# HG changeset patch
# User Ludovic Chabant <ludovic@chabant.com>
# Date 1442725302 25200
# Node ID 128df013c9c01184b15d8cf7dede5863baaafe90
# Parent  5ff3b16391548b7d025233e85757cd8ccfb1607a
Fix login/logout workflows.

diff -r 5ff3b1639154 -r 128df013c9c0 wikked/commands/users.py
--- a/wikked/commands/users.py	Sat Sep 19 22:01:14 2015 -0700
+++ b/wikked/commands/users.py	Sat Sep 19 22:01:42 2015 -0700
@@ -28,8 +28,9 @@
     def __init__(self):
         super(NewUserCommand, self).__init__()
         self.name = 'newuser'
-        self.description = ("Generates the entry for a new user so you can "
-               "copy/paste it in your `.wikirc`.")
+        self.description = (
+                "Generates the entry for a new user so you can "
+                "copy/paste it in your `.wikirc`.")
 
     def setupParser(self, parser):
         parser.add_argument('username', nargs=1)
@@ -40,3 +41,4 @@
         password = ctx.args.password or getpass.getpass('Password: ')
         password = generate_password_hash(password)
         logger.info("%s = %s" % (username[0], password))
+
diff -r 5ff3b1639154 -r 128df013c9c0 wikked/templates/login.html
--- a/wikked/templates/login.html	Sat Sep 19 22:01:14 2015 -0700
+++ b/wikked/templates/login.html	Sat Sep 19 22:01:42 2015 -0700
@@ -11,7 +11,7 @@
             <strong>Begone!</strong> Those credentials don't seem to work here.
         </div>
         {%endif%}
-        <form id="login" class="pure-form pure-form-stacked" role="form">
+        <form id="login" class="pure-form pure-form-stacked" role="form" action="/login" method="POST">
             <fieldset>
                 <input type="text" name="username" for="remember" class="form-control" placeholder="Username" required="true" autofocus="true"></input>
                 <input type="password" name="password" placeholder="Password" required="true"></input>
diff -r 5ff3b1639154 -r 128df013c9c0 wikked/templates/logout.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/wikked/templates/logout.html	Sat Sep 19 22:01:42 2015 -0700
@@ -0,0 +1,22 @@
+{% extends 'index.html' %}
+{% block content %}
+<article>
+    <header>
+        <h1>Logout</h1>
+    </header>
+    <section>
+        <form id="login" class="pure-form pure-form-stacked" role="form" action="/logout" method="POST">
+            {%if already_logged_in%}
+            <p>You're already logged in as <a href="{{auth.url_profile}}">{{auth.username}}</a>.
+               If you want to log in as someone else, you can log out first.</p>
+            {%else%}
+            <p>Hi <a href="{{auth.url_profile}}">{{auth.username}}</a>, you can log out here.</p>
+            {%endif%}
+            <fieldset>
+                <button class="pure-button pure-button-primary" type="submit">Log out</button>
+            </fieldset>
+        </form>
+    </section>
+</article>
+{% endblock %}
+
diff -r 5ff3b1639154 -r 128df013c9c0 wikked/views/__init__.py
--- a/wikked/views/__init__.py	Sat Sep 19 22:01:14 2015 -0700
+++ b/wikked/views/__init__.py	Sat Sep 19 22:01:42 2015 -0700
@@ -3,14 +3,15 @@
 
 
 def add_auth_data(data):
+    username = current_user.get_id()
     if current_user.is_authenticated():
-        user_page_url = 'user:/%s' % current_user.get_id()
+        user_page_url = 'user:/%s' % username.title()
         data['auth'] = {
                 'is_logged_in': True,
-                'username': current_user.username,
+                'username': username,
                 'is_admin': current_user.is_admin(),
                 'url_logout': '/logout',
-                'url_profile': '/read/' % user_page_url
+                'url_profile': '/read/%s' % user_page_url
                 }
     else:
         data['auth'] = {
diff -r 5ff3b1639154 -r 128df013c9c0 wikked/views/admin.py
--- a/wikked/views/admin.py	Sat Sep 19 22:01:14 2015 -0700
+++ b/wikked/views/admin.py	Sat Sep 19 22:01:42 2015 -0700
@@ -1,28 +1,53 @@
 from flask import request, redirect, render_template
-from flask.ext.login import login_user, logout_user
+from flask.ext.login import login_user, logout_user, current_user
+from wikked.views import add_auth_data, add_navigation_data
 from wikked.web import app, get_wiki
 
 
-@app.route('/login')
+@app.route('/login', methods=['GET', 'POST'])
 def login():
-    username = request.form.get('username')
-    password = request.form.get('password')
-    remember = request.form.get('remember')
-    back_url = request.form.get('back_url')
-
     wiki = get_wiki()
-    user = wiki.auth.getUser(username)
-    if user is not None and app.bcrypt:
-        if app.bcrypt.check_password_hash(user.password, password):
-            login_user(user, remember=bool(remember))
-            return redirect(back_url or '/')
+
+    data = {}
+    add_auth_data(data)
+    add_navigation_data(
+            None, data,
+            raw_url='/api/user/login')
+
+    if request.method == 'GET':
+        if current_user.is_authenticated():
+            data['already_logged_in'] = True
+            return render_template('logout.html', **data)
+        else:
+            return render_template('login.html', **data)
 
-    data = {'has_error': True}
-    return render_template('login.html', **data)
+    if request.method == 'POST':
+        username = request.form.get('username')
+        password = request.form.get('password')
+        remember = request.form.get('remember')
+        back_url = request.form.get('back_url')
+
+        user = wiki.auth.getUser(username)
+        if user is not None and app.bcrypt:
+            if app.bcrypt.check_password_hash(user.password, password):
+                login_user(user, remember=bool(remember))
+                return redirect(back_url or '/')
+
+        data['has_error'] = True
+        return render_template('login.html', **data)
 
 
-@app.route('/logout')
+@app.route('/logout', methods=['GET', 'POST'])
 def logout():
-    logout_user()
-    redirect('/')
+    if request.method == 'GET':
+        data = {}
+        add_auth_data(data)
+        add_navigation_data(
+                None, data,
+                raw_url='/api/user/logout')
+        return render_template('logout.html', **data)
 
+    if request.method == 'POST':
+        logout_user()
+        return redirect('/')
+