diff options
| author | Frédéric Sureau <fred@milka.(none)> | 2011-07-26 16:03:00 +0200 |
|---|---|---|
| committer | Frédéric Sureau <fred@milka.(none)> | 2011-07-26 16:03:00 +0200 |
| commit | c7f9df985900c9daf2d79ad09e4434411adc474a (patch) | |
| tree | a7d46ac5dc25fb9594d83c2b22cb6c79f0dae222 | |
| parent | a3b49a231fac1341493960daecfdfe67901d4750 (diff) | |
| download | ihatemoney-mirror-c7f9df985900c9daf2d79ad09e4434411adc474a.zip ihatemoney-mirror-c7f9df985900c9daf2d79ad09e4434411adc474a.tar.gz ihatemoney-mirror-c7f9df985900c9daf2d79ad09e4434411adc474a.tar.bz2 | |
Check project id before authentication
| -rw-r--r-- | budget/forms.py | 2 | ||||
| -rw-r--r-- | budget/templates/layout. | 0 | ||||
| -rw-r--r-- | budget/web.py | 8 |
3 files changed, 6 insertions, 4 deletions
diff --git a/budget/forms.py b/budget/forms.py index 367be94..0373da8 100644 --- a/budget/forms.py +++ b/budget/forms.py @@ -2,7 +2,7 @@ from flaskext.wtf import * from models import Project, Person # define forms -class CreationForm(Form): +class ProjectForm(Form): name = TextField("Project name", validators=[Required()]) id = TextField("Project identifier", validators=[Required()]) password = PasswordField("Password", validators=[Required()]) diff --git a/budget/templates/layout. b/budget/templates/layout. deleted file mode 100644 index e69de29..0000000 --- a/budget/templates/layout. +++ /dev/null diff --git a/budget/web.py b/budget/web.py index ddf0b1e..46226df 100644 --- a/budget/web.py +++ b/budget/web.py @@ -2,7 +2,7 @@ from flask import Flask, session, request, redirect, url_for, render_template # local modules from models import db, Project, Person, Bill -from forms import CreationForm, AuthenticationForm, BillForm, MemberForm +from forms import ProjectForm, AuthenticationForm, BillForm, MemberForm from utils import get_billform_for, requires_auth # create the application, initialize stuff @@ -10,8 +10,10 @@ app = Flask(__name__) @app.route("/<string:project_id>/authenticate", methods=["GET", "POST"]) def authenticate(project_id, redirect_url=None): - project = Project.query.get(project_id) redirect_url = redirect_url or url_for("list_bills", project_id=project_id) + project = Project.query.get(project_id) + if not project: + return redirect(url_for("create_project", project_id=project_id)) # if credentials are already in session, redirect if project_id in session and project.password == session[project_id]: @@ -37,7 +39,7 @@ def home(): @app.route("/create", methods=["GET", "POST"]) def create_project(): - form = CreationForm() + form = ProjectForm() if request.method == "GET" and 'project_id' in request.values: form.name.data = request.values['project_id'] |