continue

6 months ago · d6b3286bc5
2 changed files with 57 additions and 15 deletions
--- a/library/page.py
+++ b/library/page.py
@ -1,15 +1,21 @@
 """This is the main flask library page"""


+from datetime import timedelta
 import datetime
 import json
 import os

 import bcrypt
-from app import create_app
+from app import create_app, login_manager
 from application.csvparser import CsvParser
-from flask import Blueprint, redirect, render_template, request
-from flask_wtf.csrf import CSRFProtect
+from flask import Blueprint, redirect, render_template, request, session
+from flask_wtf.csrf import CSRFProtect, CSRFError
+from flask_login import (
+    logout_user,
+    login_required,
+    current_user,
+)
 from forms.borrowform import BorrowForm
 from forms.uploadform import PublicationForm
 from icalendar import Calendar
@ -28,6 +34,12 @@ csvparser = CsvParser(
 )


+@APP.before_request
+def session_handler():
+    session.permanent = True
+    APP.permanent_session_lifetime = timedelta(minutes=30)
+
+
@APP.route("/")
 def index():
    """Main route, shows all the books and you can filter them
@ -48,13 +60,12 @@ def index():


@APP.route("/upload", methods=["GET", "POST"])
+@login_required
 def upload():
    """Upload route, a page to upload a book to the csv"""
    uploadform = PublicationForm()
    if request.method == "POST":
-        if uploadform.validate_on_submit() and checksecret(
-            uploadform.secret.data
-        ):
+        if uploadform.validate_on_submit():
            id = csvparser.writepublication(uploadform)
            saveimage(uploadform.image.data, id)
            return redirect(str(id), code=303)
@ -112,14 +123,46 @@ def saveimage(image, id):
    os.remove(os.path.join(APP.config["UPLOAD_FOLDER"], image.filename))


-def checksecret(secret):
-    """small simple check to a secret, library group members can upload"""
-    with open("secret") as f:
-        secrethash = f.readline().rstrip()
-        if bcrypt.checkpw(secret.encode("utf-8"), secrethash.encode("utf-8")):
-            return True
-        else:
-            return False
+@APP.route("/logout")
+@login_required
+def logout():
+    logout_user()
+    return redirect(url_for("index"))
+
+
+@APP.route("/login", methods=["GET", "POST"])
+def login():
+    return LoginUser()
+
+
+@APP.route("/register", methods=["GET", "POST"])
+def register():
+    return RegisterUser()
+
+
+@APP.route("/forgotpassword", methods=["GET", "POST"])
+def forgotpassword():
+    return ForgotPassword(mail)
+
+
+@APP.route("/resetpassword/<path>", methods=["GET", "POST"])
+def resetpassword(path):
+    return ResetPassword(path)
+
+
+@APP.errorhandler(CSRFError)
+def handle_csrf_error(e):
+    return render_template("csrf_error.html", reason=e.description), 400
+
+
+@login_manager.user_loader
+def load_user(user_id):
+    return User.query.get(int(user_id))
+
+
+@APP.errorhandler(CSRFError)
+def handle_csrf_error(e):
+    return render_template("csrf_error.html", reason=e.description), 400


 if __name__ == "__main__":
--- a/library/secret
+++ b/library/secret
@ -1 +0,0 @@
-$2b$12$kZC/e1smAiBCntQxLUpsZ.H0Y5VkWG/YLt18wIdGmONtijkXYaVsO
			`@ -1 +0,0 @@`
			`$2b$12$kZC/e1smAiBCntQxLUpsZ.H0Y5VkWG/YLt18wIdGmONtijkXYaVsO`