app.auth.admin_required() - Code Metrics - Inspection of "added wrapper for admin routes to simplify code an..." - whahn1983/pycashflow - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( fe0a02...8aaba9 )

by William

created 2023-12-19 03:03 UTC

app.auth.admin_required() A

↳ Parent: app.auth

Complexity

Conditions

Size

Total Lines	8
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	2
eloc	7
nop	1
dl	0
loc	8
rs	10
c	0
b	0
f	0

from flask import Blueprint, render_template, redirect, url_for, request, flash, session
from flask_login import login_user, login_required, logout_user, current_user
from werkzeug.security import generate_password_hash, check_password_hash
from .models import User
from app import db
import pandas as pd
import os
from functools import wraps


auth = Blueprint('auth', __name__)


@auth.route('/login')
def login():
    return render_template('login.html')


@auth.route('/login', methods=['POST'])
def login_post():
    # login code goes here
    email = request.form.get('email')
    password = request.form.get('password')
    remember = True if request.form.get('remember') else False

    user = User.query.filter_by(email=email).first()

    # check if the user actually exists
    # take the user-supplied password, hash it, and compare it to the hashed password in the database
    if not user or not check_password_hash(user.password, password):
        flash('Please check your login details and try again.')
        return redirect(url_for('auth.login')) # if the user doesn't exist or password is wrong, reload the page

    # fix for no admin user to make current user an admin
    user_test = User.query.filter_by(admin=True).first()
    if not user_test:
        user.admin = 1
        db.session.commit()

    # if the above check passes, then we know the user has the right credentials
    login_user(user, remember=remember)
    session['name'] = user.name
    session['email'] = user.email

    return redirect(url_for('main.index'))


@auth.route('/signup')
def signup():
    try:
        engine = db.create_engine(os.environ.get('DATABASE_URL')).connect()
    except:
        engine = db.create_engine('sqlite:///db.sqlite').connect()

    try:
        df = pd.read_sql('SELECT * FROM settings;', engine)

        if df['value'][0] == 1:
            return render_template('login.html')
    except:
        pass

    return render_template('signup.html')


@auth.route('/signup', methods=['POST'])
def signup_post():
    # code to validate and add user to database goes here
    email = request.form.get('email')
    name = request.form.get('name')
    password = request.form.get('password')

    user = User.query.filter_by(email=email).first() # if this returns a user, then the email already exists in database

    if user: # if a user is found, we want to redirect back to signup page so user can try again
        return redirect(url_for('auth.signup'))

    # if no admin user, make new user an admin
    user_test = User.query.filter_by(admin=True).first()
    if not user_test:
        admin = 1
    else:
        admin = 0

    # create a new user with the form data. Hash the password so the plaintext version isn't saved.
    new_user = User(email=email, name=name, password=generate_password_hash(password, method='scrypt'), admin=admin)

    # add the new user to the database
    db.session.add(new_user)
    db.session.commit()
    if user:  # if a user is found, we want to redirect back to signup page so user can try again
        flash('Email address already exists')
    return redirect(url_for('auth.login'))


@auth.route('/logout')
@login_required
def logout():
    logout_user()
    return redirect(url_for('main.index'))


def admin_required(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if current_user.admin:
            return f(*args, **kwargs)
        else:
            return redirect(url_for('main.index'))
    return decorated_function


1			from flask import Blueprint, render_template, redirect, url_for, request, flash, session
2			from flask_login import login_user, login_required, logout_user, current_user
3			from werkzeug.security import generate_password_hash, check_password_hash
4			from .models import User
5			from app import db
6			import pandas as pd
7			import os
8			from functools import wraps
9
10
11			auth = Blueprint('auth', __name__)
12
13
14			@auth.route('/login')
15			def login():
16			return render_template('login.html')
17
18
19			@auth.route('/login', methods=['POST'])
20			def login_post():
21			# login code goes here
22			email = request.form.get('email')
23			password = request.form.get('password')
24			remember = True if request.form.get('remember') else False
25
26			user = User.query.filter_by(email=email).first()
27
28			# check if the user actually exists
29			# take the user-supplied password, hash it, and compare it to the hashed password in the database
30			if not user or not check_password_hash(user.password, password):
31			flash('Please check your login details and try again.')
32			return redirect(url_for('auth.login')) # if the user doesn't exist or password is wrong, reload the page
33
34			# fix for no admin user to make current user an admin
35			user_test = User.query.filter_by(admin=True).first()
36			if not user_test:
37			user.admin = 1
38			db.session.commit()
39
40			# if the above check passes, then we know the user has the right credentials
41			login_user(user, remember=remember)
42			session['name'] = user.name
43			session['email'] = user.email
44
45			return redirect(url_for('main.index'))
46
47
48			@auth.route('/signup')
49			def signup():
50			try:
51			engine = db.create_engine(os.environ.get('DATABASE_URL')).connect()
52			except:
53			engine = db.create_engine('sqlite:///db.sqlite').connect()
54
55			try:
56			df = pd.read_sql('SELECT * FROM settings;', engine)
57
58			if df['value'][0] == 1:
59			return render_template('login.html')
60			except:
61			pass
62
63			return render_template('signup.html')
64
65
66			@auth.route('/signup', methods=['POST'])
67			def signup_post():
68			# code to validate and add user to database goes here
69			email = request.form.get('email')
70			name = request.form.get('name')
71			password = request.form.get('password')
72
73			user = User.query.filter_by(email=email).first() # if this returns a user, then the email already exists in database
74
75			if user: # if a user is found, we want to redirect back to signup page so user can try again
76			return redirect(url_for('auth.signup'))
77
78			# if no admin user, make new user an admin
79			user_test = User.query.filter_by(admin=True).first()
80			if not user_test:
81			admin = 1
82			else:
83			admin = 0
84
85			# create a new user with the form data. Hash the password so the plaintext version isn't saved.
86			new_user = User(email=email, name=name, password=generate_password_hash(password, method='scrypt'), admin=admin)
87
88			# add the new user to the database
89			db.session.add(new_user)
90			db.session.commit()
91			if user: # if a user is found, we want to redirect back to signup page so user can try again
92			flash('Email address already exists')
93			return redirect(url_for('auth.login'))
94
95
96			@auth.route('/logout')
97			@login_required
98			def logout():
99			logout_user()
100			return redirect(url_for('main.index'))
101
102
103			def admin_required(f):
104			@wraps(f)
105			def decorated_function(args, *kwargs):
106			if current_user.admin:
107			return f(args, *kwargs)
108			else:
109			return redirect(url_for('main.index'))
110			return decorated_function
111

whahn1983 / pycashflow

Push — master ( fe0a02...8aaba9 )

app.auth.admin_required() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like