Newer
Older
from flask import abort, Flask, redirect, request, render_template, url_for
from flask_login import login_user, logout_user, LoginManager, login_required, current_user
from db import User
app.debug = True if "DEBUG" in environ and environ["DEBUG"] else False
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = "login"
@login_manager.user_loader
def user_loader(username):
user = User(username)
if not user.active:
return
return user
challenge = request.args.get("login_challenge")
if not challenge:
return render_template('home.html', email=current_user.email, logout_form=logout_form)
else:
redirect_to = hydra.login_request(challenge).accept(current_user.username)
@app.route('/login', methods=['GET', 'POST'])
def login():
login_form = LoginForm()
if login_form.validate_on_submit():
if user.authenticate(login_form.password.data):
next_url = login_form.next_url.data
if not is_safe_url(next_url):
return abort(400)
return redirect(next_url or url_for('home'))
return render_template('login.html', login_form=login_form)
def is_safe_url(url):
print(url)
safe = True if url == "" else False
safe = True if url == "/" or safe else False
safe = True if url[:18] == "/?login_challenge=" \
and url[18:].isalnum() or safe else False
return safe
return redirect(url_for('home'))