From 879a10131d8cc5250484bc02d29941ff571f6854 Mon Sep 17 00:00:00 2001
From: rsiddharth <s@ricketyspace.net>
Date: Fri, 13 Sep 2019 22:11:44 -0400
Subject: nfsw/auth.py: Add login route.

---
 nfsw/auth.py | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/nfsw/auth.py b/nfsw/auth.py
index 769a5dd..5fd46f6 100644
--- a/nfsw/auth.py
+++ b/nfsw/auth.py
@@ -49,3 +49,39 @@ def not_agreed(view):
     return wrapped_view
 
 
+@bp.route('/login', methods=('GET', 'POST'))
+@anon_only
+def login():
+    def render(e=''):
+        if e:
+            flash(e)
+
+        return render_template('login.html')
+
+    db = get_db()
+
+    if request.method == 'POST':
+
+        username = request.form['username']
+        password = request.form['password']
+
+        # Validate
+        if not username:
+            return render('Name is required')
+        elif not password:
+            return render('Password is required')
+
+        user  = db.execute('SELECT * FROM user WHERE username=?',
+                           (username,)).fetchone()
+
+        if user is None:
+            return render('User not found')
+        elif not check_password_hash(user['password'], password):
+            return render('Password is incorrect')
+
+        session.clear()
+        session['user_id'] = user['id']
+
+    return render()
+
+
-- 
cgit v1.2.3