user login fixes

Author: GitTimeraider

app.py

@@ -8,7 +8,7 @@
 from apscheduler.triggers.cron import CronTrigger
 import logging
 from backup_service import BackupService
-from models import db, User, Repository, BackupJob
+from models import db, User, Repository, BackupJob, PasswordResetCode
 import atexit
 
 # Configure logging
@@ -82,6 +82,12 @@ def dashboard():
 
 @app.route('/login', methods=['GET', 'POST'])
 def login():
+    # Auto-create default admin if no users
+    if User.query.count() == 0:
+        admin = User(username='admin', password_hash=generate_password_hash('changeme'), is_admin=True)
+        db.session.add(admin)
+        db.session.commit()
+        logger.warning('Default admin user created with username=admin password=changeme; please change immediately.')
     if request.method == 'POST':
         username = request.form['username']
         password = request.form['password']
@@ -101,37 +107,84 @@ def logout():
     logout_user()
     return redirect(url_for('login'))
 
-@app.route('/register', methods=['GET', 'POST'])
-def register():
-    # Check if this is the first user (admin)
-    user_count = User.query.count()
-    
+@app.route('/settings', methods=['GET', 'POST'])
+@login_required
+def user_settings():
     if request.method == 'POST':
-        username = request.form['username']
-        password = request.form['password']
-        confirm_password = request.form['confirm_password']
-        
-        if password != confirm_password:
-            flash('Passwords do not match', 'error')
-            return render_template('register.html', first_user=user_count == 0)
-        
-        if User.query.filter_by(username=username).first():
-            flash('Username already exists', 'error')
-            return render_template('register.html', first_user=user_count == 0)
-        
-        user = User(
-            username=username,
-            password_hash=generate_password_hash(password),
-            is_admin=(user_count == 0)  # First user becomes admin
-        )
-        db.session.add(user)
+        new_username = request.form.get('username', '').strip()
+        current_password = request.form.get('current_password', '')
+        new_password = request.form.get('new_password', '')
+        confirm_password = request.form.get('confirm_password', '')
+
+        # Change username
+        if new_username and new_username != current_user.username:
+            if User.query.filter_by(username=new_username).first():
+                flash('Username already taken', 'error')
+                return redirect(url_for('user_settings'))
+            current_user.username = new_username
+            flash('Username updated', 'success')
+
+        # Change password
+        if new_password:
+            if not check_password_hash(current_user.password_hash, current_password):
+                flash('Current password incorrect', 'error')
+                return redirect(url_for('user_settings'))
+            if new_password != confirm_password:
+                flash('New passwords do not match', 'error')
+                return redirect(url_for('user_settings'))
+            current_user.password_hash = generate_password_hash(new_password)
+            flash('Password updated', 'success')
+
         db.session.commit()
-        
-        login_user(user)
-        flash('Registration successful', 'success')
-        return redirect(url_for('dashboard'))
-    
-    return render_template('register.html', first_user=user_count == 0)
+        return redirect(url_for('user_settings'))
+
+    return render_template('settings.html')
+
+import secrets
+
+@app.route('/forgot-password', methods=['GET', 'POST'])
+def forgot_password():
+    if request.method == 'POST':
+        username = request.form.get('username', '').strip()
+        user = User.query.filter_by(username=username).first()
+        if not user:
+            flash('If that user exists, a reset code has been generated (check logs).', 'info')
+            return redirect(url_for('forgot_password'))
+        # Invalidate previous unused codes for this user
+        PasswordResetCode.query.filter_by(user_id=user.id, used=False).delete()
+        code = secrets.token_hex(4)
+        prc = PasswordResetCode(user_id=user.id, code=code)
+        db.session.add(prc)
+        db.session.commit()
+        logger.warning(f'PASSWORD RESET CODE for user={user.username}: {code}')
+        flash('Reset code generated. Check server logs.', 'info')
+        return redirect(url_for('reset_password'))
+    return render_template('forgot_password.html')
+
+@app.route('/reset-password', methods=['GET', 'POST'])
+def reset_password():
+    if request.method == 'POST':
+        username = request.form.get('username', '').strip()
+        code = request.form.get('code', '').strip()
+        new_password = request.form.get('new_password', '')
+        confirm_password = request.form.get('confirm_password', '')
+        user = User.query.filter_by(username=username).first()
+        if not user:
+            flash('Invalid code or user', 'error')
+            return redirect(url_for('reset_password'))
+        prc = PasswordResetCode.query.filter_by(user_id=user.id, code=code, used=False).first()
+        if not prc:
+            flash('Invalid or already used code', 'error')
+            return redirect(url_for('reset_password'))
+        if new_password != confirm_password or not new_password:
+            flash('Passwords do not match or empty', 'error')
+            return redirect(url_for('reset_password'))
+        user.password_hash = generate_password_hash(new_password)
+        prc.used = True
+        db.session.commit()
+        flash('Password reset successful. You can now log in.', 'success')
+        return redirect(url_for('login'))
+    return render_template('reset_password.html')
 
