diff options
Diffstat (limited to 'app')
| -rw-r--r-- | app/__init__.py | 6 | ||||
| -rw-r--r-- | app/auth/forms.py | 3 | ||||
| -rw-r--r-- | app/auth/routes.py | 22 |
3 files changed, 27 insertions, 4 deletions
diff --git a/app/__init__.py b/app/__init__.py index 864de2b..01e3267 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -65,6 +65,12 @@ def create_app(config_class=Config): app.register_blueprint(admin_bp) + # Register the auto_logout function + from app.auth.routes import auto_logout + + app.before_request(auto_logout) + + if not app.debug: if app.config["MAIL_SERVER"]: auth = None diff --git a/app/auth/forms.py b/app/auth/forms.py index 5bff46f..7758342 100644 --- a/app/auth/forms.py +++ b/app/auth/forms.py @@ -3,7 +3,7 @@ from flask import current_app from flask_wtf import FlaskForm -from wtforms import StringField, PasswordField, BooleanField, SubmitField +from wtforms import StringField, PasswordField, SubmitField from wtforms.validators import DataRequired, ValidationError, Email, EqualTo from app.models import User @@ -12,7 +12,6 @@ from app.models import User class LoginForm(FlaskForm): username = StringField("Username", validators=[DataRequired()]) password = PasswordField("Password", validators=[DataRequired()]) - remember_me = BooleanField("Remember Me") submit = SubmitField("Sign In") diff --git a/app/auth/routes.py b/app/auth/routes.py index bc5e9b3..2a8a0bd 100644 --- a/app/auth/routes.py +++ b/app/auth/routes.py @@ -2,7 +2,15 @@ import datetime -from flask import render_template, flash, redirect, url_for, request +from flask import ( + render_template, + flash, + redirect, + url_for, + current_app, + session, + request, +) from flask_login import current_user, login_user, logout_user from werkzeug.urls import url_parse @@ -24,15 +32,25 @@ from app.models import User, Task from app.utils.tasks import generate_user_task +def auto_logout(): + # Automatically logout after a period of inactivity + # https://stackoverflow.com/a/40914886/1154005 + session.permanent = True + current_app.permanent_session_lifetime = datetime.timedelta(minutes=15) + session.modified = True + + @bp.route("/login", methods=("GET", "POST")) def login(): form = LoginForm() if form.validate_on_submit(): + # log the user in if exists user = User.query.filter_by(username=form.username.data).first() if user is None or not user.check_password(form.password.data): flash("Invalid username or password", "error") return redirect(url_for("auth.login")) - login_user(user, remember=form.remember_me.data) + login_user(user) + # record last_active time current_user.last_active = datetime.datetime.utcnow() db.session.commit() |