~craftyguy/ridecasa

31be327701b3f26bdfddac64349806acb1ccdc37 — Clayton Craft 2 years ago 9702e80
auth/{login,signup}: add user 'enabled' flag and use it for blocking login
1 files changed, 4 insertions(+), 3 deletions(-)

M ridecasa/auth/views.py
M ridecasa/auth/views.py => ridecasa/auth/views.py +4 -3
@@ 25,8 25,9 @@ def login():
        if form.validate_on_submit():
            username = form.username.data
            user = db.User.get(username=username)
            if not user or not bcrypt.check_password_hash(user.password,
                                                          form.password.data):
            if (not user or not user.enabled
                    or not bcrypt.check_password_hash(user.password,
                                                      form.password.data)):
                flash('Invalid username or password.')
                return redirect('/login')
            flush()


@@ 66,7 67,7 @@ def signup():
                      'instead.')
                return redirect('/signup')
            user = db.User(username=username, password=password, email=email,
                           last_login=datetime.utcnow())
                           last_login=datetime.utcnow(), enabled=True)
            flush()
            db.UserPref(user=user)
            login_user(user)