55 lines
1.8 KiB
Python
55 lines
1.8 KiB
Python
from flask import Blueprint, request, session, redirect, flash
|
|
import json, bcrypt
|
|
from auth import require_level
|
|
import sanitize
|
|
|
|
bp = Blueprint('action_log_in', __name__)
|
|
|
|
DATA_DIR = '/data'
|
|
|
|
|
|
def _load_accounts():
|
|
try:
|
|
with open(f'{DATA_DIR}/authorized_accounts.json') as f:
|
|
return json.load(f)
|
|
except Exception:
|
|
return {'accounts': []}
|
|
|
|
|
|
@bp.route('/action/log_in', methods=['POST'])
|
|
@require_level('nothing')
|
|
def log_in():
|
|
# Abort if already logged in
|
|
if session.get('access_level', 'nothing') != 'nothing':
|
|
return redirect('/view/view_overview')
|
|
|
|
email = sanitize.email(request.form.get('email', ''))
|
|
password = request.form.get('password', '')
|
|
|
|
if not email or not password:
|
|
flash('Email address and password are required.', 'error')
|
|
return redirect('/view/view_log_in')
|
|
|
|
accounts = _load_accounts().get('accounts', [])
|
|
account = next((a for a in accounts if a.get('email_address', '').lower() == email), None)
|
|
|
|
if account is None:
|
|
flash('Email address not recognised.', 'error')
|
|
return redirect('/view/view_log_in')
|
|
|
|
if not account.get('hashed_password'):
|
|
flash('Account setup is not complete. Please use Create Account to set your password first.', 'error')
|
|
return redirect('/view/view_log_in')
|
|
|
|
stored_hash = account['hashed_password'].encode('utf-8')
|
|
if not bcrypt.checkpw(password.encode('utf-8'), stored_hash):
|
|
flash('Invalid email address or password.', 'error')
|
|
return redirect('/view/view_log_in')
|
|
|
|
session.clear()
|
|
session['email_address'] = account['email_address']
|
|
session['access_level'] = account.get('access_level', 'viewer')
|
|
session['timezone'] = account.get('timezone', '')
|
|
session.permanent = True
|
|
|
|
return redirect('/view/view_overview')
|