Kd-Here/auth.py Secret

## auth.py
from flask import Blueprint,render_template,request,flash,redirect,url_for
from . models import User
from . import db
from werkzeug.security import generate_password_hash, check_password_hash
# We never wanted to store password in plain text, we stored the hashed value
from flask_login import login_user,login_required,logout_user,current_user


auth = Blueprint('auth',__name__)

@auth.route('/login',methods=['GET','POST'])
def login():
    if request.method == "POST":
        """
        when user move to login page by post method render this
        By default using navbar login will move to login by get
        """
        email = request.form.get('email')
        password = request.form.get('password')

        # Here we are checking if email is present in db so made db search query.first() just to show it's retreive first
        user = User.query.filter_by(email=email).first()

        if user:
            if check_password_hash(user.password,password):
                # This check_pass_() function is checking user and geting it's password comparing with hashed stored password
                flash("Loged in successfully!..",category='success')
                login_user(user,remember=True)
                """we are storing user details in login_user function remember = True keep session stored
                  when user login with correct id and pass he should remember and the signup user also go down in sgin up and save the user
                """

                return redirect(url_for('views.home'))
            else:
                flash("Incorrect passwrod",category='error')
        else:
            flash('Email does not exist',category='error')

    return render_template('login.html',user=current_user,data_from_backend='testing data from backend')

@auth.route('/sign-up',methods=['GET','POST'])
def singin():
    if request.method == "POST":
        email = request.form.get('email')
        firstName = request.form.get('firstName')
        password1 = request.form.get('password1')
        password2 = request.form.get('password2')
        user = User.query.filter_by(email=email).first()
        if user:
            flash("Email already exist",category='error')

        elif len(email) < 9:
            flash("Email must be greater than 3 characters.",category='error')
            #flash is a built in function from flask

        elif len(firstName) < 2:
            flash("Firstname must be greater than 4 characters.",category='error')

        elif password1 != password2:
            flash("Password don't match.",category='error')

        elif len(password1) < 7:
            flash("Password must be at least 7 characters.",category='error')

        else:
            new_user = User(email=email,first_name=firstName,password = generate_password_hash(password1,method='sha256')) #we can't store passowrd=password1 bcoz when our system get's hacked our password will directly visible to hacker
            """
            Till now we created a variable name new_user that's stores all information from frontend
            Now we need to add the variable to backend
            """
            db.session.add(new_user)
            db.session.commit()
            flash("Account created!",category='success')
            login_user(user,remember=True)#This remembers that user has logged in

            return redirect(url_for('views.home'))
            """
            return redirect('/') both are same but when we change / route to different
            function we need to make change here.Thus url_for() is function taking url for the mapped route function
            """

    return render_template('sign_up.html',user=current_user)

@auth.route('/logout')
@login_required #This decrorator means only login in user can come here
def logout():
    logout_user()
    return redirect(url_for('auth.login'))
	from flask import Blueprint,render_template,request,flash,redirect,url_for
	from . models import User
	from . import db
	from werkzeug.security import generate_password_hash, check_password_hash
	# We never wanted to store password in plain text, we stored the hashed value
	from flask_login import login_user,login_required,logout_user,current_user



	auth = Blueprint('auth',__name__)

	@auth.route('/login',methods=['GET','POST'])
	def login():
	if request.method == "POST":
	"""
	when user move to login page by post method render this
	By default using navbar login will move to login by get
	"""
	email = request.form.get('email')
	password = request.form.get('password')

	# Here we are checking if email is present in db so made db search query.first() just to show it's retreive first
	user = User.query.filter_by(email=email).first()

	if user:
	if check_password_hash(user.password,password):
	# This check_pass_() function is checking user and geting it's password comparing with hashed stored password
	flash("Loged in successfully!..",category='success')
	login_user(user,remember=True)
	"""we are storing user details in login_user function remember = True keep session stored
	when user login with correct id and pass he should remember and the signup user also go down in sgin up and save the user
	"""

	return redirect(url_for('views.home'))
	else:
	flash("Incorrect passwrod",category='error')
	else:
	flash('Email does not exist',category='error')

	return render_template('login.html',user=current_user,data_from_backend='testing data from backend')

	@auth.route('/sign-up',methods=['GET','POST'])
	def singin():
	if request.method == "POST":
	email = request.form.get('email')
	firstName = request.form.get('firstName')
	password1 = request.form.get('password1')
	password2 = request.form.get('password2')
	user = User.query.filter_by(email=email).first()
	if user:
	flash("Email already exist",category='error')

	elif len(email) < 9:
	flash("Email must be greater than 3 characters.",category='error')
	#flash is a built in function from flask

	elif len(firstName) < 2:
	flash("Firstname must be greater than 4 characters.",category='error')

	elif password1 != password2:
	flash("Password don't match.",category='error')

	elif len(password1) < 7:
	flash("Password must be at least 7 characters.",category='error')

	else:
	new_user = User(email=email,first_name=firstName,password = generate_password_hash(password1,method='sha256')) #we can't store passowrd=password1 bcoz when our system get's hacked our password will directly visible to hacker
	"""
	Till now we created a variable name new_user that's stores all information from frontend
	Now we need to add the variable to backend
	"""
	db.session.add(new_user)
	db.session.commit()
	flash("Account created!",category='success')
	login_user(user,remember=True)#This remembers that user has logged in

	return redirect(url_for('views.home'))
	"""
	return redirect('/') both are same but when we change / route to different
	function we need to make change here.Thus url_for() is function taking url for the mapped route function
	"""

	return render_template('sign_up.html',user=current_user)

	@auth.route('/logout')
	@login_required #This decrorator means only login in user can come here
	def logout():
	logout_user()
	return redirect(url_for('auth.login'))