From a83a30efdb7a8c2d1e4983d72f39c8432052ef72 Mon Sep 17 00:00:00 2001 From: Tim Van Baak Date: Mon, 27 Apr 2020 20:38:53 -0700 Subject: [PATCH] Post-redirect-get for auth.login --- amanuensis/server/auth/__init__.py | 32 +++++++++++++++++++----------- amanuensis/server/auth/forms.py | 4 +--- 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/amanuensis/server/auth/__init__.py b/amanuensis/server/auth/__init__.py index 1fb8d93..b8f6fc6 100644 --- a/amanuensis/server/auth/__init__.py +++ b/amanuensis/server/auth/__init__.py @@ -46,19 +46,27 @@ bp_auth = Blueprint('auth', __name__, def login(): model_factory: ModelFactory = current_app.config['model_factory'] form = LoginForm() - if form.validate_on_submit(): - username = form.username.data - user = model_factory.try_user(username) - if user is not None and user.check_password(form.password.data): - remember_me = form.remember.data - login_user(user, remember=remember_me) - with user.ctx.edit_config() as cfg: - cfg.last_login = int(time.time()) - logger.info('Logged in user "{0.username}" ({0.uid})' - .format(user.cfg)) - return redirect(url_for('home.home')) + + if not form.validate_on_submit(): + # Either the request was GET and we should render the form, + # or the request was POST and validation failed. + return render_template('auth.login.jinja', form=form) + + # POST with valid data + username = form.username.data + user = model_factory.try_user(username) + if not user or not user.check_password(form.password.data): + # Bad creds flash("Login not recognized") - return render_template('auth.login.jinja', form=form) + return redirect(url_for('auth.login')) + + # Login credentials were correct + remember_me = form.remember.data + login_user(user, remember=remember_me) + with user.ctx.edit_config() as cfg: + cfg.last_login = int(time.time()) + logger.info('Logged in user "{0.username}" ({0.uid})'.format(user.cfg)) + return redirect(url_for('home.home')) @bp_auth.route("/logout/", methods=['GET']) diff --git a/amanuensis/server/auth/forms.py b/amanuensis/server/auth/forms.py index d3ad817..cf466a3 100644 --- a/amanuensis/server/auth/forms.py +++ b/amanuensis/server/auth/forms.py @@ -2,14 +2,12 @@ from flask_wtf import FlaskForm from wtforms import StringField, PasswordField, BooleanField, SubmitField from wtforms.validators import DataRequired -from amanuensis.server.forms import User - class LoginForm(FlaskForm): """/auth/login/""" username = StringField( 'Username', - validators=[DataRequired(), User()]) + validators=[DataRequired()]) password = PasswordField( 'Password', validators=[DataRequired()])