otp page working

needs testing: does user receive an email does it check that the otp matches the generated one
2023-03-12 20:46:36 -04:00 · 2023-03-12 20:46:36 -04:00 · 0098f3448a
parent a2857083a8
commit 0098f3448a
4 changed files with 13 additions and 6 deletions
--- a/app/auth/email.py
+++ b/app/auth/email.py
@ -9,11 +9,11 @@ def generate_otp(user):
    # which stores all digits
    digits = "0123456789"
    otp = ""
-
    # length of password can be changed
    # by changing value in range
    for i in range(4):
        otp += digits[math.floor(random.random() * 10)]
+    user.otp = otp
    return otp

 def send_otp_email(user):
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@ -11,7 +11,8 @@ class LoginForm(FlaskForm):
    submit = SubmitField(_l('Sign In'))

 class OTPForm(FlaskForm):
-    OTP = StringField(_l('One Time Passcode'), validators=[DataRequired()]) ###EqualTo(otp)
+    username = StringField(_l('Username'), validators=[DataRequired()])
+    OTP = StringField(_l('OTP'), validators=[DataRequired()]) ###EqualTo(otp)
    submit = SubmitField(_l('Log in') )

 class RegistrationForm(FlaskForm):
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@ -5,7 +5,7 @@ from flask_babel import _
 from app import db
 from app.auth import bp
 from app.auth.forms import LoginForm, RegistrationForm, \
-    ResetPasswordRequestForm, ResetPasswordForm
+    ResetPasswordRequestForm, ResetPasswordForm, OTPForm
 from app.models import User
 from app.auth.email import send_password_reset_email

@ -27,8 +27,15 @@ def login():
@bp.route('/otp', methods=['GET', 'POST'])
 def otp_login():
    form = OTPForm()
-    if OTP != user.curr_otp :
-        flash(_('Invalid OTP'))
+    user = User.query.filter_by(username=form.username.data).first()
+    otp = form.OTP.data
+    if user:
+        send_otp_email(user)
+        flash(_('Check your email for your OTP'))
+        return redirect(url_for('auth.otp_login'))
+        if otp != user.otp:
+            flash(_('Invalid OTP'))
+            return redirect(url_for('auth.otp_login'))
    if form.validate_on_submit():
        return redirect(url_for('main.index'))
    return render_template('auth/otp_login.html', title=_('Enter OTP'),
--- a/app/models.py
+++ b/app/models.py
@ -88,7 +88,6 @@ followers = db.Table(
    db.Column('followed_id', db.Integer, db.ForeignKey('user.id'))
 )

-
 class User(UserMixin, PaginatedAPIMixin, db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(64), index=True, unique=True)