diff options
Diffstat (limited to 'kosten/app/views/user.py')
-rw-r--r-- | kosten/app/views/user.py | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/kosten/app/views/user.py b/kosten/app/views/user.py new file mode 100644 index 0000000..9b75af8 --- /dev/null +++ b/kosten/app/views/user.py @@ -0,0 +1,89 @@ +# -*- encoding: utf-8 -*- +from . import Blueprint, flash, db, \ + current_user, login_required, \ + templated, redirect, request, url_for + +from .. import forms as F +from ..login import login_user, logout_user, login_manager, User + +import flask + +mod = Blueprint('user', __name__) + +# +# Forms +# +class LoginForm(F.Form): + username = F.StringField('Username', F.req) + pwd = F.PasswordField('Passwort', F.req) + remember = F.BooleanField('Eingeloggt bleiben?') + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.user = None + + def validate(self): + rv = super().validate() + if not rv: + return False + + user = User.get_by(name = self.username.data) + if user is None or not user.check_password(self.pwd.data): + return False + + self.user = user + return True + + +class ChangePwdForm(F.Form): + old = F.PasswordField('Passwort', F.req) + new = F.PasswordField('Neues Passwort', F.req + [F.validators.EqualTo('confirm', 'Passwörter stimmen nicht überein')]) + confirm = F.PasswordField('Wdh. neues Passwort', F.req) + + def validate_old(self, field): + if not current_user.check_password(field.data): + raise F.ValidationError("Falsches Passwort") + + @property + def newpwd(self): + return self.new.data + +# +# Views +# +@mod.route('/login', methods=('GET', 'POST')) +@templated +def login(): + """Log the user in.""" + form = LoginForm(flash="Login fehlgeschlagen!") + if form.validate_on_submit(): + login_user(form.user, remember=form.remember.data) + # we explicitly need flask's variant as we redirect to a URI + return flask.redirect(request.args.get('next') or url_for('index')) + return { 'form': form } + + +@mod.route('/logout') +def logout(): + """Log the user out.""" + logout_user() + return redirect('.login') + + +@mod.route('/cpw', methods=('GET', 'POST')) +@login_required +@templated +def cpw(): + """Change the password of the user.""" + form = ChangePwdForm() + + if form.validate_on_submit(): + current_user.set_password(form.newpwd) + db.session.commit() + flash("Passwort geändert.") + return redirect('index') + + return { 'form': form } + +# set this, so the user is redirected to the correct view, when not logged in +login_manager.login_view = 'user.login' |