app.py

from flask import abort, Flask, redirect, request, render_template, url_for
from os import urandom, environ
from hydra_client import HydraAdmin
from flask_login import login_user, logout_user, LoginManager, login_required, current_user
from db import User
from forms import LoginForm, LogoutForm

HYDRA_ADMIN_URL = environ['HYDRA_ADMIN_URL']
hydra = HydraAdmin(HYDRA_ADMIN_URL)

app = Flask(__name__)
app.config['SECRET_KEY'] = urandom(16)
app.debug = True if "DEBUG" in environ and environ["DEBUG"] else False

login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = "login"

@login_manager.user_loader
def user_loader(username):
    user = User(username)
    if not user.active:
        return
    return user

@app.route('/', methods=['GET'])
@login_required
def home():
    """Accepts hydra login challenge or renders welcome page

    Connects to the Hydra admin API to accept the login challenge.
    A reference to this challenge object is passed with via args.login_challenge (GET)

    Args:
        login_challenge: A alphanumeric id generated by Hydra, that references a login
            challenge object. The login challenge object can be rejected or accepted via the
            hydra admin API

    Returns:
        Redirect that is saved in the challenge object
        If no challenge reference was passed this function renders a welcome page
    """
    logout_form = LogoutForm()
    challenge = request.args.get("login_challenge")
    if not challenge:
        return render_template('home.html', email=current_user.email, logout_form=logout_form)
    else:
        redirect_to = hydra.login_request(challenge).accept(current_user.username)
        return redirect(redirect_to)

@app.route('/login', methods=['GET', 'POST'])
def login():
    """Provides login form and handles Login attempt

    Args:
        login_form: contains login data submitted by a user (POST)
        next_url: url that this function redirects to after logging in the user

    Returns:
        Error page in case the login was unsuccessful
        Redirect to home page, forwarding the login_challenge in case login was successful
    """
    login_form = LoginForm()
    if login_form.validate_on_submit():
        user = User(login_form.username.data)
        if user.authenticate(login_form.password.data):
            login_user(user)
        next_url = login_form.next_url.data
        if not is_safe_url(next_url):
            return abort(400)
        return redirect(next_url or url_for('home'))
    login_form.next_url.data = request.args.get('next')
    return render_template('login.html', login_form=login_form)

def is_safe_url(url):
    safe = True if url == "" else False
    safe = True if url == "/" or safe else False
    safe = True if url[:18] == "/?login_challenge=" \
                   and url[18:].isalnum() or safe else False
    return safe

@app.route('/logout', methods=['POST', 'GET'])
def logout():
    logout_user()
    return redirect(url_for('home'))

if __name__ == '__main__':
    app.run()