from flask import Blueprint, render_template, request, redirect, url_for, flash, jsonify from flask_login import login_user, logout_user, login_required, current_user from werkzeug.security import generate_password_hash, check_password_hash from app import db from app.models import User from datetime import datetime import re auth = Blueprint('auth', __name__) def validate_password(password): """Validate password strength.""" if len(password) < 8: return False, "Password must be at least 8 characters long" if not re.search(r'[A-Z]', password): return False, "Password must contain at least one uppercase letter" if not re.search(r'[a-z]', password): return False, "Password must contain at least one lowercase letter" if not re.search(r'\d', password): return False, "Password must contain at least one digit" return True, "Password is valid" @auth.route('/login', methods=['GET', 'POST']) def login(): """Handle user login.""" if current_user.is_authenticated: return redirect(url_for('main.index')) if request.method == 'POST': email = request.form.get('email') password = request.form.get('password') remember = request.form.get('remember', False) # Validate input if not email: flash('Email is required', 'error') return render_template('auth/login.html') if not password: flash('Password is required', 'error') return render_template('auth/login.html') # Find user by email user = User.query.filter_by(email=email).first() if user and user.check_password(password): # Login successful login_user(user, remember=remember) next_page = request.args.get('next') return redirect(next_page) if next_page else redirect(url_for('main.index')) else: # Login failed flash('Invalid email or password', 'error') return render_template('auth/login.html') @auth.route('/signup', methods=['GET', 'POST']) def signup(): """Handle user registration.""" if current_user.is_authenticated: return redirect(url_for('main.index')) if request.method == 'POST': first_name = request.form.get('first_name') last_name = request.form.get('last_name') email = request.form.get('email') password = request.form.get('password') confirm_password = request.form.get('confirm_password') # Validate input errors = [] if not first_name: errors.append('First name is required') elif len(first_name) > 50: errors.append('First name must be less than 50 characters') if not last_name: errors.append('Last name is required') elif len(last_name) > 50: errors.append('Last name must be less than 50 characters') if not email: errors.append('Email is required') elif not re.match(r'^[^\s@]+@[^\s@]+\.[^\s@]+$', email): errors.append('Please enter a valid email address') elif User.query.filter_by(email=email).first(): errors.append('Email already registered') if not password: errors.append('Password is required') else: is_valid, message = validate_password(password) if not is_valid: errors.append(message) if not confirm_password: errors.append('Please confirm your password') elif password != confirm_password: errors.append('Passwords do not match') if errors: return render_template('auth/signup.html', errors=errors, first_name=first_name, last_name=last_name, email=email) # Create new user user = User( first_name=first_name.strip(), last_name=last_name.strip(), email=email.strip() ) user.set_password(password) db.session.add(user) db.session.commit() # Login the new user login_user(user) flash('Account created successfully!', 'success') return redirect(url_for('main.index')) return render_template('auth/signup.html') @auth.route('/logout') @login_required def logout(): """Handle user logout.""" logout_user() flash('You have been logged out', 'info') return redirect(url_for('auth.login'))