modified: web/blueprints/auth.py

modified: web/blueprints/group_admin.py modified: web/config.py modified: web/panel_db.py new file: web/templates/auth/accept_invite.html modified: web/templates/group_admin/base.html modified: web/templates/group_admin/members.html
2026-04-13 10:26:47 +02:00
parent 484687a076
commit 6b13ea5c22
7 changed files with 404 additions and 12 deletions
--- a/web/blueprints/auth.py
+++ b/web/blueprints/auth.py
@@ -3,8 +3,9 @@ MCLogger – Authentifizierung
 Getrennte Login-Seiten für Site-Admins und normale Nutzer/Gruppen-Admins.
 """
 import json
+from datetime import datetime
 from flask import Blueprint, render_template, request, redirect, url_for, session, flash
-from panel_db import check_login, get_user_groups
+from panel_db import accept_group_invite, check_login, get_invite_by_token, get_user_groups

 auth = Blueprint("auth", __name__)

@@ -72,6 +73,42 @@ def switch_group(group_id):
    return redirect(url_for("panel.dashboard"))


+@auth.route("/invite/<token>", methods=["GET", "POST"])
+def accept_invite(token):
+    if session.get("user_id"):
+        return redirect(url_for("panel.dashboard"))
+
+    invite = get_invite_by_token(token)
+    if not invite:
+        flash("Invitation not found.", "danger")
+        return redirect(url_for("auth.login"))
+
+    is_expired = invite["expires_at"] <= datetime.utcnow()
+    is_invalid = bool(invite.get("accepted_at") or invite.get("revoked_at") or is_expired)
+    error = None
+
+    if request.method == "POST" and not is_invalid:
+        password = request.form.get("password", "")
+        confirm_password = request.form.get("confirm_password", "")
+
+        if len(password) < 8:
+            error = "Password must be at least 8 characters long."
+        elif password != confirm_password:
+            error = "Passwords do not match."
+        else:
+            result = accept_group_invite(token, password)
+            if result is None:
+                flash("Invitation is no longer valid.", "danger")
+                return redirect(url_for("auth.login"))
+            if result.get("error") == "username_or_email_taken":
+                error = "The invited username or email is already in use. Please contact your administrator."
+            else:
+                flash("Your account has been created. You can now sign in.", "success")
+                return redirect(url_for("auth.login"))
+
+    return render_template("auth/accept_invite.html", invite=invite, is_invalid=is_invalid, is_expired=is_expired, error=error)
+
+
 def _set_user_session(user, groups):
    session["user_id"]       = user["id"]
    session["username"]      = user["username"]