diff --git a/app.py b/app.py
index 9130bd7..49510db 100644
--- a/app.py
+++ b/app.py
@@ -10,10 +10,11 @@ from flask_security.models import fsqla_v2 as fsqla
from flask_security.forms import LoginForm, Required, PasswordField
from datetime import date
-
from door import Door
-door = Door('10.10.21.2')
+MQTT_BROKER = '10.10.21.2'
+
+door = Door(MQTT_BROKER)
app = Flask(__name__)
@@ -25,7 +26,7 @@ app.config['SECURITY_PASSWORD_SALT'] = os.environ.get("SECURITY_PASSWORD_SALT",
app.config['SECURITY_USER_IDENTITY_ATTRIBUTES'] = ('username', 'email')
-app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://'
+app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///admin.db'
# As of Flask-SQLAlchemy 2.4.0 it is easy to pass in options directly to the
# underlying engine. This option makes sure that DB connections from the
# pool are still valid. Important for entire application since
@@ -69,10 +70,11 @@ def validate_valid_thru_date(form, field):
class TokenForm(FlaskForm):
name = StringField('Name', validators=[DataRequired()])
email = EmailField('E-Mail', validators=[DataRequired()])
+ organization = StringField('Organization', validators=[DataRequired()])
limit_validity = BooleanField('Gültigkeit begrenzen?')
valid_thru = DateField('Gültig bis', validators=[validate_valid_thru_date])
active = BooleanField('Aktiv?')
- dsgvo = BooleanField('Einwilligung DSGVO erfragt?', validators=[DataRequired()])
+ dsgvo = BooleanField('Einwilligung Nutzungsbedingungen erfragt?', validators=[DataRequired()])
# Create a user to test with
@@ -90,7 +92,7 @@ def door_lock():
@app.route('/tokens')
-#@auth_required()
+@auth_required()
def list_tokens():
tokens = door.get_tokens()
assigned_tokens = {t: data for t, data in tokens.items() if not data['inactive']}
@@ -99,7 +101,7 @@ def list_tokens():
@app.route('/register-token', methods=['GET', 'POST'])
-#@auth_required()
+@auth_required()
def register():
"""Register new token for locking and unlocking the door.
@@ -120,6 +122,7 @@ def register():
session['token'] = door.get_most_recent_token()['token']
session['name'] = form.name.data
session['email'] = form.email.data
+ session['organization'] = form.organization.data
if form.limit_validity.data:
session['valid_thru'] = form.valid_thru.data.isoformat()
else:
@@ -131,7 +134,7 @@ def register():
@app.route('/edit-token/', methods=['GET', 'POST'])
-#@auth_required()
+@auth_required()
def edit_token(token):
"""Edit data in the token file (name, email, valid_thru date, active/inactive).
@@ -144,7 +147,7 @@ def edit_token(token):
token : str
The token for which data should be edited.
"""
- form = TokenForm()
+ form = TokenForm(request.form)
form.dsgvo.validators = [] # we skip the validation of the DSGVO checkbox here because we assume the user agreed
# to it before
if request.method == 'GET':
@@ -155,6 +158,8 @@ def edit_token(token):
form.active.data = not et['inactive']
form.name.data = et['name'] if et['name'] else ''
form.email.data = et['email'] if et['email'] else ''
+ form.organization.data = et['organization'] if et['organization'] else ''
+
# for the valid thru date we use today's date in case there is not valid date in the database
try:
form.valid_thru.data = date.fromisoformat(et['valid_thru'])
@@ -167,21 +172,26 @@ def edit_token(token):
# flash an error message if the route is accessed with an invalid token
flash(f'Ausgewaehlter Token {token} in Tokenfile nicht gefunden.')
return redirect('/tokens')
- elif request.method == 'POST' and form.validate():
- # store data in session cookie
- session['token'] = token
- session['name'] = form.name.data
- session['email'] = form.email.data
- if form.limit_validity.data:
- session['valid_thru'] = form.valid_thru.data.isoformat()
+ elif request.method == 'POST':
+ if form.validate():
+ # store data in session cookie
+ session['token'] = token
+ session['name'] = form.name.data
+ session['organization'] = form.organization.data
+ session['email'] = form.email.data
+ if form.limit_validity.data:
+ session['valid_thru'] = form.valid_thru.data.isoformat()
+ else:
+ session['valid_thru'] = ''
+ session['inactive'] = not form.active.data
+ return redirect(f'/store-token')
else:
- session['valid_thru'] = ''
- session['inactive'] = not form.active.data
- return redirect(f'/store-token')
+ return render_template('edit.html', token=token, form=form)
+
@app.route('/store-token')
-#@auth_required()
+@auth_required()
def store_token():
"""Store token to the token file on disk.
@@ -194,13 +204,13 @@ def store_token():
'email': session['email'],
'valid_thru': session['valid_thru'],
'inactive': session['inactive'],
- 'organization': 'test_org'}
+ 'organization': session['organization']}
door.store_tokens(tokens)
return redirect('/tokens')
@app.route('/delete-token', methods=['POST'])
-#@auth_required()
+@auth_required()
def delete_token():
"""Delete the given token from the token file and store the new token file to disk
@@ -218,7 +228,7 @@ def delete_token():
@app.route('/deactivate-token/')
-#@auth_required()
+@auth_required()
def deactivate_token(token):
"""Deactivate access for the given token. This updates the token file on disk.
diff --git a/templates/edit.html b/templates/edit.html
index 535a17c..39ae520 100644
--- a/templates/edit.html
+++ b/templates/edit.html
@@ -21,17 +21,39 @@
Token {{ token }} editieren: