MathJax, registration support, flask-bcrypt & updated view permissions

.gitignore

@@ -8,3 +8,4 @@ content/
 .eggs
 *.egg-info
 dist/
+.vscode/settings.json

setup.py

@@ -21,7 +21,10 @@
         'Markdown>=2.2.0',
         'Pygments>=1.5',
         'WTForms>=1.0.2',
-        'Werkzeug>=0.8.3'
+        'Werkzeug>=0.8.3',
+        'python-markdown-math',
+        'flask-bcrypt'
+
     ],
     setup_requires=['pytest-runner'],
     tests_require=['pytest', 'mock'],

wiki/core.py

@@ -96,7 +96,8 @@ def __init__(self, text):
             'codehilite',
             'fenced_code',
             'meta',
-            'tables'
+            'tables',
+            'mdx_math' # Add mathjax support
         ])
         self.input = text
         self.markdown = None

wiki/web/forms.py

@@ -9,6 +9,7 @@
 from wtforms import PasswordField
 from wtforms.validators import InputRequired
 from wtforms.validators import ValidationError
+from wtforms.validators import EqualTo
 
 from wiki.core import clean_url
 from wiki.web import current_wiki
@@ -31,6 +32,7 @@ class SearchForm(FlaskForm):
     ignore_case = BooleanField(
         description='Ignore Case',
         # FIXME: default is not correctly populated
+        # A: code is fine, firefox have a bug and will not render checkbox properly
         default=True)
 
 
@@ -55,3 +57,14 @@ def validate_password(form, field):
             return
         if not user.check_password(field.data):
             raise ValidationError('Username and password do not match.')
+
+class RegistrationForm(FlaskForm):
+    name = TextField('Username', [InputRequired()])
+    password = PasswordField('Password', [InputRequired()])
+    password_confirm = PasswordField('Confirm Password', 
+                    validators=[InputRequired(), EqualTo('password')])
+
+    def validate_name(form, field):
+        user = current_users.get_user(form.name.data)
+        if user:
+            raise ValidationError('This username already exist.')

wiki/web/routes.py

@@ -8,6 +8,7 @@
 from flask import render_template
 from flask import request
 from flask import url_for
+from flask import current_app
 from flask_login import current_user
 from flask_login import login_required
 from flask_login import login_user
@@ -18,9 +19,11 @@
 from wiki.web.forms import LoginForm
 from wiki.web.forms import SearchForm
 from wiki.web.forms import URLForm
+from wiki.web.forms import RegistrationForm
 from wiki.web import current_wiki
 from wiki.web import current_users
 from wiki.web.user import protect
+from wiki.web.user import UserManager
 
 
 bp = Blueprint('wiki', __name__)
@@ -50,6 +53,7 @@ def display(url):
 
 
 @bp.route('/create/', methods=['GET', 'POST'])
+@login_required
 @protect
 def create():
     form = URLForm()
@@ -60,6 +64,7 @@ def create():
 
 
 @bp.route('/edit/<path:url>/', methods=['GET', 'POST'])
+@login_required
 @protect
 def edit(url):
     page = current_wiki.get(url)
@@ -84,6 +89,7 @@ def preview():
 
 
 @bp.route('/move/<path:url>/', methods=['GET', 'POST'])
+@login_required
 @protect
 def move(url):
     page = current_wiki.get_or_404(url)
@@ -96,6 +102,7 @@ def move(url):
 
 
 @bp.route('/delete/<path:url>/')
+@login_required
 @protect
 def delete(url):
     page = current_wiki.get_or_404(url)
@@ -155,9 +162,17 @@ def user_index():
     pass
 
 
-@bp.route('/user/create/')
+@bp.route('/user/create/', methods=['GET', 'POST'])
 def user_create():
-    pass
+    form = RegistrationForm()
+    if form.validate_on_submit():
+        user = form.name.data
+        password = form.password.data
+        UserManager(current_app.config['CONTENT_DIR']).add_user(name=user, password=password)
+        # user.set('authenticated', True)
+        flash('Registration successful.', 'success')
+        return redirect(request.args.get("next") or url_for('wiki.index'))
+    return render_template('register.html', form=form)
 
