6845308a34
- Add profile_image field to Profile model with default value - Update profile edit route to handle profile image file uploads - Add password change route with validation in auth module - Create change password template with form - Update profile template to include image upload with preview - Add password change link to admin sidebar - Update homepage to use dynamic profile image from database
102 lines
3.5 KiB
Python
102 lines
3.5 KiB
Python
#!/usr/bin/env python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# Copyright Hersel Giannella
|
|
|
|
"""
|
|
Authentication routes for login/logout
|
|
"""
|
|
|
|
from flask import Blueprint, render_template, request, redirect, url_for, flash
|
|
from flask_login import login_user, logout_user, current_user, login_required
|
|
from models import User, db
|
|
from datetime import datetime
|
|
|
|
route_auth = Blueprint('auth', __name__, url_prefix='/auth')
|
|
|
|
|
|
@route_auth.route('/login', methods=['GET', 'POST'])
|
|
def login():
|
|
"""Login page"""
|
|
# Se l'utente è già autenticato, reindirizza alla dashboard
|
|
if current_user.is_authenticated:
|
|
return redirect(url_for('admin.dashboard'))
|
|
|
|
if request.method == 'POST':
|
|
username = request.form.get('username')
|
|
password = request.form.get('password')
|
|
remember = request.form.get('remember', False)
|
|
|
|
if not username or not password:
|
|
flash('Per favore inserisci username e password.', 'danger')
|
|
return render_template('auth/login.html')
|
|
|
|
user = User.query.filter_by(username=username).first()
|
|
|
|
if user and user.check_password(password):
|
|
if not user.is_active:
|
|
flash('Il tuo account è stato disabilitato.', 'danger')
|
|
return render_template('auth/login.html')
|
|
|
|
# Aggiorna last_login
|
|
user.last_login = datetime.utcnow()
|
|
db.session.commit()
|
|
|
|
login_user(user, remember=remember)
|
|
flash(f'Benvenuto {user.username}!', 'success')
|
|
|
|
# Redirect alla pagina richiesta o alla dashboard
|
|
next_page = request.args.get('next')
|
|
return redirect(next_page) if next_page else redirect(url_for('admin.dashboard'))
|
|
else:
|
|
flash('Username o password non corretti.', 'danger')
|
|
|
|
return render_template('auth/login.html')
|
|
|
|
|
|
@route_auth.route('/logout')
|
|
def logout():
|
|
"""Logout user"""
|
|
logout_user()
|
|
flash('Logout effettuato con successo.', 'info')
|
|
return redirect(url_for('route_home.home'))
|
|
|
|
|
|
@route_auth.route('/change-password', methods=['GET', 'POST'])
|
|
@login_required
|
|
def change_password():
|
|
"""Change password page"""
|
|
if request.method == 'POST':
|
|
current_password = request.form.get('current_password')
|
|
new_password = request.form.get('new_password')
|
|
confirm_password = request.form.get('confirm_password')
|
|
|
|
# Validation
|
|
if not current_password or not new_password or not confirm_password:
|
|
flash('Tutti i campi sono obbligatori.', 'danger')
|
|
return render_template('auth/change_password.html')
|
|
|
|
# Check current password
|
|
if not current_user.check_password(current_password):
|
|
flash('La password attuale non è corretta.', 'danger')
|
|
return render_template('auth/change_password.html')
|
|
|
|
# Check if new passwords match
|
|
if new_password != confirm_password:
|
|
flash('Le nuove password non corrispondono.', 'danger')
|
|
return render_template('auth/change_password.html')
|
|
|
|
# Check password length
|
|
if len(new_password) < 6:
|
|
flash('La nuova password deve essere di almeno 6 caratteri.', 'danger')
|
|
return render_template('auth/change_password.html')
|
|
|
|
# Update password
|
|
current_user.set_password(new_password)
|
|
db.session.commit()
|
|
|
|
flash('Password modificata con successo!', 'success')
|
|
return redirect(url_for('admin.dashboard'))
|
|
|
|
return render_template('auth/change_password.html')
|