summaryrefslogtreecommitdiff
path: root/kosten/app/views/user.py
diff options
context:
space:
mode:
Diffstat (limited to 'kosten/app/views/user.py')
-rw-r--r--kosten/app/views/user.py89
1 files changed, 89 insertions, 0 deletions
diff --git a/kosten/app/views/user.py b/kosten/app/views/user.py
new file mode 100644
index 0000000..9b75af8
--- /dev/null
+++ b/kosten/app/views/user.py
@@ -0,0 +1,89 @@
+# -*- encoding: utf-8 -*-
+from . import Blueprint, flash, db, \
+ current_user, login_required, \
+ templated, redirect, request, url_for
+
+from .. import forms as F
+from ..login import login_user, logout_user, login_manager, User
+
+import flask
+
+mod = Blueprint('user', __name__)
+
+#
+# Forms
+#
+class LoginForm(F.Form):
+ username = F.StringField('Username', F.req)
+ pwd = F.PasswordField('Passwort', F.req)
+ remember = F.BooleanField('Eingeloggt bleiben?')
+
+ def __init__(self, *args, **kwargs):
+ super().__init__(*args, **kwargs)
+ self.user = None
+
+ def validate(self):
+ rv = super().validate()
+ if not rv:
+ return False
+
+ user = User.get_by(name = self.username.data)
+ if user is None or not user.check_password(self.pwd.data):
+ return False
+
+ self.user = user
+ return True
+
+
+class ChangePwdForm(F.Form):
+ old = F.PasswordField('Passwort', F.req)
+ new = F.PasswordField('Neues Passwort', F.req + [F.validators.EqualTo('confirm', 'Passwörter stimmen nicht überein')])
+ confirm = F.PasswordField('Wdh. neues Passwort', F.req)
+
+ def validate_old(self, field):
+ if not current_user.check_password(field.data):
+ raise F.ValidationError("Falsches Passwort")
+
+ @property
+ def newpwd(self):
+ return self.new.data
+
+#
+# Views
+#
+@mod.route('/login', methods=('GET', 'POST'))
+@templated
+def login():
+ """Log the user in."""
+ form = LoginForm(flash="Login fehlgeschlagen!")
+ if form.validate_on_submit():
+ login_user(form.user, remember=form.remember.data)
+ # we explicitly need flask's variant as we redirect to a URI
+ return flask.redirect(request.args.get('next') or url_for('index'))
+ return { 'form': form }
+
+
+@mod.route('/logout')
+def logout():
+ """Log the user out."""
+ logout_user()
+ return redirect('.login')
+
+
+@mod.route('/cpw', methods=('GET', 'POST'))
+@login_required
+@templated
+def cpw():
+ """Change the password of the user."""
+ form = ChangePwdForm()
+
+ if form.validate_on_submit():
+ current_user.set_password(form.newpwd)
+ db.session.commit()
+ flash("Passwort geändert.")
+ return redirect('index')
+
+ return { 'form': form }
+
+# set this, so the user is redirected to the correct view, when not logged in
+login_manager.login_view = 'user.login'
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-29 00:25:44 +0000