Oazzies/Beacon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Beacon/app/controllers/auth_controller.py

83 lines
3.3 KiB
Python
Raw Permalink Blame History

from flask import Blueprint, request, redirect, url_for, flash, render_template
from flask_login import login_user, logout_user
from app.models.users import User
from datetime import datetime, timedelta
from app.models import db
import re
import sys
auth = Blueprint('auth', __name__)
def _authenticate(username, password):
user = User.query.filter_by(username=username).first()
if user and user.password == password:
print(sys.version)
return user
return None
def login():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
user = User.query.filter_by(username=username).first()
if user:
if user.failed_login_attempts is not None and user.failed_login_attempts >= 10:
cooldown_expires = user.last_failed_login_attempt + timedelta(minutes=10)
if datetime.now() < cooldown_expires:
flash('You have exceeded the maximum number of failed login attempts. Please try again in {} minutes.'.format((cooldown_expires - datetime.now()).seconds // 60), 'danger')
return render_template('login.html')
if user.password == password:
user.failed_login_attempts = 0
login_user(user)
return redirect(url_for('main.wines_route'))
else:
user.failed_login_attempts = (user.failed_login_attempts or 0) + 1
user.last_failed_login_attempt = datetime.now()
db.session.commit()
flash('Invalid username or password.', 'danger')
else:
flash('Invalid username or password.', 'danger')
return render_template('login.html')
def logout():
logout_user()
flash('You have been logged out.', 'info')
return redirect(url_for('main.login_route'))
def signup():
username = request.form.get('username')
email = request.form.get('email')
password = request.form.get('password')
# Server-side validation
if len(username) < 5:
flash('Username must be at least 5 characters long', 'danger')
return redirect(url_for('main.login_route'))
email_regex = r'^[a-zA-Z][a-zA-Z0-9._-]*@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
if not re.match(email_regex, email):
flash('Please enter a valid email address', 'danger')
return redirect(url_for('main.login_route'))
password_regex = r'^(?=.*[0-9])(?=.*[!@#$%^&*])[a-zA-Z0-9!@#$%^&*]{8,}$'
if not re.match(password_regex, password):
flash('Password must be at least 8 characters long and contain a number and a special character', 'danger')
return redirect(url_for('main.login_route'))
# Check if username or email already exists
if User.query.filter_by(username=username).first():
flash('Username already exists', 'danger')
return redirect(url_for('main.login_route'))
if User.query.filter_by(email=email).first():
flash('Email already exists', 'danger')
return redirect(url_for('main.login_route'))
# Create new user
new_user = User(username=username, email=email, password=password)
db.session.add(new_user)
db.session.commit()
flash('Account created successfully! Please login.', 'success')
return redirect(url_for('main.login_route'))
Reference in New Issue View Git Blame Copy Permalink