diff --git a/blog/forms.py b/blog/forms.py index a9b8b817f00ea106e2f9de0c0a62739f6c5e2b7c..b5b8a39a13975b98602c1b72407c68088de1e39e 100644 --- a/blog/forms.py +++ b/blog/forms.py @@ -7,7 +7,7 @@ from blog.models import User class RegistrationForm(FlaskForm): email = StringField('Email',validators=[DataRequired(), Email()]) username = StringField('Username',validators=[DataRequired(), Length(min=2, max=11),Regexp('^[a-z]{4,11}$')]) - password = PasswordField('Password',validators=[DataRequired()]) + password_hash = PasswordField('Password',validators=[DataRequired()]) submit = SubmitField('Register') def validate_username(self, username): user = User.query.filter_by(username=username.data).first() @@ -23,13 +23,13 @@ class RegistrationForm(FlaskForm): class LoginForm(FlaskForm): email = StringField('Email',validators=[DataRequired()]) username = StringField('Username',validators=[DataRequired()]) - password = PasswordField('Password',validators=[DataRequired()]) + password_hash = PasswordField('Password',validators=[DataRequired()]) submit = SubmitField('Login') class UpdateAccountForm(FlaskForm): email = StringField('Email',validators=[DataRequired(), Email()]) username = StringField('Username',validators=[DataRequired(), Length(min=2, max=11)]) - password = PasswordField('Password',validators=[DataRequired()]) + password_hash = PasswordField('Password',validators=[DataRequired()]) submit = SubmitField('Update') def validate_username(self, username): if username.data != current_user.username: diff --git a/blog/models.py b/blog/models.py index 9c1fc7a315806eca93229e394ce600893d59dcb3..9ad119f7afab8cc0c776bd86aff4f4fd34b90fe4 100644 --- a/blog/models.py +++ b/blog/models.py @@ -16,13 +16,25 @@ class Post(db.Model): class User(UserMixin,db.Model): id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(15), unique=True, nullable=False) - password=db.Column(db.String(128)) + password_hash=db.Column(db.String(128)) post = db.relationship('Post', backref='user', lazy=True) is_admin=db.Column(db.Boolean,nullable=False,default=False) email=db.Column(db.String(256), unique=True) def __repr__(self): return f"User('{self.username}')" + + #adapted from Grinberg(2014, 2018) + @property + def password(self): + raise AttributeError('Password is not readable.') + + @password.setter + def password(self,password): + self.password_hash=generate_password_hash(password) + + def verify_password(self,password): + return check_password_hash(self.password_hash,password) class Portfolio(db.Model): id = db.Column(db.Integer, primary_key=True) @@ -33,17 +45,7 @@ class Portfolio(db.Model): technologies = db.Column(db.String(255)) link = db.Column(db.String(255)) -#adapted from Grinberg(2014, 2018) - @property - def password(self): - raise AttributeError('Password is not readable.') - @password.setter - def password(self,password): - self.password=generate_password_hash(password) - - def verify_password(self,password): - return check_password_hash(self.password,password) @login_manager.user_loader def load_user(user_id): diff --git a/blog/routes.py b/blog/routes.py index 29ad5aeb022a52a660373647ac473c70d213f6e3..a05235e61cceb18af69675ef4f3adb4fc32e851a 100644 --- a/blog/routes.py +++ b/blog/routes.py @@ -87,7 +87,7 @@ def account(): def register(): form = RegistrationForm() if form.validate_on_submit(): - user = User(username=form.username.data, email=form.email.data, password=form.password.data) + user = User(username=form.username.data, email=form.email.data, password=form.password_hash.data) db.session.add(user) db.session.commit() flash('Registration successful!') @@ -103,7 +103,7 @@ def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() - if user and (user.password, form.password.data): + if user and (user.password_hash, form.password_hash.data): login_user(user) flash('You\'ve successfully logged in,'+' '+ current_user.username +'!') return redirect(url_for('home')) diff --git a/blog/templates/login.html b/blog/templates/login.html index 26ad5045c2cb1f0570111819d207d32fcddae001..d6343d47fd98d1393fc68b25f9a759f5f0140c0e 100644 --- a/blog/templates/login.html +++ b/blog/templates/login.html @@ -4,7 +4,7 @@ {{ form.csrf_token }} <p>{{ form.email.label }} {{form.email}}</p> <p>{{ form.username.label }} {{ form.username }}</p> - <p>{{ form.password.label }} {{ form.password }}</p> + <p>{{ form.password_hash.label }} {{ form.password_hash }}</p> <p><input type="submit" value="Login"></p> </form> {% endblock content %} diff --git a/blog/templates/register.html b/blog/templates/register.html index 2cb3c416b17b34936cc2f8a23a23be031705bce7..160d358eb9d8d3b519379c3a386cd68b8ee4aa26 100644 --- a/blog/templates/register.html +++ b/blog/templates/register.html @@ -4,7 +4,7 @@ {{ form.csrf_token }} <p>{{ form.email.label }} {{ form.email }}</p> <p>{{ form.username.label }} {{ form.username }}</p> - <p>{{ form.password.label }} {{ form.password }}</p> + <p>{{ form.password_hash.label }} {{ form.password_hash }}</p> <input type="submit" value="Register"> {% for error in form.username.errors %} diff --git a/requirements.txt b/requirements.txt index 3e393c47ce42da64c6dc63a6848eae0a206ff2bc..2cee57ee5e574aaef9ada0b64ac76e208275048d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,16 +1,16 @@ -click -email-validator -Flask +click==8.1.3 +email-validator==1.3.0 +Flask==2.2.2 Flask-Admin -Flask-Login -Flask-SQLAlchemy -Flask-WTF -greenlet -gunicorn +Flask-Login==0.6.2 +Flask-SQLAlchemy==2.5.1 +Flask-WTF==1.0.1 +greenlet==2.0.1 +gunicorn==20.1.0 itsdangerous -Jinja2 -MarkupSafe -PyMySQL +Jinja2==3.1.2 +MarkupSafe==2.1.1 +PyMySQL==1.0.2 SQLAlchemy==1.4.46 -Werkzeug -WTForms +Werkzeug==2.2.2 +WTForms==3.0.1 diff --git a/wsgi.py b/wsgi.py index 70ba284a2746c22f70c03a7900dccb0484e5192d..0a54e8d8b96fb15f11fb825547017bcc04eba96c 100644 --- a/wsgi.py +++ b/wsgi.py @@ -1,4 +1,4 @@ from blog import app as application if __name__ == '__main__': - app.run(debug=True) + application.run(debug=True)