from datetime import datetime from flask import render_template, flash, redirect, request, url_for, abort, Markup, escape from flask_login import login_user, logout_user, current_user, login_required from app import db from app.auth import bp from app.utils import generate_qr_code, serve_pil_image from app.models import User from app.auth.forms import LoginForm, RegistrationForm @bp.route('/login', methods=['GET', 'POST']) def login(): if current_user.is_authenticated: return redirect(url_for('main.index')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(name=form.username.data).first() if user is None or not user.check_password(form.password.data): flash('Invalid username or password') return redirect(url_for('auth.login')) return user_login(user, form.remember_me.data) return render_template('auth/login.html', title='Sign In', form=form) def user_login(user, remember): login_user(user, remember) user.last_login = datetime.utcnow() return redirect(url_for('main.index')) @bp.route('/logout') @login_required def logout(): logout_user() return redirect(url_for('main.index')) @bp.route('/register', methods=['GET', 'POST']) def register(): if current_user.is_authenticated: return redirect(url_for('main.index')) form = RegistrationForm() if form.validate_on_submit(): user = User(name=form.username.data) user.set_password(form.password.data) user.set_auth_hash() user.last_login = datetime.utcnow() db.session.add(user) db.session.commit() flash('Congratulations, you are now a registered user!') return redirect(url_for('auth.login')) return render_template('auth/register.html', title='Register', form=form) @bp.route('/generate_auth_hash/') def generate_auth_hash(username): user = User.query.filter(User.name == username).first_or_404() if not current_user.owns_game_played_by(user): abort(403) if user.auth_hash: flash('Auth hash is already generated') abort(403) if user.last_login: flash('After a player has logged in, it is no longer possible to generate a QR code.') abort(403) user.set_auth_hash() db.session.commit() return 'nothing' @bp.route('/user/') def user_hash_login(auth_hash): user = User.query.filter_by(auth_hash=auth_hash).first_or_404() if current_user.is_authenticated: if current_user.owns_game_played_by(user): safe_username = escape(user.name) flash(Markup(f"The login link for {safe_username} works! " "However, logged in users like you can't access it")) return redirect(url_for('main.game_player', game_name=current_user.owned_game_played_by(user).name, username=user.name)) flash(f'You are aleady logged in as {current_user.name}!') return redirect(url_for('main.index')) if user.password_hash: flash('Please login with your username and password!') abort(404) if user.last_login: return user_login(user, True) if request.args.get('login', default='false', type=str).lower() == 'true': return user_login(user, True) return render_template('auth/user_hash_login.html', title=f'User: {user.name}', user=user) @bp.route('/user//qrcode.png') @login_required def user_qrcode(auth_hash): user = User.query.filter_by(auth_hash=auth_hash).first_or_404() if not current_user.owns_game_played_by(user): abort(403) if user.last_login: flash('After a player has logged in, it is no longer possible to request their QR code.') abort(403) img = generate_qr_code(url_for('auth.user_hash_login', auth_hash=auth_hash, _external=True)) return serve_pil_image(img)