YunoHost-Apps/ihatemoney_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/ihatemoney_ynh.git synced 2024-09-03 19:26:15 +02:00
Code Issues Activity Actions

Check project id before authentication

Browse source
This commit is contained in:
Frédéric Sureau 2011-07-26 16:03:00 +02:00
parent a3b49a231f
commit c7f9df9859
3 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
budget/forms.py
View file

@ -2,7 +2,7 @@ from flaskext.wtf import *
from models import Project, Person from models import Project, Person
# define forms # define forms
class CreationForm(Form): class ProjectForm(Form):
name = TextField("Project name", validators=[Required()]) name = TextField("Project name", validators=[Required()])
id = TextField("Project identifier", validators=[Required()]) id = TextField("Project identifier", validators=[Required()])
password = PasswordField("Password", validators=[Required()]) password = PasswordField("Password", validators=[Required()])

0
budget/templates/layout.
View file

8
budget/web.py
View file

@ -2,7 +2,7 @@ from flask import Flask, session, request, redirect, url_for, render_template
# local modules # local modules
from models import db, Project, Person, Bill from models import db, Project, Person, Bill
from forms import CreationForm, AuthenticationForm, BillForm, MemberForm from forms import ProjectForm, AuthenticationForm, BillForm, MemberForm
from utils import get_billform_for, requires_auth from utils import get_billform_for, requires_auth
# create the application, initialize stuff # create the application, initialize stuff
@ -10,8 +10,10 @@ app = Flask(__name__)
@app.route("/<string:project_id>/authenticate", methods=["GET", "POST"]) @app.route("/<string:project_id>/authenticate", methods=["GET", "POST"])
def authenticate(project_id, redirect_url=None): def authenticate(project_id, redirect_url=None):
project = Project.query.get(project_id)
redirect_url = redirect_url or url_for("list_bills", project_id=project_id) redirect_url = redirect_url or url_for("list_bills", project_id=project_id)
project = Project.query.get(project_id)
if not project:
return redirect(url_for("create_project", project_id=project_id))
# if credentials are already in session, redirect # if credentials are already in session, redirect
if project_id in session and project.password == session[project_id]: if project_id in session and project.password == session[project_id]:
@ -37,7 +39,7 @@ def home():
@app.route("/create", methods=["GET", "POST"]) @app.route("/create", methods=["GET", "POST"])
def create_project(): def create_project():
form = CreationForm() form = ProjectForm()
if request.method == "GET" and 'project_id' in request.values: if request.method == "GET" and 'project_id' in request.values:
form.name.data = request.values['project_id'] form.name.data = request.values['project_id']