diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
new file mode 100644
index 0000000..a1f9af5
--- /dev/null
+++ b/.idea/inspectionProfiles/Project_Default.xml
@@ -0,0 +1,59 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000..49100b4
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,35 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/app/api/auth.py b/app/api/auth.py
index 230f98c..e78e282 100644
--- a/app/api/auth.py
+++ b/app/api/auth.py
@@ -12,7 +12,6 @@ def verify_password(username, password):
if user and user.check_password(password):
return user
-
@basic_auth.error_handler
def basic_auth_error(status):
return error_response(status)
diff --git a/app/auth/email.py b/app/auth/email.py
index 98755ac..e4a765c 100644
--- a/app/auth/email.py
+++ b/app/auth/email.py
@@ -1,8 +1,31 @@
from flask import render_template, current_app
from flask_babel import _
from app.email import send_email
+import math, random
+def generate_otp(user):
+ # Declare a digits variable
+ # which stores all digits
+ digits = "0123456789"
+ otp = ""
+ # length of password can be changed
+ # by changing value in range
+ for i in range(4):
+ otp += digits[math.floor(random.random() * 10)]
+ user.otp = otp
+ return otp
+
+def send_otp_email(user):
+ otp = generate_otp(user)
+ send_email(_('[Microblog] Your one time passcode'),
+ sender=current_app.config['ADMINS'][0],
+ recipients=[user.email],
+ text_body=render_template('email/otp.txt',
+ user=user, otp=otp),
+ html_body=render_template('email/otp.html',
+ user=user, otp=otp))
+
def send_password_reset_email(user):
token = user.get_reset_password_token()
send_email(_('[Microblog] Reset Your Password'),
diff --git a/app/auth/forms.py b/app/auth/forms.py
index c1dd3eb..9a1af02 100644
--- a/app/auth/forms.py
+++ b/app/auth/forms.py
@@ -4,13 +4,16 @@ from wtforms.validators import ValidationError, DataRequired, Email, EqualTo
from flask_babel import _, lazy_gettext as _l
from app.models import User
-
class LoginForm(FlaskForm):
username = StringField(_l('Username'), validators=[DataRequired()])
password = PasswordField(_l('Password'), validators=[DataRequired()])
remember_me = BooleanField(_l('Remember Me'))
submit = SubmitField(_l('Sign In'))
+class OTPForm(FlaskForm):
+ username = StringField(_l('Username'), validators=[DataRequired()])
+ OTP = StringField(_l('OTP'), validators=[DataRequired()]) ###EqualTo(otp)
+ submit = SubmitField(_l('Log in') )
class RegistrationForm(FlaskForm):
username = StringField(_l('Username'), validators=[DataRequired()])
diff --git a/app/auth/routes.py b/app/auth/routes.py
index b3f1d72..84f280f 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -5,15 +5,12 @@ from flask_babel import _
from app import db
from app.auth import bp
from app.auth.forms import LoginForm, RegistrationForm, \
- ResetPasswordRequestForm, ResetPasswordForm
+ ResetPasswordRequestForm, ResetPasswordForm, OTPForm
from app.models import User
from app.auth.email import send_password_reset_email
-
@bp.route('/login', methods=['GET', 'POST'])
def login():
- if current_user.is_authenticated:
- return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
@@ -23,10 +20,26 @@ def login():
login_user(user, remember=form.remember_me.data)
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
- next_page = url_for('main.index')
+ next_page = url_for('auth.otp_login')
return redirect(next_page)
return render_template('auth/login.html', title=_('Sign In'), form=form)
+@bp.route('/otp', methods=['GET', 'POST'])
+def otp_login():
+ form = OTPForm()
+ user = User.query.filter_by(username=form.username.data).first()
+ otp = form.OTP.data
+ if user:
+ send_otp_email(user)
+ flash(_('Check your email for your OTP'))
