fix login_manager - stc - a simple time card webapp

commit a6fe98777ec9c5a0972800dbc70b1c95ddf7344a
parent bc705487fa1437dfce442fff23ad8f2d9d462ade
Author: Brennen T. Mazur <brennen@madis.cool>
Date:   Wed, 25 Jan 2023 14:33:28 -0700

fix login_manager

Diffstat:
M app/forms.py  | 4 ++--
M app/routes.py  | 24 +++++++++++++++++-------

2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/app/forms.py b/app/forms.py
@@ -7,8 +7,8 @@ from wtforms.validators import DataRequired
 #	  Name: [username],
 #	  Password: [hashed_password]
 #	}
-class Login(FlaskForm):
-	name = StringField('name', validators=[DataRequired()])
+class LoginForm(FlaskForm):
+	username = StringField('username', validators=[DataRequired()])
 	password = PasswordField('Password', validators=[DataRequired()])
 	remember_me = BooleanField('Remember Me')
 	login = SubmitField('Login')
diff --git a/app/routes.py b/app/routes.py
@@ -3,19 +3,19 @@ from app import app
 from flask_pymongo import PyMongo
 from flask_login import LoginManager
 from flask import render_template, url_for, request, flash
-from app.forms import Login
+from app.forms import LoginForm
+from app.models import Users
 from flask import request
 from werkzeug.urls import url_parse
 from werkzeug.security import generate_password_hash, check_password_hash
 from flask_login import current_user, login_user, logout_user, login_required
-from app.forms import Login
 
 OrganizationName = 'Youth Employment Program' # Maybe pass this as a value though the object for relevant pages???
 
 # DB Connection & LoginManager init
 mongo = PyMongo(app)
-login = LoginManager(app)
-login.login_view = 'login'
+login_manager = LoginManager(app)
+login_manager.login_view = 'login'
 
 #from models import Users, Time, Fleet, Agreement, Projects
 @app.route('/user/signup', methods=['GET'])
@@ -29,12 +29,22 @@ def signup():
 def hello():
     return render_template('index.html',ORGNAME = OrganizationName) #This implimentation is messy, maybe abstract to a defPage()?
 
-@app.route("/login")
+@app.route("/login", methods=['GET', 'POST'])
 def login():
-    form = Login()
+    form = LoginForm()
+    if form.validate_on_submit():
+        login_user(user)
+        flask.flash('Logged in successfully.')
+        next = flask.request.args.get('next')
+        # is_safe_url should check url for safe redirects
+        # example here : http://flask.pocoo.org/snippets/62/ 
+        if not is_safe_url(next):
+            return flask.abort(400)
+
+        return flask.redirect(next or flask.url_for('dashboard'))
     return render_template('login.html',form=form,ORGNAME = OrganizationName)
 
-@login.user_loader
+@login_manager.user_loader
 def load_user(username):
     u = mongo.db.Users.find_one({"Name": username})
     if not u:

	stc a simple time card webapp
	git clone _git@git.brennen.work:stc.git
	Log \| Files \| Refs \| README

M	app/forms.py	\|	4	++--
M	app/routes.py	\|	24	+++++++++++++++++-------