Simplify authentication logic

2025-05-05 20:51:49 +02:00 · 2017-09-06 18:57:39 +02:00 · 2017-09-06 18:57:39 +02:00 · 50fc269f97
commit 50fc269f97
parent 3a4a1b7357
2 changed files with 23 additions and 31 deletions
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@ -17,6 +17,7 @@ Changed
 =======
 - Logged admin can see any project (#262)
 - Simpler and safer authentication logic (#270)
 Added
 =====
--- a/ihatemoney/web.py
+++ b/ihatemoney/web.py
@ -159,43 +159,34 @@ def authenticate(project_id=None):
        msg = _("You need to enter a project identifier")
        form.errors["id"] = [msg]
        return render_template("authenticate.html", form=form)
    else:
        project = Project.query.get(project_id)
-    create_project = False  # We don't want to create the project by default
+    project = Project.query.get(project_id)
    if not project:
-        # But if the user try to connect to an unexisting project, we will
+        # If the user try to connect to an unexisting project, we will
        # propose him a link to the creation form.
-        if request.method == "POST":
+        return render_template("authenticate.html", form=form, create_project=project_id)
            form.validate()
        else:
            create_project = project_id
-    else:
+    # if credentials are already in session, redirect
-        # if credentials are already in session, redirect
+    if session.get(project_id):
-        if session.get(project_id):
+        setattr(g, 'project', project)
-            setattr(g, 'project', project)
+        return redirect(url_for(".list_bills"))
            return redirect(url_for(".list_bills"))
-        # else process the form
+    if request.method == "POST" and form.validate():
-        if request.method == "POST":
+        if not form.password.data == project.password:
-            if form.validate():
+            msg = _("This private code is not the right one")
-                if not form.password.data == project.password:
+            form.errors['password'] = [msg]
-                    msg = _("This private code is not the right one")
+            return render_template("authenticate.html", form=form)
-                    form.errors['password'] = [msg]
+        # maintain a list of visited projects
-                else:
+        if "projects" not in session:
-                    # maintain a list of visited projects
+            session["projects"] = []
-                    if "projects" not in session:
+        # add the project on the top of the list
-                        session["projects"] = []
+        session["projects"].insert(0, (project_id, project.name))
-                    # add the project on the top of the list
+        session[project_id] = True
-                    session["projects"].insert(0, (project_id, project.name))
+        session.update()
-                    session[project_id] = True
+        setattr(g, 'project', project)
-                    session.update()
+        return redirect(url_for(".list_bills"))
                    setattr(g, 'project', project)
                    return redirect(url_for(".list_bills"))
-    return render_template("authenticate.html", form=form,
+    return render_template("authenticate.html", form=form)
                           create_project=create_project)
@main.route("/")