Separate register/register_user, auto log in user on register

2022-10-15 22:12:25 +02:00
parent 7963bd1bf2
commit 17844fa11c
2 changed files with 40 additions and 20 deletions
--- a/db/sqlite.py
+++ b/db/sqlite.py
@@ -425,11 +425,21 @@ class DB:
            )
            if c.rowcount > 0:
                db.commit()
-                return True
-            return False
+                # TODO find a way to get the (autoincremented) user ID without looking
+                # up by name.
+                # ROWID is *probably* not always consistent (race conditions).
+                # Ideally we get the ID immediately on insert.
+                return c.execute('''
+                    select user_id
+                    from users
+                    where name = ?
+                    ''',
+                    (username,)
+                ).fetchone()
+            return None
        except sqlite3.IntegrityError:
            # User already exists, probably
-            return False
+            return None

    def add_user(self, username, password, time):
        '''
--- a/main.py
+++ b/main.py
@@ -358,23 +358,8 @@ def edit_comment(comment_id):
 def register():
    if request.method == 'POST':
        username, passwd = request.form['username'], request.form['password']
-        if any(c in username for c in string.whitespace):
-            # This error is more ergonomic in case someone tries to play tricks again :)
-            flash('Username may not contain whitespace', 'error')
-        elif len(username) < 3:
-            flash('Username must be at least 3 characters long', 'error')
-        elif len(passwd) < 8:
-            flash('Password must be at least 8 characters long', 'error')
-        elif not captcha.verify(
-            config.captcha_key,
-            request.form['captcha'],
-            request.form['answer'],
-        ):
-            flash('CAPTCHA answer is incorrect', 'error')
-        elif not db.register_user(username, password.hash(passwd), time.time_ns()):
-            flash('Failed to create account (username may already be taken)', 'error')
-        else:
-            flash('Account has been created. You can login now.', 'success')
+        if register_user():
+            flash('Account has been created', 'success')
            return redirect(url_for('index'))

    capt, answer = captcha.generate(config.captcha_key)
@@ -715,6 +700,31 @@ def get_user():
        return User(id, name, role, banned_until)
    return None

+def register_user():
+    username, passwd = request.form['username'], request.form['password']
+    if any(c in username for c in string.whitespace):
+        # This error is more ergonomic in case someone tries to play tricks again :)
+        flash('Username may not contain whitespace', 'error')
+    elif len(username) < 3:
+        flash('Username must be at least 3 characters long', 'error')
+    elif len(passwd) < 8:
+        flash('Password must be at least 8 characters long', 'error')
+    elif not captcha.verify(
+        config.captcha_key,
+        request.form['captcha'],
+        request.form['answer'],
+    ):
+        flash('CAPTCHA answer is incorrect', 'error')
+    else:
+        uid = db.register_user(username, password.hash(passwd), time.time_ns())
+        if uid is None:
+            flash('Failed to create account (username may already be taken)', 'error')
+        else:
+            uid, = uid
+            session['user_id'] = uid
+            return True
+    return False
+

@app.context_processor
 def utility_processor():