Login/logout.

Note that there's no user creation flow yet, so you'll have to manually
frob your DB to test this at the moment.

diff --git a/imoo/__init__.py b/imoo/__init__.py
index d6f0a4c84ba46e2d5705bdccd880bf8876534a98..7f219c3f0bf8a5b1d6e12f11a43a875eaec75fff 100644 (file)
--- a/imoo/__init__.py
+++ b/imoo/__init__.py
@@ -39,9 +39,8 @@ def create_app():
 
     # Enable plugins:
     # 1) Flask-Login
-    # Disabled until the views are implemented
-    #login_namager.init_app(app)
-    #login_manager.login_view = '.login_page'
+    login_manager.init_app(app)
+    login_manager.login_view = 'main.login_page'
 
     # 2) Flask-WTF CSRF protection
     csrf.init_app(app)

diff --git a/imoo/api.py b/imoo/api.py
index a0eaf13c86253483eac6f24b32af24e60bcc2cba..50db0f0e029b437ad5aa7b0025920013bd1b1f48 100644 (file)
--- a/imoo/api.py
+++ b/imoo/api.py
@@ -1,5 +1,6 @@
 from flask import Blueprint
 from flask.ext.restful import Api, Resource, marshal, marshal_with, fields
+from flask.ext import login
 
 blueprint = Blueprint('api', 'api')
 api = Api(blueprint)

diff --git a/imoo/templates/index.html b/imoo/templates/index.html
index c8b2098c77219e1e8eda76f34e5ce8aef3b6940f..aef6376d277c003e5e28360c623ff8fbe2200c9a 100644 (file)
--- a/imoo/templates/index.html
+++ b/imoo/templates/index.html
@@ -7,5 +7,6 @@
 {% block content %}
 <ul>
     <li><a href="/login">Log in</a></li>
+    <li><a href="/logout">Log out</a></li>
 </ul>
 {% endblock %}

diff --git a/imoo/views.py b/imoo/views.py
index 07072349904db5e1da02595124f98dec97fbce85..2b216e86176cf59c4365200a6b892c902ad91761 100644 (file)
--- a/imoo/views.py
+++ b/imoo/views.py
@@ -1,17 +1,50 @@
-from flask import Blueprint, render_template, flash
+from flask import Blueprint, render_template, flash, redirect, url_for
+from flask.ext import login, scrypt
 
 from imoo import db, login_manager
 from . import forms, models
 
 blueprint = Blueprint('main', __name__, template_folder='templates')
 
+@login_manager.user_loader
+def load_user(userid):
+    return models.User.query.get(userid)
+
 @blueprint.route("/")
 def index():
     return render_template('index.html')
 
 @blueprint.route("/login", methods=["GET", "POST"])
-def login():
+def login_page():
     form = forms.LoginForm()
     if form.validate_on_submit():
-        flash(u"login form submitted", "success")
+        user = models.User.query.filter_by(username=form.username.data).first()
+        if not user:
+            # User does not exist.
+            flash(u'Username or password is incorrect', 'error')
+        elif not scrypt.check_password_hash(form.password.data, user.pw_hash, user.pw_salt):
+            # User exists, but wrong password.  Give same behavior as no user
+            # existing, to try to prevent mining of usernames.
+            flash(u'Username or password is incorrect', 'error')
+        else:
+            # Successful login.
+            login_success = login.login_user(user, remember=False)
+            if login_success:
+                pass
+            else:
+                flash(u'Login failed for {} - is that user marked inactive?'.format(user.username), 'error')
+            return redirect(url_for('.test_protected'))
     return render_template('login.html', form=form)
+
+# Ideally, logout would be POST-only but I'm leaving it as a link for easier manual testing
+@blueprint.route("/logout", methods=["GET", "POST"])
+def logout_page():
+    login.logout_user()
+    flash(u"You have logged out successfully", 'success')
+    return redirect(url_for('.index'))
+
+@blueprint.route('/test_protected', methods=["GET"])
+@login.login_required
+def test_protected():
+    flash(u"protected page", 'success')
+    return render_template("index.html")