-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.py
More file actions
344 lines (288 loc) · 12.2 KB
/
app.py
File metadata and controls
344 lines (288 loc) · 12.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
from flask import (
Flask,
render_template,
request,
jsonify,
redirect,
url_for,
flash,
session,
)
from dotenv import load_dotenv
from flask_wtf.csrf import CSRFProtect
from flask_cors import CORS
from functools import wraps
from flask_wtf import FlaskForm
from wtforms.validators import EqualTo
from itsdangerous import URLSafeTimedSerializer
import os
from flask_security import current_user
from werkzeug.security import generate_password_hash, check_password_hash
from flask_mail import Mail, Message
from wtforms import StringField, PasswordField
from wtforms.validators import DataRequired, Email, ValidationError, EqualTo
from uuid import UUID
from flask_login import (
LoginManager,
login_user,
logout_user,
login_manager,
current_user,
)
from werkzeug.utils import redirect
from datetime import date
class CustomRegisterForm(FlaskForm):
email = StringField("Email", [DataRequired(), Email()])
password = PasswordField("Password", [DataRequired()])
password_confirm = PasswordField(
"Confirm Password",
[DataRequired(), EqualTo("password", message="Passwords must match")],
)
name = StringField("Name", [DataRequired()])
surname = StringField("Surname", [DataRequired()])
def validate_email(self, email):
user = User.query.filter_by(email=email.data).first()
if user:
raise ValidationError('This email is already in use. Please choose a different one.')
class CustomLoginForm(FlaskForm):
email = StringField("Email", validators=[DataRequired(), Email()])
password = PasswordField("Password", validators=[DataRequired()])
def validate(self, *args, **kwargs):
if not super(CustomLoginForm, self).validate():
return False
user = User.query.filter_by(email=self.email.data.lower()).first()
# Check if user is not None before accessing its attributes
if user is None:
self.email.errors.append("Does not exist ! Create an account first !")
return False
print(f"User email: {user.email}")
print(f"User active status: {user.active}")
password_check_result = check_password_hash(user.password, self.password.data)
print(f"Password check result: {password_check_result}")
if not user.active:
self.email.errors.append("Have not been confirmed yet, Please confirm your email!")
return False
if not password_check_result:
self.email.errors.append("Invalid email and/or password")
return False
return True
class ChangePasswordForm(FlaskForm):
old_password = PasswordField("Old Password", validators=[DataRequired()])
new_password = PasswordField("New Password", [DataRequired(), EqualTo("confirm_new_password", message="Passwords must match")])
confirm_new_password = PasswordField("Confirm New Password", validators=[DataRequired()])
class PasswordResetForm(FlaskForm):
new_password = PasswordField("New Password", [DataRequired(), EqualTo("confirm_new_password", message="Passwords must match")])
confirm_new_password = PasswordField("Confirm New Password", validators=[DataRequired()])
class PasswordResetRequestForm(FlaskForm):
email = StringField('Email', validators=[DataRequired(), Email()])
app = Flask(__name__)
from models import db, User, Role, init_app
csrf = CSRFProtect(app)
CORS(app)
app.config["SECRET_KEY"] = os.getenv("SECRET_KEY")
app.config["SQLALCHEMY_DATABASE_URI"] = os.getenv(
"SQLALCHEMY_DATABASE_URI", "sqlite:///mydatabase.db"
)
app.config["MAIL_SERVER"] = os.getenv("MAIL_SERVER")
app.config["MAIL_PORT"] = int(os.getenv("MAIL_PORT", "587"))
app.config["MAIL_USERNAME"] = os.getenv("MAIL_USERNAME")
app.config["MAIL_PASSWORD"] = os.getenv("MAIL_PASSWORD")
app.config["MAIL_USE_TLS"] = True
app.config["MAIL_USE_SSL"] = False
app.config["MAIL_DEBUG"] = True
app.config["MAIL_SUPPRESS_SEND"] = False
app.config["MAIL_ASCII_ATTACHMENTS"] = False
app.config["SECURITY_PASSWORD_SALT"] = os.getenv("SECURITY_PASSWORD_SALT")
today = date.today().strftime("%Y-%m-%d")
mail = Mail(app)
login_manager = LoginManager()
login_manager.init_app(app)
db.init_app(app)
def custom_login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if "user_id" not in session:
flash("Please log in to continue")
return redirect(url_for("login", next=request.url))
return f(*args, **kwargs)
return decorated_function
def generate_confirmation_token(email):#good
serializer = URLSafeTimedSerializer(app.config["SECRET_KEY"])
return serializer.dumps(email, salt=app.config["SECURITY_PASSWORD_SALT"])
def confirm_token(token, expiration=3600):#good
serializer = URLSafeTimedSerializer(app.config["SECRET_KEY"])
try:
email = serializer.loads(
token, salt=app.config["SECURITY_PASSWORD_SALT"], max_age=expiration
)
except:
return False
return email
def send_confirmation_email(user_email):
token = generate_confirmation_token(user_email)
verification_url = url_for(
"confirm_email", token=token, _external=True
)
html = render_template(
"emailverification.html", verification_url=verification_url
)
msg = Message(
"Please confirm your email",
sender=app.config["MAIL_USERNAME"],
recipients=[user_email],
html=html,
)
mail.send(msg)
@login_manager.user_loader
def load_user(user_id):
try:
uuid_obj = UUID(user_id)
return User.query.filter(User.fs_uniquifier == uuid_obj).first()
except ValueError:
