Browse Source

Quality of life improvements and bug squashing

* Add registration_code as a field in the DB for registered users
* Display the code for the list of registered users on the admin page
* Add a utility method to check if a registration code has uses remaining
* Update models and sql for the new field
* Add form validators for registration code and username
* Registration code must exist, not expired, and have usages remaining to be accepted
* Username must not exist as a registered user already
master
Drew Short 6 years ago
parent
commit
cdfa83ec0a
  1. 24
      app.py
  2. 24
      db.py
  3. 31
      forms.py
  4. 12
      models.py
  5. 1
      schema.sql
  6. 6
      templates/admin.html
  7. 2
      templates/register.html

24
app.py

@ -4,13 +4,14 @@ import uuid
from urllib.parse import urlparse, urljoin from urllib.parse import urlparse, urljoin
import flask import flask
from flask import Flask, redirect, render_template, request, g
from flask import Flask, redirect, render_template, request, g, flash
from flask_login import LoginManager, login_required, login_user, logout_user, UserMixin, \ from flask_login import LoginManager, login_required, login_user, logout_user, UserMixin, \
current_user current_user
from flask_wtf import CSRFProtect from flask_wtf import CSRFProtect
from db import get_db, get_registration_codes, add_registration_code, \ from db import get_db, get_registration_codes, add_registration_code, \
expire_registration_code, delete_registration_code, get_registered_users
expire_registration_code, delete_registration_code, get_registered_users, \
add_registered_user
from forms import RegistrationForm, LoginForm, RegistrationCodeForm, \ from forms import RegistrationForm, LoginForm, RegistrationCodeForm, \
ExpireRegistrationCodeForm ExpireRegistrationCodeForm
@ -53,6 +54,12 @@ def create_app():
app = create_app() app = create_app()
def flash_form_errors(form):
if hasattr(form, 'errors') and len(form.errors) > 0:
for error in form.errors.items():
flash("%s: %s" % (form[error[0]].label.text, error[1]), 'error')
class User(UserMixin): class User(UserMixin):
username: str username: str
token: str token: str
@ -92,9 +99,14 @@ def index():
def registration(): def registration():
form = RegistrationForm() form = RegistrationForm()
if form.validate_on_submit(): if form.validate_on_submit():
add_registered_user(form.registration_code.data, form.username.data)
return redirect('/success') return redirect('/success')
flash_form_errors(form)
if 'registrationCode' in request.values: if 'registrationCode' in request.values:
form.registration_code.data = request.values['registrationCode'] form.registration_code.data = request.values['registrationCode']
return render_template('register.html', form=form) return render_template('register.html', form=form)
@ -118,6 +130,9 @@ def admin_add_registration_code():
max_usages = form.max_usages.data max_usages = form.max_usages.data
add_registration_code(expiration_time, max_usages) add_registration_code(expiration_time, max_usages)
redirect('/admin') redirect('/admin')
flash_form_errors(form)
return redirect('/admin') return redirect('/admin')
@ -131,6 +146,9 @@ def admin_expire_registration_code():
elif form.delete.data: elif form.delete.data:
delete_registration_code(form.registration_code.data) delete_registration_code(form.registration_code.data)
redirect('/admin') redirect('/admin')
flash_form_errors(form)
return redirect('/admin') return redirect('/admin')
@ -154,6 +172,8 @@ def admin_login():
else: else:
return redirect('/admin') return redirect('/admin')
flash_form_errors(form)
return render_template('login.html', form=form) return render_template('login.html', form=form)

