moved models to auth module

imaginaerraum_door_admin/__init__.py

@@ -1,7 +1,6 @@
 import logging
 from flask import Flask
 from flask_sqlalchemy import SQLAlchemy
-from flask_security.models import fsqla_v2 as fsqla
 from flask_security import Security, SQLAlchemyUserDatastore, hash_password
 from email_validator import validate_email
 
@@ -11,7 +10,6 @@ from pathlib import Path
 
 #from .webapp import door_app
 from .door_handle import DoorHandle
-from .auth import ExtendedLoginForm
 
 security = Security()
 db = SQLAlchemy()
@@ -147,21 +145,14 @@ def create_app():
     # Create database connection object
     db.init_app(app)
 
-    # Define models
-    fsqla.FsModels.set_db_info(db)
-
-    class Role(db.Model, fsqla.FsRoleMixin):
-        pass
-
-    class User(db.Model, fsqla.FsUserMixin):
-        pass
-
     from . webapp import door_app
     app.register_blueprint(door_app)
 
     ldap_server = ldap3.Server(app.config['LDAP_URL'])
 
     # Setup Flask-Security
+    from .auth import ExtendedLoginForm, User, Role
+
     user_datastore = SQLAlchemyUserDatastore(db, User, Role)
     security.init_app(app, user_datastore, login_form=ExtendedLoginForm)
 

imaginaerraum_door_admin/auth.py

@@ -3,9 +3,24 @@ from flask import current_app
 from flask_security import hash_password
 from flask_security.forms import LoginForm, Required, PasswordField
 from flask_security.utils import find_user
+from flask_security.models import fsqla_v2 as fsqla
+
 import ldap3
 from ldap3.core.exceptions import LDAPBindError, LDAPSocketOpenError
 
+from imaginaerraum_door_admin import db, security
+
+# Define models
+fsqla.FsModels.set_db_info(db)
+
+
+class Role(db.Model, fsqla.FsRoleMixin):
+    pass
+
+
+class User(db.Model, fsqla.FsUserMixin):
+    pass
+
 
 class ExtendedLoginForm(LoginForm):
     email = StringField('Benutzername oder E-Mail', [Required()])
@@ -35,8 +50,8 @@ class ExtendedLoginForm(LoginForm):
                     user.email = new_user_data['email']
                     user.password = new_user_data['password']
                     for role in new_user_data['roles']:
-                        user_datastore.add_role_to_user(user, role)
+                        security.datastore.add_role_to_user(user, role)
-                    user_datastore.commit()
+                    security.datastore.commit()
                     self.user = user
                 else:
                     self.password.errors = ['Invalid password']
@@ -49,15 +64,16 @@ class ExtendedLoginForm(LoginForm):
 
             if authorized:
                 # if there was no user in the database before we create a new user
-                self.user = user_datastore.create_user(username=new_user_data['username'], email=new_user_data['email'],
+                self.user = security.datastore.create_user(username=new_user_data['username'], email=new_user_data['email'],
                                            password=new_user_data['password'], roles=new_user_data['roles'])
-                user_datastore.commit()
+                security.datastore.commit()
                 current_app.logger.info(f"New admin user '{new_user_data['username']} <{new_user_data['email']}>' created after"
                             " successful LDAP authorization")
 
         # if any of the authorization methods is successful we authorize the user
         return authorized
 
+
 def validate_ldap(username, password):
     """Validate the user and password through an LDAP server.