more user handling features of flask-security activated

Now users can recover their passwords and change them while
logged in.
This commit is contained in:
Joachim Lusiardi 2016-04-21 08:11:57 +02:00
parent 01798e9548
commit 0303be7945
9 changed files with 74 additions and 8 deletions

View File

@ -8,6 +8,7 @@ from flask.ext.security import Security, SQLAlchemyUserDatastore, \
UserMixin, RoleMixin, login_required, roles_required, utils UserMixin, RoleMixin, login_required, roles_required, utils
from flask.ext.security import user_registered from flask.ext.security import user_registered
from flask.ext.mail import Mail, Message from flask.ext.mail import Mail, Message
from flask_security.core import current_user
from flask_wtf import Form from flask_wtf import Form
from wtforms import DateField, IntegerField, DecimalField from wtforms import DateField, IntegerField, DecimalField
from wtforms.validators import DataRequired, ValidationError from wtforms.validators import DataRequired, ValidationError
@ -20,6 +21,8 @@ db = SQLAlchemy(app)
app.config['SECURITY_PASSWORD_HASH'] = 'pbkdf2_sha512' app.config['SECURITY_PASSWORD_HASH'] = 'pbkdf2_sha512'
app.config['SECURITY_REGISTERABLE'] = True app.config['SECURITY_REGISTERABLE'] = True
app.config['SECURITY_CHANGEABLE'] = True
app.config['SECURITY_RECOVERABLE'] = True
app.config.from_envvar('config') app.config.from_envvar('config')
app.config.from_object(__name__) app.config.from_object(__name__)
@ -77,7 +80,6 @@ user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(app, user_datastore) security = Security(app, user_datastore)
@user_registered.connect_via(app) @user_registered.connect_via(app)
def user_registered_sighandler(app, user, confirm_token): def user_registered_sighandler(app, user, confirm_token):
""" """
@ -171,9 +173,17 @@ def get_manual():
@app.route('/admin', methods=['GET']) @app.route('/admin', methods=['GET'])
@roles_required('admin') @roles_required('admin')
def get_admin_page(): def get_admin_page():
g.data['users'] = User.query.all()
return render_template('admin.html', data=g.data) return render_template('admin.html', data=g.data)
@app.route('/account', methods=['GET'])
@login_required
def get_account_page():
print(current_user)
return render_template('account.html', data=g.data)
@app.route('/statistics', methods=['GET']) @app.route('/statistics', methods=['GET'])
@login_required @login_required
def get_statistics(): def get_statistics():

View File

@ -0,0 +1,7 @@
{% extends "layout.html" %}
{% block body %}
<h1>Account management for {{current_user.email}}</h1>
<a href='{{ url_for('security.change_password') }}'>Change password</a>
{% endblock %}

View File

@ -1,5 +1,12 @@
{% extends "layout.html" %} {% extends "layout.html" %}
{% block body %} {% block body %}
Admin <h1>Admin</h1>
We have {{ data.users|length }} users so far:
<ul>
{% for user in data.users %}
<li>{{user.email}}</li>
{% endfor %}
</ul>
<a href='{{ url_for('security.login', _external=True) }}'>Login</a>
{% endblock %} {% endblock %}

View File

@ -2,6 +2,7 @@
{% if current_user.email %} {% if current_user.email %}
<li><a href='{{ url_for('create_pit_stop_form') }}'>Create Pitstop</a></li> <li><a href='{{ url_for('create_pit_stop_form') }}'>Create Pitstop</a></li>
<li><a href='{{ url_for('get_statistics') }}'>Statistics</a></li> <li><a href='{{ url_for('get_statistics') }}'>Statistics</a></li>
<li><a href='{{ url_for('get_account_page') }}'>Account</a></li>
{% if current_user.has_role('admin') %} {% if current_user.has_role('admin') %}
<li><a href='{{ url_for('get_admin_page') }}'>Admin</a></li> <li><a href='{{ url_for('get_admin_page') }}'>Admin</a></li>
{% endif %} {% endif %}

View File

@ -0,0 +1,13 @@
{% extends "layout.html" %}
{% from "security/_macros.html" import render_field_with_errors, render_field %}
{% block body %}
<h1>Change password</h1>
<form class='form-horizontal' action="{{ url_for_security('change_password') }}" method="POST" name="change_password_form">
{{ change_password_form.hidden_tag() }}
{{ render_field_with_errors(change_password_form.password) }}
{{ render_field_with_errors(change_password_form.new_password) }}
{{ render_field_with_errors(change_password_form.new_password_confirm) }}
{{ render_field(change_password_form.submit) }}
</form>
{% endblock %}

View File

@ -0,0 +1,11 @@
{% extends "layout.html" %}
{% from "security/_macros.html" import render_field_with_errors, render_field %}
{% block body %}
<h1>Send password reset instructions</h1>
<form class='form-horizontal' action="{{ url_for_security('forgot_password') }}" method="POST" name="forgot_password_form">
{{ forgot_password_form.hidden_tag() }}
{{ render_field_with_errors(forgot_password_form.email) }}
{{ render_field(forgot_password_form.submit) }}
</form>
{% endblock %}

View File

@ -2,6 +2,7 @@
{% from "security/_macros.html" import render_field_with_errors, render_field %} {% from "security/_macros.html" import render_field_with_errors, render_field %}
{% block body %} {% block body %}
<h1>Login</h1>
<form class='form-horizontal' action="{{ url_for_security('login') }}" method="POST" name="login_user_form"> <form class='form-horizontal' action="{{ url_for_security('login') }}" method="POST" name="login_user_form">
{{ login_user_form.hidden_tag() }} {{ login_user_form.hidden_tag() }}
{{ render_field_with_errors(login_user_form.email) }} {{ render_field_with_errors(login_user_form.email) }}
@ -9,5 +10,8 @@
{{ render_field_with_errors(login_user_form.remember) }} {{ render_field_with_errors(login_user_form.remember) }}
{{ render_field(login_user_form.next) }} {{ render_field(login_user_form.next) }}
{{ render_field(login_user_form.submit) }} {{ render_field(login_user_form.submit) }}
{% if security.recoverable %}
<a href="{{ url_for_security('forgot_password') }}">Forgot password</a>
{% endif %}
</form> </form>
{% endblock %} {% endblock %}

View File

@ -2,6 +2,7 @@
{% from "security/_macros.html" import render_field_with_errors, render_field %} {% from "security/_macros.html" import render_field_with_errors, render_field %}
{% block body %} {% block body %}
<h1>Register User</h1>
<form class='form-horizontal' action="{{ url_for_security('register') }}" method="POST" name="register_user_form"> <form class='form-horizontal' action="{{ url_for_security('register') }}" method="POST" name="register_user_form">
{{ register_user_form.hidden_tag() }} {{ register_user_form.hidden_tag() }}
{{ render_field_with_errors(register_user_form.email) }} {{ render_field_with_errors(register_user_form.email) }}

View File

@ -0,0 +1,12 @@
{% extends "layout.html" %}
{% from "security/_macros.html" import render_field_with_errors, render_field %}
{% block body %}
<h1>Reset password</h1>
<form class='form-horizontal' action="{{ url_for_security('reset_password', token=reset_password_token) }}" method="POST" name="reset_password_form">
{{ reset_password_form.hidden_tag() }}
{{ render_field_with_errors(reset_password_form.password) }}
{{ render_field_with_errors(reset_password_form.password_confirm) }}
{{ render_field(reset_password_form.submit) }}
</form>
{% endblock %}