 
 @bp.route('/user/<int:user_id>/')
@@ -166,6 +181,7 @@ def user_admin(user_id):
 
 
 @bp.route('/user/delete/<int:user_id>/')
+@login_required
 def user_delete(user_id):
     pass
 

wiki/web/templates/base.html

@@ -5,6 +5,19 @@
 		<link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='bootstrap.css') }}">
 		<link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='responsive.css') }}">
 		<link rel="stylesheet" type="text/css" href="{{ url_for('static', filename='pygments.css') }}">
+		<script>
+			MathJax = {
+			  tex: {
+				inlineMath: [['$', '$'], ['\\(', '\\)']]
+			  },
+			  svg: {
+				fontCache: 'global'
+			  }
+			};
+		</script>
+		<script type="text/javascript" id="MathJax-script" async
+			src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-svg.js">
+		</script>
 	</head>
 
 	<body>
@@ -26,10 +39,13 @@
 							</ul>
 
 							<ul class="nav pull-right">
-								{% if current_user.is_anonymous %}
-									<li><a href="{{ url_for('wiki.user_login') }}">Login</a></li>
-								{% else %}
+								{% if current_user.is_authenticated %}
 									<li><a href="{{ url_for('wiki.user_logout') }}">Logout</a></li>
+								{% else %}
+									<ul class="nav">
+									<li><a href="{{ url_for('wiki.user_login') }}">Login</a></li>
+									<li><a href="{{ url_for('wiki.user_create') }}">Register</a></li>
+									</ul>
 								{% endif %}
 							</ul>
 						</div>

wiki/web/templates/register.html

@@ -0,0 +1,16 @@
+{% extends "base.html" %}
+
+{% block title %}Register{% endblock title %}
+
+{% block content %}
+<form class="form form-inline" method="POST">
+	{{ form.hidden_tag() }}
+	{{ form.name.label }} <br>
+	{{ form.name(placeholder='Username') }} <br>
+	{{ form.password.label }} <br>
+	{{ form.password(placeholder='Password') }} <br>
+	{{ form.password_confirm.label }} <br>
+	{{ form.password_confirm(placeholder='Confirm Password') }} <br>
+	<input type="submit" class="btn btn-primary" value="Register">
+</form>
+{% endblock content %}

wiki/web/templates/search.html

@@ -14,7 +14,7 @@
 		<form class="form-inline well" method="POST">
 			{{ form.hidden_tag() }}
 			{{ form.term(placeholder='Search for.. (regex accepted)', autocomplete="off") }}
-            {{ form.ignore_case() }} Ignore Case
+            {{ form.ignore_case() }} {{ form.ignore_case.label }}
 			<input type="submit" class="btn btn-success pull-right" value="Search!">
 		</form>
 	</div>

wiki/web/user.py

@@ -4,15 +4,14 @@
 """
 import os
 import json
-import binascii
-import hashlib
 from functools import wraps
 
 from flask import current_app
 from flask_login import current_user
+from flask_bcrypt import Bcrypt
 
 
-
+bcrypt = Bcrypt()
 class UserManager(object):
     """A very simple user Manager, that saves it's data as json."""
     def __init__(self, path):
@@ -121,22 +120,15 @@ def check_password(self, password):
 
 
 def get_default_authentication_method():
-    return current_app.config.get('DEFAULT_AUTHENTICATION_METHOD', 'cleartext')
+    return current_app.config.get('DEFAULT_AUTHENTICATION_METHOD', 'hash')
 
 
 def make_salted_hash(password, salt=None):
-    if not salt:
-        salt = os.urandom(64)
-    d = hashlib.sha512()
-    d.update(salt[:32])
-    d.update(password)
-    d.update(salt[32:])
-    return binascii.hexlify(salt) + d.hexdigest()
+    return bcrypt.generate_password_hash(password).decode('utf-8')
 
 
 def check_hashed_password(password, salted_hash):
-    salt = binascii.unhexlify(salted_hash[:128])
-    return make_salted_hash(password, salt) == salted_hash
+    return bcrypt.check_password_hash(salted_hash, password)
 
 
 def protect(f):