112 lines
4.0 KiB
Python
112 lines
4.0 KiB
Python
"""
|
|
Authentication routes
|
|
"""
|
|
|
|
from flask import Blueprint, render_template, request, redirect, url_for, flash, session
|
|
from flask_login import login_user, logout_user, login_required, current_user
|
|
from app.models.user import User
|
|
from app.extensions import db
|
|
from app.utils.logger import log_action
|
|
import os
|
|
|
|
bp = Blueprint('auth', __name__)
|
|
|
|
@bp.route('/login', methods=['GET', 'POST'])
|
|
def login():
|
|
"""User login"""
|
|
if current_user.is_authenticated:
|
|
return redirect(url_for('dashboard.index'))
|
|
|
|
if request.method == 'POST':
|
|
username = request.form.get('username', '').strip()
|
|
password = request.form.get('password', '')
|
|
|
|
if not username or not password:
|
|
flash('Please enter both username and password.', 'danger')
|
|
return render_template('auth/login.html')
|
|
|
|
user = User.query.filter_by(username=username).first()
|
|
|
|
if user and user.check_password(password) and user.is_active:
|
|
login_user(user)
|
|
user.last_login = db.func.current_timestamp()
|
|
db.session.commit()
|
|
|
|
log_action(f"User '{username}' logged in")
|
|
|
|
# Redirect to next page or dashboard
|
|
next_page = request.args.get('next')
|
|
if next_page:
|
|
return redirect(next_page)
|
|
return redirect(url_for('dashboard.index'))
|
|
else:
|
|
flash('Invalid username or password.', 'danger')
|
|
log_action(f"Failed login attempt for username '{username}'", level='WARNING')
|
|
|
|
# Check if login picture exists
|
|
from flask import current_app
|
|
login_picture_path = os.path.join(current_app.static_folder, 'assets', 'login_picture.png')
|
|
login_picture_exists = os.path.exists(login_picture_path)
|
|
|
|
return render_template('auth/login.html', login_picture_exists=login_picture_exists)
|
|
|
|
@bp.route('/logout')
|
|
@login_required
|
|
def logout():
|
|
"""User logout"""
|
|
username = current_user.username
|
|
logout_user()
|
|
log_action(f"User '{username}' logged out")
|
|
flash('You have been logged out successfully.', 'info')
|
|
return redirect(url_for('auth.login'))
|
|
|
|
@bp.route('/register', methods=['GET', 'POST'])
|
|
def register():
|
|
"""User registration (for development only)"""
|
|
from flask import current_app
|
|
|
|
# Only allow registration in development mode
|
|
if not current_app.config.get('DEBUG', False):
|
|
flash('Registration is disabled.', 'danger')
|
|
return redirect(url_for('auth.login'))
|
|
|
|
if request.method == 'POST':
|
|
username = request.form.get('username', '').strip()
|
|
password = request.form.get('password', '')
|
|
confirm_password = request.form.get('confirm_password', '')
|
|
|
|
# Validation
|
|
if not username or not password:
|
|
flash('Please enter both username and password.', 'danger')
|
|
return render_template('auth/register.html')
|
|
|
|
if password != confirm_password:
|
|
flash('Passwords do not match.', 'danger')
|
|
return render_template('auth/register.html')
|
|
|
|
if len(password) < 6:
|
|
flash('Password must be at least 6 characters long.', 'danger')
|
|
return render_template('auth/register.html')
|
|
|
|
# Check if user already exists
|
|
if User.query.filter_by(username=username).first():
|
|
flash('Username already exists.', 'danger')
|
|
return render_template('auth/register.html')
|
|
|
|
# Create new user
|
|
try:
|
|
user = User(username=username, role='user')
|
|
user.set_password(password)
|
|
db.session.add(user)
|
|
db.session.commit()
|
|
|
|
log_action(f"New user '{username}' registered")
|
|
flash('Registration successful! Please log in.', 'success')
|
|
return redirect(url_for('auth.login'))
|
|
|
|
except Exception as e:
|
|
db.session.rollback()
|
|
flash(f'Registration failed: {str(e)}', 'danger')
|
|
|
|
return render_template('auth/register.html')
|