24
db.py

@ -2,7 +2,7 @@ import os
import sqlite3 import sqlite3
import uuid import uuid
from datetime import datetime from datetime import datetime
from typing import Optional
from typing import Optional, Tuple
from flask import g from flask import g
@ -20,8 +20,8 @@ SET expirationTime = ?, usages = ?, maxUsages = ?
WHERE code = ?""" WHERE code = ?"""
REGISTERED_USER_INSERT_SQL = """INSERT INTO REGISTERED_USER_INSERT_SQL = """INSERT INTO
registered_users(username, registeredTime)
VALUES(?, ?)
registered_users(registrationCode, username, registeredTime)
VALUES(?, ?, ?)
""" """
@ -47,9 +47,11 @@ def get_registration_codes() -> [RegistrationCode]:
def get_registration_code(code: str) -> Optional[RegistrationCode]: def get_registration_code(code: str) -> Optional[RegistrationCode]:
return RegistrationCode.from_db(
_query_db("SELECT * FROM registration_codes WHERE code = ?", [code], one=True)
)
registration_code: Optional[Tuple] = _query_db(
"SELECT * FROM registration_codes WHERE code = ?", [code], one=True)
if registration_code is not None:
return RegistrationCode.from_db(registration_code)
return None
def add_registration_code( def add_registration_code(
@ -105,9 +107,11 @@ def get_registered_users() -> [RegisteredUser]:
def get_registered_user(username: str) -> Optional[RegisteredUser]: def get_registered_user(username: str) -> Optional[RegisteredUser]:
return RegisteredUser.from_db(
_query_db("SELECT * FROM registered_users WHERE username = ?", username, one=True)
)
registered_user: Optional[Tuple] = _query_db(
"SELECT * FROM registered_users WHERE username = ?", [username], one=True)
if registered_user is not None:
return RegisteredUser.from_db(registered_user)
return None
def add_registered_user(code: str, username: str) -> RegisteredUser: def add_registered_user(code: str, username: str) -> RegisteredUser:
@ -115,7 +119,7 @@ def add_registered_user(code: str, username: str) -> RegisteredUser:
registration_code.usages += 1 registration_code.usages += 1
update_registration_code(registration_code) update_registration_code(registration_code)
db = get_db() db = get_db()
db.execute(REGISTERED_USER_INSERT_SQL, [username, datetime.now()])
db.execute(REGISTERED_USER_INSERT_SQL, [code, username, datetime.now()])
db.commit() db.commit()
return get_registered_user(username) return get_registered_user(username)

31
forms.py

@ -1,8 +1,10 @@
import safe
from flask_wtf import FlaskForm from flask_wtf import FlaskForm
from wtforms import StringField, PasswordField, DateField, IntegerField, SubmitField from wtforms import StringField, PasswordField, DateField, IntegerField, SubmitField
from wtforms.validators import DataRequired, Length, EqualTo, InputRequired, \ from wtforms.validators import DataRequired, Length, EqualTo, InputRequired, \
ValidationError, NumberRange, Optional ValidationError, NumberRange, Optional
import safe
from db import get_registration_code, get_registered_user
def safe_password_validator(form: FlaskForm, field): def safe_password_validator(form: FlaskForm, field):
@ -11,8 +13,30 @@ def safe_password_validator(form: FlaskForm, field):
raise ValidationError("Password is not secure enough: %s" % strength.message) raise ValidationError("Password is not secure enough: %s" % strength.message)
def registration_code_validator(form: FlaskForm, field):
registration_code = get_registration_code(field.data)
if registration_code is None:
raise ValidationError("Registration code invalid!")
if registration_code.is_expired():
raise ValidationError("Registration code expired!")
if not registration_code.has_available_uses():
raise ValidationError("Registration code out of uses!")
def username_availability_validator(form: FlaskForm, field):
registered_user = get_registered_user(field.data)
if registered_user is not None:
raise ValidationError("Username already registered!")
class RegistrationForm(FlaskForm): class RegistrationForm(FlaskForm):
username = StringField('Username', validators=[DataRequired(), Length(min=3, max=30)])
username = StringField(
'Username',
validators=[
DataRequired(),
Length(min=3, max=30),
username_availability_validator
])
password = PasswordField( password = PasswordField(
'Password', 'Password',
validators=[ validators=[
@ -21,7 +45,8 @@ class RegistrationForm(FlaskForm):
safe_password_validator safe_password_validator
]) ])
confirm = PasswordField('Repeat Password') confirm = PasswordField('Repeat Password')
registration_code = StringField('Registration Code', validators=[DataRequired()])
registration_code = StringField(
'Registration Code', validators=[DataRequired(), registration_code_validator])
class LoginForm(FlaskForm): class LoginForm(FlaskForm):

