Merge branch 'user_handling' into add_vehicles

Conflicts: app/main.py
2016-04-21 21:52:58 +02:00
parent baca41619d 4261a9bb0b
commit 729fee51e9
14 changed files with 144 additions and 214 deletions
--- a/app/config/config.py.example
+++ b/app/config/config.py.example
@@ -0,0 +1,6 @@
+MAIL_SERVER = 'smtp.gmail.com'
+MAIL_PORT = 465
+MAIL_USE_TLS = False
+MAIL_USE_SSL = True
+MAIL_USERNAME = 'your-gmail-username'
+MAIL_PASSWORD = 'your-gmail-password'
--- a/app/db/pycache/init.cpython-34.pyc
+++ b/app/db/pycache/init.cpython-34.pyc
--- a/app/main.py
+++ b/app/main.py
@@ -1,16 +1,18 @@
 from datetime import date
-from datetime import datetime
 from flask import Flask
 from flask import render_template, make_response
 from flask import request, redirect, g
 from flask import url_for
 from flask_sqlalchemy import SQLAlchemy
 from flask.ext.security import Security, SQLAlchemyUserDatastore, \
-    UserMixin, RoleMixin, login_required, utils
+    UserMixin, RoleMixin, login_required, utils, roles_required
 from flask.ext.security.core import current_user
 import uuid
 import hashlib
 from functools import wraps
+from flask.ext.security import user_registered
+from flask.ext.mail import Mail, Message
+from flask_security.core import current_user
 from flask_wtf import Form
 from wtforms import DateField, IntegerField, DecimalField, SelectField
 from wtforms.validators import DataRequired, ValidationError
@@ -21,11 +23,14 @@ DATABASE = '/data/rollerverbrauch.db'
 app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///'+DATABASE
 db = SQLAlchemy(app)

-app.config['SECRET_KEY'] = 'development key'
 app.config['SECURITY_PASSWORD_HASH'] = 'pbkdf2_sha512'
-app.config['SECURITY_PASSWORD_SALT'] = 'xxxxxxxxxxxxxxxxxxxxxx'
+app.config['SECURITY_REGISTERABLE'] = True
+app.config['SECURITY_CHANGEABLE'] = True
+app.config['SECURITY_RECOVERABLE'] = True
+app.config.from_envvar('config')
 app.config.from_object(__name__)

+mail = Mail(app)

 roles_users = db.Table('roles_users',
                       db.Column('user_id', db.Integer(), db.ForeignKey('user.id')),
@@ -97,26 +102,21 @@ class Pitstop(db.Model):
 user_datastore = SQLAlchemyUserDatastore(db, User, Role)
 security = Security(app, user_datastore)

+
+@user_registered.connect_via(app)
+def user_registered_sighandler(app, user, confirm_token):
+    """
+    Called after a user was created
+    """
+    role = user_datastore.find_role('user')
+    user_datastore.add_role_to_user(user, role)
+
+
@app.before_first_request
 def before_first_request():
    db.create_all()
-
-    user_datastore.find_or_create_role(name='admin', description='Administrator')
-    user_datastore.find_or_create_role(name='end-user', description='End user')
-
-    encrypted_password = utils.encrypt_password('password')
-    if not user_datastore.get_user('someone@example.com'):
-        user_datastore.create_user(email='someone@example.com', password=encrypted_password)
-    if not user_datastore.get_user('admin@example.com'):
-        user_datastore.create_user(email='admin@example.com', password=encrypted_password)
-
-    # Commit any database changes; the User and Roles must exist before we can add a Role to the User
-    db.session.commit()
-
-    # Give one User has the "end-user" role, while the other has the "admin" role. (This will have no effect if the
-    # Users already have these Roles.) Again, commit any database changes.
-    user_datastore.add_role_to_user('someone@example.com', 'end-user')
-    user_datastore.add_role_to_user('admin@example.com', 'admin')
+    user_datastore.find_or_create_role(name='admin', description='Role for administrators')
+    user_datastore.find_or_create_role(name='user', description='Role for all users.')
    db.session.commit()

    user = User.query.filter(User.email=='someone@example.com').first()
@@ -217,6 +217,20 @@ def get_manual():
    return render_template('manual.html', data=g.data)


+@app.route('/admin', methods=['GET'])
+@roles_required('admin')
+def get_admin_page():
+    g.data['users'] = User.query.all()
+    return render_template('admin.html', data=g.data)
+
+
+@app.route('/account', methods=['GET'])
+@login_required
+def get_account_page():
+    print(current_user)
+    return render_template('account.html', data=g.data)
+
+
@app.route('/statistics', methods=['GET'])
@login_required
 def get_statistics():
--- a/app/templates/account.html
+++ b/app/templates/account.html
@@ -0,0 +1,7 @@
+{% extends "layout.html" %}
+
+{% block body %}
+	<h1>Account management for {{current_user.email}}</h1>
+
+	<a href='{{ url_for('security.change_password') }}'>Change password</a>
+{% endblock %}
--- a/app/templates/admin.html
+++ b/app/templates/admin.html
@@ -0,0 +1,12 @@
+{% extends "layout.html" %}
+
+{% block body %}
+	<h1>Admin</h1>
+    We have {{ data.users|length }} users so far:
+    <ul>
+        {% for user in data.users %}
+            <li>{{user.email}}</li>
+        {% endfor %}
+    </ul>
+    <a href='{{ url_for('security.login', _external=True) }}'>Login</a>
+{% endblock %}
--- a/app/templates/layout.html
+++ b/app/templates/layout.html
@@ -1,9 +1,15 @@
 {% macro navigation() -%}
-	<li><a href='{{ url_for('create_pit_stop_form') }}'>Create Pitstop</a></li>
-	<li><a href='{{ url_for('get_statistics') }}'>Statistics</a></li>
-	<li><a href='{{ url_for('get_manual') }}'>Manual</a></li>
 	{% if current_user.email %}
+		<li><a href='{{ url_for('create_pit_stop_form') }}'>Create Pitstop</a></li>
+		<li><a href='{{ url_for('get_statistics') }}'>Statistics</a></li>
+		<li><a href='{{ url_for('get_account_page') }}'>Account</a></li>
+		{% if current_user.has_role('admin') %}
+			<li><a href='{{ url_for('get_admin_page') }}'>Admin</a></li>
+		{% endif %}
 		<li><a href='{{ url_for('security.logout') }}'>Logout</a></li>
+	{% else %}
+		<li><a href='{{ url_for('security.login') }}'>Login</a></li>
+		<li><a href='{{ url_for('security.register') }}'>Register</a></li>
 	{% endif %}
 {%- endmacro %}

--- a/app/templates/security/change_password.html
+++ b/app/templates/security/change_password.html
@@ -0,0 +1,13 @@
+{% extends "layout.html" %}
+{% from "security/_macros.html" import render_field_with_errors, render_field %}
+
+{% block body %}
+<h1>Change password</h1>
+<form class='form-horizontal' action="{{ url_for_security('change_password') }}" method="POST" name="change_password_form">
+  {{ change_password_form.hidden_tag() }}
+  {{ render_field_with_errors(change_password_form.password) }}
+  {{ render_field_with_errors(change_password_form.new_password) }}
+  {{ render_field_with_errors(change_password_form.new_password_confirm) }}
+  {{ render_field(change_password_form.submit) }}
+</form>
+{% endblock %}
--- a/app/templates/security/forgot_password.html
+++ b/app/templates/security/forgot_password.html
@@ -0,0 +1,11 @@
+{% extends "layout.html" %}
+{% from "security/_macros.html" import render_field_with_errors, render_field %}
+
+{% block body %}
+<h1>Send password reset instructions</h1>
+<form class='form-horizontal' action="{{ url_for_security('forgot_password') }}" method="POST" name="forgot_password_form">
+    {{ forgot_password_form.hidden_tag() }}
+    {{ render_field_with_errors(forgot_password_form.email) }}
+    {{ render_field(forgot_password_form.submit) }}
+</form>
+{% endblock %}
--- a/app/templates/security/login_user.html
+++ b/app/templates/security/login_user.html
@@ -2,13 +2,16 @@
 {% from "security/_macros.html" import render_field_with_errors, render_field %}

 {% block body %}
+<h1>Login</h1>
 <form class='form-horizontal' action="{{ url_for_security('login') }}" method="POST" name="login_user_form">
-  {{ login_user_form.hidden_tag() }}
-  {{ render_field_with_errors(login_user_form.email) }}
-  {{ render_field_with_errors(login_user_form.password) }}
-  {{ render_field_with_errors(login_user_form.remember) }}
-  {{ render_field(login_user_form.next) }}
-  {{ render_field(login_user_form.submit) }}
+    {{ login_user_form.hidden_tag() }}
+    {{ render_field_with_errors(login_user_form.email) }}
+    {{ render_field_with_errors(login_user_form.password) }}
+    {{ render_field_with_errors(login_user_form.remember) }}
+    {{ render_field(login_user_form.next) }}
+    {{ render_field(login_user_form.submit) }}
+    {% if security.recoverable %}
+        <a href="{{ url_for_security('forgot_password') }}">Forgot password</a>
+    {% endif %}
 </form>
-{% include "security/_menu.html" %}
 {% endblock %}
--- a/app/templates/security/register_user.html
+++ b/app/templates/security/register_user.html
@@ -0,0 +1,15 @@
+{% extends "layout.html" %}
+{% from "security/_macros.html" import render_field_with_errors, render_field %}
+
+{% block body %}
+<h1>Register User</h1>
+<form class='form-horizontal' action="{{ url_for_security('register') }}" method="POST" name="register_user_form">
+    {{ register_user_form.hidden_tag() }}
+    {{ render_field_with_errors(register_user_form.email) }}
+    {{ render_field_with_errors(register_user_form.password) }}
+    {% if register_user_form.password_confirm %}
+        {{ render_field_with_errors(register_user_form.password_confirm) }}
+    {% endif %}
+    {{ render_field(register_user_form.submit) }}
+</form>
+{% endblock %}
--- a/app/templates/security/reset_password.html
+++ b/app/templates/security/reset_password.html
@@ -0,0 +1,12 @@
+{% extends "layout.html" %}
+{% from "security/_macros.html" import render_field_with_errors, render_field %}
+
+{% block body %}
+<h1>Reset password</h1>
+<form class='form-horizontal' action="{{ url_for_security('reset_password', token=reset_password_token) }}" method="POST" name="reset_password_form">
+    {{ reset_password_form.hidden_tag() }}
+    {{ render_field_with_errors(reset_password_form.password) }}
+    {{ render_field_with_errors(reset_password_form.password_confirm) }}
+    {{ render_field(reset_password_form.submit) }}
+</form>
+{% endblock %}