diff options
| author | rsiddharth <s@ricketyspace.net> | 2019-09-13 22:11:44 -0400 |
|---|---|---|
| committer | rsiddharth <s@ricketyspace.net> | 2019-09-13 22:11:44 -0400 |
| commit | 879a10131d8cc5250484bc02d29941ff571f6854 (patch) | |
| tree | 3c52863aa4d0d61ab78f6ae47d0b27ed9a156ce3 /nfsw/auth.py | |
| parent | 82780edbfb98c2b784adb642b2cd8a8a15d033c8 (diff) | |
nfsw/auth.py: Add login route.
Diffstat (limited to 'nfsw/auth.py')
| -rw-r--r-- | nfsw/auth.py | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/nfsw/auth.py b/nfsw/auth.py index 769a5dd..5fd46f6 100644 --- a/nfsw/auth.py +++ b/nfsw/auth.py @@ -49,3 +49,39 @@ def not_agreed(view): return wrapped_view +@bp.route('/login', methods=('GET', 'POST')) +@anon_only +def login(): + def render(e=''): + if e: + flash(e) + + return render_template('login.html') + + db = get_db() + + if request.method == 'POST': + + username = request.form['username'] + password = request.form['password'] + + # Validate + if not username: + return render('Name is required') + elif not password: + return render('Password is required') + + user = db.execute('SELECT * FROM user WHERE username=?', + (username,)).fetchone() + + if user is None: + return render('User not found') + elif not check_password_hash(user['password'], password): + return render('Password is incorrect') + + session.clear() + session['user_id'] = user['id'] + + return render() + + |