1 files changed, 93 insertions, 0 deletions

diff --git a/app/auth/routes.py b/app/auth/routes.py
new file mode 100644
index 0000000..88ff7a0
--- /dev/null
+++ b/app/auth/routes.py
@@ -0,0 +1,93 @@
+# -*- coding: utf-8 -*-
+
+import datetime
+
+from flask import render_template, flash, redirect, url_for, request
+from flask_login import current_user, login_user, logout_user, login_required
+
+from werkzeug.urls import url_parse
+
+from app import db
+from app.auth import bp
+
+from app.auth.forms import (
+    LoginForm,
+    RegistrationForm,
+    ResetPasswordRequestForm,
+    ResetPasswordForm,
+)
+from app.models import User
+from app.auth.email import send_password_reset_email
+
+
+@bp.route("/login", methods=("GET", "POST"))
+def login():
+    if current_user.is_authenticated:
+        current_user.last_active = datetime.datetime.utcnow()
+        db.session.commit()
+        return redirect(url_for("main.index"))
+    form = LoginForm()
+    if form.validate_on_submit():
+        user = User.query.filter_by(username=form.username.data).first()
+        if user is None or not user.check_password(form.password.data):
+            flash("Invalid username or password", category="error")
+            return redirect(url_for("auth.login"))
+        login_user(user, remember=form.remember_me.data)
+        next_page = request.args.get("next")
+        if not next_page or url_parse(next_page).netloc != "":
+            next_page = url_for("main.index")
+        return redirect(next_page)
+    return render_template("auth/login.html", title="Sign In", form=form)
+
+
+@bp.route("/logout")
+def logout():
+    logout_user()
+    return redirect(url_for("main.index"))
+
+
+@bp.route("/register", methods=("GET", "POST"))
+def register():
+    if current_user.is_authenticated:
+        return redirect(url_for("main.index"))
+    form = RegistrationForm()
+    if form.validate_on_submit():
+        user = User(username=form.username.data, email=form.email.data)
+        user.set_password(form.password.data)
+        db.session.add(user)
+        db.session.commit()
+        flash("Thank you, you are now a registered user!")
+        return redirect(url_for("auth.login"))
+    return render_template("auth/register.html", title="Register", form=form)
+
+
+@bp.route("/reset_password_request", methods=("GET", "POST"))
+def reset_password_request():
+    if current_user.is_authenticated:
+        return redirect(url_for("main.index"))
+    form = ResetPasswordRequestForm()
+    if form.validate_on_submit():
+        user = User.query.filter_by(email=form.email.data).first()
+        if user:
+            send_password_reset_email(user)
+        flash("Check your email for the instructions to reset your password.")
+        return redirect(url_for("auth.login"))
+    return render_template(
+        "auth/reset_password_request.html", title="Reset Password", form=form
+    )
+
+
+@bp.route("/reset_password/<token>", methods=("GET", "POST"))
+def reset_password(token):
+    if current_user.is_authenticated:
+        return redirect(url_for("main.index"))
+    user = User.verify_reset_password_token(token)
+    if not user:
+        return redirect(url_for("main.index"))
+    form = ResetPasswordForm()
+    if form.validate_on_submit():
+        user.set_password(form.password.data)
+        db.session.commit()
+        flash("Your password has been reset.")
+        return redirect(url_for("auth.login"))
+    return render_template("auth/reset_password.html", form=form)