def authenticate(project_id=None): """Authentication form""" form = AuthenticationForm() # Try to get project_id from token first token = request.args.get("token") if token: project_id = Project.verify_token(token, token_type="non_timed_token") token_auth = True else: if not form.id.data and request.args.get("project_id"): form.id.data = request.args["project_id"] project_id = form.id.data token_auth = False if project_id is None: # User doesn't provide project identifier or a valid token # return to authenticate form msg = _("You either provided a bad token or no project identifier.") form.errors["id"] = [msg] return render_template("authenticate.html", form=form) project = Project.query.get(project_id) if not project: # If the user try to connect to an unexisting project, we will # propose him a link to the creation form. return render_template("authenticate.html", form=form, create_project=project_id) # if credentials are already in session, redirect if session.get(project_id): setattr(g, "project", project) return redirect(url_for(".list_bills")) # else do form authentication or token authentication is_post_auth = request.method == "POST" and form.validate() if (is_post_auth and check_password_hash(project.password, form.password.data) or token_auth): # maintain a list of visited projects if "projects" not in session: session["projects"] = [] # add the project on the top of the list session["projects"].insert(0, (project_id, project.name)) session[project_id] = True session.update() setattr(g, "project", project) return redirect(url_for(".list_bills")) if is_post_auth and not check_password_hash(project.password, form.password.data): msg = _("This private code is not the right one") form.errors["password"] = [msg] return render_template("authenticate.html", form=form)
def save(self): """Create a new project with the information given by this form. Returns the created instance """ project = Project( name=self.name.data, id=self.id.data, password=generate_password_hash(self.password.data), contact_email=self.contact_email.data, ) return project
def authenticate(project_id=None): """Authentication form""" form = AuthenticationForm() # Try to get project_id from token first token = request.args.get('token') if token: project_id = Project.verify_token(token, token_type='non_timed_token') token_auth = True else: if not form.id.data and request.args.get('project_id'): form.id.data = request.args['project_id'] project_id = form.id.data token_auth = False if project_id is None: # User doesn't provide project identifier or a valid token # return to authenticate form msg = _("You either provided a bad token or no project identifier.") form.errors["id"] = [msg] return render_template("authenticate.html", form=form) project = Project.query.get(project_id) if not project: # If the user try to connect to an unexisting project, we will # propose him a link to the creation form. return render_template("authenticate.html", form=form, create_project=project_id) # if credentials are already in session, redirect if session.get(project_id): setattr(g, 'project', project) return redirect(url_for(".list_bills")) # else do form authentication or token authentication is_post_auth = request.method == "POST" and form.validate() if is_post_auth and check_password_hash(project.password, form.password.data) or token_auth: # maintain a list of visited projects if "projects" not in session: session["projects"] = [] # add the project on the top of the list session["projects"].insert(0, (project_id, project.name)) session[project_id] = True session.update() setattr(g, 'project', project) return redirect(url_for(".list_bills")) if is_post_auth and not check_password_hash(project.password, form.password.data): msg = _("This private code is not the right one") form.errors['password'] = [msg] return render_template("authenticate.html", form=form)
def demo(): """ Authenticate the user for the demonstration project and redirects to the bills list for this project. Create a demo project if it doesn't exists yet (or has been deleted) If the demo project is deactivated, redirects to the create project form. """ is_demo_project_activated = current_app.config["ACTIVATE_DEMO_PROJECT"] project = Project.query.get("demo") if not project and not is_demo_project_activated: raise Redirect303(url_for(".create_project", project_id="demo")) if not project and is_demo_project_activated: project = Project.create_demo_project() session[project.id] = True return redirect(url_for(".list_bills", project_id=project.id))
def reset_password(): form = ResetPasswordForm() token = request.args.get('token') if not token: return render_template('reset_password.html', form=form, error=_("No token provided")) project_id = Project.verify_token(token) if not project_id: return render_template('reset_password.html', form=form, error=_("Invalid token")) project = Project.query.get(project_id) if not project: return render_template('reset_password.html', form=form, error=_("Unknown project")) if request.method == "POST" and form.validate(): project.password = generate_password_hash(form.password.data) db.session.add(project) db.session.commit() flash(_("Password successfully reset.")) return redirect(url_for(".home")) return render_template('reset_password.html', form=form)
def demo(): """ Authenticate the user for the demonstration project and redirect him to the bills list for this project. Create a demo project if it doesnt exists yet (or has been deleted) If the demo project is deactivated, one is redirected to the create project form """ is_demo_project_activated = current_app.config['ACTIVATE_DEMO_PROJECT'] project = Project.query.get("demo") if not project and not is_demo_project_activated: raise Redirect303(url_for(".create_project", project_id='demo')) if not project and is_demo_project_activated: project = Project(id="demo", name=u"demonstration", password="******", contact_email="*****@*****.**") db.session.add(project) db.session.commit() session[project.id] = project.password return redirect(url_for(".list_bills", project_id=project.id))