From c7f9df985900c9daf2d79ad09e4434411adc474a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Sureau?= Date: Tue, 26 Jul 2011 16:03:00 +0200 Subject: [PATCH] Check project id before authentication --- budget/forms.py | 2 +- budget/templates/layout. | 0 budget/web.py | 8 +++++--- 3 files changed, 6 insertions(+), 4 deletions(-) delete mode 100644 budget/templates/layout. diff --git a/budget/forms.py b/budget/forms.py index 367be94..0373da8 100644 --- a/budget/forms.py +++ b/budget/forms.py @@ -2,7 +2,7 @@ from flaskext.wtf import * from models import Project, Person # define forms -class CreationForm(Form): +class ProjectForm(Form): name = TextField("Project name", validators=[Required()]) id = TextField("Project identifier", validators=[Required()]) password = PasswordField("Password", validators=[Required()]) diff --git a/budget/templates/layout. b/budget/templates/layout. deleted file mode 100644 index e69de29..0000000 diff --git a/budget/web.py b/budget/web.py index ddf0b1e..46226df 100644 --- a/budget/web.py +++ b/budget/web.py @@ -2,7 +2,7 @@ from flask import Flask, session, request, redirect, url_for, render_template # local modules from models import db, Project, Person, Bill -from forms import CreationForm, AuthenticationForm, BillForm, MemberForm +from forms import ProjectForm, AuthenticationForm, BillForm, MemberForm from utils import get_billform_for, requires_auth # create the application, initialize stuff @@ -10,8 +10,10 @@ app = Flask(__name__) @app.route("//authenticate", methods=["GET", "POST"]) def authenticate(project_id, redirect_url=None): - project = Project.query.get(project_id) redirect_url = redirect_url or url_for("list_bills", project_id=project_id) + project = Project.query.get(project_id) + if not project: + return redirect(url_for("create_project", project_id=project_id)) # if credentials are already in session, redirect if project_id in session and project.password == session[project_id]: @@ -37,7 +39,7 @@ def home(): @app.route("/create", methods=["GET", "POST"]) def create_project(): - form = CreationForm() + form = ProjectForm() if request.method == "GET" and 'project_id' in request.values: form.name.data = request.values['project_id']