return None
def send_reset_email(email, reset_url):
html = render_template('reset_password_email.html', reset_url=reset_url)
msg = Message('Password Reset Request', sender='noreply@demo.com', recipients=[email], html=html)
mail.send(msg)
@app.route('/reset_token/<token>', methods=['GET', 'POST'])
def reset_token(token):
# Check the token, and redirect to login if it's invalid
email = confirm_token(token)
if not email:
flash('That is an invalid or expired token', 'warning')
return redirect(url_for('login'))
form = PasswordResetForm()
if form.validate_on_submit():
user = User.query.filter_by(email=email).first()
if user:
user.password = generate_password_hash(form.new_password.data)
db.session.commit()
flash('Your password has been updated! You are now able to log in', 'success')
return redirect(url_for('login'))
else:
for fieldName, errorMessages in form.errors.items():
for err in errorMessages:
flash(f'{fieldName}: {err}')
return render_template('reset_token.html', form=form ,token=token)
@app.route('/reset_password', methods=['GET', 'POST'])
def reset_password():
form = PasswordResetRequestForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if user:
token = generate_confirmation_token(user.email)
reset_url = url_for('reset_token', token=token, _external=True)
send_reset_email(user.email, reset_url)
flash('A password reset email has been sent to your mail.', 'info')
return redirect(url_for('login'))
else:
flash('The email address does not exist. Please provide a correct email address', 'error')
return redirect(url_for('reset_password'))
return render_template('reset_password.html', form=form)
@app.route('/change_password', methods=['GET', 'POST'])
@custom_login_required
def change_password():
form = ChangePasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(id=session['user_id']).first() # get user from DB
if not user or not check_password_hash(user.password, form.old_password.data):
flash('Incorrect current password')
else:
user.password = generate_password_hash(form.new_password.data)
db.session.commit()
flash('Your password has been updated.')
return redirect(url_for('login'))
return render_template('change_password.html', form=form)
@app.route("/register", methods=["GET", "POST"])#good
def register():
form = CustomRegisterForm()
if form.validate_on_submit():
user = User(
email=form.email.data,
password=generate_password_hash(form.password.data),
name=form.name.data,
surname=form.surname.data,
active=False, # user is not active until confirmation
)
db.session.add(user)
db.session.commit()
try:
send_confirmation_email(user.email) # send confirmation email
except Exception as e:
flash(f"Either the email or pass for flask SMTP GMAIL setup is failing ... the error : {str(e)}")
db.session.rollback() # if there is a problem with sending email - rollback db changes
return render_template("register.html", register_form=form)
return redirect(url_for("registration_successful"))
else:
print("Form validation failed")
for field, errors in form.errors.items():
for error in errors:
flash(f"This {field} {error}")
return render_template("register.html", register_form=form)
@app.route("/login", methods=["GET", "POST"])
def login():
if current_user.is_authenticated:
return redirect(url_for("index"))#redirect index if sucessfuly authenticated
form = CustomLoginForm()
if request.method == "POST":
if form.validate_on_submit():
print("Form validation passed")
user = User.query.filter_by(email=form.email.data).first()
if user and check_password_hash(user.password, form.password.data):
login_user(user)
session["user_id"] = user.id
session["user_name"] = user.name
session["user_surname"] = user.surname
session["user_email"] = user.email
next_page = (
request.form["next"]
or request.args.get("next")
or url_for("login")#redirect to login after creating account
)
return redirect(next_page)
else:
print("Form validation failed")
for field, errors in form.errors.items():
for error in errors:
flash(f"This {field} {error}")
return render_template("login.html", form=form)
@app.route("/confirm/<token>", methods=["GET", "POST"])#good
def confirm_email(token):
try:
email = confirm_token(token)
except:
flash("Confirmation link is invalid or has expired.", "danger")
return redirect(url_for("login"))
user = User.query.filter_by(email=email).first_or_404()
if user.active:
flash("Account already confirmed. Please log in.", "success")
else:
user.active = True
db.session.add(user)
db.session.commit()
flash("Thank you for confirming your email!", "success")
return redirect(url_for("index"))
@app.route("/registration_successful")#good
def registration_successful():
return render_template("registration_successful.html")
@app.context_processor
def inject_user():
return dict(current_user=current_user)
@app.route('/', methods=['GET', 'POST'])
@custom_login_required
def index():
return render_template('index.html')
@app.errorhandler(400)
def handle_bad_request(e):
return jsonify({'message': str(e), 'success': False}), 400
@app.route("/logout")
@custom_login_required#use this line wherever you want user to log iin to continue
def logout():
session.pop("user_id", None)
session.pop("user_name", None)
session.pop("user_surname", None)
session.pop("user_email", None)
logout_user()
return redirect(url_for("index"))
if __name__ == "__main__":
app.run(debug=True)