sage
/
UnderCover
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

More password validation. 

Clean up login and create_account routes.
Macro-ize form submit buttons.
This commit is contained in:
Sage Vaillancourt 2022-10-02 10:48:13 -04:00
parent d2b2d860cf
commit 9d15924d60
2 changed files with 37 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
undercover/routes.py
View File

@ -108,8 +108,6 @@ def render_index(
@writing_blueprint.route('/login', methods=['POST', 'GET']) @writing_blueprint.route('/login', methods=['POST', 'GET'])
def login() -> Response | str: def login() -> Response | str:
if request.form.get('confirm-password'):
return create_account()
if request.method == 'POST': if request.method == 'POST':
username = request.form['login'] username = request.form['login']
if db.login(username, request.form['password']): if db.login(username, request.form['password']):
@ -120,6 +118,29 @@ def login() -> Response | str:
return render_index(status=404) return render_index(status=404)
@writing_blueprint.route('/create_account', methods=['POST'])
def create_account() -> Response:
email_address = request.form['login']
password = request.form['password']
if password != request.form['confirm-password']:
return render_index(error="Password and confirm password must match!", status=400)
if 64 < len(password) < 8:
return render_index(error="Password must be between 8 and 64 characters", status=400)
try:
validate_email(email_address, check_deliverability=True)
except EmailNotValidError as e:
return render_index(error=str(e), status=400)
if db.get_user(email_address):
return render_index(error="A user with that email already exists!", status=400)
db.add_user(email_address, password)
session['username'] = email_address
return redirect('/')
@writing_blueprint.route('/logout', methods=['POST', 'GET']) @writing_blueprint.route('/logout', methods=['POST', 'GET'])
def logout() -> Response: def logout() -> Response:
session.pop('username', None) session.pop('username', None)
@ -185,22 +206,6 @@ def index_get() -> Response:
return render_index(form=form) return render_index(form=form)
@writing_blueprint.route('/create_account', methods=['POST'])
def create_account() -> Response:
email_address = request.form['login']
try:
validate_email(email_address, check_deliverability=True)
except EmailNotValidError as e:
return render_index(error=str(e), status=401)
if db.get_user(email_address):
return render_index(error="A user with that email already exists!", status=401)
db.add_user(email_address, request.form['password'])
session['username'] = email_address
return redirect('/')
@writing_blueprint.route('/reset', methods=['POST', 'GET']) @writing_blueprint.route('/reset', methods=['POST', 'GET'])
def reset_password() -> Response | str: def reset_password() -> Response | str:
if request.method == 'POST': if request.method == 'POST':

33
undercover/templates/_formhelpers.jinja2
View File

@ -23,6 +23,18 @@
</div> </div>
{% endmacro %} {% endmacro %}
{% macro form_submit_button(text, id, action, errors) %}
<a href="javascript:void(0)"
id="{{ id }}"
class="wipe up-wipe"
{% if errors %}
onclick="/*clearErrors();*/const e = document.getElementById('create-account-form'); e.action = '{{ action }}'; e.submit()"
{% else %}
onclick="const e = document.getElementById('create-account-form'); e.action = '{{ action }}'; e.submit()"
{% endif %}
>{{ text }}</a>
{% endmacro %}
{% macro modal() %} {% macro modal() %}
<div id='modal' class='modal modal-background transparent' onclick="event.target.id === 'modal' && closeModal()"> <div id='modal' class='modal modal-background transparent' onclick="event.target.id === 'modal' && closeModal()">
<div class='modal modal-content'> <div class='modal modal-content'>
@ -44,25 +56,8 @@
</div> </div>
<div style="margin-top: 1em;"> <div style="margin-top: 1em;">
<a href="javascript:void(0)" {{ form_submit_button('Create account', 'create-account-form-button', '/create_account', errors) }}
id="create-account-form-button" {{ form_submit_button('Log in', 'log-in-form-button', '/login', errors) }}
class="wipe up-wipe"
{% if errors %}
onclick="/*clearErrors();*/document.getElementById('create-account-form').submit()"
{% else %}
onclick="document.getElementById('create-account-form').submit()"
{% endif %}
>Create Account</a>
<a href="javascript:void(0)"
id="log-in-form-button"
class="wipe up-wipe"
{% if errors %}
onclick="/*clearErrors();*/document.getElementById('create-account-form').submit()"
{% else %}
onclick="document.getElementById('create-account-form').submit()"
{% endif %}
>Log in</a>
</div> </div>
</form> </form>
</div> </div>