Initial commit - Mold Cost Calculator Application (Security Fixed)
This commit is contained in:
@@ -0,0 +1,108 @@
|
||||
from flask_wtf import FlaskForm
|
||||
from wtforms import (
|
||||
StringField,
|
||||
PasswordField,
|
||||
BooleanField,
|
||||
SubmitField
|
||||
)
|
||||
from wtforms.validators import (
|
||||
DataRequired,
|
||||
Email,
|
||||
Length,
|
||||
ValidationError,
|
||||
EqualTo
|
||||
)
|
||||
from sqlalchemy import func
|
||||
from app.models import User
|
||||
import re
|
||||
|
||||
class LoginForm(FlaskForm):
|
||||
email = StringField('Email', validators=[
|
||||
DataRequired(),
|
||||
Email(),
|
||||
Length(max=120)
|
||||
])
|
||||
password = PasswordField('Password', validators=[
|
||||
DataRequired(),
|
||||
Length(min=8)
|
||||
])
|
||||
remember_me = BooleanField('Remember Me')
|
||||
submit = SubmitField('Log In')
|
||||
|
||||
class RegistrationForm(FlaskForm):
|
||||
username = StringField('Username', validators=[
|
||||
DataRequired(),
|
||||
Length(min=3, max=64)
|
||||
])
|
||||
email = StringField('Email', validators=[
|
||||
DataRequired(),
|
||||
Email(),
|
||||
Length(max=120)
|
||||
])
|
||||
company = StringField('Company', validators=[
|
||||
DataRequired(),
|
||||
Length(max=100)
|
||||
])
|
||||
password = PasswordField('Password', validators=[
|
||||
DataRequired(),
|
||||
Length(min=8)
|
||||
])
|
||||
password_confirm = PasswordField('Confirm Password', validators=[
|
||||
DataRequired(),
|
||||
EqualTo('password', message='Passwords must match')
|
||||
])
|
||||
terms = BooleanField('I agree to the terms and conditions', validators=[
|
||||
DataRequired(message='You must agree to the terms and conditions')
|
||||
])
|
||||
submit = SubmitField('Register')
|
||||
|
||||
def validate_username(self, username):
|
||||
if not re.match(r'^[a-zA-Z0-9_-]+$', username.data):
|
||||
raise ValidationError('Username can only contain letters, numbers, underscores and hyphens')
|
||||
user = User.query.filter_by(username=username.data).first()
|
||||
if user:
|
||||
raise ValidationError('Username already taken')
|
||||
|
||||
def validate_email(self, email):
|
||||
user = User.query.filter_by(email=email.data).first()
|
||||
if user:
|
||||
raise ValidationError('Email already registered')
|
||||
|
||||
def validate_password(self, password):
|
||||
if not re.search(r'[A-Z]', password.data):
|
||||
raise ValidationError('Password must contain at least one uppercase letter')
|
||||
if not re.search(r'[a-z]', password.data):
|
||||
raise ValidationError('Password must contain at least one lowercase letter')
|
||||
if not re.search(r'[0-9]', password.data):
|
||||
raise ValidationError('Password must contain at least one number')
|
||||
if not re.search(r'[!@#$%^&*(),.?":{}|<>]', password.data):
|
||||
raise ValidationError('Password must contain at least one special character')
|
||||
|
||||
class RequestPasswordResetForm(FlaskForm):
|
||||
email = StringField('Email', validators=[
|
||||
DataRequired(),
|
||||
Email(),
|
||||
Length(max=120)
|
||||
])
|
||||
submit = SubmitField('Request Password Reset')
|
||||
|
||||
class ResetPasswordForm(FlaskForm):
|
||||
password = PasswordField('New Password', validators=[
|
||||
DataRequired(),
|
||||
Length(min=8)
|
||||
])
|
||||
password_confirm = PasswordField('Confirm New Password', validators=[
|
||||
DataRequired(),
|
||||
EqualTo('password', message='Passwords must match')
|
||||
])
|
||||
submit = SubmitField('Reset Password')
|
||||
|
||||
def validate_password(self, password):
|
||||
if not re.search(r'[A-Z]', password.data):
|
||||
raise ValidationError('Password must contain at least one uppercase letter')
|
||||
if not re.search(r'[a-z]', password.data):
|
||||
raise ValidationError('Password must contain at least one lowercase letter')
|
||||
if not re.search(r'[0-9]', password.data):
|
||||
raise ValidationError('Password must contain at least one number')
|
||||
if not re.search(r'[!@#$%^&*(),.?":{}|<>]', password.data):
|
||||
raise ValidationError('Password must contain at least one special character')
|
||||
Reference in New Issue
Block a user