diff options
Diffstat (limited to 'accounts/views')
| -rw-r--r-- | accounts/views/admin/__init__.py | 23 | ||||
| -rw-r--r-- | accounts/views/default/__init__.py | 56 | ||||
| -rw-r--r-- | accounts/views/login/__init__.py | 26 |
3 files changed, 56 insertions, 49 deletions
diff --git a/accounts/views/admin/__init__.py b/accounts/views/admin/__init__.py index 35fda58..7378e38 100644 --- a/accounts/views/admin/__init__.py +++ b/accounts/views/admin/__init__.py @@ -2,13 +2,14 @@ from flask import Blueprint -from flask import current_app, redirect, request, g, flash, url_for +from flask import redirect, request, flash, url_for from flask_login import current_user from uuid import uuid4 from werkzeug.exceptions import Forbidden from accounts.utils import templated from accounts.forms import AdminCreateAccountForm, AdminDisableAccountForm +from accounts.app import accounts_app bp = Blueprint('admin', __name__) @@ -17,8 +18,8 @@ bp = Blueprint('admin', __name__) @bp.before_request def restrict_bp_to_admins(): if not current_user.is_authenticated: - return current_app.login_manager.unauthorized() - if current_user.uid not in current_app.config.get('ADMIN_USERS', []): + return accounts_app.login_manager.unauthorized() + if current_user.uid not in accounts_app.config.get('ADMIN_USERS', []): raise Forbidden('Du bist kein Admin.') @@ -33,8 +34,8 @@ def index(): def create_account(): form = AdminCreateAccountForm() if form.validate_on_submit(): - current_app.mail_backend.send(form.mail.data, 'mail/register.txt', - username=form.username.data) + accounts_app.mail_backend.send(form.mail.data, 'mail/register.txt', + username=form.username.data) flash('Mail versandt.', 'success') return redirect(url_for('admin.index')) @@ -45,7 +46,7 @@ def create_account(): @bp.route('/view_blacklist/<start>') @templated('admin/view_blacklist.html') def view_blacklist(start=''): - entries = current_app.username_blacklist + entries = accounts_app.username_blacklist if start: entries = [e for e in entries if e.startswith(start)] @@ -68,20 +69,20 @@ def disable_account(): if form.validate_on_submit(): random_pw = str(uuid4()) form.user.change_password(random_pw) - for service in current_app.all_services: + for service in accounts_app.all_services: form.user.reset_password(service.id) oldmail = form.user.mail - mail = current_app.config['DISABLED_ACCOUNT_MAILADDRESS_TEMPLATE'] % form.user.uid + mail = accounts_app.config['DISABLED_ACCOUNT_MAILADDRESS_TEMPLATE'] % form.user.uid form.user.change_email(mail) - current_app.user_backend.update(form.user, as_admin=True) + accounts_app.user_backend.update(form.user, as_admin=True) flash('Passwort auf ein zufälliges und Mailadresse auf %s ' 'gesetzt.' % mail, 'success') - current_app.mail_backend.send( - current_app.config['MAIL_REGISTER_NOTIFY'], + accounts_app.mail_backend.send( + accounts_app.config['MAIL_REGISTER_NOTIFY'], 'mail/disable_notify.txt', username=form.user.uid, mail=oldmail, admin=current_user.uid) diff --git a/accounts/views/default/__init__.py b/accounts/views/default/__init__.py index 1854c46..0b7065d 100644 --- a/accounts/views/default/__init__.py +++ b/accounts/views/default/__init__.py @@ -3,10 +3,11 @@ from copy import deepcopy from flask import Blueprint -from flask import current_app, redirect, render_template, request, g, \ +from flask import redirect, render_template, request, \ flash, url_for -from flask_login import login_required, login_user, logout_user, current_user +from flask_login import login_required, login_user, current_user from werkzeug.exceptions import Forbidden +from werkzeug import Response from accounts.forms import RegisterForm, RegisterCompleteForm, \ LostPasswordForm, SettingsForm @@ -14,6 +15,9 @@ from accounts.utils import templated from accounts.utils.confirmation import Confirmation from accounts.utils.login import logout_required from accounts.models import Account +from accounts.app import accounts_app + +from typing import Union bp = Blueprint('default', __name__) @@ -22,11 +26,11 @@ bp = Blueprint('default', __name__) @bp.route('/register', methods=['GET', 'POST']) @templated('register.html') @logout_required -def register(): +def register() -> Union[dict, Response]: form = RegisterForm() if form.validate_on_submit(): - current_app.mail_backend.send(form.mail.data, 'mail/register.txt', - username=form.username.data) + accounts_app.mail_backend.send(form.mail.data, 'mail/register.txt', + username=form.username.data) flash('Es wurde eine E-Mail an die angegebene Adresse geschickt, ' 'um diese zu überprüfen. Bitte folge den Anweisungen in der ' @@ -40,14 +44,14 @@ def register(): @bp.route('/register/<token>', methods=['GET', 'POST']) @templated('register_complete.html') @logout_required -def register_complete(token): +def register_complete(token: str): #TODO: check for double uids and mail username, mail = Confirmation('register').loads_http(token, max_age=3*24*60*60) try: - current_app.user_backend.get_by_uid(username) - current_app.user_backend.get_by_mail(mail) - except current_app.user_backend.NoSuchUserError: + accounts_app.user_backend.get_by_uid(username) + accounts_app.user_backend.get_by_mail(mail) + except accounts_app.user_backend.NoSuchUserError: pass else: flash('Du hast den Benutzer bereits angelegt! Du kannst dich jetzt einfach einloggen:') @@ -56,11 +60,11 @@ def register_complete(token): form = RegisterCompleteForm() if form.validate_on_submit(): user = Account(username, mail, password=form.password.data) - current_app.user_backend.register(user) + accounts_app.user_backend.register(user) login_user(user) - current_app.mail_backend.send( - current_app.config['MAIL_REGISTER_NOTIFY'], + accounts_app.mail_backend.send( + accounts_app.config['MAIL_REGISTER_NOTIFY'], 'mail/register_notify.txt', username=username, mail=mail) @@ -83,7 +87,7 @@ def lost_password(): if form.validate_on_submit(): #TODO: make the link only usable once (e.g include a hash of the old pw) # atm the only thing we do is make the link valid for only little time - current_app.mail_backend.send( + accounts_app.mail_backend.send( form.user.mail, 'mail/lost_password.txt', username=form.user.uid) flash('Wir haben dir eine E-Mail mit einem Link zum Passwort ändern ' @@ -97,14 +101,14 @@ def lost_password(): @bp.route('/lost_password/<token>', methods=['GET', 'POST']) @templated('lost_password_complete.html') @logout_required -def lost_password_complete(token): +def lost_password_complete(token: str): (username,) = Confirmation('lost_password').loads_http(token, max_age=4*60*60) form = RegisterCompleteForm() if form.validate_on_submit(): - user = current_app.user_backend.get_by_uid(username) + user = accounts_app.user_backend.get_by_uid(username) user.change_password(form.password.data) - current_app.user_backend.update(user, as_admin=True) + accounts_app.user_backend.update(user, as_admin=True) login_user(user) flash('Passwort geändert.', 'success') @@ -120,13 +124,13 @@ def lost_password_complete(token): @bp.route('/', methods=['GET', 'POST']) @templated('index.html') @login_required -def index(): +def index() -> Union[Response, dict]: form = SettingsForm(mail=current_user.mail) if form.validate_on_submit(): changed = False if request.form.get('submit_services'): - for service in current_app.all_services: + for service in accounts_app.all_services: field = form.get_servicedelete(service.id) if field.data: current_user.reset_password(service.id) @@ -134,7 +138,7 @@ def index(): elif request.form.get('submit_main'): if form.mail.data and form.mail.data != current_user.mail: - current_app.mail_backend.send( + accounts_app.mail_backend.send( form.mail.data, 'mail/change_mail.txt', username=current_user.uid) @@ -148,21 +152,21 @@ def index(): flash('Passwort geändert', 'success') changed = True - for service in current_app.all_services: + for service in accounts_app.all_services: field = form.get_servicepassword(service.id) if field.data: changed = True current_user.change_password(field.data, None, service.id) if changed: - current_app.user_backend.update(current_user) + accounts_app.user_backend.update(current_user) login_user(current_user) return redirect(url_for('.index')) else: flash('Nichts geändert.') - services = deepcopy(current_app.all_services) + services = deepcopy(accounts_app.all_services) for s in services: s.changed = s.id in current_user.services @@ -174,19 +178,19 @@ def index(): @bp.route('/change_mail/<token>') @login_required -def change_mail(token): +def change_mail(token: str): username, mail = Confirmation('change_mail').loads_http(token, max_age=3*24*60*60) if current_user.uid != username: raise Forbidden('Bitte logge dich als der Benutzer ein, dessen E-Mail-Adresse du ändern willst.') - results = current_app.user_backend.find_by_mail(mail) + results = accounts_app.user_backend.find_by_mail(mail) for user in results: if user.uid != current_user.uid: raise Forbidden('Diese E-Mail-Adresse wird schon von einem anderen account benutzt!') current_user.change_email(mail) - current_app.user_backend.update(current_user) + accounts_app.user_backend.update(current_user) flash('E-Mail-Adresse geändert.', 'success') return redirect(url_for('.index')) @@ -196,7 +200,7 @@ def change_mail(token): @templated('about.html') def about(): return { - 'app': current_app, + 'app': accounts_app, } diff --git a/accounts/views/login/__init__.py b/accounts/views/login/__init__.py index 730b3ed..ee049bf 100644 --- a/accounts/views/login/__init__.py +++ b/accounts/views/login/__init__.py @@ -2,17 +2,21 @@ from flask import Blueprint -from flask import current_app, redirect, request, g, flash, render_template, url_for +from flask import redirect, request, flash, render_template, url_for from flask_login import login_user, logout_user, current_user from urllib.parse import urljoin, urlparse +from werkzeug import Response -from .forms import LoginForm +from accounts.app import accounts_app + +from typing import Union +from .forms import LoginForm bp = Blueprint('login', __name__) -def is_safe_url(target): +def is_safe_url(target: str): ref_url = urlparse(request.host_url) test_url = urlparse(urljoin(request.host_url, target)) print(target) @@ -23,24 +27,22 @@ def is_safe_url(target): @bp.route('/login', methods=['GET', 'POST']) -def login(): +def login() -> Union[str, Response]: if current_user.is_authenticated: return redirect(url_for('default.index')) form = LoginForm(request.form) if form.validate_on_submit(): try: - user = current_app.user_backend.auth(form.username.data, - form.password.data) + user = accounts_app.user_backend.auth(form.username.data, + form.password.data) login_user(user) flash('Erfolgreich eingeloggt', 'success') next = request.form['next'] - if not is_safe_url(next): - next = None - return redirect(next or url_for('default.index')) - except (current_app.user_backend.NoSuchUserError, - current_app.user_backend.InvalidPasswordError): + return redirect(next if is_safe_url(next) else url_for('default.index')) + except (accounts_app.user_backend.NoSuchUserError, + accounts_app.user_backend.InvalidPasswordError): flash('Ungültiger Benutzername und/oder Passwort', 'error') return render_template("login/login.html", form=form, @@ -48,7 +50,7 @@ def login(): @bp.route('/logout') -def logout(): +def logout() -> Response: logout_user() flash('Erfolgreich ausgeloggt.', 'success') return redirect(url_for('.login')) |