from flask import Blueprint, flash, redirect, render_template, request, url_for

1. from flask import Blueprint, flash, redirect, render_template, request, url_for
2. from flask_login import current_user, login_required, login_user, logout_user
3. from werkzeug.urls import url_parse
4.  
5. auth = Blueprint('auth', __name__, template_folder='templates')
6. from argon2 import PasswordHasher
7.  
8. # import db from __init__.py.
9. from app import db
10. from app.auth.forms import RegistrationForm
11. from app.email_login_confirmation.routes import send_registration_token_email
12. from app.models import User
13.  
14.  
15. @auth.route("/register", methods = ['POST', 'GET'])
16. def register():
17.     # if the user is logged in make so they can't go to the register page.
18.     if current_user.is_authenticated:
19.         return redirect(url_for(('main.home')))
20.    
21.     form = RegistrationForm()
22.     if form.validate_on_submit():
23.        
24.         username_form = form.username.data
25.         email_form = form.email.data
26.         plaintext_password_form = form.password.data
27.         confirm_plaintext_password_form = form.confirm_password.data
28.  
29.         ph = PasswordHasher()        
30.         # Hash the password
31.         hashed_password_form = ph.hash(plaintext_password_form)
32.      
33.         adding_user = User(username=username_form, email=email_form, hashed_password=hashed_password_form)
34.         db.session.add(adding_user)
35.         db.session.commit()
36.                
37.         user_db = db.session.execute(db.select(User).filter_by(username=username_form)).scalar_one_or_none()
38.         return redirect(url_for('email_login_confirmation.registration_verification_code', username_db=user_db.username))    
39.        
40.     return render_template('register.html',title='register', form=form)
41.  
42. from app.auth.forms import LoginForm
43. from app.auth.functions import compare_hashed_passwords
44. @auth.route("/login", methods = ['POST', 'GET'])
45. def login():
46.  
47.     if current_user.is_authenticated:
48.         return redirect(url_for('main.home'))
49.    
50.     form = LoginForm()
51.     # seperate the username_or_email_form into username from db or email from db called user_db
52.     if form.validate_on_submit():
53.         username_or_email_form = form.username_or_email.data
54.         username_db = db.session.execute(db.select(User).filter_by(username=username_or_email_form)).scalar_one_or_none()            
55.         email_db = db.session.execute(db.select(User).filter_by(email=username_or_email_form)).scalar_one_or_none()
56.  
57.         if username_db:
58.             if username_db.username == username_or_email_form:
59.                 user_db = username_db
60.         elif email_db:
61.             if email_db.email == username_or_email_form:
62.                 user_db = email_db          
63.  
64.         plaintext_password_form = form.password.data
65.  
66.         # checks if an hashed_password is not an empty field + matches hashed_password in db.
67.         hashed_password_db = user_db.hashed_password                
68.         checking_hashed_password = compare_hashed_passwords(hashed_password_db, plaintext_password_form)
69.         flash(f'checking_hashed_password={checking_hashed_password}')
70.         if checking_hashed_password == False:
71.             error = 'The username or email or password do not exist. Please retype your username or email or password.'
72.             return render_template('login.html', title='login', form=form, error=error)
73.         # resend the email if the user didn't click on it by redirecting.
74.         if user_db.registration_confirmation_email == False:
75.             # redirect to verify_token
76.             # flash ?
77.             return redirect(url_for('email_login_confirmation.registration_verification_code', username_db=user_db.username))
78.        
79.         # remember me makes you logged in for a certain time
80.         login_user(user_db, remember=True)
81.         flash('You have logged in successfully')
82.         '''                  
83.        To determine if the URL is relative or absolute, check it with Werkzeug's url_parse() function and then check
84.        if the netloc component is set or not. What is netloc?
85.                    
86.            next = '/login?next=/index', index is just a route.
87.            The 'next' variable can have 3 values
88.  
89.            1st value)
90.            If the login URL does not have a next argument you will be logged in and redirected to the home page.
91.            iow's next = '/login?next=/' '.  
92.                    
93.            How would the other 2 situations happen?
94.  
95.            2nd value)
96.            if the user is not logged in and tries to go to a route with @login_required, then for example post/new_post ,
97.            iow's 'next = login?next=/post/new_post' . (This is relative import).
98.                
99.            3rd value)
100.            To protect from redirect to any other website, in the module it checks if next is relative or full url.
101.            if it's full domain then, the user is redirected to home page.
102.        '''
103.         # does this check the current route?
104.         next_page = request.args.get('next')
105.         if not next_page or url_parse(next_page).netloc != '':
106.             next_page = url_for('main.home')
107.         return redirect(next_page)
108.  
109.     return render_template('login.html', title='login', form=form, error=None)
110.  
111.