from datetime import datetime from flask import render_template, flash, redirect, url_for, abort from flask_login import login_user, logout_user, current_user, login_required from app import db from app.auth import bp from app.models import User from app.auth.forms import LoginForm, RegistrationForm @bp.route('/login', methods=['GET', 'POST']) def login(): if current_user.is_authenticated: return redirect(url_for('main.index')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(name=form.username.data).first() if user is None or not user.check_password(form.password.data): flash('Invalid username or password') return redirect(url_for('auth.login')) login_user(user, remember=form.remember_me.data) user.last_login = datetime.utcnow() return redirect(url_for('main.index')) return render_template('auth/login.html', title='Sign In', form=form) @bp.route('/logout') @login_required def logout(): logout_user() return redirect(url_for('main.index')) @bp.route('/register', methods=['GET', 'POST']) def register(): if current_user.is_authenticated: return redirect(url_for('main.index')) form = RegistrationForm() if form.validate_on_submit(): user = User(name=form.username.data) user.set_password(form.password.data) user.set_auth_hash() user.last_login = datetime.utcnow() db.session.add(user) db.session.commit() flash('Congratulations, you are now a registered user!') return redirect(url_for('auth.login')) return render_template('auth/register.html', title='Register', form=form) @bp.route('/generate_auth_hash/') def generate_auth_hash(username): user = User.query.filter(User.name == username).first_or_404() if not current_user.owns_game_played_by(user): abort(403) if user.auth_hash: flash('Auth hash is already generated') abort(403) if user.last_login: flash('After a player has logged in, it is no longer possible to generate a QR code.') abort(403) user.set_auth_hash() db.session.commit() return 'nothing'