""" Authentication routes """ from flask import Blueprint, render_template, request, redirect, url_for, flash, session from flask_login import login_user, logout_user, login_required, current_user from app.models.user import User from app.extensions import db from app.utils.logger import log_action import os bp = Blueprint('auth', __name__) @bp.route('/login', methods=['GET', 'POST']) def login(): """User login""" if current_user.is_authenticated: return redirect(url_for('dashboard.index')) if request.method == 'POST': username = request.form.get('username', '').strip() password = request.form.get('password', '') if not username or not password: flash('Please enter both username and password.', 'danger') return render_template('auth/login.html') user = User.query.filter_by(username=username).first() if user and user.check_password(password) and user.is_active: login_user(user) user.last_login = db.func.current_timestamp() db.session.commit() log_action(f"User '{username}' logged in") # Redirect to next page or dashboard next_page = request.args.get('next') if next_page: return redirect(next_page) return redirect(url_for('dashboard.index')) else: flash('Invalid username or password.', 'danger') log_action(f"Failed login attempt for username '{username}'", level='WARNING') # Check if login picture exists from flask import current_app login_picture_path = os.path.join(current_app.static_folder, 'assets', 'login_picture.png') login_picture_exists = os.path.exists(login_picture_path) return render_template('auth/login.html', login_picture_exists=login_picture_exists) @bp.route('/logout') @login_required def logout(): """User logout""" username = current_user.username logout_user() log_action(f"User '{username}' logged out") flash('You have been logged out successfully.', 'info') return redirect(url_for('auth.login')) @bp.route('/register', methods=['GET', 'POST']) def register(): """User registration (for development only)""" from flask import current_app # Only allow registration in development mode if not current_app.config.get('DEBUG', False): flash('Registration is disabled.', 'danger') return redirect(url_for('auth.login')) if request.method == 'POST': username = request.form.get('username', '').strip() password = request.form.get('password', '') confirm_password = request.form.get('confirm_password', '') # Validation if not username or not password: flash('Please enter both username and password.', 'danger') return render_template('auth/register.html') if password != confirm_password: flash('Passwords do not match.', 'danger') return render_template('auth/register.html') if len(password) < 6: flash('Password must be at least 6 characters long.', 'danger') return render_template('auth/register.html') # Check if user already exists if User.query.filter_by(username=username).first(): flash('Username already exists.', 'danger') return render_template('auth/register.html') # Create new user try: user = User(username=username, role='user') user.set_password(password) db.session.add(user) db.session.commit() log_action(f"New user '{username}' registered") flash('Registration successful! Please log in.', 'success') return redirect(url_for('auth.login')) except Exception as e: db.session.rollback() flash(f'Registration failed: {str(e)}', 'danger') return render_template('auth/register.html')