user credentials

nickretallack · Feb 8, 2011 · 677cf00 · 677cf00
1 parent 0f13e26
commit 677cf00
Show file tree

Hide file tree

Showing 9 changed files with 135 additions and 17 deletions.
diff --git a/main.py b/main.py
@@ -3,13 +3,15 @@
 from werkzeug import generate_password_hash, check_password_hash
 from werkzeug.datastructures import MultiDict
 from wtforms import *
+from uuid import uuid4 as make_invitation_id
 
 def required(result):
     if not result:
         abort(404)
     return result
 
 app = Flask(__name__)
+app.secret_key = 'seeeecret'
 app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://nick@localhost/circles'
 db = SQLAlchemy(app)
 
@@ -33,6 +35,14 @@ class PasswordCredentials(db.Model):
     login = db.Column(db.String(80), unique=True, primary_key=True)
     hashed_password = db.Column(db.String(80))
 
+    user = db.relationship(User, backref='credentials')
+
+    def set_password(self, password):
+        self.hashed_password = generate_password_hash(password)
+
+    def check_password(self, password):
+        return check_password_hash(self.hashed_password, password)
+
 class OpenIDCredentials(db.Model):
     __tablename__ = 'openids'
     user_id = db.Column(db.Integer, db.ForeignKey('users.id'))
@@ -151,6 +161,19 @@ class EventCircles(db.Model):
     circle_id = db.Column(db.Integer, db.ForeignKey('circles.id'), primary_key=True)
     discussion_id = db.Column(db.Integer, db.ForeignKey('discussions.id'))
 
+class Invitation(db.Model):
+    __tablename__ = 'invitations'
+    id = db.Column(db.String(80), primary_key=True)
+    circle_id = db.Column(db.Integer, db.ForeignKey('circles.id'))
+    inviter_id = db.Column(db.Integer, db.ForeignKey('users.id'))
+
+    inviter = db.relationship(User, backref='invitations')
+
+    def __init__(self, **kwargs):
+        self.id = make_invitation_id()
+        super(Invitation, self).__init__(**kwargs)
+
+
 class JoinCircleForm(Form):
     nickname = TextField('What would you like to be called in this circle?')
 
@@ -166,11 +189,11 @@ class CommentForm(Form):
 
 @app.before_request
 def set_current_user():
-    user_id = web_session.get('current_user_id',None)
+    user_id = web_session.get('user_id',None)
     if user_id:
         g.user = User.query.filter_by(id=user_id).first()
     else:
-        g.user = db.session.query(User).filter_by(id=2).first() #None #AnonymousUser()
+        g.user = None
 
 @app.route("/")
 def front():
@@ -224,7 +247,51 @@ def new_comment(id):
 
         return redirect(url_for('show_circle',id=circle.id))
 
+class LoginForm(Form):
+    login = TextField('Login name', [validators.Required()],
+        description='This name is only used for logging in to the site.  No one will ever see it.')
+    password = PasswordField('Password', [validators.Required()])
+
+
+@app.route('/login', methods=['GET','POST'])
+def login():
+    form = LoginForm(request.form)
+    if request.method == 'POST' and form.validate():
+        action = request.form.get('action',None)
+        login = form.login.data
+        password = form.password.data
+        credentials = db.session.query(PasswordCredentials).filter_by(login=login).first()
+        if action == 'login':
+            if not credentials:
+                form.login.errors.append("This login doesn't exist yet.")
+            elif credentials.check_password(password):
+                web_session['user_id'] = credentials.user.id
+                # flash successful login
+                return redirect(url_for('front'))
+            else:
+                form.password.errors.append("This password is incorrect for this login")
+
+        elif action == 'register':
+            if credentials:
+                form.login.errors.append("This login already exists.")
+            else:
+                user = User()
+                credentials = PasswordCredentials(user=user, login=login)
+                credentials.set_password(password)
+
+                db.session.add(user)
+                db.session.add(credentials)
+                db.session.commit()
+                web_session['user_id'] = user.id
+        else:
+            return "Something is not right"
+
+    return render('login.html', form=form)
 
