diff options
Diffstat (limited to 'accounts/views/login/__init__.py')
-rw-r--r-- | accounts/views/login/__init__.py | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/accounts/views/login/__init__.py b/accounts/views/login/__init__.py index 730b3ed..ee049bf 100644 --- a/accounts/views/login/__init__.py +++ b/accounts/views/login/__init__.py @@ -2,17 +2,21 @@ from flask import Blueprint -from flask import current_app, redirect, request, g, flash, render_template, url_for +from flask import redirect, request, flash, render_template, url_for from flask_login import login_user, logout_user, current_user from urllib.parse import urljoin, urlparse +from werkzeug import Response -from .forms import LoginForm +from accounts.app import accounts_app + +from typing import Union +from .forms import LoginForm bp = Blueprint('login', __name__) -def is_safe_url(target): +def is_safe_url(target: str): ref_url = urlparse(request.host_url) test_url = urlparse(urljoin(request.host_url, target)) print(target) @@ -23,24 +27,22 @@ def is_safe_url(target): @bp.route('/login', methods=['GET', 'POST']) -def login(): +def login() -> Union[str, Response]: if current_user.is_authenticated: return redirect(url_for('default.index')) form = LoginForm(request.form) if form.validate_on_submit(): try: - user = current_app.user_backend.auth(form.username.data, - form.password.data) + user = accounts_app.user_backend.auth(form.username.data, + form.password.data) login_user(user) flash('Erfolgreich eingeloggt', 'success') next = request.form['next'] - if not is_safe_url(next): - next = None - return redirect(next or url_for('default.index')) - except (current_app.user_backend.NoSuchUserError, - current_app.user_backend.InvalidPasswordError): + return redirect(next if is_safe_url(next) else url_for('default.index')) + except (accounts_app.user_backend.NoSuchUserError, + accounts_app.user_backend.InvalidPasswordError): flash('Ungültiger Benutzername und/oder Passwort', 'error') return render_template("login/login.html", form=form, @@ -48,7 +50,7 @@ def login(): @bp.route('/logout') -def logout(): +def logout() -> Response: logout_user() flash('Erfolgreich ausgeloggt.', 'success') return redirect(url_for('.login')) |