diff --git a/at.py b/at.py index 54f1747..5f545b8 100644 --- a/at.py +++ b/at.py @@ -9,12 +9,13 @@ import os import logging from flask import Flask, render_template, abort, g, \ - redirect, session, request, flash, url_for, make_response + redirect, request, flash, url_for, make_response from datetime import datetime from time import sleep, time, mktime from collections import namedtuple from urllib import urlencode +from spaceauth import SpaceAuth, login_required, current_user app = Flask('at') app.config.from_pyfile('at.cfg') @@ -22,6 +23,8 @@ app.jinja_env.add_extension('jinja2.ext.i18n') app.jinja_env.install_null_translations() app.updater = None +auth = SpaceAuth(app) + from functools import wraps @@ -281,43 +284,6 @@ restrict_to_hs = restrict_ip(prefix=app.config['CLAIMABLE_PREFIX'], exclude=app.config['CLAIMABLE_EXCLUDE']) -@app.route('/login', methods=['GET']) -def login_form(): - return render_template('login.html', **req_to_ctx()) - - -@app.route('/login', methods=['POST']) -def login(): - login = request.form.get('login', '').lower() - pwd = request.form.get('password', '') - goto = request.values.get('goto') or '/' - data = dict(login=login, password=pwd) - if requests.post('https://auth.hackerspace.pl', verify=False, - data=data).status_code == 200: - session['login'] = login - return redirect(goto) - else: - flash('Username or password invalid', category='error') - return login_form() - - -@app.route('/logout') -def logout(): - session.clear() - return redirect('/') - - -def login_required(f): - @wraps(f) - def func(*a, **kw): - if 'login' not in session: - flash('You must log in to continue', category='error') - return redirect('/login?' + - urlencode({'goto': request.path})) - return f(*a, **kw) - return func - - @app.route('/claim', methods=['GET']) @restrict_to_hs @login_required @@ -335,7 +301,7 @@ def claim(): if not hwaddr: ctx = dict(error='Invalid device.') else: - login = session['login'] + login = current_user.id try: g.db.execute(''' insert into devices (hwaddr, name, owner, ignored) values (?, ?, ?, ?)''', @@ -360,7 +326,7 @@ def get_user_devices(conn, user): @app.route('/account', methods=['GET']) @login_required def account(): - devices = get_user_devices(g.db, session['login']) + devices = get_user_devices(g.db, current_user.id) return render_template('account.html', devices=devices) @@ -379,7 +345,7 @@ delete from devices where hwaddr = ? and owner = ?''', @app.route('/devices///') @login_required def device(id, action): - user = session['login'] + user = current_user.id if action == 'hide': set_ignored(g.db, id, user, True) if action == 'show': diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..567f677 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,18 @@ +blinker==1.4 +certifi==2017.7.27.1 +chardet==3.0.4 +click==6.7 +Flask==0.12.2 +Flask-Login==0.4.0 +Flask-OAuthlib==0.9.4 +-e git+https://code.hackerspace.pl/informatic/flask-spaceauth@4dd1c63912297d499dcd5631879e45dc6aa1819d#egg=Flask_SpaceAuth +idna==2.6 +itsdangerous==0.24 +Jinja2==2.9.6 +MarkupSafe==1.0 +oauthlib==2.0.4 +pkg-resources==0.0.0 +requests==2.18.4 +requests-oauthlib==0.8.0 +urllib3==1.22 +Werkzeug==0.12.2 diff --git a/templates/basic.html b/templates/basic.html index 09e954f..4f27050 100644 --- a/templates/basic.html +++ b/templates/basic.html @@ -9,12 +9,12 @@ {% block body %} {% block content %} diff --git a/templates/claim.html b/templates/claim.html index 413b7bc..05f2e0b 100644 --- a/templates/claim.html +++ b/templates/claim.html @@ -4,7 +4,7 @@ {% if not hwaddr %}

Unknown MAC. Are you sure you're in the hackerspace?

{% else %} - You are about to claim {{ hwaddr }} as {{ session.login }}. Do you wish to continue? + You are about to claim {{ hwaddr }} as {{ current_user.id }}. Do you wish to continue?