From c8209fbccd58625b8dd42ac4c602398027bd3b29 Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Fri, 26 Aug 2016 03:15:46 +0200
Subject: [PATCH] Extended login and added login_required decorator

---
 server.py            | 17 +++++++++++++++--
 templates/login.html | 22 ++++++++++++++++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 templates/login.html

diff --git a/server.py b/server.py
index 5c8574e..ba24baa 100755
--- a/server.py
+++ b/server.py
@@ -1,5 +1,6 @@
-#!/bin/python
+
 from flask import *
+from functools import wraps
 import sqlite3
 import os
 import re
@@ -109,6 +110,16 @@ def ldapget(user):
 	else:
 		return notldap[user][2]
 
+def login_required(func):
+	@wraps(func)
+	def decorator(*args, **kwargs):
+		if not 'user' in session:
+			flash('Diese Funktion ist nur für Moderatoren verfügbar!')
+			return redirect(url_for('login', ref=request.url))
+		else:
+			return func(*args, **kwargs)
+	return decorator
+
 @app.route('/')
 def index():
 	return render_template('index.html', latestvideos=query('''
@@ -172,8 +183,10 @@ def course():
 	else:
 		return redirect(url_for('index'))
 
-@app.route('/login', methods=['POST'])
+@app.route('/login', methods=['GET', 'POST'])
 def login():
+	if request.method == 'GET':
+		return render_template('login.html')
 	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
 	if user and 'users' in groups:
 		session['user'] = ldapget(user)
diff --git a/templates/login.html b/templates/login.html
new file mode 100644
index 0000000..ea3a4d4
--- /dev/null
+++ b/templates/login.html
@@ -0,0 +1,22 @@
+{% extends "base.html" %}
+{% block content %}
+<div class="row">
+	<div class="col-xs-offset-1 col-xs-10">
+		<div class="panel panel-default">
+			<div class="panel-heading">
+				<h1 class="panel-title">Login für Moderatoren</h1>
+			</div>
+			<div class="panel-body">
+				<form method="post" action="login">
+					<input placeholder="User" name="user" type="text"><br>
+					<input placeholder="Password" name="password" type="password"><br>
+					{% if 'ref' in request.values %}
+					<input type="hidden" name="ref" value="{{ request.values.ref|e }}">
+					{% endif %}
+					<input type="submit" value="Login">
+				</form>
+			</div>
+		</div>
+	</div>
+</div>
+{% endblock %}
-- 
GitLab