1 files changed, 43 insertions, 10 deletions

diff --git a/app/routes.py b/app/routes.py
index 2f9d9b8..44600db 100644
--- a/app/routes.py
+++ b/app/routes.py
@@ -1,24 +1,57 @@
 
-from flask import render_template, flash, redirect, url_for
+
+from flask import render_template, flash, redirect, url_for, request
+from flask_login import current_user, login_user, logout_user, login_required
+
+from werkzeug.urls import url_parse
+
 from app import app
-from app.forms import LoginForm
+from app import db
+from app.forms import LoginForm, RegistrationForm
+from app.models import User
 
 
 @app.route("/")
 @app.route("/index")
+@login_required
 def index():
-    user = {"username": "Gertjan"}
-    return render_template("index.html", title="Home", user=user)
+    return render_template("index.html", title="Home")
 
 
 @app.route("/login", methods=("GET", "POST"))
 def login():
+    if current_user.is_authenticated:
+        return redirect(url_for("index"))
     form = LoginForm()
     if form.validate_on_submit():
-        flash(
-            "Login requested for user {}, remember_me={}".format(
-                form.username.data, form.remember_me.data
-            )
-        )
-        return redirect(url_for("index"))
+        user = User.query.filter_by(username=form.username.data).first()
+        if user is None or not user.check_password(form.password.data):
+            flash("Invalid username or password", category="error")
+            return redirect(url_for("login"))
+        login_user(user, remember=form.remember_me.data)
+        next_page = request.args.get("next")
+        if not next_page or url_parse(next_page).netloc != "":
+            next_page = url_for("index")
+        return redirect(next_page)
     return render_template("login.html", title="Sign In", form=form)
+
+
+@app.route("/logout")
+def logout():
+    logout_user()
+    return redirect(url_for("index"))
+
+
+@app.route("/register", methods=("GET", "POST"))
+def register():
+    if current_user.is_authenticated:
+        return redirect(url_for("index"))
+    form = RegistrationForm()
+    if form.validate_on_submit():
+        user = User(username=form.username.data, email=form.email.data)
+        user.set_password(form.password.data)
+        db.session.add(user)
+        db.session.commit()
+        flash("Thank you, you are now a registered user!")
+        return redirect(url_for("login"))
+    return render_template("register.html", title="Register", form=form)