def authenticate(project_id=None):
"""Authentication form"""
form = AuthenticationForm()
# Try to get project_id from token first
token = request.args.get("token")
if token:
project_id = Project.verify_token(token, token_type="non_timed_token")
token_auth = True
else:
if not form.id.data and request.args.get("project_id"):
form.id.data = request.args["project_id"]
project_id = form.id.data
token_auth = False
if project_id is None:
# User doesn't provide project identifier or a valid token
# return to authenticate form
msg = _("You either provided a bad token or no project identifier.")
form.errors["id"] = [msg]
return render_template("authenticate.html", form=form)
project = Project.query.get(project_id)
if not project:
# If the user try to connect to an unexisting project, we will
# propose him a link to the creation form.
return render_template("authenticate.html",
form=form,
create_project=project_id)
# if credentials are already in session, redirect
if session.get(project_id):
setattr(g, "project", project)
return redirect(url_for(".list_bills"))
# else do form authentication or token authentication
is_post_auth = request.method == "POST" and form.validate()
if (is_post_auth
and check_password_hash(project.password, form.password.data)
or token_auth):
# maintain a list of visited projects
if "projects" not in session:
session["projects"] = []
# add the project on the top of the list
session["projects"].insert(0, (project_id, project.name))
session[project_id] = True
session.update()
setattr(g, "project", project)
return redirect(url_for(".list_bills"))
if is_post_auth and not check_password_hash(project.password,
form.password.data):
msg = _("This private code is not the right one")
form.errors["password"] = [msg]
return render_template("authenticate.html", form=form)
def save(self):
"""Create a new project with the information given by this form.
Returns the created instance
"""
project = Project(
name=self.name.data,
id=self.id.data,
password=generate_password_hash(self.password.data),
contact_email=self.contact_email.data,
)
return project
def authenticate(project_id=None):
"""Authentication form"""
form = AuthenticationForm()
# Try to get project_id from token first
token = request.args.get('token')
if token:
project_id = Project.verify_token(token, token_type='non_timed_token')
token_auth = True
else:
if not form.id.data and request.args.get('project_id'):
form.id.data = request.args['project_id']
project_id = form.id.data
token_auth = False
if project_id is None:
# User doesn't provide project identifier or a valid token
# return to authenticate form
msg = _("You either provided a bad token or no project identifier.")
form.errors["id"] = [msg]
return render_template("authenticate.html", form=form)
project = Project.query.get(project_id)
if not project:
# If the user try to connect to an unexisting project, we will
# propose him a link to the creation form.
return render_template("authenticate.html", form=form, create_project=project_id)
# if credentials are already in session, redirect
if session.get(project_id):
setattr(g, 'project', project)
return redirect(url_for(".list_bills"))
# else do form authentication or token authentication
is_post_auth = request.method == "POST" and form.validate()
if is_post_auth and check_password_hash(project.password, form.password.data) or token_auth:
# maintain a list of visited projects
if "projects" not in session:
session["projects"] = []
# add the project on the top of the list
session["projects"].insert(0, (project_id, project.name))
session[project_id] = True
session.update()
setattr(g, 'project', project)
return redirect(url_for(".list_bills"))
if is_post_auth and not check_password_hash(project.password, form.password.data):
msg = _("This private code is not the right one")
form.errors['password'] = [msg]
return render_template("authenticate.html", form=form)
def demo():
"""
Authenticate the user for the demonstration project and redirects to
the bills list for this project.
Create a demo project if it doesn't exists yet (or has been deleted)
If the demo project is deactivated, redirects to the create project form.
"""
is_demo_project_activated = current_app.config["ACTIVATE_DEMO_PROJECT"]
project = Project.query.get("demo")
if not project and not is_demo_project_activated:
raise Redirect303(url_for(".create_project", project_id="demo"))
if not project and is_demo_project_activated:
project = Project.create_demo_project()
session[project.id] = True
return redirect(url_for(".list_bills", project_id=project.id))
def reset_password():
form = ResetPasswordForm()
token = request.args.get('token')
if not token:
return render_template('reset_password.html', form=form, error=_("No token provided"))
project_id = Project.verify_token(token)
if not project_id:
return render_template('reset_password.html', form=form, error=_("Invalid token"))
project = Project.query.get(project_id)
if not project:
return render_template('reset_password.html', form=form, error=_("Unknown project"))
if request.method == "POST" and form.validate():
project.password = generate_password_hash(form.password.data)
db.session.add(project)
db.session.commit()
flash(_("Password successfully reset."))
return redirect(url_for(".home"))
return render_template('reset_password.html', form=form)
def demo():
"""
Authenticate the user for the demonstration project and redirect him to
the bills list for this project.
Create a demo project if it doesnt exists yet (or has been deleted)
If the demo project is deactivated, one is redirected to the create project form
"""
is_demo_project_activated = current_app.config['ACTIVATE_DEMO_PROJECT']
project = Project.query.get("demo")
if not project and not is_demo_project_activated:
raise Redirect303(url_for(".create_project",
project_id='demo'))
if not project and is_demo_project_activated:
project = Project(id="demo", name=u"demonstration", password="******",
contact_email="*****@*****.**")
db.session.add(project)
db.session.commit()
session[project.id] = project.password
return redirect(url_for(".list_bills", project_id=project.id))
