Users can create an account.

They can't bind it to a chat network or anything yet though.

diff --git a/imoo/templates/index.html b/imoo/templates/index.html
index aef6376d277c003e5e28360c623ff8fbe2200c9a..b0a7ccdbee79ea77f047548c79d79db11054e0d4 100644 (file)
--- a/imoo/templates/index.html
+++ b/imoo/templates/index.html
@@ -6,6 +6,7 @@
 
 {% block content %}
 <ul>
+    <li><a href="/signup">Sign up</a></li>
     <li><a href="/login">Log in</a></li>
     <li><a href="/logout">Log out</a></li>
 </ul>

diff --git a/imoo/templates/signup.html b/imoo/templates/signup.html
new file mode 100644 (file)
index 0000000..cc54a9d
--- /dev/null
+++ b/imoo/templates/signup.html
@@ -0,0 +1,13 @@
+{% extends 'main.html' %}
+{% from '_formhelpers.html' import render_field, submit_button %}
+
+{% block content %}
+<h1>WE COMMAND YOU TO CREATE AN ACCOUNT</h1>
+
+<form action="" method="post">
+    {{ form.hidden_tag() }}
+    {{ render_field(form.username) }}
+    {{ render_field(form.password) }}
+    {{ submit_button("Sign up") }}
+</form>
+{% endblock %}

diff --git a/imoo/views.py b/imoo/views.py
index 2b216e86176cf59c4365200a6b892c902ad91761..ab6e82590a15b4b35209212ab5e30b1746f895f4 100644 (file)
--- a/imoo/views.py
+++ b/imoo/views.py
@@ -6,6 +6,13 @@ from . import forms, models
 
 blueprint = Blueprint('main', __name__, template_folder='templates')
 
+def do_login_user(user):
+    login_success = login.login_user(user, remember=False)
+    if login_success:
+        pass
+    else:
+        flash(u'Login failed for {} - is that user marked inactive?'.format(user.username), 'error')
+
 @login_manager.user_loader
 def load_user(userid):
     return models.User.query.get(userid)
@@ -14,6 +21,25 @@ def load_user(userid):
 def index():
     return render_template('index.html')
 
+@blueprint.route("/signup", methods=["GET", "POST"])
+def signup_page():
+    # LoginForm and SignupForm are functionally equivalent...
+    form = forms.LoginForm()
+    if form.validate_on_submit():
+        user = models.User.query.filter_by(username=form.username.data).first()
+        if user:
+            flash(u"That username is already taken.", 'error')
+        else:
+            user = models.User()
+            user.username = form.username.data
+            user.set_password(form.password.data)
+            db.session.add(user)
+            db.session.commit()
+            flash(u"Account created", 'success')
+            do_login_user(user)
+            return redirect(url_for('.test_protected'))
+    return render_template('signup.html', form=form)
+
 @blueprint.route("/login", methods=["GET", "POST"])
 def login_page():
     form = forms.LoginForm()
@@ -21,18 +47,15 @@ def login_page():
         user = models.User.query.filter_by(username=form.username.data).first()
         if not user:
             # User does not exist.
-            flash(u'Username or password is incorrect', 'error')
+            flash(u'Username is incorrect', 'error')
         elif not scrypt.check_password_hash(form.password.data, user.pw_hash, user.pw_salt):
-            # User exists, but wrong password.  Give same behavior as no user
-            # existing, to try to prevent mining of usernames.
-            flash(u'Username or password is incorrect', 'error')
+            # User exists, but wrong password.  Since we have open signup, but
+            # prevent dual use of usernames, we can't protect against username
+            # mining.  Oh well.
+            flash(u'Password is incorrect', 'error')
         else:
             # Successful login.
-            login_success = login.login_user(user, remember=False)
-            if login_success:
-                pass
-            else:
-                flash(u'Login failed for {} - is that user marked inactive?'.format(user.username), 'error')
+            do_login_user(user)
             return redirect(url_for('.test_protected'))
     return render_template('login.html', form=form)