Use Flask-Login for login handling

2 files changed, 34 insertions, 32 deletions

diff --git a/accounts/views/admin/__init__.py b/accounts/views/admin/__init__.py
index 5564f93..be7f3d7 100644
--- a/accounts/views/admin/__init__.py
+++ b/accounts/views/admin/__init__.py
@@ -3,6 +3,7 @@ from __future__ import absolute_import
 
 from flask import Blueprint
 from flask import current_app, redirect, request, g, flash, url_for
+from flask.ext.login import current_user
 from uuid import uuid4
 from werkzeug.exceptions import Forbidden
 
@@ -15,9 +16,9 @@ bp = Blueprint('admin', __name__)
 
 @bp.before_request
 def restrict_bp_to_admins():
-    if not g.user:
+    if not current_user.is_authenticated:
         raise Forbidden(u'Bitte einloggen!')
-    if g.user.uid not in current_app.config.get('ADMIN_USERS', []):
+    if current_user.uid not in current_app.config.get('ADMIN_USERS', []):
         raise Forbidden(u'Du bist kein Admin.')
 
 
diff --git a/accounts/views/default/__init__.py b/accounts/views/default/__init__.py
index 64c855f..37f71f6 100644
--- a/accounts/views/default/__init__.py
+++ b/accounts/views/default/__init__.py
@@ -4,11 +4,13 @@ from __future__ import absolute_import
 from copy import deepcopy
 from flask import Blueprint
 from flask import current_app, redirect, request, g, flash, url_for
+from flask.ext.login import login_required, login_user, logout_user, current_user
 
 from accounts.forms import LoginForm, RegisterForm, RegisterCompleteForm, \
     LostPasswordForm, SettingsForm
 from accounts.utils import *
 from accounts.utils.confirmation import Confirmation
+from accounts.utils.login import logout_required
 from accounts.models import Account
 
 
@@ -18,17 +20,21 @@ bp = Blueprint('default', __name__)
 @bp.route('/', methods=['GET', 'POST'])
 @templated('index.html')
 def index():
-    if not g.user:
-        form = LoginForm(request.form)
-        if form.validate_on_submit():
-            if login_user(form.username.data, form.password.data):
-                flash(u'Erfolgreich eingeloggt', 'success')
-                return redirect(url_for('.settings'))
-            else:
-                flash(u'Ungültiger Benutzername und/oder Passwort', 'error')
-    else:
+    if current_user.is_authenticated:
         return redirect(url_for('.settings'))
 
+    form = LoginForm(request.form)
+    if form.validate_on_submit():
+        try:
+            user = current_app.user_backend.auth(form.username.data,
+                                                 form.password.data)
+            login_user(user)
+            flash(u'Erfolgreich eingeloggt', 'success')
+            return redirect(url_for('.settings'))
+        except (current_app.user_backend.NoSuchUserError,
+                current_app.user_backend.InvalidPasswordError):
+            flash(u'Ungültiger Benutzername und/oder Passwort', 'error')
+
     return {'form': form}
 
 
@@ -71,9 +77,7 @@ def register_complete(token):
 
         user = Account(username, mail, password=form.password.data)
         current_app.user_backend.register(user)
-
-        # populate request context and session
-        assert login_user(user.uid, user.password)
+        login_user(user)
 
         if current_app.config.get('MAIL_REGISTER_NOTIFY'):
             current_app.mail_backend.send(
@@ -132,11 +136,9 @@ def lost_password_complete(token):
         user = current_app.user_backend.get_by_uid(username)
         user.change_password(form.password.data)
         current_app.user_backend.update(user, as_admin=True)
+        login_user(user)
 
-        session['username'] = username
-        session['password'] = form.password.data
         flash(u'Passwort geändert.', 'success')
-
         return redirect(url_for('.settings'))
 
     return {
@@ -150,7 +152,7 @@ def lost_password_complete(token):
 @templated('settings.html')
 @login_required
 def settings():
-    form = SettingsForm(request.form, mail=g.user.attributes['mail'])
+    form = SettingsForm(request.form, mail=current_user.attributes['mail'])
     if form.validate_on_submit():
         changed = False
 
@@ -158,15 +160,15 @@ def settings():
             for service in current_app.all_services:
                 field = form.get_servicedelete(service.id)
                 if(field.data):
-                    g.user.reset_password(service.id)
+                    current_user.reset_password(service.id)
                     changed = True
 
         elif request.form.get('submit_main'):
-            if form.mail.data and form.mail.data != g.user.attributes['mail']:
-                confirm_token = Confirmation('change_mail').dumps((g.user.uid, form.mail.data))
+            if form.mail.data and form.mail.data != current_user.attributes['mail']:
+                confirm_token = Confirmation('change_mail').dumps((current_user.uid, form.mail.data))
                 confirm_link = url_for('.change_mail', token=confirm_token, _external=True)
 
-                body = render_template('mail/change_mail.txt', username=g.user.uid,
+                body = render_template('mail/change_mail.txt', username=current_user.uid,
                                        mail=form.mail.data, link=confirm_link)
 
                 current_app.mail_backend.send(
@@ -179,9 +181,7 @@ def settings():
                 changed = True
 
             if form.password.data:
-                g.user.change_password(form.password.data, form.old_password.data)
-                session['password'] = form.password.data
-
+                current_user.change_password(form.password.data, form.old_password.data)
                 flash(u'Passwort geändert', 'success')
                 changed = True
 
@@ -189,10 +189,11 @@ def settings():
                 field = form.get_servicepassword(service.id)
                 if field.data:
                     changed = True
-                    g.user.change_password(field.data, None, service.id)
+                    current_user.change_password(field.data, None, service.id)
 
         if changed:
-            current_app.user_backend.update(g.user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind
+            current_app.user_backend.update(current_user, as_admin=True) #XXX: as_admin wieder wegmachen sobald ACLs richtig gesetzt sind
+            login_user(current_user)
             return redirect(url_for('.settings'))
         else:
             flash(u'Nichts geändert.')
@@ -200,7 +201,7 @@ def settings():
 
     services = deepcopy(current_app.all_services)
     for s in services:
-        s.changed = s.id in g.user.services
+        s.changed = s.id in current_user.services
 
     return {
         'form': form,
@@ -213,16 +214,16 @@ def settings():
 def change_mail(token):
     username, mail = Confirmation('change_mail').loads_http(token, max_age=3*24*60*60)
 
-    if g.user.uid != username:
+    if current_user.uid != username:
         raise Forbidden(u'Bitte logge dich als der Benutzer ein, dessen E-Mail-Adresse du ändern willst.')
 
     results = current_app.user_backend.find_by_mail(mail)
     for user in results:
-        if user.uid != g.user.uid:
+        if user.uid != current_user.uid:
             raise Forbidden(u'Diese E-Mail-Adresse wird schon von einem anderen account benutzt!')
 
-    g.user.change_email(mail)
-    current_app.user_backend.update(g.user)
+    current_user.change_email(mail)
+    current_app.user_backend.update(current_user)
 
     flash(u'E-Mail-Adresse geändert.', 'success')
     return redirect(url_for('.settings'))