86f9117d55
Security improvements:
- Removed registration link from login page
- Disabled /auth/register route - redirects with error message
- Removed demo credentials from login page
- Added info message: 'New users are created by administrators'
UI improvements:
- Compacted all admin interface buttons (btn-sm)
- Reduced heading sizes (H2 → H4) for less visual dominance
- Shortened badge texts ('Administrator' → 'Admin', 'Benutzer' → 'User')
- Optimized spacing and reduced margins/paddings
- Cleaner, more professional admin interface
Access control:
- Only administrators can create new users via admin panel
- Self-registration completely disabled for security
- Maintains full admin functionality with improved UX
35 lines
1.2 KiB
Python
35 lines
1.2 KiB
Python
from flask import Blueprint, render_template, request, redirect, url_for, flash
|
|
from flask_login import login_user, logout_user, login_required, current_user
|
|
from app.models import User
|
|
from app import db
|
|
|
|
auth_bp = Blueprint('auth', __name__)
|
|
|
|
@auth_bp.route('/login', methods=['GET', 'POST'])
|
|
def login():
|
|
if request.method == 'POST':
|
|
username = request.form['username']
|
|
password = request.form['password']
|
|
|
|
user = User.query.filter_by(username=username).first()
|
|
|
|
if user and user.check_password(password):
|
|
login_user(user)
|
|
next_page = request.args.get('next')
|
|
return redirect(next_page) if next_page else redirect(url_for('main.dashboard'))
|
|
else:
|
|
flash('Ungültiger Benutzername oder Passwort')
|
|
|
|
return render_template('auth/login.html')
|
|
|
|
@auth_bp.route('/register', methods=['GET', 'POST'])
|
|
def register():
|
|
# Registrierung deaktiviert - nur Administratoren können Benutzer erstellen
|
|
flash('Registrierung ist deaktiviert. Wenden Sie sich an einen Administrator.', 'error')
|
|
return redirect(url_for('auth.login'))
|
|
|
|
@auth_bp.route('/logout')
|
|
@login_required
|
|
def logout():
|
|
logout_user()
|
|
return redirect(url_for('auth.login')) |