1
0
mirror of https://github.com/spl0k/supysonic.git synced 2024-12-23 01:16:18 +00:00

Login/logout

This commit is contained in:
Alban 2012-11-17 02:09:20 +01:00
parent e44f7dc2bf
commit 848cfb2814
4 changed files with 124 additions and 71 deletions

View File

@ -14,6 +14,8 @@
<div class="page"> <div class="page">
<h1>Supysonic</h1> <h1>Supysonic</h1>
<p>{% if session.get('userid') %}<a href="{{ url_for('logout') }}">Log out</a>{% else %}<a href="{{ url_for('login') }}">Log in</a>{% endif %}</p>
{% if get_flashed_messages() %} {% if get_flashed_messages() %}
<div class="flash"> <div class="flash">
{% for message in get_flashed_messages() %} {% for message in get_flashed_messages() %}

9
templates/login.html Executable file
View File

@ -0,0 +1,9 @@
{% extends "layout.html" %}
{% block body %}
<form method="post">
<label for="user">User</label><input type="text" id="user" name="user" value="{{ request.form.user }}" /><br />
<label for="password">Password</label><input type="password" id="password" name="password" /><br />
<input type="submit" />
</form>
{% endblock %}

44
user.py
View File

@ -1,6 +1,6 @@
# coding: utf-8 # coding: utf-8
from flask import Flask, request, flash, render_template, redirect, url_for from flask import Flask, request, session, flash, render_template, redirect, url_for
import string, random, hashlib import string, random, hashlib
import uuid import uuid
@ -44,7 +44,7 @@ def add_user():
db.session.commit() db.session.commit()
flash("User '%s' successfully added" % name) flash("User '%s' successfully added" % name)
return redirect(url_for('index')) return redirect(url_for('user_index'))
@app.route('/user/del/<id>') @app.route('/user/del/<id>')
def del_user(id): def del_user(id):
@ -63,5 +63,43 @@ def del_user(id):
db.session.commit() db.session.commit()
flash("Deleted user '%s'" % user.name) flash("Deleted user '%s'" % user.name)
return redirect(url_for('index')) return redirect(url_for('user_index'))
@app.route('/user/login', methods = [ 'GET', 'POST'])
def login():
return_url = request.args.get('returnUrl') or url_for('index')
if session.get('userid'):
flash('Already logged in')
return redirect(return_url)
if request.method == 'GET':
return render_template('login.html')
user, password = map(request.form.get, [ 'user', 'password' ])
error = False
if user in ('', None):
flash('Missing user name')
error = True
if password in ('', None):
flash('Missing password')
error = True
if not error:
dbuser = db.User.query.filter(db.User.name == user).first()
if not dbuser:
flash('Unknown user')
elif hashlib.sha1(dbuser.salt + password).hexdigest() != dbuser.password:
flash('Wrong password')
else:
session['userid'] = str(dbuser.id)
session['admin'] = dbuser.admin
flash('Logged in!')
return redirect(return_url)
return render_template('login.html')
@app.route('/user/logout')
def logout():
session.clear()
flash('Logged out!')
return redirect(url_for('login'))

12
web.py
View File

@ -1,7 +1,6 @@
# coding: utf-8 # coding: utf-8
from flask import Flask, request, flash, render_template, redirect, url_for from flask import Flask, request, session, flash, render_template, redirect, url_for
from sqlalchemy.orm.exc import NoResultFound
import os.path import os.path
import uuid import uuid
@ -12,14 +11,19 @@ import db
from scanner import Scanner from scanner import Scanner
@app.before_request @app.before_request
def init_check(): def init_and_login_check():
if request.path.startswith('/rest/'): if request.path.startswith('/rest/'):
return return
if db.User.query.filter(db.User.admin == True).count() == 0 and request.endpoint != 'add_user': admin_count = db.User.query.filter(db.User.admin == True).count()
if admin_count == 0 and request.endpoint != 'add_user':
flash('Not configured. Please create the first admin user') flash('Not configured. Please create the first admin user')
return redirect(url_for('add_user')) return redirect(url_for('add_user'))
if not (admin_count == 0 and request.endpoint == 'add_user') and not session.get('userid') and request.endpoint != 'login':
flash('Please login')
return redirect(url_for('login', returnUrl = request.url[len(request.url_root)-1:]))
@app.teardown_request @app.teardown_request
def teardown(exception): def teardown(exception):
db.session.remove() db.session.remove()