+@app.route('/logout')
+def logout():
+    web_session['user_id'] = None
+    return redirect(url_for('front'))
 
 if __name__ == "__main__":
     app.run(debug=True)
diff --git a/notes.txt b/notes.txt
@@ -1 +1,12 @@
 This is going to need private messages.  Those will exist within circles too.
+
+
+Okay, invitations.  You send an email with a link in it.  The link should just contain a single hash.  All the relevant info would be in the database.
+
+Invitation:
+    uid
+    circle_id
+    inviter_id - person who invited you.  Automatically establishes trust with this user
+
+You might have an account already, or not.  Hm.  I need to handle logins now.
+Also figure out email.
diff --git a/static/style.css b/static/style.css
@@ -1,4 +1,7 @@
-label {display:block}
+html {font-family:helvetica}
+a {color:blue; cursor:pointer; text-decoration:none}
+a:hover {text-decoration:underline}
 ul {margin:0; padding:0; list-style:none}
 .discussion {background-color:#eee; margin:1ex; padding:0}
 .thread {margin-left:5ex}
+input[type=text], textarea {font-family:inherit; font-size:inherit}
diff --git a/templates/base.html b/templates/base.html
@@ -4,6 +4,12 @@
 <link rel="stylesheet" type="text/css" href="{{url_for('static', filename='style.css')}}">
 </head>
 <body>
+{% if g.user %}
+<a href="{{url_for('logout')}}">Logout</a>
+{% else %}
+<a href="{{url_for('login')}}">Login</a>
+{% endif %}
+
 {% block content %}
 
 

diff --git a/templates/empty.html b/templates/empty.html
@@ -0,0 +1,6 @@
+{% extends 'base.html' %}
+
+{% block content %}
+
+
+{% endblock %}
diff --git a/templates/forms.html b/templates/forms.html
@@ -0,0 +1,15 @@
+{% macro form_field(field) %}
+<div>{{field.label}}</div>
+<div>{{field}}</div>
+{% if field.description %}
+<div>{{field.description}}</div>
+{% endif %}
+{% if field.errors %}
+<ul class="errors">
+{% for error in field.errors %}
+<li>{{error}}</li>
+{% endfor %}
+</ul>
+{% endif %}
+</div>
+{% endmacro %}
diff --git a/templates/front.html b/templates/front.html
@@ -6,7 +6,8 @@ <h1>Circles</h1>
 
 <p>This site aims to help you meet more locals who share your interests, no matter how obscure they are.  You can keep up with your closest friends without worrying that your secrets could spread.</p>
 
-<a href="{{url_for('new_circle')}}">Create a circle of friends</a>
+{% if g.user %}
+<p><a href="{{url_for('new_circle')}}">Create a circle of friends</a></p>
 
 {% if your_circles.count() %}
 <h2>Your Circles</h2>
@@ -16,4 +17,11 @@ <h2>Your Circles</h2>
 {% else %}
 <p>Or ask your friends to invite you to one.</p>
 {% endif %}
+
+{% else %}
+<p><a href="{{url_for('login')}}">Login or register to start a circle</a></p>
+<p>Or ask your friends to invite you to one.</p>
+{% endif %}
+
+
 {% endblock %}
diff --git a/templates/login.html b/templates/login.html
@@ -0,0 +1,14 @@
+{% extends 'base.html' %}
+
+{% from 'forms.html' import form_field %}
+{% block content %}
+
+<form action="{{url_for('login')}}" method="POST">
+{% for field in form %}
+{{ form_field(field) }}
+{% endfor %}
+<button name="action" value="login">Login</button> or 
+<button name="action" value="register">Register</button>
+</form>
+
+{% endblock %}
diff --git a/templates/new_circle.html b/templates/new_circle.html
@@ -1,17 +1,5 @@
 {% extends 'base.html' %}
-
-{% macro form_field(field) %}
-<div>
-{{field.label}} {{field}}
-{% if field.errors %}
-<ul class="errors">
-{% for error in field.errors %}
-<li>{{error}}</li>
-{% endfor %}
-</ul>
-{% endif %}
-</div>
-{% endmacro %}
+{% from 'forms.html' import form_field %}
 
 {% block content %}
 <h1>Create a Circle</h1>