Browse Source

Ajout d'un groupe `nologin` (corrige #22)

Les comptes GLaDOS et PlanèteCasio sont automatiquement ajoutés au 
groupe "No login", qui empêche l'utilisateur de se connecter, et ce même 
si les identifiants sont corrects.
posts
Darks 11 months ago
parent
commit
2e80a56596
Signed by: Darks <l.gatin@neuf.fr> GPG Key ID: F61F10FA138E797C
3 changed files with 44 additions and 14 deletions
  1. +13
    -9
      app/data/groups.yaml
  2. +27
    -3
      app/routes/account/login.py
  3. +4
    -2
      master.py

+ 13
- 9
app/data/groups.yaml View File

@@ -1,6 +1,6 @@
-
name: Administrateur
css: "color: #ee0000"
css: "color: #ee0000;"
descr: "Vous voyez Chuck Norris ? Pareil."
privs: access-admin-board access-assoc-board write-news
upload-shared-files delete-shared-files
@@ -14,7 +14,7 @@
delete_notification
-
name: Modérateur
css: "color: green"
css: "color: green;"
descr: "Maîtres du kick, ils sont là pour faire respecter un semblant d'ordre."
privs: access-admin-board
edit-posts delete-posts
@@ -24,7 +24,7 @@
unlimited-pms
-
name: Développeur
css: "color: #4169e1"
css: "color: #4169e1;"
descr: "Les développeurs maintiennent et améliorent le code du site."
privs: access-admin-board
upload-shared-files delete-shared-files
@@ -34,7 +34,7 @@
access-admin-panel
-
name: Rédacteur
css: "color: blue"
css: "color: blue;"
descr: "Rédigent les meilleurs articles de la page d'accueil, rien que pour
vous <3"
privs: access-admin-board write-news
@@ -43,7 +43,7 @@
showcase-content edit-static-content
-
name: Responsable communauté
css: "color: DarkOrange"
css: "color: DarkOrange;"
descr: "Anime les pages Twitter et Facebook de Planète Casio et surveille
l'évolution du monde autour de nous !"
privs: access-admin-board write-news
@@ -52,22 +52,26 @@
showcase-content
-
name: Partenaire
css: "color: purple"
css: "color: purple;"
descr: "Membres de l'équipe d'administration des sites partenaires."
privs: write-news
upload-shared-files delete-shared-files
scheduled-posting
-
name: Compte communautaire
css: "background:#d8d8d8; border-radius:4px; color:#303030; padding:1px 2px"
css: "background:#d8d8d8; border-radius:4px; color:#303030; padding:1px 2px;"
descr: "Compte à usage général de l'équipe de Planète Casio."
-
name: Robot
css: "color: #cf25d0"
css: "color: #cf25d0;"
descr: "♫ Je suis Nono, le petit robot, l'ami d'Ulysse ♫"
privs: shoutbox-post shoutbox-kick shoutbox-ban
-
name: Membre de CreativeCalc
css: "color: #222222"
css: "color: #222222;"
descr: "CreativeCalc est l'association qui gère Planète Casio."
privs: access-assoc-board
-
name: No login
css: "color: #888888;"
descr: "Compte dont l'accès au site est désactivé."

+ 27
- 3
app/routes/account/login.py View File

@@ -3,6 +3,7 @@ from flask_login import login_user, logout_user, login_required, current_user
from app import app
from app.forms.login import LoginForm
from app.models.users import Member
from app.models.privs import Group
from app.utils.render import render


@@ -14,16 +15,39 @@ def login():
form = LoginForm()
if form.validate_on_submit():
member = Member.query.filter_by(name=form.username.data).first()

# Check if member can login
if "No login" in [g.name for g in member.groups]:
flash('Cet utilisateur ne peut pas se connecter', 'error')
if request.referrer:
return redirect(request.referrer)
return redirect(url_for('index'))

# Check if password is ok
if member is None or not member.check_password(form.password.data):
flash('Pseudo ou mot de passe invalide', 'error')
return redirect(request.referrer)
if request.referrer:
return redirect(request.referrer)
return redirect(url_for('index'))

# Login & update time-based trophies
login_user(member, remember=form.remember_me.data)
member.update_trophies("on-login")
if request.args.get('next'):
return redirect(request.args.get('next'))

# Redirect safely (https://huit.re/open-redirect)
def is_safe_url(target):
ref_url = urlparse(request.host_url)
test_url = urlparse(urljoin(request.host_url, target))
return test_url.scheme in ('http', 'https') and \
ref_url.netloc == test_url.netloc

next = request.args.get('next')
if next and is_safe_url(next):
return redirect(next)
if request.referrer:
return redirect(request.referrer)
return redirect(url_for('index'))

return render('login.html', form=form)




+ 4
- 2
master.py View File

@@ -124,13 +124,15 @@ def create_groups_and_privs():
if g is not None:
member.groups.append(g)

m = Member("PlanèteCasio", "contact@planet-casio.com", "v5-forever")
m = Member("PlanèteCasio", "contact@planet-casio.com", "nologin")
addgroup(m, "Compte communautaire")
addgroup(m, "No login")
db.session.add(m)

m = Member("GLaDOS", "glados@aperture.science", "v5-forever")
m = Member("GLaDOS", "glados@aperture.science", "nologin")
m.xp = 1338
addgroup(m, "Robot")
addgroup(m, "No login")
db.session.add(m)
db.session.commit()



Loading…
Cancel
Save