force user to set its profile

This commit is contained in:
deflax 2024-04-10 18:23:20 +03:00
parent bf68ca1bbe
commit 50694fe490
2 changed files with 8 additions and 8 deletions

View file

@ -23,8 +23,9 @@ def before_request():
current_user.ping()
#print('request for {} from {}#{}'.format(request.endpoint, current_user.email, current_user.id))
if not current_user.confirmed and request.endpoint[:5] != 'auth.' and request.endpoint != 'static':
print(request.endpoint)
return redirect(url_for('auth.unconfirmed'))
if not current_user.setup and request.endpoint[:5] != 'auth.' and request.endpoint != 'static':
return redirect(url_for('settings.profile'))
@auth.route('/unconfirmed')
def unconfirmed():
@ -155,16 +156,13 @@ def oauth2_callback(provider):
# find or create the user in the database
user = db.session.scalar(db.select(User).where(User.email == email))
if user is None:
#user = User(email=email, username=email.split('@')[0])
user = User(email=email, confirmed=True)
user = User(email=email, confirmed=True, setup=False)
db.session.add(user)
db.session.commit()
# log the user in
login_user(user)
#return redirect(url_for('main.index'))
flash('Last Login: {}'.format(user.last_seen.strftime("%a %d %B %Y %H:%M")))
return redirect(request.args.get('next') or url_for('panel.dashboard'))
return redirect(url_for('settings.profile'))
@auth.route('/login', methods=['GET', 'POST'])
def login():
@ -242,13 +240,12 @@ def qrcode():
# for added security, remove username from session
#del session['email']
# render qrcode for FreeTOTP
url = pyqrcode.create(current_user.get_totp_uri())
stream = BytesIO()
url.svg(stream, scale=6)
svg_secret = Markup(stream.getvalue().decode('utf-8'))
otp_secret = current_user.get_otp_secret()
# since this page contains the sensitive qrcode, make sure the browser
# does not cache it
return render_template('auth/qrcode.html', svg=svg_secret, otp=otp_secret), 200, {

View file

@ -24,6 +24,9 @@ def profile():
current_user.country = form.country.data
current_user.phone = form.phone.data
current_user.twofactor = form.twofactor.data
#the user is set-up when we are able to save the settings form
current_user.setup = True
db.session.add(current_user)
db.session.commit()
flash('Profile info Updated!')