def oauth_callback():
if 'jwt' in request.cookies:
token = verify_token(request.cookies['jwt'])
if token is not None:
return redirect('/inventory')
oauth = OAuthSignIn()
id_, email, admin, name, phone = oauth.callback()
print(phone)
if id_ is None:
flash('Authentication failed.')
return redirect('/inventory')
if User.query.filter_by(email=email).count() == 0:
admin = admin or email in config.ADMINS
user = User(
email=email,
is_admin=admin,
name=name,
phone=phone,
)
db.session.add(user)
db.session.commit()
# generate token since we cut out quill
token = generate_auth_token(email)
response = app.make_response(redirect('/inventory'))
response.set_cookie('jwt', token.encode('utf-8'))
return response
def verify_page():
if request.args.get('token'):
user = User.query.filter_by(verification_token=request.args.get('token')).first()
if user:
user.verified_email = True
db.session.commit()
response = app.make_response(redirect('/login?v=1'))
return response
return "Token not found", 400
def register_handler():
form = RegisterForm(request.form)
if form.validate():
if User.query.filter_by(email=request.form['email']).first():
return render_template('pages/register.html', error=["Email address already in use"])
verification_token = uuid.uuid4().hex
user = User(gen_uuid(), request.form['email'], generate_password_hash(request.form['password']), verification_token, False)
db.session.add(user)
db.session.commit()
send_verification_email(request.form['email'], verification_token)
response = app.make_response(redirect('/login?r=1'))
return response
errors = []
for field, error in form.errors.items():
errors.append(field + ": " + "\n".join(error) + "\n")
return render_template('pages/register.html', error=errors)
def login_handler():
"""Log user in"""
form = LoginForm(request.form)
if form.validate():
user = User.query.filter_by(email=request.form['email']).first()
if not user or not check_password_hash(user.password_hash, request.form['password']):
return render_template('pages/login.html', error=["Invalid username or password"])
if not user.verified_email:
return render_template('pages/login.html', error=["Please verify your email to login"])
response = app.make_response(redirect('/inventory'))
response.set_cookie('jwt', gen_token(user.quill_id))
return response
errors = []
for field, error in form.errors.items():
errors.append(field + ": " + "\n".join(error) + "\n")
return render_template('pages/login.html', error=errors)
def login_handler():
"""Log user in"""
form = LoginForm(request.form)
if form.validate():
url = urljoin(config.QUILL_URL, '/auth/login')
r = requests.post(url,
data={
'email': request.form['email'],
'password': request.form['password']
})
try:
r = json.loads(r.text)
except ValueError as e:
return render_template('pages/login.html', error=[str(e)])
if 'message' in r:
return render_template('pages/login.html', error=[r['message']])
quill_id = verify_token(r['token'])
if not quill_id:
return render_template(
'pages/login.html',
error=['Invalid token returned by registration'])
if User.query.filter_by(quill_id=quill_id).count() == 0:
user = User(quill_id, request.form['email'], r['user']['admin'])
db.session.add(user)
db.session.commit()
response = app.make_response(redirect('/inventory'))
response.set_cookie('jwt', r['token'])
return response
errors = []
for field, error in form.errors.items():
errors.append(field + ": " + "\n".join(error) + "\n")
return render_template('pages/login.html', error=errors)
def oauth_callback():
if 'jwt' in request.cookies:
token = verify_token(request.cookies['jwt'])
if token is not None:
return redirect('/inventory')
mlh_user = MLHSignIn().callback()
if mlh_user is None or mlh_user.id is None:
flash('Authentication failed.')
return redirect('/inventory')
if User.query.filter_by(email=mlh_user.email).count() == 0:
admin = email in config.ADMINS
user = User(email, admin)
db.session.add(user)
db.session.commit()
# generate token since we cut out quill
token = generate_auth_token(mlh_user.email)
response = app.make_response(redirect('/inventory'))
response.set_cookie('jwt', token.encode('utf-8'))
return response
def logout():
"""Log user out"""
response = app.make_response(redirect('/'))
response.set_cookie('jwt', '')
return response