diff options
| author | rsiddharth <s@ricketyspace.net> | 2019-09-12 21:22:01 -0400 |
|---|---|---|
| committer | rsiddharth <s@ricketyspace.net> | 2019-09-12 21:22:01 -0400 |
| commit | 3d6ea3afec8d2f6db68f66dd60fa78efa9035e87 (patch) | |
| tree | 709b3ed1d30a629ab27a31dca3814335e06fabac /nfsw/auth.py | |
| parent | 39c85710f5ab1f7c63caf30beaaaede7286fc53a (diff) | |
Add some auth flask snafu.
Diffstat (limited to 'nfsw/auth.py')
| -rw-r--r-- | nfsw/auth.py | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/nfsw/auth.py b/nfsw/auth.py new file mode 100644 index 0000000..f7156d0 --- /dev/null +++ b/nfsw/auth.py @@ -0,0 +1,98 @@ +import functools + +import os + +from flask import ( + Blueprint, flash, g, redirect, render_template, request, + session, url_for +) +from werkzeug.security import ( + check_password_hash, generate_password_hash +) + +from nfsw.db import get_db + + +bp = Blueprint('auth', __name__, url_prefix='/auth') + +@bp.route('start', methods=('GET', 'POST')) +def auth(): + if request.method == 'POST': + username = request.form['username'] + + password = None + if 'password' in request.form: + password = request.form['password'] + + if not username: + return { + 'status': 'error', + 'msg': 'Name is required', + 'fields': ['username'] + } + elif username and password: + return login(username, password) + + else: + return register(username) + + return render_template('auth/index.html') + + +def login(username, password): + db = get_db() + + user = db.execute('SELECT * FROM user WHERE username=?', (username,) + ).fetchone() + + if user is None: + return { + 'status': 'error', + 'msg': 'User not found', + 'fields': ['username'] + } + + if not check_password_hash(user['password'], password): + return { + 'status': 'error', + 'msg': 'Password is incorrect', + 'fields': ['password'] + } + + session.clear() + session['user_id'] = user['id'] + + return { + 'status': 'ok', + 'url': url_for('hello') + } + + +def register(username): + db = get_db() + + if db.execute('SELECT id FROM user where username=?', (username,) + ).fetchone() is not None: + return { + 'status': 'pass', + 'msg': 'Looks you\'ve registered before!' + + ' Gimme your password. Pretty please.' + } + + password = os.urandom(4).hex() + + r = db.execute('INSERT INTO user (username, password) VALUES (?, ?)', + (username, generate_password_hash(password))) + db.commit() + + print(r.fetchone) + print(password) + + session.clear() + session['newuser'] = True + + return { + 'status': 'ok', + 'url': url_for('hello') + } + |