isbn-sort/isbn_sort/modules/auth.py

#!/usr/bin/python3
"""
Authentification module
"""
import functools
from typing import Optional

from flask import (Blueprint, flash, g, redirect, render_template,
                request, session, url_for, current_app)

from werkzeug.security import check_password_hash, generate_password_hash

from .db import get_db

bp = Blueprint("auth", __name__, url_prefix="/auth")


def login_required(view):
    """View decorator that redirects anonymous users to the login page."""

    @functools.wraps(view)
    def wrapped_view(**kwargs):
        if g.user is None:
            flash("You need to login to access this resource.")
            return redirect(url_for("app.auth.login"))

        return view(**kwargs)

    return wrapped_view

def anon_required(view):
    """View decorator that redirects authenticated users to the index."""

    @functools.wraps(view)
    def wrapped_view(**kwargs):
        if g.user is not None:
            return redirect(url_for("app.index"))

        return view(**kwargs)

    return wrapped_view


@bp.before_app_request
def load_logged_in_user():
    """If a user id is stored in the session, load the user object from
    the database into ``g.user``."""
    user_id = session.get("user_id")

    if user_id is None:
        g.user = None
    else:
        g.user = (
            get_db().execute("SELECT * FROM user WHERE id = ?", (user_id,)).fetchone()
        )


def create_user(username: str, password: str) -> Optional[str]:
    """Adds a new user to the database"""
    error = None
    if not username:
        error = "Missing username."
    elif not password:
        error = "Missing password."

    try:
        db = get_db()

        db.execute(
            "INSERT INTO user (username, password) VALUES (?, ?)",
            (username, generate_password_hash(password)),
        )
        db.commit()
    except db.IntegrityError:
        # The username was already taken, which caused the
        # commit to fail. Show a validation error.
        error = f"Username {username} is not available."

    return error # may be None



@bp.route("/login", methods=("GET", "POST"))
@anon_required
def login():
    """Log in a registered user by adding the user id to the session."""
    if request.method == "POST":
        username = request.form["username"]
        password = request.form["password"]
        db = get_db()
        error = None
        user = db.execute(
            "SELECT * FROM user WHERE username = ?", (username,)
        ).fetchone()

        if (user is None) or not check_password_hash(user["password"], password):
            error = "Incorrect username or password"

        if error is None:
            # store the user id in a new session and return to the index
            session.clear()
            session["user_id"] = user["id"]

            return redirect(url_for("app.index"))

        flash(error)

    return render_template("login.html")


@bp.route("/logout")
def logout():
    """Clear the current session, including the stored user id."""
    session.clear()
    return redirect("/")