 @app.route('/repositories')
 @login_required

models.py

@@ -40,3 +40,10 @@ class BackupJob(db.Model):
     started_at = db.Column(db.DateTime)
     completed_at = db.Column(db.DateTime)
     created_at = db.Column(db.DateTime, default=datetime.utcnow)
+
+class PasswordResetCode(db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
+    code = db.Column(db.String(32), nullable=False, index=True)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    used = db.Column(db.Boolean, default=False)

templates/base.html

@@ -7,84 +7,59 @@
     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css" rel="stylesheet">
     <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet">
     <style>
-        .sidebar {
-            min-height: 100vh;
-            background-color: #f8f9fa;
-        }
-        .content {
-            min-height: 100vh;
-        }
-        .navbar-brand {
-            font-weight: bold;
-        }
-        .card {
-            box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.075);
-        }
-        .status-badge {
-            font-size: 0.75rem;
-        }
+        :root { --bs-primary: #6f42c1; }
+        .navbar-brand { font-weight: 600; }
+        .navbar-purple { background: #6f42c1; }
+        .navbar-purple .navbar-nav .nav-link, .navbar-purple .navbar-brand, .navbar-purple .navbar-text { color: #fff; }
+        .navbar-purple .nav-link.active { font-weight: 600; text-decoration: underline; }
+        .btn-primary { background:#6f42c1; border-color:#6f42c1; }
+        .btn-primary:hover { background:#5a34a1; border-color:#5a34a1; }
+        a { color:#6f42c1; }
+        a:hover { color:#5a34a1; }
+        .card { box-shadow: 0 2px 4px rgba(0,0,0,0.05); }
+        body { background:#f5f5fa; }
+        main { padding: 1rem 1rem 3rem; }
+        @media (max-width: 576px){ main { padding-top: .75rem; } }
     </style>
 </head>
 <body>
-    <div class="container-fluid">
-        <div class="row">
-            {% if current_user.is_authenticated %}
-            <!-- Sidebar -->
-            <div class="col-md-2 sidebar p-3">
-                <h5 class="text-primary">
-                    <i class="fas fa-cloud-download-alt"></i>
-                    GitHub Backup
-                </h5>
-                <hr>
-                <nav class="nav flex-column">
-                    <a class="nav-link" href="{{ url_for('dashboard') }}">
-                        <i class="fas fa-tachometer-alt"></i> Dashboard
-                    </a>
-                    <a class="nav-link" href="{{ url_for('repositories') }}">
-                        <i class="fas fa-code-branch"></i> Repositories
-                    </a>
-                    <a class="nav-link" href="{{ url_for('backup_jobs') }}">
-                        <i class="fas fa-history"></i> Backup Jobs
-                    </a>
-                    <hr>
-                    <a class="nav-link text-danger" href="{{ url_for('logout') }}">
-                        <i class="fas fa-sign-out-alt"></i> Logout
-                    </a>
-                </nav>
-                <div class="mt-auto">
-                    <small class="text-muted">
-                        Logged in as: <strong>{{ current_user.username }}</strong>
-                    </small>
+        {% if current_user.is_authenticated %}
+        <nav class="navbar navbar-expand-lg navbar-purple navbar-dark">
+            <div class="container-fluid">
+                <a class="navbar-brand" href="{{ url_for('dashboard') }}"><i class="fas fa-cloud-download-alt"></i> GitHub Backup</a>
+                <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#mainNav">
+                    <span class="navbar-toggler-icon"></span>
+                </button>
+                <div class="collapse navbar-collapse" id="mainNav">
+                    <ul class="navbar-nav me-auto mb-2 mb-lg-0">
+                        <li class="nav-item"><a class="nav-link {% if request.endpoint=='dashboard' %}active{% endif %}" href="{{ url_for('dashboard') }}"><i class="fas fa-tachometer-alt"></i> Dashboard</a></li>
+                        <li class="nav-item"><a class="nav-link {% if request.endpoint=='repositories' %}active{% endif %}" href="{{ url_for('repositories') }}"><i class="fas fa-code-branch"></i> Repositories</a></li>
+                        <li class="nav-item"><a class="nav-link {% if request.endpoint=='backup_jobs' %}active{% endif %}" href="{{ url_for('backup_jobs') }}"><i class="fas fa-history"></i> Jobs</a></li>
+                        <li class="nav-item"><a class="nav-link {% if request.endpoint=='user_settings' %}active{% endif %}" href="{{ url_for('user_settings') }}"><i class="fas fa-user-cog"></i> Settings</a></li>
+                        <li class="nav-item"><a class="nav-link {% if request.endpoint in ['forgot_password','reset_password'] %}active{% endif %}" href="{{ url_for('forgot_password') }}"><i class="fas fa-key"></i> Forgot Password</a></li>
+                    </ul>
+                    <span class="navbar-text me-3 d-none d-lg-inline">Logged in as <strong>{{ current_user.username }}</strong></span>
+                    <a class="btn btn-outline-light" href="{{ url_for('logout') }}"><i class="fas fa-sign-out-alt"></i> Logout</a>
                 </div>
             </div>
-            {% endif %}
-            
-            <!-- Main content -->
-            <div class="{% if current_user.is_authenticated %}col-md-10{% else %}col-12{% endif %} content p-4">
-                {% if current_user.is_authenticated %}
-                <nav class="navbar navbar-expand-lg navbar-light bg-white mb-4">
-                    <div class="container-fluid">
-                        <span class="navbar-brand">{% block page_title %}Dashboard{% endblock %}</span>
-                    </div>
-                </nav>
+        </nav>
+        {% endif %}
+
+        <main class="container-fluid">
+            <!-- Flash messages -->
+            {% with messages = get_flashed_messages(with_categories=true) %}
+                {% if messages %}
+                    {% for category, message in messages %}
+                        <div class="alert alert-{{ 'danger' if category == 'error' else 'success' if category == 'success' else 'info' }} alert-dismissible fade show" role="alert">
+                            {{ message }}
+                            <button type="button" class="btn-close" data-bs-dismiss="alert"></button>
+                        </div>
+                    {% endfor %}
                 {% endif %}
-                
-                <!-- Flash messages -->
-                {% with messages = get_flashed_messages(with_categories=true) %}
-                    {% if messages %}
-                        {% for category, message in messages %}
-                            <div class="alert alert-{{ 'danger' if category == 'error' else 'success' if category == 'success' else 'info' }} alert-dismissible fade show" role="alert">
-                                {{ message }}
-                                <button type="button" class="btn-close" data-bs-dismiss="alert"></button>
-                            </div>
-                        {% endfor %}
-                    {% endif %}
-                {% endwith %}
-                
-                {% block content %}{% endblock %}
-            </div>
-        </div>
-    </div>
+            {% endwith %}
+            <h1 class="h4 mb-3">{% block page_title %}Dashboard{% endblock %}</h1>
+            {% block content %}{% endblock %}
+        </main>
 
