login is working

capsulflask/auth.py

@@ -10,6 +10,7 @@ from flask import request
 from flask import session
 from flask import render_template
 from flask_mail import Message
+from werkzeug.exceptions import abort
 
 from capsulflask.db import get_model
 
@@ -61,6 +62,16 @@ def login():
 
     return render_template("login.html")
 
+@bp.route("/magic/<string:token>", methods=("GET", ))
+def magiclink(token):
+    email = get_model().consumeToken(token)
+    if email is not None:
+        session.clear()
+        session["account"] = email
+        return redirect(url_for("index"))
+    else:
+        abort(404, f"Token {token} doesn't exist or has already been used.")
+
 @bp.route("/logout")
 def logout():
     session.clear()

capsulflask/model.py

@@ -14,8 +14,15 @@ class Model:
 
     token = generate()
     self.cursor.execute("INSERT INTO logintokens (email, token) VALUES (%s, %s)", (email, token))
-
     self.connection.commit()
 
     return token
     
+  def consumeToken(self, token):
+    self.cursor.execute("SELECT email FROM logintokens WHERE token = %s", (token, ))
+    rows = self.cursor.fetchall()
+    if len(rows) > 0:
+      self.cursor.execute("DELETE FROM logintokens WHERE token = %s", (token, ))
+      self.connection.commit()
+      return rows[0][0]
+    return None

capsulflask/templates/base.html

@@ -13,8 +13,8 @@
 <header>
 
     <div class="float-right">
-      {% if g.user %}
+      {% if session["account"] %}
-        <span>{{ g.user['username'] }}</span>
+        <span>{{ session["account"] }}</span>
         <a href="{{ url_for('auth.logout') }}">Log Out</a>
       {% else %}
         <a href="{{ url_for('auth.login') }}">Log In</a>