Flask-Login support

11 years ago · 581ce4d981
parent fadc114ac7
commit 581ce4d981
10 changed files with 106 additions and 46 deletions
--- a/{{cookiecutter.repo_name}}/requirements/prod.txt
+++ b/{{cookiecutter.repo_name}}/requirements/prod.txt
@ -25,4 +25,5 @@ cssmin>=0.1.4
 jsmin>=2.0.4

 # Auth
+Flask-Login>=0.2.7
 Flask-Bcrypt>=0.5.2
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/app.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/app.py
@ -5,6 +5,7 @@ from webassets.loaders import PythonLoader

 from {{ cookiecutter.repo_name }}.settings import ProdConfig
 from {{cookiecutter.repo_name}}.assets import assets
+from {{cookiecutter.repo_name}}.extensions import login_manager
 from {{cookiecutter.repo_name}}.database import db
 from {{cookiecutter.repo_name}} import public, user

@ -24,11 +25,13 @@ def create_app(config_object=ProdConfig):

 def register_extensions(app):
    db.init_app(app)
+    login_manager.init_app(app)
    assets.init_app(app)
+    return None


 def register_blueprints(app):
    # Register blueprints
    app.register_blueprint(public.views.blueprint)
    app.register_blueprint(user.views.blueprint)
-    return app
+    return None
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/extensions.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/extensions.py
@ -3,3 +3,6 @@

 from flask.ext.bcrypt import Bcrypt
 bcrypt = Bcrypt()
+
+from flask.ext.login import LoginManager
+login_manager = LoginManager()
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/public/forms.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/public/forms.py
@ -1,19 +1,32 @@
 from flask_wtf import Form
 from wtforms import TextField, PasswordField
-from wtforms.validators import DataRequired, Email, EqualTo, Length
-
-
-class RegisterForm(Form):
-    username = TextField('Username',
-                    validators=[DataRequired(), Length(min=3, max=25)])
-    email = TextField('Email',
-                    validators=[DataRequired(), Email(), Length(min=6, max=40)])
-    password = PasswordField('Password',
-                                validators=[DataRequired(), Length(min=6, max=40)])
-    confirm = PasswordField('Verify password',
-                [DataRequired(), EqualTo('password', message='Passwords must match')])
+from wtforms.validators import DataRequired

+from {{cookiecutter.repo_name}}.user.models import User

 class LoginForm(Form):
    username = TextField('Username', validators=[DataRequired()])
    password = PasswordField('Password', validators=[DataRequired()])
+
+    def __init__(self, *args, **kwargs):
+        super(LoginForm, self).__init__(*args, **kwargs)
+        self.user = None
+
+    def validate(self):
+        initial_validation = super(LoginForm, self).validate()
+        if not initial_validation:
+            return False
+
+        self.user = User.query.filter_by(username=self.username.data).first()
+        if not self.user:
+            self.username.errors.append("Unknown username")
+            return False
+
+        if not self.user.check_password(self.password.data):
+            self.password.errors.append("Invalid password")
+            return False
+
+        if not self.user.active:
+            self.username.errors.append("User not activated")
+            return False
+        return True
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/public/views.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/public/views.py
@ -2,35 +2,44 @@
 '''Public section, including homepage and signup.'''
 from flask import (Blueprint, request, render_template, flash, url_for,
                    redirect, session)
+from flask.ext.login import login_user, login_required, logout_user
 from sqlalchemy.exc import IntegrityError

+from {{cookiecutter.repo_name}}.extensions import login_manager
 from {{cookiecutter.repo_name}}.user.models import User
-from {{cookiecutter.repo_name}}.public.forms import RegisterForm, LoginForm
+from {{cookiecutter.repo_name}}.public.forms import LoginForm
+from {{cookiecutter.repo_name}}.user.forms import RegisterForm
 from {{cookiecutter.repo_name}}.utils import flash_errors
 from {{cookiecutter.repo_name}}.database import db

 blueprint = Blueprint('public', __name__, static_folder="../static")

+@login_manager.user_loader
+def load_user(id):
+    try:
+        return User.query.get(int(id))
+    except Exception:
+        return None
+

@blueprint.route("/", methods=["GET", "POST"])
 def home():
    form = LoginForm(request.form)
+    # Handle logging in
    if request.method == 'POST':
-        u = User.query.filter_by(username=request.form['username']).first()
-        if u is None or not u.check_password(request.form['password']):
-            error = 'Invalid username or password.'
-            flash(error, 'warning')
-        else:
-            session['logged_in'] = True
-            session['username'] = u.username
+        if form.validate_on_submit():
+            login_user(form.user)
            flash("You are logged in.", 'success')
-            return redirect(url_for("user.members"))
+            redirect_url = request.args.get("next") or url_for("user.members")
+            return redirect(redirect_url)
+        else:
+            flash_errors(form)
    return render_template("public/home.html", form=form)

@blueprint.route('/logout/')
+@login_required
 def logout():
-    session.pop('logged_in', None)
-    session.pop('username', None)
+    logout_user()
    flash('You are logged out.', 'info')
    return redirect(url_for('public.home'))

