Mercurial > wikked
changeset 349:128df013c9c0
Fix login/logout workflows.
| author | Ludovic Chabant <ludovic@chabant.com> |
|---|---|
| date | Sat, 19 Sep 2015 22:01:42 -0700 |
| parents | 5ff3b1639154 |
| children | 1df31795fcab |
| files | wikked/commands/users.py wikked/templates/login.html wikked/templates/logout.html wikked/views/__init__.py wikked/views/admin.py |
| diffstat | 5 files changed, 73 insertions(+), 23 deletions(-) [+] |
line wrap: on
line diff
--- a/wikked/commands/users.py Sat Sep 19 22:01:14 2015 -0700 +++ b/wikked/commands/users.py Sat Sep 19 22:01:42 2015 -0700 @@ -28,8 +28,9 @@ def __init__(self): super(NewUserCommand, self).__init__() self.name = 'newuser' - self.description = ("Generates the entry for a new user so you can " - "copy/paste it in your `.wikirc`.") + self.description = ( + "Generates the entry for a new user so you can " + "copy/paste it in your `.wikirc`.") def setupParser(self, parser): parser.add_argument('username', nargs=1) @@ -40,3 +41,4 @@ password = ctx.args.password or getpass.getpass('Password: ') password = generate_password_hash(password) logger.info("%s = %s" % (username[0], password)) +
--- a/wikked/templates/login.html Sat Sep 19 22:01:14 2015 -0700 +++ b/wikked/templates/login.html Sat Sep 19 22:01:42 2015 -0700 @@ -11,7 +11,7 @@ <strong>Begone!</strong> Those credentials don't seem to work here. </div> {%endif%} - <form id="login" class="pure-form pure-form-stacked" role="form"> + <form id="login" class="pure-form pure-form-stacked" role="form" action="/login" method="POST"> <fieldset> <input type="text" name="username" for="remember" class="form-control" placeholder="Username" required="true" autofocus="true"></input> <input type="password" name="password" placeholder="Password" required="true"></input>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/wikked/templates/logout.html Sat Sep 19 22:01:42 2015 -0700 @@ -0,0 +1,22 @@ +{% extends 'index.html' %} +{% block content %} +<article> + <header> + <h1>Logout</h1> + </header> + <section> + <form id="login" class="pure-form pure-form-stacked" role="form" action="/logout" method="POST"> + {%if already_logged_in%} + <p>You're already logged in as <a href="{{auth.url_profile}}">{{auth.username}}</a>. + If you want to log in as someone else, you can log out first.</p> + {%else%} + <p>Hi <a href="{{auth.url_profile}}">{{auth.username}}</a>, you can log out here.</p> + {%endif%} + <fieldset> + <button class="pure-button pure-button-primary" type="submit">Log out</button> + </fieldset> + </form> + </section> +</article> +{% endblock %} +
--- a/wikked/views/__init__.py Sat Sep 19 22:01:14 2015 -0700 +++ b/wikked/views/__init__.py Sat Sep 19 22:01:42 2015 -0700 @@ -3,14 +3,15 @@ def add_auth_data(data): + username = current_user.get_id() if current_user.is_authenticated(): - user_page_url = 'user:/%s' % current_user.get_id() + user_page_url = 'user:/%s' % username.title() data['auth'] = { 'is_logged_in': True, - 'username': current_user.username, + 'username': username, 'is_admin': current_user.is_admin(), 'url_logout': '/logout', - 'url_profile': '/read/' % user_page_url + 'url_profile': '/read/%s' % user_page_url } else: data['auth'] = {
--- a/wikked/views/admin.py Sat Sep 19 22:01:14 2015 -0700 +++ b/wikked/views/admin.py Sat Sep 19 22:01:42 2015 -0700 @@ -1,28 +1,53 @@ from flask import request, redirect, render_template -from flask.ext.login import login_user, logout_user +from flask.ext.login import login_user, logout_user, current_user +from wikked.views import add_auth_data, add_navigation_data from wikked.web import app, get_wiki -@app.route('/login') +@app.route('/login', methods=['GET', 'POST']) def login(): - username = request.form.get('username') - password = request.form.get('password') - remember = request.form.get('remember') - back_url = request.form.get('back_url') - wiki = get_wiki() - user = wiki.auth.getUser(username) - if user is not None and app.bcrypt: - if app.bcrypt.check_password_hash(user.password, password): - login_user(user, remember=bool(remember)) - return redirect(back_url or '/') + + data = {} + add_auth_data(data) + add_navigation_data( + None, data, + raw_url='/api/user/login') + + if request.method == 'GET': + if current_user.is_authenticated(): + data['already_logged_in'] = True + return render_template('logout.html', **data) + else: + return render_template('login.html', **data) - data = {'has_error': True} - return render_template('login.html', **data) + if request.method == 'POST': + username = request.form.get('username') + password = request.form.get('password') + remember = request.form.get('remember') + back_url = request.form.get('back_url') + + user = wiki.auth.getUser(username) + if user is not None and app.bcrypt: + if app.bcrypt.check_password_hash(user.password, password): + login_user(user, remember=bool(remember)) + return redirect(back_url or '/') + + data['has_error'] = True + return render_template('login.html', **data) -@app.route('/logout') +@app.route('/logout', methods=['GET', 'POST']) def logout(): - logout_user() - redirect('/') + if request.method == 'GET': + data = {} + add_auth_data(data) + add_navigation_data( + None, data, + raw_url='/api/user/logout') + return render_template('logout.html', **data) + if request.method == 'POST': + logout_user() + return redirect('/') +