2019-02-03 16:20:05 +01:00
|
|
|
from flask import redirect, url_for, request, flash
|
|
|
|
|
from flask_login import login_user, logout_user, login_required, current_user
|
2019-09-07 14:58:16 +02:00
|
|
|
from urllib.parse import urlparse
|
2019-02-03 16:20:05 +01:00
|
|
|
from app import app
|
2019-02-03 16:52:42 +01:00
|
|
|
from app.forms.login import LoginForm
|
2019-02-03 16:20:05 +01:00
|
|
|
from app.models.users import Member
|
2019-09-03 09:28:07 +02:00
|
|
|
from app.models.privs import Group
|
2019-02-03 16:20:05 +01:00
|
|
|
from app.utils.render import render
|
2019-09-07 14:15:31 +02:00
|
|
|
from config import V5Config
|
2019-02-03 16:20:05 +01:00
|
|
|
|
2019-06-05 11:35:54 +02:00
|
|
|
|
2019-02-03 16:20:05 +01:00
|
|
|
@app.route('/login', methods=['GET', 'POST'])
|
|
|
|
|
def login():
|
2019-02-03 17:09:15 +01:00
|
|
|
if current_user.is_authenticated:
|
|
|
|
|
return redirect(url_for('index'))
|
|
|
|
|
|
2019-02-03 16:20:05 +01:00
|
|
|
form = LoginForm()
|
|
|
|
|
if form.validate_on_submit():
|
|
|
|
|
member = Member.query.filter_by(name=form.username.data).first()
|
2019-09-03 09:28:07 +02:00
|
|
|
|
|
|
|
|
# Check if member can login
|
2019-09-08 12:28:39 +02:00
|
|
|
if member is not None and "No login" in [g.name for g in member.groups]:
|
2019-09-03 09:28:07 +02:00
|
|
|
flash('Cet utilisateur ne peut pas se connecter', 'error')
|
|
|
|
|
if request.referrer:
|
|
|
|
|
return redirect(request.referrer)
|
|
|
|
|
return redirect(url_for('index'))
|
|
|
|
|
|
|
|
|
|
# Check if password is ok
|
2019-02-03 16:20:05 +01:00
|
|
|
if member is None or not member.check_password(form.password.data):
|
|
|
|
|
flash('Pseudo ou mot de passe invalide', 'error')
|
2019-09-03 09:28:07 +02:00
|
|
|
if request.referrer:
|
|
|
|
|
return redirect(request.referrer)
|
|
|
|
|
return redirect(url_for('index'))
|
|
|
|
|
|
|
|
|
|
# Login & update time-based trophies
|
2019-09-07 14:15:31 +02:00
|
|
|
login_user(member, remember=form.remember_me.data,
|
|
|
|
|
duration=V5Config.REMEMBER_COOKIE_DURATION)
|
2019-06-11 00:15:23 +02:00
|
|
|
member.update_trophies("on-login")
|
2019-09-03 09:28:07 +02:00
|
|
|
|
|
|
|
|
# Redirect safely (https://huit.re/open-redirect)
|
|
|
|
|
def is_safe_url(target):
|
|
|
|
|
ref_url = urlparse(request.host_url)
|
|
|
|
|
test_url = urlparse(urljoin(request.host_url, target))
|
|
|
|
|
return test_url.scheme in ('http', 'https') and \
|
2019-09-07 14:15:31 +02:00
|
|
|
ref_url.netloc == test_url.netloc
|
2019-09-03 09:28:07 +02:00
|
|
|
|
|
|
|
|
next = request.args.get('next')
|
|
|
|
|
if next and is_safe_url(next):
|
|
|
|
|
return redirect(next)
|
2019-02-03 17:09:15 +01:00
|
|
|
if request.referrer:
|
|
|
|
|
return redirect(request.referrer)
|
2019-02-03 16:20:05 +01:00
|
|
|
return redirect(url_for('index'))
|
2019-09-03 09:28:07 +02:00
|
|
|
|
2019-02-03 16:20:05 +01:00
|
|
|
return render('login.html', form=form)
|
|
|
|
|
|
2019-06-05 11:35:54 +02:00
|
|
|
|
2019-02-03 16:20:05 +01:00
|
|
|
@app.route('/logout')
|
|
|
|
|
@login_required
|
|
|
|
|
def logout():
|
2019-02-03 17:09:15 +01:00
|
|
|
try:
|
|
|
|
|
print(request.referrer)
|
|
|
|
|
except Exception as e:
|
|
|
|
|
print('No referrer:', e)
|
|
|
|
|
|
2019-02-03 16:20:05 +01:00
|
|
|
logout_user()
|
|
|
|
|
flash('Déconnexion réussie', 'info')
|
2019-02-03 17:09:15 +01:00
|
|
|
if request.referrer:
|
|
|
|
|
return redirect(request.referrer)
|
2019-06-05 11:35:54 +02:00
|
|
|
return redirect(url_for('index'))
|
