From d1fcba082f3230c9c39a8e31bfcc1555e11a6fd0 Mon Sep 17 00:00:00 2001
From: Tim Van Baak <tim.vanbaak@gmail.com>
Date: Tue, 14 Jan 2020 19:08:54 -0800
Subject: [PATCH] Flesh out login flow with password checks

---
 amanuensis/resources/page.css        |  6 ++++--
 amanuensis/server/auth.py            | 25 ++++++++++++++-----------
 amanuensis/server/home.py            |  4 +---
 amanuensis/templates/auth/login.html | 21 ++++++++++++++++-----
 amanuensis/templates/home/home.html  | 13 ++++++++-----
 amanuensis/templates/page.html       |  6 +++---
 amanuensis/templates/page_2col.html  | 14 +++++++++-----
 7 files changed, 55 insertions(+), 34 deletions(-)

diff --git a/amanuensis/resources/page.css b/amanuensis/resources/page.css
index 3d0bc89..3d51f4f 100644
--- a/amanuensis/resources/page.css
+++ b/amanuensis/resources/page.css
@@ -106,11 +106,13 @@ span.signature {
 		float: inherit;
 		margin: 5px auto;
 	}
-	div#content {
+	div#content{
+		margin: 5px auto;
+	}
+	div.content-2col {
 		max-width: 564px;
 		position: static;
 		right: inherit;
-		margin: 5px auto;
 	}
 	img#logo {
 		max-width: inherit;
diff --git a/amanuensis/server/auth.py b/amanuensis/server/auth.py
index 4950e64..aed0509 100644
--- a/amanuensis/server/auth.py
+++ b/amanuensis/server/auth.py
@@ -1,4 +1,4 @@
-from flask import Blueprint, render_template, redirect, url_for
+from flask import Blueprint, render_template, redirect, url_for, flash
 from flask_wtf import FlaskForm
 from wtforms import StringField, PasswordField, BooleanField, SubmitField
 from wtforms.validators import DataRequired
@@ -9,8 +9,8 @@ import user
 
 class LoginForm(FlaskForm):
 	username = StringField('Username', validators=[DataRequired()])
-	#password = PasswordField('Password', validators=[DataRequired()])
-	#remember = BooleanField('Remember Me')
+	password = PasswordField('Password', validators=[DataRequired()])
+	remember = BooleanField('Stay logged in')
 	submit = SubmitField('Log in')
 
 def get_bp(login_manager):
@@ -27,15 +27,18 @@ def get_bp(login_manager):
 		if form.validate_on_submit():
 			username = form.username.data
 			uid = user.uid_from_username(username)
-			if uid is None:
-				pass
-			u = user.user_from_uid(uid)
-			login_user(u)
-			config.logger.info("Logged in user '{}' ({})".format(u.get('username'), u.uid))
-			name = u.get('username')
+			if uid is not None:
+				u = user.user_from_uid(uid)
+				if u.check_password(form.password.data):
+					remember_me = form.remember.data
+					login_user(u, remember=remember_me)
+					config.logger.info("Logged in user '{}' ({})".format(
+						u.get('username'), u.uid))
+					return redirect(url_for('home.home'))
+			flash("Login not recognized")
 		else:
-			name = "guest"
-		return render_template('auth/login.html', form=form, username=name)
+			pass
+		return render_template('auth/login.html', form=form)
 
 	@bp.route("/logout/", methods=['GET'])
 	@login_required
diff --git a/amanuensis/server/home.py b/amanuensis/server/home.py
index 1f31f60..e3b4645 100644
--- a/amanuensis/server/home.py
+++ b/amanuensis/server/home.py
@@ -11,8 +11,6 @@ def get_bp():
 	@bp.route('/', methods=['GET'])
 	@login_required
 	def home():
-		return render_template(
-			'home/home.html',
-			sidebar_rows=[current_user.get('username'), current_user.get('displayname'), current_user.uid])
+		return render_template('home/home.html')
 
