Skip to content
Snippets Groups Projects
Normal view History Permalink
app.py 2.15 KiB
Newer Older
Mark's avatar
Remove sql backend and change from email to username  
Mark committed
1 
from flask import abort, Flask, redirect, request, render_template, url_for
Mark's avatar
Load config from environ  
Mark committed
2 
from os import urandom, environ
Mark's avatar
Initial commit
Mark committed
3 
from hydra_client import HydraAdmin
Mark's avatar
Remove sql backend and change from email to username  
Mark committed
4 
from wtforms import SubmitField, StringField, PasswordField
Mark's avatar
Implement logout scenario  
Mark committed
5 
from flask_wtf import FlaskForm
Mark's avatar
Refactor  
Mark committed
6 7 
from flask_login import login_user, logout_user, LoginManager, login_required, current_user
from db import User
Mark's avatar
Load config from environ  
Mark committed
8 9 

HYDRA_ADMIN_URL = environ['HYDRA_ADMIN_URL']
Mark's avatar
Initial commit
Mark committed
10 11 

app = Flask(__name__)
Mark's avatar
Remove obsolete code  
Mark committed
12 
app.config['SECRET_KEY'] = urandom(16)
Mark's avatar
Use Flask-Security  
Mark committed
13
Mark's avatar
Remove sql backend and change from email to username  
Mark committed
14 15 16 17 18 19 20 21 22 23 
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = "login"

@login_manager.user_loader
def user_loader(username):
    user = User(username)
    if not user.active:
        return
    return user
Mark's avatar
Add dummy role  
Mark committed
24
Mark's avatar
Implement logout scenario  
Mark committed
25 26 27 
class LogoutForm(FlaskForm):
    logout = SubmitField("logout")
Mark's avatar
Remove sql backend and change from email to username  
Mark committed
28 29 30 31 
class LoginForm(FlaskForm):
    username = StringField("username")
    password = PasswordField("password")
    submit = SubmitField("Sign in")
Mark's avatar
Use Flask-Security  
Mark committed
32 33 34 35 

@app.route('/')
@login_required
def home():
Mark's avatar
Implement logout scenario  
Mark committed
36 37 38 39 40 41 42 43 44 45 46 
    logout_form = LogoutForm()
    if request.method == "GET":
        hydra = HydraAdmin(HYDRA_ADMIN_URL)
        challenge = request.args.get("login_challenge")
        if not challenge:
            return render_template('home.html', email=current_user.email, logout_form=logout_form)
        else:
            login_request = hydra.login_request(challenge)
            redirect_to = login_request.accept(current_user.email)
            return redirect(redirect_to)
Mark's avatar
Remove sql backend and change from email to username  
Mark committed
47 48 49 50 
@app.route('/login', methods=['GET', 'POST'])
def login():
    login_form = LoginForm()
    if login_form.validate_on_submit():
Mark's avatar
Add graphql backend  
Mark committed
51 
        user = User(login_form.username.data)
Mark's avatar
Refactor  
Mark committed
52 
        if user.active and user.verify_password(login_form.password.data):
Mark's avatar
Remove sql backend and change from email to username  
Mark committed
53 54 55 56 57 58 59 60 61 62 63 64 
            login_user(user)
        next_url = request.args.get('next')
        if not is_safe_url(next):
            return abort(400)
        return redirect(next_url or url_for('home'))
    return render_template('login.html', login_form=login_form)

def is_safe_url(url):
    #TODO implement this
    return True
Mark's avatar
Implement logout scenario  
Mark committed
65 66 67 68 69 
@app.route('/logout', methods=['POST'])
def logout():
    if request.method == "POST":
        logout_form = LogoutForm()
        if logout_form.validate():
Mark's avatar
Remove sql backend and change from email to username  
Mark committed
70 71 
            logout_user()
    return redirect(url_for('home'))