pyfedi/app/auth/routes.py

from datetime import date, datetime, timedelta
from flask import redirect, url_for, flash, request, make_response, session, Markup, current_app
from werkzeug.urls import url_parse
from flask_login import login_user, logout_user, current_user
from flask_babel import _
from app import db
from app.auth import bp
from app.auth.forms import LoginForm, RegistrationForm, ResetPasswordRequestForm, ResetPasswordForm
from app.auth.util import random_token
from app.models import User
from app.auth.email import send_password_reset_email, send_welcome_email, send_verification_email
from app.activitypub.signature import RsaKeys
from app.utils import render_template


@bp.route('/login', methods=['GET', 'POST'])
def login():
    if current_user.is_authenticated:
        next_page = request.args.get('next')
        if not next_page or url_parse(next_page).netloc != '':
            next_page = url_for('main.index')
        return redirect(next_page)
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query.filter_by(user_name=form.user_name.data, ap_id=None).first()
        if user is None:
            flash(_('No account exists with that user name address'), 'error')
            return redirect(url_for('auth.login'))
        if user.banned:
            flash(_('You have been banned.', 'error'))
            return redirect(url_for('auth.login'))
        if not user.check_password(form.password.data):
            if user.password_hash is None:
                if "@gmail.com" in user.email:
                    message = Markup(_('Invalid password. Please click the "Login using Google" button or <a href="/auth/reset_password_request">reset your password</a>.'))
                    flash(message, 'warning')
                else:
                    message = Markup(_('Invalid password. Please <a href="/auth/reset_password_request">reset your password</a>.'))
                    flash(message, 'error')
                return redirect(url_for('auth.login'))
            flash(_('Invalid password'))
            return redirect(url_for('auth.login'))
        login_user(user, remember=True)
        current_user.last_seen = datetime.utcnow()
        current_user.verification_token = ''
        db.session.commit()
        next_page = request.args.get('next')
        if not next_page or url_parse(next_page).netloc != '':
            next_page = url_for('main.index')
        return redirect(next_page)
    return render_template('auth/login.html', title=_('Login'), form=form)


@bp.route('/logout')
def logout():
    logout_user()
    return redirect(url_for('main.index'))


@bp.route('/register', methods=['GET', 'POST'])
def register():
    if current_user.is_authenticated:
        return redirect(url_for('main.index'))
    form = RegistrationForm()
    if current_app.config['MODE'] == 'development':
        del form.recaptcha
    if form.validate_on_submit():
        if form.email.data == '': # ignore any registration where the email field is filled out. spam prevention
            if form.real_email.data.lower().startswith('postmaster@') or form.real_email.data.lower().startswith('abuse@') or \
                    form.real_email.data.lower().startswith('noc@'):
                flash(_('Sorry, you cannot use that email address'), 'error')
            else:
                verification_token = random_token(16)
                user = User(user_name=form.user_name.data, email=form.real_email.data,
                            verification_token=verification_token)
                user.set_password(form.password.data)
                db.session.add(user)
                db.session.commit()
                login_user(user, remember=True)
                send_welcome_email(user)
                send_verification_email(user)

                if current_app.config['MODE'] == 'development':
                    current_app.logger.info('Verify account:' + url_for('auth.verify_email', token=user.verification_token, _external=True))

                flash(_('Great, you are now a registered user!'))

        # set a cookie so the login button is emphasised on the public site, for future visits
        resp = make_response(redirect(url_for('main.index')))
        resp.set_cookie('logged_in_before', value='1', expires=datetime.now() + timedelta(weeks=300),
                        domain='.chorebuster.net')
        return resp
    return render_template('auth/register.html', title=_('Register'),
                           form=form)


@bp.route('/reset_password_request', methods=['GET', 'POST'])
def reset_password_request():
    if current_user.is_authenticated:
        return redirect(url_for('main.index'))
    form = ResetPasswordRequestForm()
    if form.validate_on_submit():
        if form.email.data.lower().startswith('postmaster@') or form.email.data.lower().startswith('abuse@') or \
                form.email.data.lower().startswith('noc@'):
            flash(_('Sorry, you cannot use that email address'), 'error')
        else:
            user = User.query.filter_by(email=form.email.data).first()
            if user:
                send_password_reset_email(user)
                flash(_('Check your email for the instructions to reset your password'))
                return redirect(url_for('auth.login'))
            else:
                flash(_('No account with that email address exists'), 'warning')
    return render_template('auth/reset_password_request.html',
                           title=_('Reset Password'), form=form)


@bp.route('/reset_password/<token>', methods=['GET', 'POST'])
def reset_password(token):
    if current_user.is_authenticated:
        return redirect(url_for('main.index'))
    user = User.verify_reset_password_token(token)
    if not user:
        return redirect(url_for('main.index'))
    form = ResetPasswordForm()
    if form.validate_on_submit():
        user.set_password(form.password.data)
        db.session.commit()
        flash(_('Your password has been reset.'))
        return redirect(url_for('auth.login'))
    return render_template('auth/reset_password.html', form=form)


@bp.route('/verify_email/<token>')
def verify_email(token):
    if token != '':
        user = User.query.filter_by(verification_token=token).first()
        if user is not None:
            if user.banned:
                flash('You have been banned.', 'error')
                return redirect(url_for('main.index'))
            if user.verified:   # guard against users double-clicking the link in the email
                return redirect(url_for('main.index'))
            user.verified = True
            user.last_seen = datetime.utcnow()
            private_key, public_key = RsaKeys.generate_keypair()
            user.private_key = private_key
            user.public_key = public_key
            db.session.commit()
            flash(_('Thank you for verifying your email address. You can now post content and vote.'))
        else:
            flash(_('Email address validation failed.'), 'error')
        return redirect(url_for('main.index'))


@bp.route('/validation_required')
def validation_required():
    return render_template('auth/validation_required.html')
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`from datetime import date, datetime, timedelta`
federate incoming posts and post replies 2023-09-16 19:09:04 +12:00			`from flask import redirect, url_for, flash, request, make_response, session, Markup, current_app`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`from werkzeug.urls import url_parse`
			`from flask_login import login_user, logout_user, current_user`
			`from flask_babel import _`
			`from app import db`
			`from app.auth import bp`
			`from app.auth.forms import LoginForm, RegistrationForm, ResetPasswordRequestForm, ResetPasswordForm`
user registration and email verification 2023-08-26 15:41:11 +12:00			`from app.auth.util import random_token`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`from app.models import User`
user registration and email verification 2023-08-26 15:41:11 +12:00			`from app.auth.email import send_password_reset_email, send_welcome_email, send_verification_email`
community list and beginning of viewing community 2023-08-29 22:01:06 +12:00			`from app.activitypub.signature import RsaKeys`
federate incoming posts and post replies 2023-09-16 19:09:04 +12:00			`from app.utils import render_template`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00

			`@bp.route('/login', methods=['GET', 'POST'])`
			`def login():`
			`if current_user.is_authenticated:`
			`next_page = request.args.get('next')`
			`if not next_page or url_parse(next_page).netloc != '':`
			`next_page = url_for('main.index')`
			`return redirect(next_page)`
			`form = LoginForm()`
			`if form.validate_on_submit():`
post replies - create, edit, delete 2023-11-22 20:48:27 +13:00			`user = User.query.filter_by(user_name=form.user_name.data, ap_id=None).first()`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`if user is None:`
			`flash(_('No account exists with that user name address'), 'error')`
			`return redirect(url_for('auth.login'))`
limit what unverified users can do 2023-10-23 13:03:35 +13:00			`if user.banned:`
			`flash(_('You have been banned.', 'error'))`
			`return redirect(url_for('auth.login'))`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`if not user.check_password(form.password.data):`
			`if user.password_hash is None:`
			`if "@gmail.com" in user.email:`
			`message = Markup(_('Invalid password. Please click the "Login using Google" button or <a href="/auth/reset_password_request">reset your password</a>.'))`
			`flash(message, 'warning')`
			`else:`
			`message = Markup(_('Invalid password. Please <a href="/auth/reset_password_request">reset your password</a>.'))`
			`flash(message, 'error')`
			`return redirect(url_for('auth.login'))`
			`flash(_('Invalid password'))`
			`return redirect(url_for('auth.login'))`
			`login_user(user, remember=True)`
			`current_user.last_seen = datetime.utcnow()`
user registration and email verification 2023-08-26 15:41:11 +12:00			`current_user.verification_token = ''`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`db.session.commit()`
			`next_page = request.args.get('next')`
			`if not next_page or url_parse(next_page).netloc != '':`
			`next_page = url_for('main.index')`
			`return redirect(next_page)`
			`return render_template('auth/login.html', title=_('Login'), form=form)`


			`@bp.route('/logout')`
			`def logout():`
			`logout_user()`
			`return redirect(url_for('main.index'))`


