@ -3,6 +3,7 @@ from flask_login import login_user, logout_user, login_required, current_user
from app import app
from app . forms . login import LoginForm
from app . models . users import Member
from app . models . privs import Group
from app . utils . render import render
@ -14,16 +15,39 @@ def login():
form = LoginForm ( )
if form . validate_on_submit ( ) :
member = Member . query . filter_by ( name = form . username . data ) . first ( )
# Check if member can login
if " No login " in [ g . name for g in member . groups ] :
flash ( ' Cet utilisateur ne peut pas se connecter ' , ' error ' )
if request . referrer :
return redirect ( request . referrer )
return redirect ( url_for ( ' index ' ) )
# Check if password is ok
if member is None or not member . check_password ( form . password . data ) :
flash ( ' Pseudo ou mot de passe invalide ' , ' error ' )
return redirect ( request . referrer )
if request . referrer :
return redirect ( request . referrer )
return redirect ( url_for ( ' index ' ) )
# Login & update time-based trophies
login_user ( member , remember = form . remember_me . data )
member . update_trophies ( " on-login " )
if request . args . get ( ' next ' ) :
return redirect ( request . args . get ( ' next ' ) )
# Redirect safely (https://huit.re/open-redirect)
def is_safe_url ( target ) :
ref_url = urlparse ( request . host_url )
test_url = urlparse ( urljoin ( request . host_url , target ) )
return test_url . scheme in ( ' http ' , ' https ' ) and \
ref_url . netloc == test_url . netloc
next = request . args . get ( ' next ' )
if next and is_safe_url ( next ) :
return redirect ( next )
if request . referrer :
return redirect ( request . referrer )
return redirect ( url_for ( ' index ' ) )
return render ( ' login.html ' , form = form )
