From 0303be794510e8c728a78a4811bf47a2c51c25cc Mon Sep 17 00:00:00 2001 From: Joachim Lusiardi Date: Thu, 21 Apr 2016 08:11:57 +0200 Subject: [PATCH] more user handling features of flask-security activated Now users can recover their passwords and change them while logged in. --- app/main.py | 12 +++++++++++- app/templates/account.html | 7 +++++++ app/templates/admin.html | 9 ++++++++- app/templates/layout.html | 1 + app/templates/security/change_password.html | 13 +++++++++++++ app/templates/security/forgot_password.html | 11 +++++++++++ app/templates/security/login_user.html | 16 ++++++++++------ app/templates/security/register_user.html | 1 + app/templates/security/reset_password.html | 12 ++++++++++++ 9 files changed, 74 insertions(+), 8 deletions(-) create mode 100644 app/templates/account.html create mode 100644 app/templates/security/change_password.html create mode 100644 app/templates/security/forgot_password.html create mode 100644 app/templates/security/reset_password.html diff --git a/app/main.py b/app/main.py index 2b910e1..147e7ab 100644 --- a/app/main.py +++ b/app/main.py @@ -8,6 +8,7 @@ from flask.ext.security import Security, SQLAlchemyUserDatastore, \ UserMixin, RoleMixin, login_required, roles_required, utils from flask.ext.security import user_registered from flask.ext.mail import Mail, Message +from flask_security.core import current_user from flask_wtf import Form from wtforms import DateField, IntegerField, DecimalField from wtforms.validators import DataRequired, ValidationError @@ -20,6 +21,8 @@ db = SQLAlchemy(app) app.config['SECURITY_PASSWORD_HASH'] = 'pbkdf2_sha512' app.config['SECURITY_REGISTERABLE'] = True +app.config['SECURITY_CHANGEABLE'] = True +app.config['SECURITY_RECOVERABLE'] = True app.config.from_envvar('config') app.config.from_object(__name__) @@ -77,7 +80,6 @@ user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, user_datastore) - @user_registered.connect_via(app) def user_registered_sighandler(app, user, confirm_token): """ @@ -171,9 +173,17 @@ def get_manual(): @app.route('/admin', methods=['GET']) @roles_required('admin') def get_admin_page(): + g.data['users'] = User.query.all() return render_template('admin.html', data=g.data) +@app.route('/account', methods=['GET']) +@login_required +def get_account_page(): + print(current_user) + return render_template('account.html', data=g.data) + + @app.route('/statistics', methods=['GET']) @login_required def get_statistics(): diff --git a/app/templates/account.html b/app/templates/account.html new file mode 100644 index 0000000..de46b10 --- /dev/null +++ b/app/templates/account.html @@ -0,0 +1,7 @@ +{% extends "layout.html" %} + +{% block body %} +

Account management for {{current_user.email}}

+ + Change password +{% endblock %} diff --git a/app/templates/admin.html b/app/templates/admin.html index 8a93582..97c2db5 100644 --- a/app/templates/admin.html +++ b/app/templates/admin.html @@ -1,5 +1,12 @@ {% extends "layout.html" %} {% block body %} - Admin +

Admin

+ We have {{ data.users|length }} users so far: + + Login {% endblock %} diff --git a/app/templates/layout.html b/app/templates/layout.html index 83a8141..29fb991 100644 --- a/app/templates/layout.html +++ b/app/templates/layout.html @@ -2,6 +2,7 @@ {% if current_user.email %}
  • Create Pitstop
  • Statistics
  • +
  • Account
  • {% if current_user.has_role('admin') %}
  • Admin
  • {% endif %} diff --git a/app/templates/security/change_password.html b/app/templates/security/change_password.html new file mode 100644 index 0000000..27f5d62 --- /dev/null +++ b/app/templates/security/change_password.html @@ -0,0 +1,13 @@ +{% extends "layout.html" %} +{% from "security/_macros.html" import render_field_with_errors, render_field %} + +{% block body %} +

    Change password

    +
    + {{ change_password_form.hidden_tag() }} + {{ render_field_with_errors(change_password_form.password) }} + {{ render_field_with_errors(change_password_form.new_password) }} + {{ render_field_with_errors(change_password_form.new_password_confirm) }} + {{ render_field(change_password_form.submit) }} +
    +{% endblock %} diff --git a/app/templates/security/forgot_password.html b/app/templates/security/forgot_password.html new file mode 100644 index 0000000..556f254 --- /dev/null +++ b/app/templates/security/forgot_password.html @@ -0,0 +1,11 @@ +{% extends "layout.html" %} +{% from "security/_macros.html" import render_field_with_errors, render_field %} + +{% block body %} +

    Send password reset instructions

    +
    + {{ forgot_password_form.hidden_tag() }} + {{ render_field_with_errors(forgot_password_form.email) }} + {{ render_field(forgot_password_form.submit) }} +
    +{% endblock %} diff --git a/app/templates/security/login_user.html b/app/templates/security/login_user.html index ec744d1..9bc86c2 100644 --- a/app/templates/security/login_user.html +++ b/app/templates/security/login_user.html @@ -2,12 +2,16 @@ {% from "security/_macros.html" import render_field_with_errors, render_field %} {% block body %} +

    Login

    - {{ login_user_form.hidden_tag() }} - {{ render_field_with_errors(login_user_form.email) }} - {{ render_field_with_errors(login_user_form.password) }} - {{ render_field_with_errors(login_user_form.remember) }} - {{ render_field(login_user_form.next) }} - {{ render_field(login_user_form.submit) }} + {{ login_user_form.hidden_tag() }} + {{ render_field_with_errors(login_user_form.email) }} + {{ render_field_with_errors(login_user_form.password) }} + {{ render_field_with_errors(login_user_form.remember) }} + {{ render_field(login_user_form.next) }} + {{ render_field(login_user_form.submit) }} + {% if security.recoverable %} + Forgot password + {% endif %}
    {% endblock %} diff --git a/app/templates/security/register_user.html b/app/templates/security/register_user.html index 9ecd588..9cad77d 100644 --- a/app/templates/security/register_user.html +++ b/app/templates/security/register_user.html @@ -2,6 +2,7 @@ {% from "security/_macros.html" import render_field_with_errors, render_field %} {% block body %} +

    Register User

    {{ register_user_form.hidden_tag() }} {{ render_field_with_errors(register_user_form.email) }} diff --git a/app/templates/security/reset_password.html b/app/templates/security/reset_password.html new file mode 100644 index 0000000..f94ec4d --- /dev/null +++ b/app/templates/security/reset_password.html @@ -0,0 +1,12 @@ +{% extends "layout.html" %} +{% from "security/_macros.html" import render_field_with_errors, render_field %} + +{% block body %} +

    Reset password

    + + {{ reset_password_form.hidden_tag() }} + {{ render_field_with_errors(reset_password_form.password) }} + {{ render_field_with_errors(reset_password_form.password_confirm) }} + {{ render_field(reset_password_form.submit) }} +
    +{% endblock %}