+ return redirect(url_for('auth.otp_login'))
+ if otp != user.otp:
+ flash(_('Invalid OTP'))
+ return redirect(url_for('auth.otp_login'))
+ if form.validate_on_submit():
+ return redirect(url_for('main.index'))
+ return render_template('auth/otp_login.html', title=_('Enter OTP'),
+ form=form)
@bp.route('/logout')
def logout():
diff --git a/app/main/forms.py b/app/main/forms.py
index a7c8d96..f06209c 100644
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -26,7 +26,6 @@ class EditProfileForm(FlaskForm):
class EmptyForm(FlaskForm):
submit = SubmitField('Submit')
-
class PostForm(FlaskForm):
post = TextAreaField(_l('Say something'), validators=[DataRequired()])
submit = SubmitField(_l('Submit'))
diff --git a/app/models.py b/app/models.py
index 5bdab20..3a9dcae 100644
--- a/app/models.py
+++ b/app/models.py
@@ -88,7 +88,6 @@ followers = db.Table(
db.Column('followed_id', db.Integer, db.ForeignKey('user.id'))
)
-
class User(UserMixin, PaginatedAPIMixin, db.Model):
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(64), index=True, unique=True)
@@ -96,6 +95,7 @@ class User(UserMixin, PaginatedAPIMixin, db.Model):
password_hash = db.Column(db.String(128))
posts = db.relationship('Post', backref='author', lazy='dynamic')
about_me = db.Column(db.String(140))
+ otp = db.Column(db.String(4))
last_seen = db.Column(db.DateTime, default=datetime.utcnow)
token = db.Column(db.String(32), index=True, unique=True)
token_expiration = db.Column(db.DateTime)
@@ -118,6 +118,13 @@ class User(UserMixin, PaginatedAPIMixin, db.Model):
def __repr__(self):
return ''.format(self.username)
+##
+ ## def set_otp(self, otp):
+ ## self.otp = otp
+
+ ## def get_otp(self):
+ ## return self.otp
+
def set_password(self, password):
self.password_hash = generate_password_hash(password)
diff --git a/app/templates/.DS_Store b/app/templates/.DS_Store
new file mode 100644
index 0000000..1aa90dd
Binary files /dev/null and b/app/templates/.DS_Store differ
diff --git a/app/templates/auth/otp_login.html b/app/templates/auth/otp_login.html
new file mode 100644
index 0000000..9ab59b3
--- /dev/null
+++ b/app/templates/auth/otp_login.html
@@ -0,0 +1,14 @@
+{% extends 'base.html' %}
+{% import 'bootstrap/wtf.html' as wtf %}
+
+{% block app_content %}
+ {{ _('Validation') }}
+
+
+ {{ wtf.quick_form(form) }}
+
+
+
+ {{ _('New User?') }} {{ _('Click to Register!') }}
+ {{ _('Returning User?') }} {{ _('Click to Login!') }}
+{% endblock %}
diff --git a/app/templates/email/otp.html b/app/templates/email/otp.html
new file mode 100644
index 0000000..a2460e2
--- /dev/null
+++ b/app/templates/email/otp.html
@@ -0,0 +1,9 @@
+Dear {{ user.username }},
+
+ Here is your one time passcode
+
{{otp}}
+
+
+If you have not requested an otp, simply ignore this message.
+Sincerely,
+The Microblog Team
diff --git a/app/templates/email/otp.txt b/app/templates/email/otp.txt
new file mode 100644
index 0000000..afc9182
--- /dev/null
+++ b/app/templates/email/otp.txt
@@ -0,0 +1,11 @@
+Dear {{ user.username }},
+
+Here is your one time passcode:
+
+{{otp}}
+
+If you have not requested a otp, simply ignore this message.
+
+Sincerely,
+
+The Microblog Team
diff --git a/migrations/versions/e517276bb1c2_users_table.py b/migrations/versions/e517276bb1c2_users_table.py
index 4353272..5eb8181 100644
--- a/migrations/versions/e517276bb1c2_users_table.py
+++ b/migrations/versions/e517276bb1c2_users_table.py
@@ -23,6 +23,7 @@ def upgrade():
sa.Column('username', sa.String(length=64), nullable=True),
sa.Column('email', sa.String(length=120), nullable=True),
sa.Column('password_hash', sa.String(length=128), nullable=True),
+ sa.Column('otp', sa.Integer()),
sa.PrimaryKeyConstraint('id')
)
op.create_index(op.f('ix_user_email'), 'user', ['email'], unique=True)