',
username=new_user.username)
# return render_template('dummy.html')
return render_template('signup_2.html',
form=signup_form,
title='Sign Up',
template='signup-page',
body="Sign up for a user account.")
def sign_up(checkout=''):
form = SignUpForm()
if form.validate_on_submit():
user = User()
form.populate_obj(obj=user)
user.set_password(form.new_password.data)
customer = Group.query.filter_by(name='customer').first()
if customer:
user.groups = [customer]
log_new(user, f'User added for email: {form.email.data}')
db.session.add(user)
db.session.commit()
login_user(user, remember=False)
flash('Thanks for creating an account!', 'success')
if checkout == 'checkout':
return redirect(url_for('shop.shipping'))
return redirect(url_for('shop.index'))
form.subscribed.data = True
return render_template('auth/login.html',
title='Sign Up',
form=form,
user='',
checkout=checkout)
def sign_up():
form = SignUpForm(request.form)
if form.validate_on_submit():
member = Member(username=form.username.data,
email=form.email.data,
first_name=form.first_name.data,
last_name=form.last_name.data)
member.member_type = "member"
member.set_password(form.password.data)
try:
db.session.add(member)
db.session.commit()
response = make_response(redirect(url_for('auth.login')))
response.set_cookie("username", form.username.data)
flash(f'Account successfully created for {member.username}',
'success')
return response
except IntegrityError as e:
print(e)
db.session.rollback()
flash(f'Unable to register {member.username}. Please try again.',
'danger')
return render_template('signup.html', form=form)
