updated user auth

realpython · Sep 25, 2014 · 5e5e992 · 5e5e992
1 parent cacfc2e
commit 5e5e992
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 15 deletions.
diff --git a/db_create_users.py b/db_create_users.py
@@ -2,8 +2,8 @@
 from project.models import User
 
 # insert data
-# db.session.add(User("michael", "michael@realpython.com", "i'll-never-tell"))
-# db.session.add(User("admin", "ad@min.com", "admin"))
+db.session.add(User("michael", "michael@realpython.com", "i'll-never-tell"))
+db.session.add(User("admin", "ad@min.com", "admin"))
 db.session.add(User("mike", "mike@herman.com", "tell"))
 
 # commit the changes

diff --git a/project/users/forms.py b/project/users/forms.py
@@ -0,0 +1,8 @@
+from flask_wtf import Form
+from wtforms import TextField, PasswordField
+from wtforms.validators import DataRequired
+
+
+class LoginForm(Form):
+    username = TextField('Username', validators=[DataRequired()])
+    password = PasswordField('Password', validators=[DataRequired()])
diff --git a/project/users/templates/login.html b/project/users/templates/login.html
@@ -1,12 +1,32 @@
 {% extends "base.html" %}
+
 {% block content %}
 
 <h1>Please login</h1>
 <br>
-<form action="" method="post">
-  <input type="text" placeholder="Username" name="username" value="{{request.form.username }}">
-  <input type="password" placeholder="Password" name="password" value="{{request.form.password }}">
-  <input class="btn btn-default" type="submit" value="Login">
+<form class="form-signin" role="form" method="post" action="">
+  {{ form.csrf_token }}
+  <p>
+    {{ form.username(placeholder="username") }}
+    <span class="error">
+      {% if form.username.errors %}
+        {% for error in form.username.errors %}
+          {{ error }}
+        {% endfor %}
+      {% endif %}
+    </span>
+  </p>
+  <p>
+  {{ form.password(placeholder="password") }}
+    <span class="error">
+      {% if form.password.errors %}
+        {% for error in form.password.errors %}
+          {{ error }}
+        {% endfor %}
+      {% endif %}
+    </span>
+  </p>
+  <button class="btn btn-sm btn-success" type="submit">Sign in</button>
 </form>
 
 {% endblock %}
diff --git a/project/users/views.py b/project/users/views.py
@@ -5,6 +5,8 @@
 from flask import flash, redirect, render_template, request, \
     session, url_for, Blueprint
 from functools import wraps
+from forms import LoginForm
+from project.models import User, bcrypt
 
 ################
 #### config ####
@@ -35,19 +37,23 @@ def wrap(*args, **kwargs):
 #### routes ####
 ################
 
-# route for handling the login page logic
 @users_blueprint.route('/login', methods=['GET', 'POST'])
 def login():
     error = None
+    form = LoginForm(request.form)
     if request.method == 'POST':
-        if (request.form['username'] != 'admin') \
-                or request.form['password'] != 'admin':
-            error = 'Invalid Credentials. Please try again.'
-        else:
-            session['logged_in'] = True
-            flash('You were logged in.')
-            return redirect(url_for('home.home'))
-    return render_template('login.html', error=error)
+        if form.validate_on_submit():
+            user = User.query.filter_by(name=request.form['username']).first()
+            if user is not None and bcrypt.check_password_hash(
+                user.password, request.form['password']
+            ):
+                session['logged_in'] = True
+                flash('You were logged in. Go Crazy.')
+                return redirect(url_for('home.home'))
+
+            else:
+                error = 'Invalid username or password.'
+    return render_template('login.html', form=form, error=error)
 
 
 @users_blueprint.route('/logout')