@ -38,7 +47,10 @@ def logout():
 def register():
    form = RegisterForm(request.form, csrf_enabled=False)
    if form.validate_on_submit():
-        new_user = User(form.username.data, form.email.data, form.password.data)
+        new_user = User(username=form.username.data,
+                        email=form.email.data,
+                        password=form.password.data,
+                        active=True)
        try:
            db.session.add(new_user)
            db.session.commit()
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/templates/_layouts/nav.html
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/templates/_layouts/nav.html
@ -20,10 +20,10 @@
      <li class="active"><a href="{{ url_for('public.home') }}">Home</a></li>
      <li><a href="{{ url_for('public.about') }}">About</a></li>
    </ul>
-    {% if session.logged_in %}
+    {% if current_user.is_authenticated() %}
    <a class="btn btn-default btn-sm navbar-btn navbar-right" href="{{ url_for('public.logout') }}">Log out</a>
    <ul class="nav navbar-nav navbar-right">
-      <li><a href="{{ url_for('user.members') }}">Logged in as {{ session.username }}</a></li>
+      <li><a href="{{ url_for('user.members') }}">Logged in as {{ current_user.username }}</a></li>
    </ul>
    {% elif form %}
    <ul class="nav navbar-nav navbar-right">
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/user/forms.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/user/forms.py
@ -0,0 +1,36 @@
+from flask_wtf import Form
+from wtforms import TextField, PasswordField
+from wtforms.validators import DataRequired, Email, EqualTo, Length
+
+from .models import User
+
+class RegisterForm(Form):
+    username = TextField('Username',
+                    validators=[DataRequired(), Length(min=3, max=25)])
+    email = TextField('Email',
+                    validators=[DataRequired(), Email(), Length(min=6, max=40)])
+    password = PasswordField('Password',
+                                validators=[DataRequired(), Length(min=6, max=40)])
+    confirm = PasswordField('Verify password',
+                [DataRequired(), EqualTo('password', message='Passwords must match')])
+
+
+    def __init__(self, *args, **kwargs):
+        super(RegisterForm, self).__init__(*args, **kwargs)
+        self.user = None
+
+    def validate(self):
+        initial_validation = super(RegisterForm, self).validate()
+        if not initial_validation:
+            return False
+        user = User.query.filter_by(username=self.username.data).first()
+        if user:
+            self.username.errors.append("Username already registered")
+            return False
+        user = User.query.filter_by(email=self.email.data).first()
+        if user:
+            self.email.errors.append("Email already registered")
+            return False
+
+        self.user = user
+        return True
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/user/models.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/user/models.py
@ -1,11 +1,13 @@
 # -*- coding: utf-8 -*-
 import datetime as dt

+from flask.ext.login import UserMixin
+
 from {{cookiecutter.repo_name}}.database import db
 from {{cookiecutter.repo_name}}.extensions import bcrypt


-class User(db.Model):
+class User(UserMixin, db.Model):

    __tablename__ = 'users'
    id = db.Column(db.Integer, primary_key=True)
@ -13,11 +15,15 @@ class User(db.Model):
    email = db.Column(db.String(80), unique=True, nullable=False)
    password_hash = db.Column(db.String, nullable=False)
    created_at = db.Column(db.DateTime(), nullable=False)
+    active = db.Column(db.Boolean())
+    is_admin = db.Column(db.Boolean())

-    def __init__(self, username, email, password):
+    def __init__(self, username, email, password, active=False, is_admin=False):
        self.username = username
        self.email = email
        self.set_password(password)
+        self.active = active
+        self.is_admin = is_admin
        self.created_at = dt.datetime.utcnow()

    def set_password(self, password):
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/user/views.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/user/views.py
@ -1,7 +1,5 @@
 from flask import Blueprint, render_template
-
-from {{cookiecutter.repo_name}}.utils import login_required
-
+from flask.ext.login import login_required

 blueprint = Blueprint("user", __name__, url_prefix='/users',
                        static_folder="../static")
--- a/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/utils.py
+++ b/{{cookiecutter.repo_name}}/{{cookiecutter.repo_name}}/utils.py
@ -1,22 +1,10 @@
 # -*- coding: utf-8 -*-
 '''Helper utilities and decorators.'''
-from flask import session, flash, redirect, url_for
-from functools import wraps
+from flask import flash

 def flash_errors(form):
    '''Flash all errors for a form.'''
    for field, errors in form.errors.items():
        for error in errors:
-            flash("Error in the {0} field - {1}"
+            flash("Error in {0} field - {1}"
                    .format(getattr(form, field).label.text, error), 'warning')
-
-def login_required(test):
-    '''Decorator that makes a view require authentication.'''
-    @wraps(test)
-    def wrap(*args, **kwargs):
-        if 'logged_in' in session:
-            return test(*args, **kwargs)
-        else:
-            flash('You need to log in first.')
-            return redirect(url_for('home'))
-    return wrap