     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
     {% block scripts %}{% endblock %}

templates/forgot_password.html

@@ -0,0 +1,22 @@
+{% extends "base.html" %}
+{% block page_title %}Forgot Password{% endblock %}
+{% block content %}
+<div class="row justify-content-center">
+  <div class="col-md-5">
+    <div class="card">
+      <div class="card-header"><i class="fas fa-key"></i> Generate Reset Code</div>
+      <div class="card-body">
+        <form method="POST">
+          <div class="mb-3">
+            <label class="form-label">Username</label>
+            <input type="text" class="form-control" name="username" required>
+          </div>
+          <button class="btn btn-primary w-100" type="submit">Generate Code</button>
+        </form>
+        <hr>
+        <a href="{{ url_for('reset_password') }}">Already have a code? Reset password</a>
+      </div>
+    </div>
+  </div>
+</div>
+{% endblock %}

templates/login.html

@@ -17,12 +17,11 @@ <h3 class="card-title text-center mb-4">
                         <label for="password" class="form-label">Password</label>
                         <input type="password" class="form-control" id="password" name="password" required>
                     </div>
-                    <button type="submit" class="btn btn-primary w-100">Login</button>
+                                        <button type="submit" class="btn btn-primary w-100">Login</button>
                 </form>
-                <hr>
-                <div class="text-center">
-                    <a href="{{ url_for('register') }}" class="btn btn-outline-secondary">Create Account</a>
-                </div>
+                                <div class="mt-3 text-center">
+                                    <a href="{{ url_for('forgot_password') }}" class="small">Forgot password?</a>
+                                </div>
             </div>
         </div>
     </div>

templates/reset_password.html

@@ -0,0 +1,34 @@
+{% extends "base.html" %}
+{% block page_title %}Reset Password{% endblock %}
+{% block content %}
+<div class="row justify-content-center">
+  <div class="col-md-5">
+    <div class="card">
+      <div class="card-header"><i class="fas fa-unlock-alt"></i> Reset Password</div>
+      <div class="card-body">
+        <form method="POST">
+          <div class="mb-3">
+            <label class="form-label">Username</label>
+            <input type="text" class="form-control" name="username" required>
+          </div>
+          <div class="mb-3">
+            <label class="form-label">Reset Code</label>
+            <input type="text" class="form-control" name="code" required>
+          </div>
+          <div class="mb-3">
+            <label class="form-label">New Password</label>
+            <input type="password" class="form-control" name="new_password" required>
+          </div>
+          <div class="mb-3">
+            <label class="form-label">Confirm New Password</label>
+            <input type="password" class="form-control" name="confirm_password" required>
+          </div>
+          <button class="btn btn-primary w-100" type="submit">Reset Password</button>
+        </form>
+        <hr>
+        <a href="{{ url_for('forgot_password') }}">Need a code? Generate one</a>
+      </div>
+    </div>
+  </div>
+</div>
+{% endblock %}

templates/settings.html

@@ -0,0 +1,33 @@
+{% extends "base.html" %}
+{% block page_title %}User Settings{% endblock %}
+{% block content %}
+<div class="row justify-content-center">
+  <div class="col-md-6">
+    <div class="card mb-4">
+      <div class="card-header"><i class="fas fa-user-cog"></i> Update Account</div>
+      <div class="card-body">
+        <form method="POST">
+          <div class="mb-3">
+            <label class="form-label">Username</label>
+            <input type="text" class="form-control" name="username" value="{{ current_user.username }}">
+          </div>
+          <hr>
+          <div class="mb-3">
+            <label class="form-label">Current Password</label>
+            <input type="password" class="form-control" name="current_password" placeholder="Enter current password to change it">
+          </div>
+          <div class="mb-3">
+            <label class="form-label">New Password</label>
+            <input type="password" class="form-control" name="new_password">
+          </div>
+          <div class="mb-3">
+            <label class="form-label">Confirm New Password</label>
+            <input type="password" class="form-control" name="confirm_password">
+          </div>
+          <button class="btn btn-primary w-100" type="submit">Save Changes</button>
+        </form>
+      </div>
+    </div>
+  </div>
+</div>
+{% endblock %}