pyfedi/app/auth/forms.py

from flask_wtf import FlaskForm, RecaptchaField
from wtforms import StringField, PasswordField, SubmitField, HiddenField, BooleanField
from wtforms.validators import ValidationError, DataRequired, Email, EqualTo, Length
from flask_babel import _, lazy_gettext as _l
from app.models import User, Community


class LoginForm(FlaskForm):
    user_name = StringField(_l('User name'), validators=[DataRequired()])
    password = PasswordField(_l('Password'), validators=[DataRequired()])
    low_bandwidth_mode = BooleanField(_l('Low bandwidth mode'))
    submit = SubmitField(_l('Log In'))


class RegistrationForm(FlaskForm):
    user_name = StringField(_l('User name'), validators=[DataRequired()])
    email = HiddenField(_l('Email'))
    real_email = StringField(_l('Email'), validators=[DataRequired(), Email(), Length(min=5, max=255)])
    password = PasswordField(_l('Password'), validators=[DataRequired(), Length(min=8, max=50)])
    password2 = PasswordField(
        _l('Repeat password'), validators=[DataRequired(),
                                           EqualTo('password')])
    recaptcha = RecaptchaField()

    submit = SubmitField(_l('Register'))

    def validate_real_email(self, email):
        user = User.query.filter(User.email.ilike(email.data.strip())).first()
        if user is not None:
            raise ValidationError(_l('An account with this email address already exists.'))

    def validate_user_name(self, user_name):
        user = User.query.filter(User.user_name.ilike(user_name.data.strip())).filter_by(ap_id=None).first()
        if user is not None:
            if user.deleted:
                raise ValidationError(_l('This username was used in the past and cannot be reused.'))
            else:
                raise ValidationError(_l('An account with this user name already exists.'))
        community = Community.query.filter(Community.name.ilike(user_name.data.strip())).first()
        if community is not None:
            raise ValidationError(_l('A community with this name exists so it cannot be used for a user.'))
        
    def validate_password(self, password):
        if not password.data:
            return
        password.data = password.data.strip()
        if password.data == 'password' or password.data == '12345678' or password.data == '1234567890':
            raise ValidationError(_l('This password is too common.'))

        first_char = password.data[0]    # the first character in the string

        all_the_same = True
        # Compare all characters to the first character
        for char in password.data:
            if char != first_char:
                all_the_same = False
        if all_the_same:
            raise ValidationError(_l('This password is not secure.'))

        if password.data == 'password' or password.data == '12345678' or password.data == '1234567890':
            raise ValidationError(_l('This password is too common.'))


class ResetPasswordRequestForm(FlaskForm):
    email = StringField(_l('Email'), validators=[DataRequired(), Email()])
    submit = SubmitField(_l('Request password reset'))


class ResetPasswordForm(FlaskForm):
    password = PasswordField(_l('Password'), validators=[DataRequired()])
    password2 = PasswordField(
        _l('Repeat password'), validators=[DataRequired(),
                                           EqualTo('password')])
    submit = SubmitField(_l('Set password'))
use recaptcha 2 instead of 3 as it's easier to integrate 2024-01-06 19:48:10 +13:00			`from flask_wtf import FlaskForm, RecaptchaField`
Low bandwidth mode 2024-01-08 19:41:32 +13:00			`from wtforms import StringField, PasswordField, SubmitField, HiddenField, BooleanField`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`from wtforms.validators import ValidationError, DataRequired, Email, EqualTo, Length`
			`from flask_babel import _, lazy_gettext as _l`
user registration and email verification 2023-08-26 15:41:11 +12:00			`from app.models import User, Community`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00

			`class LoginForm(FlaskForm):`
			`user_name = StringField(_l('User name'), validators=[DataRequired()])`
			`password = PasswordField(_l('Password'), validators=[DataRequired()])`
Low bandwidth mode 2024-01-08 19:41:32 +13:00			`low_bandwidth_mode = BooleanField(_l('Low bandwidth mode'))`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`submit = SubmitField(_l('Log In'))`


