Commit 2a7c5c2a authored by Nicolas Joyard's avatar Nicolas Joyard

Meilleure gestion erreurs de login

parent 2ba80890
......@@ -8,7 +8,8 @@ from ..models import Action, Parlementaire, User, db
from ..models.constants import ETAPE_A_CONFIRMER, ETAPE_ENVOYE
from ..tools.routing import not_found, redirect_back, require_user
from ..tools.text import check_email, check_password, sanitize_hard
from ..tools.text import (check_email, check_password, is_safe_url,
sanitize_hard)
def setup_routes(app):
......@@ -50,23 +51,23 @@ def setup_routes(app):
if nick != request.form['nick']:
msg = 'Seuls les caractères suivants sont autorisés: ' \
'a-z 0-9 _ - @ . '
return redirect_back(error=msg)
return redirect_back(login_error=msg)
if not len(nick):
msg = 'Veuillez saisir un pseudonyme !'
return redirect_back(error=msg)
return redirect_back(login_error=msg)
email = request.form['email'].strip()
if not check_email(email):
msg = 'Veuillez saisir une adresse e-mail valide pour assurer ' \
'le suivi de l\'envoi des demandes !'
return redirect_back(error=msg)
return redirect_back(login_error=msg)
user = User.query.filter(User.nick == nick).first()
if user and user.email != email:
msg = 'L\'adresse e-mail que vous avez saisie n\'est pas la bonne.'
return redirect_back(error=msg)
return redirect_back(login_error=msg)
if not user:
user = User(nick=nick, email=email, admin=False)
......@@ -87,13 +88,15 @@ def setup_routes(app):
return redirect(url_for('envoi',
id=request.form['prendre_en_charge']))
if 'next' in request.form and is_safe_url(request.form['next']):
return redirect(request.form['next'])
return redirect_back()
@app.route('/logout')
def logout():
session.pop('user', None)
return redirect_back()
return redirect(url_for('home'))
@app.route('/profil', endpoint='profil', methods=['GET', 'POST'])
@require_user
......
......@@ -90,6 +90,13 @@
{% else %}
<li>
<form class="form-horizontal login-form" method="POST" action="{{ url_for('login') }}">
{% for cat, msg in get_flashed_messages(with_categories=True, category_filter=['login_error', 'login_next']) %}
{% if cat == 'login_error' %}
<div class="alert alert-danger login-error">{{ msg }}</div>
{% elif cat == 'login_next' %}
<input name="next" type="hidden" value="{{ msg }}">
{% endif %}
{% endfor %}
<input name="nick" type="text" class="form-control" placeholder="Pseudo">
<input name="email" type="text" class="form-control" placeholder="Adresse e-mail">
<small>Votre adresse e-mail ne sera pas publiée.</small><br><br>
......@@ -109,7 +116,7 @@
{% for cat, message in get_flashed_messages(with_categories=True) %}
{% if cat == 'success' %}
<div class="alert alert-success" role="alert">{{ message }}</div>
{% else %}
{% elif cat not in ('login_error', 'login_next') %}
<div class="alert alert-danger" role="alert">{{ message }}</div>
{% endif %}
{% endfor %}
......@@ -196,6 +203,11 @@
});
$('[data-toggle="tooltip"]').tooltip()
if ($('.login-error').length) {
$('.login .dropdown-toggle').dropdown('toggle');
$('.login [name="nick"]').focus();
}
});
</script>
</body>
......@@ -6,9 +6,9 @@ from .text import is_safe_url
from ..models import User
def redirect_back(fallback=None, error=None):
if error:
flash(error, category='error')
def redirect_back(fallback=None, **kwargs):
for k, v in kwargs.items():
flash(v, category=k)
if request.referrer and is_safe_url(request.referrer) and \
request.referrer != request.url:
......@@ -26,8 +26,9 @@ def not_found():
def require_user(f):
def decorator(*args, **kwargs):
if not session.get('user'):
return redirect_back(error='Vous devez vous identifier pour '
'accéder à cette page')
return redirect_back(login_error='Vous devez vous identifier pour '
'accéder à cette page',
login_next=request.url)
if 'id' not in session['user']:
session['user']['id'] = User.query \
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment