mirror of
https://github.com/spl0k/supysonic.git
synced 2024-12-23 01:16:18 +00:00
Login/logout
This commit is contained in:
parent
e44f7dc2bf
commit
848cfb2814
@ -14,6 +14,8 @@
|
|||||||
<div class="page">
|
<div class="page">
|
||||||
<h1>Supysonic</h1>
|
<h1>Supysonic</h1>
|
||||||
|
|
||||||
|
<p>{% if session.get('userid') %}<a href="{{ url_for('logout') }}">Log out</a>{% else %}<a href="{{ url_for('login') }}">Log in</a>{% endif %}</p>
|
||||||
|
|
||||||
{% if get_flashed_messages() %}
|
{% if get_flashed_messages() %}
|
||||||
<div class="flash">
|
<div class="flash">
|
||||||
{% for message in get_flashed_messages() %}
|
{% for message in get_flashed_messages() %}
|
||||||
|
9
templates/login.html
Executable file
9
templates/login.html
Executable file
@ -0,0 +1,9 @@
|
|||||||
|
{% extends "layout.html" %}
|
||||||
|
{% block body %}
|
||||||
|
<form method="post">
|
||||||
|
<label for="user">User</label><input type="text" id="user" name="user" value="{{ request.form.user }}" /><br />
|
||||||
|
<label for="password">Password</label><input type="password" id="password" name="password" /><br />
|
||||||
|
<input type="submit" />
|
||||||
|
</form>
|
||||||
|
{% endblock %}
|
||||||
|
|
44
user.py
44
user.py
@ -1,6 +1,6 @@
|
|||||||
# coding: utf-8
|
# coding: utf-8
|
||||||
|
|
||||||
from flask import Flask, request, flash, render_template, redirect, url_for
|
from flask import Flask, request, session, flash, render_template, redirect, url_for
|
||||||
import string, random, hashlib
|
import string, random, hashlib
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
@ -44,7 +44,7 @@ def add_user():
|
|||||||
db.session.commit()
|
db.session.commit()
|
||||||
flash("User '%s' successfully added" % name)
|
flash("User '%s' successfully added" % name)
|
||||||
|
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('user_index'))
|
||||||
|
|
||||||
@app.route('/user/del/<id>')
|
@app.route('/user/del/<id>')
|
||||||
def del_user(id):
|
def del_user(id):
|
||||||
@ -63,5 +63,43 @@ def del_user(id):
|
|||||||
db.session.commit()
|
db.session.commit()
|
||||||
flash("Deleted user '%s'" % user.name)
|
flash("Deleted user '%s'" % user.name)
|
||||||
|
|
||||||
return redirect(url_for('index'))
|
return redirect(url_for('user_index'))
|
||||||
|
|
||||||
|
@app.route('/user/login', methods = [ 'GET', 'POST'])
|
||||||
|
def login():
|
||||||
|
return_url = request.args.get('returnUrl') or url_for('index')
|
||||||
|
if session.get('userid'):
|
||||||
|
flash('Already logged in')
|
||||||
|
return redirect(return_url)
|
||||||
|
|
||||||
|
if request.method == 'GET':
|
||||||
|
return render_template('login.html')
|
||||||
|
|
||||||
|
user, password = map(request.form.get, [ 'user', 'password' ])
|
||||||
|
error = False
|
||||||
|
if user in ('', None):
|
||||||
|
flash('Missing user name')
|
||||||
|
error = True
|
||||||
|
if password in ('', None):
|
||||||
|
flash('Missing password')
|
||||||
|
error = True
|
||||||
|
if not error:
|
||||||
|
dbuser = db.User.query.filter(db.User.name == user).first()
|
||||||
|
if not dbuser:
|
||||||
|
flash('Unknown user')
|
||||||
|
elif hashlib.sha1(dbuser.salt + password).hexdigest() != dbuser.password:
|
||||||
|
flash('Wrong password')
|
||||||
|
else:
|
||||||
|
session['userid'] = str(dbuser.id)
|
||||||
|
session['admin'] = dbuser.admin
|
||||||
|
flash('Logged in!')
|
||||||
|
return redirect(return_url)
|
||||||
|
|
||||||
|
return render_template('login.html')
|
||||||
|
|
||||||
|
@app.route('/user/logout')
|
||||||
|
def logout():
|
||||||
|
session.clear()
|
||||||
|
flash('Logged out!')
|
||||||
|
return redirect(url_for('login'))
|
||||||
|
|
||||||
|
12
web.py
12
web.py
@ -1,7 +1,6 @@
|
|||||||
# coding: utf-8
|
# coding: utf-8
|
||||||
|
|
||||||
from flask import Flask, request, flash, render_template, redirect, url_for
|
from flask import Flask, request, session, flash, render_template, redirect, url_for
|
||||||
from sqlalchemy.orm.exc import NoResultFound
|
|
||||||
import os.path
|
import os.path
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
@ -12,14 +11,19 @@ import db
|
|||||||
from scanner import Scanner
|
from scanner import Scanner
|
||||||
|
|
||||||
@app.before_request
|
@app.before_request
|
||||||
def init_check():
|
def init_and_login_check():
|
||||||
if request.path.startswith('/rest/'):
|
if request.path.startswith('/rest/'):
|
||||||
return
|
return
|
||||||
|
|
||||||
if db.User.query.filter(db.User.admin == True).count() == 0 and request.endpoint != 'add_user':
|
admin_count = db.User.query.filter(db.User.admin == True).count()
|
||||||
|
if admin_count == 0 and request.endpoint != 'add_user':
|
||||||
flash('Not configured. Please create the first admin user')
|
flash('Not configured. Please create the first admin user')
|
||||||
return redirect(url_for('add_user'))
|
return redirect(url_for('add_user'))
|
||||||
|
|
||||||
|
if not (admin_count == 0 and request.endpoint == 'add_user') and not session.get('userid') and request.endpoint != 'login':
|
||||||
|
flash('Please login')
|
||||||
|
return redirect(url_for('login', returnUrl = request.url[len(request.url_root)-1:]))
|
||||||
|
|
||||||
@app.teardown_request
|
@app.teardown_request
|
||||||
def teardown(exception):
|
def teardown(exception):
|
||||||
db.session.remove()
|
db.session.remove()
|
||||||
|
Loading…
Reference in New Issue
Block a user