			`class RegistrationForm(FlaskForm):`
			`user_name = StringField(_l('User name'), validators=[DataRequired()])`
			`email = HiddenField(_l('Email'))`
			`real_email = StringField(_l('Email'), validators=[DataRequired(), Email(), Length(min=5, max=255)])`
password strength 2024-01-21 10:40:43 +13:00			`password = PasswordField(_l('Password'), validators=[DataRequired(), Length(min=8, max=50)])`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`password2 = PasswordField(`
			`_l('Repeat password'), validators=[DataRequired(),`
			`EqualTo('password')])`
use recaptcha 2 instead of 3 as it's easier to integrate 2024-01-06 19:48:10 +13:00			`recaptcha = RecaptchaField()`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00
user registration and email verification 2023-08-26 15:41:11 +12:00			`submit = SubmitField(_l('Register'))`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00
			`def validate_real_email(self, email):`
beware of upper and lower case in user_names and community AP ids 2024-01-29 08:47:36 +13:00			`user = User.query.filter(User.email.ilike(email.data.strip())).first()`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00			`if user is not None:`
password strength 2024-01-21 10:40:43 +13:00			`raise ValidationError(_l('An account with this email address already exists.'))`
user login and registration - unfinished 2023-08-05 21:25:18 +12:00
user registration and email verification 2023-08-26 15:41:11 +12:00			`def validate_user_name(self, user_name):`
beware of upper and lower case in user_names and community AP ids 2024-01-29 08:47:36 +13:00			`user = User.query.filter(User.user_name.ilike(user_name.data.strip())).filter_by(ap_id=None).first()`
user registration and email verification 2023-08-26 15:41:11 +12:00			`if user is not None:`
delete account, with federation 2023-12-29 17:32:35 +13:00			`if user.deleted:`
password strength 2024-01-21 10:40:43 +13:00			`raise ValidationError(_l('This username was used in the past and cannot be reused.'))`
delete account, with federation 2023-12-29 17:32:35 +13:00			`else:`
password strength 2024-01-21 10:40:43 +13:00			`raise ValidationError(_l('An account with this user name already exists.'))`
beware of upper and lower case in user_names and community AP ids 2024-01-29 08:47:36 +13:00			`community = Community.query.filter(Community.name.ilike(user_name.data.strip())).first()`
user registration and email verification 2023-08-26 15:41:11 +12:00			`if community is not None:`
password strength 2024-01-21 10:40:43 +13:00			`raise ValidationError(_l('A community with this name exists so it cannot be used for a user.'))`

			`def validate_password(self, password):`
			`if not password.data:`
			`return`
beware of upper and lower case in user_names and community AP ids 2024-01-29 08:47:36 +13:00			`password.data = password.data.strip()`
disallow silly passwords 2024-01-25 14:01:29 +13:00			`if password.data == 'password' or password.data == '12345678' or password.data == '1234567890':`
			`raise ValidationError(_l('This password is too common.'))`

password strength 2024-01-21 10:40:43 +13:00			`first_char = password.data[0] # the first character in the string`

			`all_the_same = True`
			`# Compare all characters to the first character`
			`for char in password.data:`
			`if char != first_char:`
			`all_the_same = False`
			`if all_the_same:`
			`raise ValidationError(_l('This password is not secure.'))`

			`if password.data == 'password' or password.data == '12345678' or password.data == '1234567890':`
			`raise ValidationError(_l('This password is too common.'))`
user registration and email verification 2023-08-26 15:41:11 +12:00
user login and registration - unfinished 2023-08-05 21:25:18 +12:00
			`class ResetPasswordRequestForm(FlaskForm):`
			`email = StringField(_l('Email'), validators=[DataRequired(), Email()])`
			`submit = SubmitField(_l('Request password reset'))`


			`class ResetPasswordForm(FlaskForm):`
			`password = PasswordField(_l('Password'), validators=[DataRequired()])`
			`password2 = PasswordField(`
			`_l('Repeat password'), validators=[DataRequired(),`
			`EqualTo('password')])`
user banning and purging 2023-10-21 15:49:01 +13:00			`submit = SubmitField(_l('Set password'))`