WebTech/application/auth/views.py

from flask import Blueprint, render_template, redirect, url_for, flash

from application import db
from application.auth.models import User
from application.auth.forms import LoginForm
from flask_login import (  # type: ignore
    login_user,  # type: ignore
    logout_user,
    current_user,
)
from werkzeug.security import check_password_hash, generate_password_hash
from application.decorators import admin_required, login_required
from application.auth.forms import RegisterForm, UpdateForm

auth_blueprint = Blueprint("auth", __name__, template_folder="templates")


# Add user
@auth_blueprint.route("/register_user", methods=["GET", "POST"])
@admin_required
def register():
    register_form = RegisterForm()

    if register_form.validate_on_submit():  # type: ignore
        username = register_form.username.data
        password = register_form.password.data
        confirm_password = register_form.confirm_password.data
        is_admin = register_form.is_admin.data
        if confirm_password != password:
            return render_template(
                "register_user.html",
                form=register_form,
                feedback="Passwords don't match, please try again",
                active_page="register",
            )
        if User.query.filter_by(username=username).first():
            return render_template(
                "register_user.html",
                form=register_form,
                feedback="Username is already taken",
                active_page="register",
            )
        new_user = User(
            username=username,  # type: ignore
            password=generate_password_hash(password),  # type: ignore
            is_admin=is_admin,
        )
        db.session.add(new_user)
        db.session.commit()
        return render_template(
            "register_user.html",
            form=RegisterForm(formdata=None),
            feedback="User succesfully added",
            active_page="register",
        )
    return render_template(
        "register_user.html", form=register_form, active_page="register"
    )


# Update user (specifically password)
@auth_blueprint.route("/update_user", methods=["GET", "POST"])
@login_required
def update():
    form = UpdateForm(username=current_user.username)
    if form.validate_on_submit():  # type: ignore
        if not check_password_hash(
            current_user.password, form.current_password.data  # type: ignore
        ):
            return render_template(
                "update_user.html",
                form=form,
                feedback="Current password incorrect",
                active_page="update",
            )
        if form.password.data != form.confirm_password.data:
            return render_template(
                "update_user.html",
                form=form,
                feedback="New password mismatched",
                active_page="update",
            )
        current_user.password = generate_password_hash(
            form.password.data  # type: ignore
        )
        db.session.commit()
        logout_user()
        return redirect(url_for("auth.login"))
    return render_template("update_user.html", form=form, active_page="update")


# Login as user or admin
@auth_blueprint.route("/login", methods=["GET", "POST"])
def login():
    login_form = LoginForm()
    feedback = None

    if login_form.validate_on_submit():  # type: ignore
        username = login_form.username.data
        password = login_form.password.data
        user = User.query.filter_by(username=username).first()  # type: ignore

        if user and check_password_hash(
            user.password, password  # type: ignore
        ):
            login_user(user)  # type: ignore
            return redirect("/")
        else:
            feedback = "Username or password is incorrect"

    return render_template("login.html", form=login_form, feedback=feedback)


# Logout
@auth_blueprint.route("/logout")
@login_required
def logout():
    logout_user()
    flash("Logged out succesfully")
    return redirect(url_for("index"))