continue

library/page.py

@@ -1,15 +1,21 @@
 """This is the main flask library page"""
 
 
+from datetime import timedelta
 import datetime
 import json
 import os
 
 import bcrypt
-from app import create_app
+from app import create_app, login_manager
 from application.csvparser import CsvParser
-from flask import Blueprint, redirect, render_template, request
+from flask import Blueprint, redirect, render_template, request, session
-from flask_wtf.csrf import CSRFProtect
+from flask_wtf.csrf import CSRFProtect, CSRFError
+from flask_login import (
+    logout_user,
+    login_required,
+    current_user,
+)
 from forms.borrowform import BorrowForm
 from forms.uploadform import PublicationForm
 from icalendar import Calendar
@@ -28,6 +34,12 @@ csvparser = CsvParser(
 )
 
 
+@APP.before_request
+def session_handler():
+    session.permanent = True
+    APP.permanent_session_lifetime = timedelta(minutes=30)
+
+
 @APP.route("/")
 def index():
     """Main route, shows all the books and you can filter them
@@ -48,13 +60,12 @@ def index():
 
 
 @APP.route("/upload", methods=["GET", "POST"])
+@login_required
 def upload():
     """Upload route, a page to upload a book to the csv"""
     uploadform = PublicationForm()
     if request.method == "POST":
-        if uploadform.validate_on_submit() and checksecret(
+        if uploadform.validate_on_submit():
-            uploadform.secret.data
-        ):
             id = csvparser.writepublication(uploadform)
             saveimage(uploadform.image.data, id)
             return redirect(str(id), code=303)
@@ -112,14 +123,46 @@ def saveimage(image, id):
     os.remove(os.path.join(APP.config["UPLOAD_FOLDER"], image.filename))
 
 
-def checksecret(secret):
+@APP.route("/logout")
-    """small simple check to a secret, library group members can upload"""
+@login_required
-    with open("secret") as f:
+def logout():
-        secrethash = f.readline().rstrip()
+    logout_user()
-        if bcrypt.checkpw(secret.encode("utf-8"), secrethash.encode("utf-8")):
+    return redirect(url_for("index"))
-            return True
+
-        else:
+
-            return False
+@APP.route("/login", methods=["GET", "POST"])
+def login():
+    return LoginUser()
+
+
+@APP.route("/register", methods=["GET", "POST"])
+def register():
+    return RegisterUser()
+
+
+@APP.route("/forgotpassword", methods=["GET", "POST"])
+def forgotpassword():
+    return ForgotPassword(mail)
+
+
+@APP.route("/resetpassword/<path>", methods=["GET", "POST"])
+def resetpassword(path):
+    return ResetPassword(path)
+
+
+@APP.errorhandler(CSRFError)
+def handle_csrf_error(e):
+    return render_template("csrf_error.html", reason=e.description), 400
+
+
+@login_manager.user_loader
+def load_user(user_id):
+    return User.query.get(int(user_id))
+
+
+@APP.errorhandler(CSRFError)
+def handle_csrf_error(e):
+    return render_template("csrf_error.html", reason=e.description), 400
 
 
 if __name__ == "__main__":

library/secret

@@ -1 +0,0 @@
-$2b$12$kZC/e1smAiBCntQxLUpsZ.H0Y5VkWG/YLt18wIdGmONtijkXYaVsO