 	return bp
diff --git a/amanuensis/templates/auth/login.html b/amanuensis/templates/auth/login.html
index 8c40578..621177c 100644
--- a/amanuensis/templates/auth/login.html
+++ b/amanuensis/templates/auth/login.html
@@ -1,11 +1,22 @@
 {% extends "page_1col.html" %}
 {% block title %}Login | Amanuensis{% endblock %}
-{% block header %}<h2>Login</h2>{% endblock %}
-{% block primary_content %}
-<h1>Log in</h1>
+{% block header %}<h2>Amanuensis - Login</h2>{% endblock %}
+{% block main %}
 <form action="" method="post" novalidate>
 	{{ form.hidden_tag() }}
-	<p>{{ form.username.label }}<br>{{ form.username(size=32) }}</p>
+	<p>{{ form.username.label }}<br>{{ form.username(size=32) }}
+	{% for error in form.username.errors %}
+	<br><span style="color: #ff0000">{{ error }}</span>
+	{% endfor %}</p>
+	<p>{{ form.password.label }}<br>{{ form.password(size=32) }}
+	{% for error in form.password.errors %}
+	<br><span style="color: #ff0000">{{ error }}</span>
+	{% endfor %}</p>
+	<p>{{ form.remember }} {{ form.remember.label }}</p>
 	<p>{{ form.submit() }}</p>
 </form>
-{% endblock %}
\ No newline at end of file
+{% for message in get_flashed_messages() %}
+<span style="color: #ff0000">{{ message }}</span><br>
+{% endfor %}
+{% endblock %}
+{% set template_content_blocks = [self.main()] %}
\ No newline at end of file
diff --git a/amanuensis/templates/home/home.html b/amanuensis/templates/home/home.html
index 6afe982..2a5be27 100644
--- a/amanuensis/templates/home/home.html
+++ b/amanuensis/templates/home/home.html
@@ -1,7 +1,10 @@
 {% extends "page_2col.html" %}
 {% block title %}Home | Amanuensis{% endblock %}
-{% block header %}<h2>Amanuensis</h2>{% endblock %}
-{% block primary_content %}
-<p><a href="{{ url_for('home.home') }}">Home</a></p>
-<p><a href="{{ url_for('auth.logout') }}">Logout</a></p>
-{% endblock %}
\ No newline at end of file
+{% block header %}<h2>Amanuensis - Dashboard</h2>{% endblock %}
+{% block sb_topline %}<b>{{ current_user.get('displayname') }}</b>{% endblock %}
+{% block sb_logout %}<a href="{{ url_for('auth.logout') }}">Log out</a>{% endblock %}
+{% set template_sidebar_rows = [self.sb_topline(), self.sb_logout()] %}
+{% block main %}
+<h1>Home Page</h1>
+{% endblock %}
+{% set template_content_blocks = [self.main()] %}
\ No newline at end of file
diff --git a/amanuensis/templates/page.html b/amanuensis/templates/page.html
index f84657d..3d32543 100644
--- a/amanuensis/templates/page.html
+++ b/amanuensis/templates/page.html
@@ -11,9 +11,9 @@
 		<div id="header">{% block header %}{% endblock %}</div>
 		{% block sidebar %}{% endblock %}
 		<div id="content" class="{% block content_class %}{% endblock %}">
-			<div class="contentblock">
-				{% block primary_content %}{% endblock %}</div>{% for content_block in additional_content %}
-			<div class="contentblock">
+			{% if not template_content_blocks %}{% set template_content_blocks = [] %}{% endif %}
+			{% if not content_blocks %}{% set content_blocks = [] %}{% endif %}
+			{% for content_block in template_content_blocks + content_blocks %}<div class="contentblock">
 				{{ content_block|safe }}</div>
 			{% endfor %}
 		</div>
diff --git a/amanuensis/templates/page_2col.html b/amanuensis/templates/page_2col.html
index 93c668f..9a93a9b 100644
--- a/amanuensis/templates/page_2col.html
+++ b/amanuensis/templates/page_2col.html
@@ -1,8 +1,12 @@
 {% extends "page.html" %}
-{% block sidebar %}<div id="sidebar">
-		<table>{% for row in sidebar_rows %}
-			<tr><td>{{ row|safe }}</td></tr>{% endfor %}
-		</table>
-		</div>
+{% block sidebar %}
+<div id="sidebar">
+	{% if not template_sidebar_rows %}{% set template_sidebar_rows = [] %}{% endif %}
+	{% if not sidebar_rows %}{% set sidebar_rows = [] %}{% endif %}
+	<table>
+		{% for row in template_sidebar_rows + sidebar_rows %}
+		<tr><td>{{ row|safe }}</td></tr>{% endfor %}
+	</table>
+</div>
 {% endblock %}
 {% block content_class %}content-2col{% endblock %}
\ No newline at end of file