-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauth.py
130 lines (107 loc) · 3.85 KB
/
auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# https://flask.github.net.cn/tutorial/views.html
import functools
from flask import (
Blueprint, flash, g, redirect, render_template, request, session, url_for
)
from werkzeug.security import check_password_hash, generate_password_hash
from CSTG2026.db import get_db
bp = Blueprint('auth', __name__, url_prefix='/auth')
@bp.route('/signup', methods=('GET', 'POST'))
def signup():
from . import store_file
if request.method == 'GET':
return render_template('auth/signup.html')
print(request.form)
name = request.form['name']
gender = request.form['gender']
email = request.form['email']
passwd = request.form['passwd']
profile = request.form['profile']
type = request.form['role']
avatar = request.files['avatar']
db = get_db()
error = None
with db.cursor() as cursor:
if not name:
error = 'usrname is required.'
elif not gender:
error = 'Gender is required.'
elif not email:
error = 'Email is required.'
elif not passwd:
error = 'Password is required.'
elif not profile:
error = 'Profile is required.'
elif not type:
error = 'Type is required.'
elif not avatar:
error = 'Avatar is required.'
if error is None:
cursor.execute('SELECT usr_id FROM usr WHERE email = %s', (email,))
if cursor.fetchone() is not None:
error = 'This email is already registered.'
if error is not None:
flash(error, 'error')
return render_template('auth/signup.html')
avatar_filename = store_file(avatar)
try:
cursor.execute(
'INSERT INTO usr (name, gender, email, passwd, profile, type, avatar_filename) VALUES (%s, %s, %s, %s, %s, %s, %s)',
(name, gender, email, generate_password_hash(passwd), profile, type, avatar_filename)
)
db.commit()
flash('You have successfully signed up.', 'info')
return redirect(url_for('home.index'))
except Exception as e:
print(e)
flash('Unknown error.', 'error')
return render_template('auth/signup.html')
@bp.route('/signin', methods=('POST',))
def signin():
email = request.form['email']
passwd = request.form['passwd']
db = get_db()
error = None
with db.cursor() as cursor:
if not email:
error = 'Email is required.'
elif not passwd:
error = 'Password is required.'
if error is None:
cursor.execute(
'SELECT * FROM usr WHERE email = %s', (email,)
)
if (usr := cursor.fetchone()) is None:
error = 'This email is not registered.'
elif not (usr[4] == passwd or check_password_hash(usr[4], passwd)):
error = 'Incorrect password.'
if error is not None:
flash(error, 'error')
return redirect(url_for('home.index'))
session.clear()
session['usr_id'] = usr[0]
flash('You have successfully signed in.', 'info')
return redirect(url_for('home.index'))
@bp.before_app_request
def load_logged_in_user():
usr_id = session.get('usr_id')
if usr_id is None:
g.usr = None
else:
with get_db().cursor() as cursor:
cursor.execute(
'SELECT * FROM usr WHERE usr_id = %s', (usr_id,)
)
g.usr = cursor.fetchone()
@bp.route('/signout')
def signout():
session.clear()
return redirect(url_for('home.index'))
def signin_required(view):
@functools.wraps(view)
def wrapped_view(**kwargs):
if g.usr is None:
flash('Sign in required.', 'error')
return redirect(url_for('home.index'))
return view(**kwargs)
return wrapped_view