Untitled

import uuid
import hashlib
from extensions import db

from flask import (
    Blueprint,
    request,
    session,
    url_for,
    redirect,
    render_template
)

user = Blueprint('user', __name__, template_folder='templates')


@user.route('/login', methods=['GET', 'POST'])
def login_route():
    if request.method == 'GET':
        options = {
            'error': False,
            'message': ''
        }
        return render_template('login.html', **options)
    else:
        username = request.form.get('username')
        password = request.form.get('password')
        cur = db.cursor()
        cur.execute("SELECT `password` FROM User WHERE `username`=%s;", (username, ))
        result = cur.fetchone()
        # check if user enter valid password
        if result['password'] == get_hash(password, result['password'].split('$')[1]):
            session['username'] = username
            return redirect(url_for('main.main_route'))
        return True


@user.route('/logout', methods=['POST'])
def logout_route():
    session.pop('username', None)
    return redirect(url_for('main.main_route'))


@user.route('/user', methods=['GET'])
def register_route():
    if 'username' in session:
        return redirect(url_for('user.user_edit_route'))
    options = {
        'error': False,
        'message': ''
    }
    return render_template("signup.html", **options)


@user.route('/user', methods=['POST'])
def register_post_route():
    new_user = {
        'username': request.form.get('username'),
        'firstname': request.form.get('firstname'),
        'lastname': request.form.get('lastname'),
        'password1': request.form.get('password1'),
        'password2': request.form.get('password2'),
        'email': request.form.get('email')
    }
    if 'username' in session:
        return redirect(url_for('user.user_edit_route'))
    hashed_password = get_hash(new_user['password1'])

    cursor = db.cursor()
    query = "INSERT into User(`username`, `firstname`, `lastname`, `password`, `email`) VALUES(%s, %s, %s, %s, %s);"
    cursor.execute(query, (new_user['username'],
                           new_user['firstname'],
                           new_user['lastname'],
                           hashed_password,
                           new_user['email']))
    return redirect(url_for('user.login_route'))


@user.route('/user/edit', methods=['GET'])
def user_edit_route():
    # TODO check if session already exists, get user data from database and set it to options
    username = 'username'
    firstname = 'firstname'
    lastname = 'lastname'
    email = 'email'
    options = {
        'error': False,
        'message': '',
        'user': {
            'username': username,
            'firstname': firstname,
            'lastname': lastname,
            'email': email
        }
    }

    return render_template('user_edit.html', **options)


@user.route('/user/edit', methods=['POST'])
def user_edit_post_route():
    options = {
    }
    print request.form
    return render_template('user_edit.html', **options)


def get_hash(password, salt=None):
    algorithm = 'sha512'
    salt = salt if salt else uuid.uuid4().hex
    hash = hashlib.new(algorithm)
    hash.update(salt + password)
    password_hash = hash.hexdigest()
    return '$'.join([algorithm, salt, password_hash])