-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.py
More file actions
125 lines (100 loc) · 3.78 KB
/
auth.py
File metadata and controls
125 lines (100 loc) · 3.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
'''
This script is about sign-up, login management
'''
from flask import render_template, request, url_for, flash, redirect, Blueprint
from flask.globals import session
from flask_login import login_user, login_required, logout_user
from connect import Connect, roles_config
from models import User
auth = Blueprint('auth', __name__)
@auth.route('/login', methods=['POST', 'GET'])
def login():
'''
- Log in as the curator or a Miner
- Check if the user exists and if the passwords match
- Temporarily store the role and database password in the app session
'''
if request.method == 'POST':
ID = request.form['id']
password = request.form['password']
role = request.form.get('role')
# Log in as the curator
if role == 'curator':
con = Connect()
result = con.query(
"SELECT password AS pw1, MD5(%s) AS pw2 FROM miners WHERE id = 'curator'",
[password], 1)
if ID == 'curator' and result['pw1'] == result['pw2']:
user = User(ID)
login_user(user)
# Temporarily store the role and database password in session
session['role'] = role
session['db_pw'] = password
return redirect('/curator')
else:
flash("You are not the curator!", "danger")
# Log in as a Miner
else:
con = Connect()
result = con.query(
"SELECT password AS pw1, MD5(%s) AS pw2 FROM miners WHERE id = %s",
[password, ID], 1)
if result is None:
flash("The ID doesn't exist!", category="danger")
elif result['pw1'] != result['pw2']:
flash("The password is incorrect!", category="danger")
else:
flash("Successfully login!", "success")
user = User(ID)
login_user(user)
# Temporarily store the role and database password in session
session['role'] = 'miner'
session['db_pw'] = roles_config['miner']
return redirect('/profile')
return render_template('login.html')
return render_template('login.html')
@auth.route('/signup', methods=['POST', 'GET'])
def signup():
'''
- Sign up a Miner account
- Check if the user info is valid
'''
# Construc the gender dictionary
gender_dicts = [{
'gender': ['Female', 1]
}, {
'gender': ['Male', 0]
}, {
'gender': ['Non-binary', 2]
}]
if request.method == 'POST':
ID = request.form['id']
password = request.form['password']
c_password = request.form['c_password']
# To get NULL in psql, we need to manually tranform empty string '' to None
name = request.form['name'] or None
mail = request.form['mail'] or None
phone = request.form['phone'] or None
gender = request.form['gender']
age = str(request.form['age']) or None
if password != c_password:
msg = "Two passwords don't match!"
else:
con = Connect()
# Use SQL function insert_miners to check and insert the new user
msg = con.query('SELECT insert_miners(%s,%s,%s,%s,%s,%s,%s)',
(ID, password, name, mail, phone, gender, age),
1)[0]
if msg:
flash(msg, 'danger')
else:
return redirect(url_for('auth.login'))
return render_template('signup.html', options=gender_dicts)
@auth.route('/logout')
@login_required
def logout():
logout_user()
# Clear the temporary session info
session.clear()
flash("Successfully logout!", "success")
return redirect(url_for('book.home'))