Separate register/register_user, auto log in user on register

db/sqlite.py

@@ -425,11 +425,21 @@ class DB:
             )
             if c.rowcount > 0:
                 db.commit()
-                return True
+                # TODO find a way to get the (autoincremented) user ID without looking
-            return False
+                # up by name.
+                # ROWID is *probably* not always consistent (race conditions).
+                # Ideally we get the ID immediately on insert.
+                return c.execute('''
+                    select user_id
+                    from users
+                    where name = ?
+                    ''',
+                    (username,)
+                ).fetchone()
+            return None
         except sqlite3.IntegrityError:
             # User already exists, probably
-            return False
+            return None
 
     def add_user(self, username, password, time):
         '''

main.py

@@ -358,23 +358,8 @@ def edit_comment(comment_id):
 def register():
     if request.method == 'POST':
         username, passwd = request.form['username'], request.form['password']
-        if any(c in username for c in string.whitespace):
+        if register_user():
-            # This error is more ergonomic in case someone tries to play tricks again :)
+            flash('Account has been created', 'success')
-            flash('Username may not contain whitespace', 'error')
-        elif len(username) < 3:
-            flash('Username must be at least 3 characters long', 'error')
-        elif len(passwd) < 8:
-            flash('Password must be at least 8 characters long', 'error')
-        elif not captcha.verify(
-            config.captcha_key,
-            request.form['captcha'],
-            request.form['answer'],
-        ):
-            flash('CAPTCHA answer is incorrect', 'error')
-        elif not db.register_user(username, password.hash(passwd), time.time_ns()):
-            flash('Failed to create account (username may already be taken)', 'error')
-        else:
-            flash('Account has been created. You can login now.', 'success')
             return redirect(url_for('index'))
 
     capt, answer = captcha.generate(config.captcha_key)
@@ -715,6 +700,31 @@ def get_user():
         return User(id, name, role, banned_until)
     return None
 
+def register_user():
+    username, passwd = request.form['username'], request.form['password']
+    if any(c in username for c in string.whitespace):
+        # This error is more ergonomic in case someone tries to play tricks again :)
+        flash('Username may not contain whitespace', 'error')
+    elif len(username) < 3:
+        flash('Username must be at least 3 characters long', 'error')
+    elif len(passwd) < 8:
+        flash('Password must be at least 8 characters long', 'error')
+    elif not captcha.verify(
+        config.captcha_key,
+        request.form['captcha'],
+        request.form['answer'],
+    ):
+        flash('CAPTCHA answer is incorrect', 'error')
+    else:
+        uid = db.register_user(username, password.hash(passwd), time.time_ns())
+        if uid is None:
+            flash('Failed to create account (username may already be taken)', 'error')
+        else:
+            uid, = uid
+            session['user_id'] = uid
+            return True
+    return False
+
 
 @app.context_processor
 def utility_processor():