12
models.py

@ -29,9 +29,16 @@ class RegistrationCode:
def is_expired(self): def is_expired(self):
return self.expiration_time is not None and self.expiration_time < datetime.now() return self.expiration_time is not None and self.expiration_time < datetime.now()
def has_available_uses(self):
return self.usages < self.max_usages
class RegisteredUser: class RegisteredUser:
def __init__(self, username: str, registered_time: datetime = datetime.now()):
def __init__(self,
registration_code: str,
username: str,
registered_time: datetime = datetime.now()):
self.registration_code = registration_code
self.username = username self.username = username
self.registered_time = registered_time self.registered_time = registered_time
@ -39,5 +46,6 @@ class RegisteredUser:
def from_db(db_registered_user: Tuple) -> 'RegisteredUser': def from_db(db_registered_user: Tuple) -> 'RegisteredUser':
return RegisteredUser( return RegisteredUser(
db_registered_user[0], db_registered_user[0],
datetime.fromisoformat(db_registered_user[1])
db_registered_user[1],
datetime.fromisoformat(db_registered_user[2])
) )

1
schema.sql

@ -7,6 +7,7 @@ CREATE TABLE IF NOT EXISTS registration_codes (
); );
CREATE TABLE IF NOT EXISTS registered_users ( CREATE TABLE IF NOT EXISTS registered_users (
registrationCode VARCHAR(60) NOT NULL UNIQUE,
username VARCHAR(30) NOT NULL UNIQUE , username VARCHAR(30) NOT NULL UNIQUE ,
registeredTime TIMESTAMP NOT NULL registeredTime TIMESTAMP NOT NULL
); );

6
templates/admin.html

@ -25,7 +25,7 @@
<td>{{ registration_code.usages|tojson|safe }}</td> <td>{{ registration_code.usages|tojson|safe }}</td>
<td>{{ registration_code.max_usages|tojson|safe }}</td> <td>{{ registration_code.max_usages|tojson|safe }}</td>
<td> <td>
{% if not registration_code.is_expired() %}
{% if not registration_code.is_expired() and registration_code.has_available_uses() %}
<a href="/register?registrationCode={{ registration_code.code }}">link</a> <a href="/register?registrationCode={{ registration_code.code }}">link</a>
{% endif %} {% endif %}
<td> <td>
@ -50,12 +50,14 @@
<thead> <thead>
<th>User</th> <th>User</th>
<th>Registration Time</th> <th>Registration Time</th>
<th>Registration Code</th>
</thead> </thead>
<tbody> <tbody>
{% for registered_user in registered_users %} {% for registered_user in registered_users %}
<tr> <tr>
<td>{{ registered_user.username|tojson|safe }}</td> <td>{{ registered_user.username|tojson|safe }}</td>
<td>{{ registered_user.registration_time|tojson|safe }}</td>
<td>{{ registered_user.registered_time|tojson|safe }}</td>
<td>{{ registered_user.registration_code|tojson|safe }}</td>
</tr> </tr>
{% endfor %} {% endfor %}
</tbody> </tbody>

2
templates/register.html

@ -11,6 +11,6 @@
{{ form.password.label }} {{ form.password() }} {{ form.password.label }} {{ form.password() }}
{{ form.confirm.label }} {{ form.confirm() }} {{ form.confirm.label }} {{ form.confirm() }}
{{ form.registration_code.label }} {{ form.registration_code() }} {{ form.registration_code.label }} {{ form.registration_code() }}
<input type="submit" value="Go">
<input type="submit" value="Register">
</form> </form>
{% endblock %} {% endblock %}
Loading…
Cancel
Save