From f9a0919d488eb4d27932ade49dd1178a7c172728 Mon Sep 17 00:00:00 2001
From: "Ethan Clay (UWE)" <ethan2.clay@live.uwe.ac.uk>
Date: Tue, 10 Dec 2024 11:20:39 +0000
Subject: [PATCH] Complete basic authentication including adding 256 bit
 encryption for passwords

---
 app/api/routes.py     | 2 +-
 app/auth/routes.py    | 6 +++---
 app/models/user.py    | 6 ++++--
 app/profile/routes.py | 4 ++--
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/app/api/routes.py b/app/api/routes.py
index 5fe5e7b..503853e 100644
--- a/app/api/routes.py
+++ b/app/api/routes.py
@@ -26,7 +26,7 @@ def get_user_by_id(id):
 def create_user():
     try:
         #Hardcoded for now as when running upgrade on new db no users exist yet, will change at some point
-        result = User.create_user('ethan_root', 'ethan2.clay@live.uwe.ac.uk', 'password1234', 1)
+        result = User.create_user('ethan_root', 'ethan2.clay@live.uwe.ac.uk', 'password1234', 2) # Role ID 2 is for admins
 
         if result is None:
             return jsonify({'error': 'User not found'}), 404
diff --git a/app/auth/routes.py b/app/auth/routes.py
index fa6a1b6..e841d6e 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -1,5 +1,5 @@
 #https://www.digitalocean.com/community/tutorials/how-to-add-authentication-to-your-app-with-flask-login#step-1-installing-packages
-from flask import Blueprint, render_template, redirect, url_for, request
+from flask import Blueprint, render_template, redirect, url_for, request, flash
 from app.auth import bp
 from werkzeug.security import generate_password_hash, check_password_hash
 from app.models import User
@@ -21,7 +21,7 @@ def signup_post():
     if user:
         return redirect(url_for('profile.signup'))
 
-    new_user = User(username=username, email=email, password=generate_password_hash(password, method='pbkdf2:sha256'), role_id=2)  # Assuming role_id is required and you have a default value or retrieve it from elsewhere
+    new_user = User.create_user(username=username, email=email, password=password)
 
     db.session.add(new_user)
     db.session.commit()
@@ -41,4 +41,4 @@ def login_post():
         return redirect(url_for('profile.login'))
 
     login_user(user, remember=remember)
-    return redirect(url_for('main.profile'))
\ No newline at end of file
+    return redirect(url_for('profile.index'))
\ No newline at end of file
diff --git a/app/models/user.py b/app/models/user.py
index 8431368..dcc99b3 100644
--- a/app/models/user.py
+++ b/app/models/user.py
@@ -1,5 +1,6 @@
 from flask import request, jsonify
 from flask_login import UserMixin
+from werkzeug.security import generate_password_hash, check_password_hash
 from app import db
 
 class User(UserMixin, db.Model):
@@ -14,8 +15,9 @@ class User(UserMixin, db.Model):
     token_expiry = db.Column(db.DateTime(), nullable=True)
 
     @classmethod
-    def create_user(cls, username, email, password, role_id):
-        new_user = cls(username=username, email=email, password=password, role_id=role_id)
+    def create_user(cls, username, email, password, role_id = 1): # Role ID 1 is default for standard users
+        hashed_password = generate_password_hash(password, method='pbkdf2:sha256') 
+        new_user = cls(username=username, email=email, password=hashed_password, role_id=role_id)
         db.session.add(new_user)
         db.session.commit()
         
diff --git a/app/profile/routes.py b/app/profile/routes.py
index f827e4e..ebfcbf4 100644
--- a/app/profile/routes.py
+++ b/app/profile/routes.py
@@ -13,7 +13,7 @@ def index():
 
 @bp.route('/login')
 def login():
-    return 'Login'
+    return render_template('profile/login.html')
 
 @bp.route('/signup', methods=['POST'])
 def signup_post():
@@ -37,4 +37,4 @@ def signup():
 
 @bp.route('/logout')
 def logout():
-    return 'Logout'
\ No newline at end of file
+    return 'Logout'
-- 
GitLab