Use Bcrypt for password hashing and refactor extension registration

11 years ago · 4dad84074b
parent abda53a2f3
commit 4dad84074b
5 changed files with 31 additions and 22 deletions
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/app.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/app.py
@ -1,16 +1,13 @@
 # -*- coding: utf-8 -*-
-import os
 from flask import Flask
-from flask.ext.sqlalchemy import SQLAlchemy
 from flask.ext.assets import Environment
 from webassets.loaders import PythonLoader

 from {{ cookiecutter.repo_name }}.settings import ProdConfig
-from {{cookiecutter.repo_name}} import assets
+from {{cookiecutter.repo_name}}.assets import assets
 from {{cookiecutter.repo_name}}.database import db
 from {{cookiecutter.repo_name}} import public, user

-assets_env = Environment()

 def create_app(config_object=ProdConfig):
    '''An application factory, as explained here:
@ -20,17 +17,16 @@ def create_app(config_object=ProdConfig):
    '''
    app = Flask(__name__)
    app.config.from_object(config_object)
-    # Initialize SQLAlchemy
-    db.init_app(app)
-    # Register asset bundles
-    assets_env.init_app(app)
-    assets_loader = PythonLoader(assets)
-    for name, bundle in assets_loader.load_bundles().iteritems():
-        assets_env.register(name, bundle)
+    register_extensions(app)
    register_blueprints(app)
    return app


+def register_extensions(app):
+    db.init_app(app)
+    assets.init_app(app)
+
+
 def register_blueprints(app):
    # Register blueprints
    app.register_blueprint(public.views.blueprint)
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/assets.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/assets.py
@ -1,14 +1,14 @@
 # -*- coding: utf-8 -*-
-from flask.ext.assets import Bundle
+from flask.ext.assets import Bundle, Environment

-common_css = Bundle(
+css = Bundle(
    "libs/bootstrap3/css/bootstrap.min.css",
    "css/style.css",
    filters="cssmin",
    output="public/css/common.css"
 )

-common_js = Bundle(
+js = Bundle(
    "libs/jquery2/jquery-2.0.3.min.js",
    "libs/bootstrap3/js/bootstrap.min.js",
    "js/plugins.js",
@ -18,3 +18,8 @@ common_js = Bundle(
    ),
    output="public/js/common.js"
 )
+
+assets = Environment()
+
+assets.register("js_all", js)
+assets.register("css_all", css)
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/extensions.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/extensions.py
@ -0,0 +1,5 @@
+# -*- coding: utf-8 -*-
+"""Extensions module."""
+
+from flask.ext.bcrypt import Bcrypt
+bcrypt = Bcrypt()
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/templates/_layouts/base.html
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/templates/_layouts/base.html
@ -20,7 +20,7 @@
  <!-- Mobile viewport optimized: h5bp.com/viewport -->
  <meta name="viewport" content="width=device-width">

-  {% assets "common_css" %}
+  {% assets "css_all" %}
    <link rel="stylesheet" href="{{ ASSET_URL }}">
  {% endassets %}

@ -60,7 +60,7 @@
 {% include "_layouts/footer.html" %}

 <!-- JavaScript at the bottom for fast page loading -->
-{% assets "common_js" %}
+{% assets "js_all" %}
    <script type="text/javascript" src="{{ ASSET_URL }}"></script>
 {% endassets %}
 {% block js %}{% endblock %}
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/user/models.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/user/models.py
@ -1,6 +1,8 @@
 # -*- coding: utf-8 -*-
-from passlib.apps import custom_app_context as pwd_context
+import datetime as dt
+
 from {{cookiecutter.repo_name}}.database import db
+from {{cookiecutter.repo_name}}.extensions import bcrypt


 class User(db.Model):
@ -10,18 +12,19 @@ class User(db.Model):
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(80), unique=True, nullable=False)
    password_hash = db.Column(db.String, nullable=False)
+    created_at = db.Column(db.DateTime(), nullable=False)

-    def __init__(self, username=None, email=None, password=None):
+    def __init__(self, username, email, password):
        self.username = username
        self.email = email
-        if password:
-            self.set_password(password)
+        self.set_password(password)
+        self.created_at = dt.datetime.utcnow()

    def set_password(self, password):
-        self.password_hash = pwd_context.encrypt(password)
+        self.password_hash = bcrypt.generate_password_hash(password)

    def check_password(self, password):
-        return pwd_context.verify(password, self.password_hash)
+        return bcrypt.check_password_hash(self.password_hash, password)

    def __repr__(self):
        return '<User "{username}">'.format(username=self.username)