From: Drew Fisher Date: Wed, 12 Mar 2014 18:10:48 +0000 (-0700) Subject: Users can create an account. X-Git-Url: http://git.zarvox.org/shortlog/%7B%7B%20url_for%28%27main.logout_page%27%29%20%7D%7D?a=commitdiff_plain;h=5e05efa52cdd53eefd724a2bed0fb97df85a5307;p=imoo.git Users can create an account. They can't bind it to a chat network or anything yet though. --- diff --git a/imoo/templates/index.html b/imoo/templates/index.html index aef6376..b0a7ccd 100644 --- a/imoo/templates/index.html +++ b/imoo/templates/index.html @@ -6,6 +6,7 @@ {% block content %} diff --git a/imoo/templates/signup.html b/imoo/templates/signup.html new file mode 100644 index 0000000..cc54a9d --- /dev/null +++ b/imoo/templates/signup.html @@ -0,0 +1,13 @@ +{% extends 'main.html' %} +{% from '_formhelpers.html' import render_field, submit_button %} + +{% block content %} +

WE COMMAND YOU TO CREATE AN ACCOUNT

+ +
+ {{ form.hidden_tag() }} + {{ render_field(form.username) }} + {{ render_field(form.password) }} + {{ submit_button("Sign up") }} +
+{% endblock %} diff --git a/imoo/views.py b/imoo/views.py index 2b216e8..ab6e825 100644 --- a/imoo/views.py +++ b/imoo/views.py @@ -6,6 +6,13 @@ from . import forms, models blueprint = Blueprint('main', __name__, template_folder='templates') +def do_login_user(user): + login_success = login.login_user(user, remember=False) + if login_success: + pass + else: + flash(u'Login failed for {} - is that user marked inactive?'.format(user.username), 'error') + @login_manager.user_loader def load_user(userid): return models.User.query.get(userid) @@ -14,6 +21,25 @@ def load_user(userid): def index(): return render_template('index.html') +@blueprint.route("/signup", methods=["GET", "POST"]) +def signup_page(): + # LoginForm and SignupForm are functionally equivalent... + form = forms.LoginForm() + if form.validate_on_submit(): + user = models.User.query.filter_by(username=form.username.data).first() + if user: + flash(u"That username is already taken.", 'error') + else: + user = models.User() + user.username = form.username.data + user.set_password(form.password.data) + db.session.add(user) + db.session.commit() + flash(u"Account created", 'success') + do_login_user(user) + return redirect(url_for('.test_protected')) + return render_template('signup.html', form=form) + @blueprint.route("/login", methods=["GET", "POST"]) def login_page(): form = forms.LoginForm() @@ -21,18 +47,15 @@ def login_page(): user = models.User.query.filter_by(username=form.username.data).first() if not user: # User does not exist. - flash(u'Username or password is incorrect', 'error') + flash(u'Username is incorrect', 'error') elif not scrypt.check_password_hash(form.password.data, user.pw_hash, user.pw_salt): - # User exists, but wrong password. Give same behavior as no user - # existing, to try to prevent mining of usernames. - flash(u'Username or password is incorrect', 'error') + # User exists, but wrong password. Since we have open signup, but + # prevent dual use of usernames, we can't protect against username + # mining. Oh well. + flash(u'Password is incorrect', 'error') else: # Successful login. - login_success = login.login_user(user, remember=False) - if login_success: - pass - else: - flash(u'Login failed for {} - is that user marked inactive?'.format(user.username), 'error') + do_login_user(user) return redirect(url_for('.test_protected')) return render_template('login.html', form=form)