force user to set its profile
This commit is contained in:
parent
bf68ca1bbe
commit
50694fe490
|
|
@ -23,8 +23,9 @@ def before_request():
|
||||||
current_user.ping()
|
current_user.ping()
|
||||||
#print('request for {} from {}#{}'.format(request.endpoint, current_user.email, current_user.id))
|
#print('request for {} from {}#{}'.format(request.endpoint, current_user.email, current_user.id))
|
||||||
if not current_user.confirmed and request.endpoint[:5] != 'auth.' and request.endpoint != 'static':
|
if not current_user.confirmed and request.endpoint[:5] != 'auth.' and request.endpoint != 'static':
|
||||||
print(request.endpoint)
|
|
||||||
return redirect(url_for('auth.unconfirmed'))
|
return redirect(url_for('auth.unconfirmed'))
|
||||||
|
if not current_user.setup and request.endpoint[:5] != 'auth.' and request.endpoint != 'static':
|
||||||
|
return redirect(url_for('settings.profile'))
|
||||||
|
|
||||||
@auth.route('/unconfirmed')
|
@auth.route('/unconfirmed')
|
||||||
def unconfirmed():
|
def unconfirmed():
|
||||||
|
|
@ -155,16 +156,13 @@ def oauth2_callback(provider):
|
||||||
# find or create the user in the database
|
# find or create the user in the database
|
||||||
user = db.session.scalar(db.select(User).where(User.email == email))
|
user = db.session.scalar(db.select(User).where(User.email == email))
|
||||||
if user is None:
|
if user is None:
|
||||||
#user = User(email=email, username=email.split('@')[0])
|
user = User(email=email, confirmed=True, setup=False)
|
||||||
user = User(email=email, confirmed=True)
|
|
||||||
db.session.add(user)
|
db.session.add(user)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
|
||||||
# log the user in
|
# log the user in
|
||||||
login_user(user)
|
login_user(user)
|
||||||
#return redirect(url_for('main.index'))
|
return redirect(url_for('settings.profile'))
|
||||||
flash('Last Login: {}'.format(user.last_seen.strftime("%a %d %B %Y %H:%M")))
|
|
||||||
return redirect(request.args.get('next') or url_for('panel.dashboard'))
|
|
||||||
|
|
||||||
@auth.route('/login', methods=['GET', 'POST'])
|
@auth.route('/login', methods=['GET', 'POST'])
|
||||||
def login():
|
def login():
|
||||||
|
|
@ -242,13 +240,12 @@ def qrcode():
|
||||||
|
|
||||||
# for added security, remove username from session
|
# for added security, remove username from session
|
||||||
#del session['email']
|
#del session['email']
|
||||||
|
|
||||||
# render qrcode for FreeTOTP
|
|
||||||
url = pyqrcode.create(current_user.get_totp_uri())
|
url = pyqrcode.create(current_user.get_totp_uri())
|
||||||
stream = BytesIO()
|
stream = BytesIO()
|
||||||
url.svg(stream, scale=6)
|
url.svg(stream, scale=6)
|
||||||
svg_secret = Markup(stream.getvalue().decode('utf-8'))
|
svg_secret = Markup(stream.getvalue().decode('utf-8'))
|
||||||
otp_secret = current_user.get_otp_secret()
|
otp_secret = current_user.get_otp_secret()
|
||||||
|
|
||||||
# since this page contains the sensitive qrcode, make sure the browser
|
# since this page contains the sensitive qrcode, make sure the browser
|
||||||
# does not cache it
|
# does not cache it
|
||||||
return render_template('auth/qrcode.html', svg=svg_secret, otp=otp_secret), 200, {
|
return render_template('auth/qrcode.html', svg=svg_secret, otp=otp_secret), 200, {
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,9 @@ def profile():
|
||||||
current_user.country = form.country.data
|
current_user.country = form.country.data
|
||||||
current_user.phone = form.phone.data
|
current_user.phone = form.phone.data
|
||||||
current_user.twofactor = form.twofactor.data
|
current_user.twofactor = form.twofactor.data
|
||||||
|
|
||||||
|
#the user is set-up when we are able to save the settings form
|
||||||
|
current_user.setup = True
|
||||||
db.session.add(current_user)
|
db.session.add(current_user)
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
flash('Profile info Updated!')
|
flash('Profile info Updated!')
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue