candifloss/assettrack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

SQL table-based auth

Browse Source 
The auth is now done against the table in the db
instead of hard-coded values
This commit is contained in:
Candifloss 2025-03-17 10:14:04 +05:30
parent 2c8ad8a22a
commit 0b571c1c07
3 changed files with 32 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
definitions/models.py
View File

@ -2,10 +2,28 @@ from flask_sqlalchemy import SQLAlchemy
from sqlalchemy import Enum, Integer, Float, String, Date, Column, Boolean from sqlalchemy import Enum, Integer, Float, String, Date, Column, Boolean
from config import item_attributes, sql_conf from config import item_attributes, sql_conf
from definitions.attributes import * from definitions.attributes import *
from werkzeug.security import generate_password_hash, check_password_hash
# Initialize SQLAlchemy # Initialize SQLAlchemy
db = SQLAlchemy() db = SQLAlchemy()
# Users table
class User(db.Model):
"""User model for authentication."""
__tablename__ = "users_test"
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(50), unique=True, nullable=False)
password_hash = db.Column(db.String(256), nullable=False) # Increase length to 256
def set_password(self, password: str) -> None:
"""Hash the password and store it."""
self.password_hash = generate_password_hash(password)
def check_password(self, password: str) -> bool:
"""Check if the provided password matches the stored hash."""
return check_password_hash(self.password_hash, password)
# Mapping of attribute types to SQLAlchemy column types # Mapping of attribute types to SQLAlchemy column types
COLUMN_TYPE_MAPPING = { COLUMN_TYPE_MAPPING = {
textAttribute: lambda attrib: String(attrib.max_length), # Map text attributes to String columns textAttribute: lambda attrib: String(attrib.max_length), # Map text attributes to String columns

13
routes/homepage.py
View File

@ -1,12 +1,8 @@
# routes/homepage.py
from flask import Blueprint, render_template, redirect, url_for, session, request, flash from flask import Blueprint, render_template, redirect, url_for, session, request, flash
from definitions.models import db, User
homepage_bp = Blueprint('homepage', __name__) homepage_bp = Blueprint('homepage', __name__)
# Hardcoded credentials for testing (replace with proper authentication in production)
VALID_USERNAME = "admin"
VALID_PASSWORD = "password"
@homepage_bp.route('/') @homepage_bp.route('/')
def index(): def index():
# Redirect to /viewall if the user is already logged in # Redirect to /viewall if the user is already logged in
@ -25,8 +21,11 @@ def login():
username = request.form['username'] username = request.form['username']
password = request.form['password'] password = request.form['password']
# Validate credentials (replace with proper authentication logic) # Query the database for the user
if username == VALID_USERNAME and password == VALID_PASSWORD: user = User.query.filter_by(username=username).first()
# Validate credentials
if user and user.check_password(password):
session['username'] = username # Store username in session session['username'] = username # Store username in session
return redirect(url_for('viewall.view_list')) return redirect(url_for('viewall.view_list'))
else: else:

8
templates/login.html
View File

@ -13,6 +13,14 @@
<p>Inventory management system</p> <p>Inventory management system</p>
</div> </div>
{% with messages = get_flashed_messages(with_categories=true) %}
{% if messages %}
{% for category, message in messages %}
<div class="alert alert-{{ category }}">{{ message }}</div>
{% endfor %}
{% endif %}
{% endwith %}
<div class="login-container"> <div class="login-container">
<h2>Login</h2> <h2>Login</h2>
<form action="/login" method="post"> <form action="/login" method="post">