Browse Source

Ajout d'un groupe `nologin` (corrige #22)

Les comptes GLaDOS et PlanèteCasio sont automatiquement ajoutés au 
groupe "No login", qui empêche l'utilisateur de se connecter, et ce même 
si les identifiants sont corrects.
posts
Darks 4 months ago
parent
commit
2e80a56596
Signed by: Darks <l.gatin@neuf.fr> GPG Key ID: F61F10FA138E797C
3 changed files with 44 additions and 14 deletions
  1. +13
    -9
      app/data/groups.yaml
  2. +27
    -3
      app/routes/account/login.py
  3. +4
    -2
      master.py

+ 13
- 9
app/data/groups.yaml View File

@@ -1,6 +1,6 @@
-
name: Administrateur
css: "color: #ee0000"
css: "color: #ee0000;"
descr: "Vous voyez Chuck Norris ? Pareil."
privs: access-admin-board access-assoc-board write-news
upload-shared-files delete-shared-files
@@ -14,7 +14,7 @@
delete_notification
-
name: Modérateur
css: "color: green"
css: "color: green;"
descr: "Maîtres du kick, ils sont là pour faire respecter un semblant d'ordre."
privs: access-admin-board
edit-posts delete-posts
@@ -24,7 +24,7 @@
unlimited-pms
-
name: Développeur
css: "color: #4169e1"
css: "color: #4169e1;"
descr: "Les développeurs maintiennent et améliorent le code du site."
privs: access-admin-board
upload-shared-files delete-shared-files
@@ -34,7 +34,7 @@
access-admin-panel
-
name: Rédacteur
css: "color: blue"
css: "color: blue;"
descr: "Rédigent les meilleurs articles de la page d'accueil, rien que pour
vous <3"
privs: access-admin-board write-news
@@ -43,7 +43,7 @@
showcase-content edit-static-content
-
name: Responsable communauté
css: "color: DarkOrange"
css: "color: DarkOrange;"
descr: "Anime les pages Twitter et Facebook de Planète Casio et surveille
l'évolution du monde autour de nous !"
privs: access-admin-board write-news
@@ -52,22 +52,26 @@
showcase-content
-
name: Partenaire
css: "color: purple"
css: "color: purple;"
descr: "Membres de l'équipe d'administration des sites partenaires."
privs: write-news
upload-shared-files delete-shared-files
scheduled-posting
-
name: Compte communautaire
css: "background:#d8d8d8; border-radius:4px; color:#303030; padding:1px 2px"
css: "background:#d8d8d8; border-radius:4px; color:#303030; padding:1px 2px;"
descr: "Compte à usage général de l'équipe de Planète Casio."
-
name: Robot
css: "color: #cf25d0"
css: "color: #cf25d0;"
descr: "♫ Je suis Nono, le petit robot, l'ami d'Ulysse ♫"
privs: shoutbox-post shoutbox-kick shoutbox-ban
-
name: Membre de CreativeCalc
css: "color: #222222"
css: "color: #222222;"
descr: "CreativeCalc est l'association qui gère Planète Casio."
privs: access-assoc-board
-
name: No login
css: "color: #888888;"
descr: "Compte dont l'accès au site est désactivé."

+ 27
- 3
app/routes/account/login.py View File

@@ -3,6 +3,7 @@ from flask_login import login_user, logout_user, login_required, current_user
from app import app
from app.forms.login import LoginForm
from app.models.users import Member
from app.models.privs import Group
from app.utils.render import render


@@ -14,16 +15,39 @@ def login():
form = LoginForm()
if form.validate_on_submit():
member = Member.query.filter_by(name=form.username.data).first()

# Check if member can login
if "No login" in [g.name for g in member.groups]:
flash('Cet utilisateur ne peut pas se connecter', 'error')
if request.referrer:
return redirect(request.referrer)
return redirect(url_for('index'))

# Check if password is ok
if member is None or not member.check_password(form.password.data):
flash('Pseudo ou mot de passe invalide', 'error')
return redirect(request.referrer)
if request.referrer:
return redirect(request.referrer)
return redirect(url_for('index'))

# Login & update time-based trophies
login_user(member, remember=form.remember_me.data)
member.update_trophies("on-login")
if request.args.get('next'):
return redirect(request.args.get('next'))

# Redirect safely (https://huit.re/open-redirect)
def is_safe_url(target):
ref_url = urlparse(request.host_url)
test_url = urlparse(urljoin(request.host_url, target))
return test_url.scheme in ('http', 'https') and \
ref_url.netloc == test_url.netloc

next = request.args.get('next')
if next and is_safe_url(next):
return redirect(next)
if request.referrer:
return redirect(request.referrer)
return redirect(url_for('index'))

return render('login.html', form=form)



+ 4
- 2
master.py View File

@@ -124,13 +124,15 @@ def create_groups_and_privs():
if g is not None:
member.groups.append(g)

m = Member("PlanèteCasio", "contact@planet-casio.com", "v5-forever")
m = Member("PlanèteCasio", "contact@planet-casio.com", "nologin")
addgroup(m, "Compte communautaire")
addgroup(m, "No login")
db.session.add(m)

m = Member("GLaDOS", "glados@aperture.science", "v5-forever")
m = Member("GLaDOS", "glados@aperture.science", "nologin")
m.xp = 1338
addgroup(m, "Robot")
addgroup(m, "No login")
db.session.add(m)
db.session.commit()


Loading…
Cancel
Save