fix #32

2014-10-30 17:59:19 -05:00 · 2014-10-30 17:59:19 -05:00 · 2d6f368ff1
commit 2d6f368ff1
parent 325c735f4e
9 changed files with 63 additions and 34 deletions
--- a/realms/modules/auth/init.py
+++ b/realms/modules/auth/init.py
@ -0,0 +1,12 @@
+from realms import login_manager
+from flask import request, flash, redirect
+from flask.ext.login import login_url
+
+
+@login_manager.unauthorized_handler
+def unauthorized():
+    if request.method == 'GET':
+        flash('Please log in to access this page')
+        return redirect(login_url('auth.login', request.url))
+    else:
+        return dict(error=True, message="Please log in for access."), 403
--- a/realms/modules/auth/models.py
+++ b/realms/modules/auth/models.py
@ -71,22 +71,19 @@ class User(Model, UserMixin):

    @staticmethod
    def get_by_username(username):
-        return User.query.filter_by(username=username).first()
+        return User.query().filter_by(username=username).first()

    @staticmethod
    def get_by_email(email):
-        return User.query.filter_by(email=email).first()
+        return User.query().filter_by(email=email).first()

    @staticmethod
    def signer(salt):
-        """
-        Signed with app secret salted with sha256 of password hash of user (client secret)
-        """
        return URLSafeSerializer(current_app.config['SECRET_KEY'] + salt)

    @staticmethod
    def auth(email, password):
-        user = User.query.filter_by(email=email).first()
+        user = User.get_by_email(email)

        if not user:
            # User doesn't exist