almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-05-05 20:51:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Simplify authentication logic

Browse source
This commit is contained in:
0livd 2017-09-06 18:57:39 +02:00
parent 3a4a1b7357
commit 50fc269f97
2 changed files with 23 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.rst
View file

@ -17,6 +17,7 @@ Changed
======= =======
- Logged admin can see any project (#262) - Logged admin can see any project (#262)
- Simpler and safer authentication logic (#270)
Added Added
===== =====

21
ihatemoney/web.py
View file

@ -159,31 +159,23 @@ def authenticate(project_id=None):
msg = _("You need to enter a project identifier") msg = _("You need to enter a project identifier")
form.errors["id"] = [msg] form.errors["id"] = [msg]
return render_template("authenticate.html", form=form) return render_template("authenticate.html", form=form)
else:
project = Project.query.get(project_id) project = Project.query.get(project_id)
create_project = False # We don't want to create the project by default
if not project: if not project:
# But if the user try to connect to an unexisting project, we will # If the user try to connect to an unexisting project, we will
# propose him a link to the creation form. # propose him a link to the creation form.
if request.method == "POST": return render_template("authenticate.html", form=form, create_project=project_id)
form.validate()
else:
create_project = project_id
else:
# if credentials are already in session, redirect # if credentials are already in session, redirect
if session.get(project_id): if session.get(project_id):
setattr(g, 'project', project) setattr(g, 'project', project)
return redirect(url_for(".list_bills")) return redirect(url_for(".list_bills"))
# else process the form if request.method == "POST" and form.validate():
if request.method == "POST":
if form.validate():
if not form.password.data == project.password: if not form.password.data == project.password:
msg = _("This private code is not the right one") msg = _("This private code is not the right one")
form.errors['password'] = [msg] form.errors['password'] = [msg]
else: return render_template("authenticate.html", form=form)
# maintain a list of visited projects # maintain a list of visited projects
if "projects" not in session: if "projects" not in session:
session["projects"] = [] session["projects"] = []
@ -194,8 +186,7 @@ def authenticate(project_id=None):
setattr(g, 'project', project) setattr(g, 'project', project)
return redirect(url_for(".list_bills")) return redirect(url_for(".list_bills"))
return render_template("authenticate.html", form=form, return render_template("authenticate.html", form=form)
create_project=create_project)
@main.route("/") @main.route("/")