force user to set its profile
This commit is contained in:
parent
bf68ca1bbe
commit
50694fe490
2 changed files with 8 additions and 8 deletions
|
@ -23,8 +23,9 @@ def before_request():
|
|||
current_user.ping()
|
||||
#print('request for {} from {}#{}'.format(request.endpoint, current_user.email, current_user.id))
|
||||
if not current_user.confirmed and request.endpoint[:5] != 'auth.' and request.endpoint != 'static':
|
||||
print(request.endpoint)
|
||||
return redirect(url_for('auth.unconfirmed'))
|
||||
if not current_user.setup and request.endpoint[:5] != 'auth.' and request.endpoint != 'static':
|
||||
return redirect(url_for('settings.profile'))
|
||||
|
||||
@auth.route('/unconfirmed')
|
||||
def unconfirmed():
|
||||
|
@ -155,16 +156,13 @@ def oauth2_callback(provider):
|
|||
# find or create the user in the database
|
||||
user = db.session.scalar(db.select(User).where(User.email == email))
|
||||
if user is None:
|
||||
#user = User(email=email, username=email.split('@')[0])
|
||||
user = User(email=email, confirmed=True)
|
||||
user = User(email=email, confirmed=True, setup=False)
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
|
||||
# log the user in
|
||||
login_user(user)
|
||||
#return redirect(url_for('main.index'))
|
||||
flash('Last Login: {}'.format(user.last_seen.strftime("%a %d %B %Y %H:%M")))
|
||||
return redirect(request.args.get('next') or url_for('panel.dashboard'))
|
||||
return redirect(url_for('settings.profile'))
|
||||
|
||||
@auth.route('/login', methods=['GET', 'POST'])
|
||||
def login():
|
||||
|
@ -242,13 +240,12 @@ def qrcode():
|
|||
|
||||
# for added security, remove username from session
|
||||
#del session['email']
|
||||
|
||||
# render qrcode for FreeTOTP
|
||||
url = pyqrcode.create(current_user.get_totp_uri())
|
||||
stream = BytesIO()
|
||||
url.svg(stream, scale=6)
|
||||
svg_secret = Markup(stream.getvalue().decode('utf-8'))
|
||||
otp_secret = current_user.get_otp_secret()
|
||||
|
||||
# since this page contains the sensitive qrcode, make sure the browser
|
||||
# does not cache it
|
||||
return render_template('auth/qrcode.html', svg=svg_secret, otp=otp_secret), 200, {
|
||||
|
|
|
@ -24,6 +24,9 @@ def profile():
|
|||
current_user.country = form.country.data
|
||||
current_user.phone = form.phone.data
|
||||
current_user.twofactor = form.twofactor.data
|
||||
|
||||
#the user is set-up when we are able to save the settings form
|
||||
current_user.setup = True
|
||||
db.session.add(current_user)
|
||||
db.session.commit()
|
||||
flash('Profile info Updated!')
|
||||
|
|
Loading…
Reference in a new issue