			`@bp.route('/register', methods=['GET', 'POST'])`
			`def register():`
			`if current_user.is_authenticated:`
			`return redirect(url_for('main.index'))`
			`form = RegistrationForm()`
user registration and email verification 2023-08-26 15:41:11 +12:00			`if current_app.config['MODE'] == 'development':`
			`del form.recaptcha`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`if form.validate_on_submit():`
			`if form.email.data == '': # ignore any registration where the email field is filled out. spam prevention`
			`if form.real_email.data.lower().startswith('postmaster@') or form.real_email.data.lower().startswith('abuse@') or \`
			`form.real_email.data.lower().startswith('noc@'):`
			`flash(_('Sorry, you cannot use that email address'), 'error')`
			`else:`
user registration and email verification 2023-08-26 15:41:11 +12:00			`verification_token = random_token(16)`
			`user = User(user_name=form.user_name.data, email=form.real_email.data,`
			`verification_token=verification_token)`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`user.set_password(form.password.data)`
user registration and email verification 2023-08-26 15:41:11 +12:00			`db.session.add(user)`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`db.session.commit()`
			`login_user(user, remember=True)`
			`send_welcome_email(user)`
user registration and email verification 2023-08-26 15:41:11 +12:00			`send_verification_email(user)`

			`if current_app.config['MODE'] == 'development':`
			`current_app.logger.info('Verify account:' + url_for('auth.verify_email', token=user.verification_token, _external=True))`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00
			`flash(_('Great, you are now a registered user!'))`

			`# set a cookie so the login button is emphasised on the public site, for future visits`
			`resp = make_response(redirect(url_for('main.index')))`
			`resp.set_cookie('logged_in_before', value='1', expires=datetime.now() + timedelta(weeks=300),`
			`domain='.chorebuster.net')`
			`return resp`
			`return render_template('auth/register.html', title=_('Register'),`
			`form=form)`


			`@bp.route('/reset_password_request', methods=['GET', 'POST'])`
			`def reset_password_request():`
			`if current_user.is_authenticated:`
			`return redirect(url_for('main.index'))`
			`form = ResetPasswordRequestForm()`
			`if form.validate_on_submit():`
			`if form.email.data.lower().startswith('postmaster@') or form.email.data.lower().startswith('abuse@') or \`
			`form.email.data.lower().startswith('noc@'):`
			`flash(_('Sorry, you cannot use that email address'), 'error')`
			`else:`
			`user = User.query.filter_by(email=form.email.data).first()`
			`if user:`
			`send_password_reset_email(user)`
			`flash(_('Check your email for the instructions to reset your password'))`
			`return redirect(url_for('auth.login'))`
			`else:`
			`flash(_('No account with that email address exists'), 'warning')`
			`return render_template('auth/reset_password_request.html',`
			`title=_('Reset Password'), form=form)`


			`@bp.route('/reset_password/<token>', methods=['GET', 'POST'])`
			`def reset_password(token):`
			`if current_user.is_authenticated:`
			`return redirect(url_for('main.index'))`
			`user = User.verify_reset_password_token(token)`
			`if not user:`
			`return redirect(url_for('main.index'))`
			`form = ResetPasswordForm()`
			`if form.validate_on_submit():`
			`user.set_password(form.password.data)`
			`db.session.commit()`
			`flash(_('Your password has been reset.'))`
			`return redirect(url_for('auth.login'))`
user registration and email verification 2023-08-26 15:41:11 +12:00			`return render_template('auth/reset_password.html', form=form)`


			`@bp.route('/verify_email/<token>')`
			`def verify_email(token):`
			`if token != '':`
			`user = User.query.filter_by(verification_token=token).first()`
			`if user is not None:`
limit what unverified users can do 2023-10-23 13:03:35 +13:00			`if user.banned:`
			`flash('You have been banned.', 'error')`
			`return redirect(url_for('main.index'))`
community list and beginning of viewing community 2023-08-29 22:01:06 +12:00			`if user.verified: # guard against users double-clicking the link in the email`
			`return redirect(url_for('main.index'))`
user registration and email verification 2023-08-26 15:41:11 +12:00			`user.verified = True`
			`user.last_seen = datetime.utcnow()`
community list and beginning of viewing community 2023-08-29 22:01:06 +12:00			`private_key, public_key = RsaKeys.generate_keypair()`
			`user.private_key = private_key`
			`user.public_key = public_key`
user registration and email verification 2023-08-26 15:41:11 +12:00			`db.session.commit()`
community list and beginning of viewing community 2023-08-29 22:01:06 +12:00			`flash(_('Thank you for verifying your email address. You can now post content and vote.'))`
user registration and email verification 2023-08-26 15:41:11 +12:00			`else:`
			`flash(_('Email address validation failed.'), 'error')`
limit what unverified users can do 2023-10-23 13:03:35 +13:00			`return redirect(url_for('main.index'))`


			`@bp.route('/validation_required')`
			`def validation_required():`
			`return render_template('auth/validation_required.html')`