a ton of fun happened, refactored alot

plugins/auth/forms.py

@@ -0,0 +1,15 @@
+from flask_wtf import FlaskForm
+from wtforms import StringField, PasswordField, SubmitField
+from wtforms.validators import DataRequired, Email, Length, EqualTo
+
+class RegistrationForm(FlaskForm):
+    username = StringField('Username', validators=[DataRequired(), Length(min=3, max=25)])
+    email    = StringField('Email', validators=[DataRequired(), Email()])
+    password = PasswordField('Password', validators=[DataRequired(), Length(min=6)])
+    confirm  = PasswordField('Confirm Password', validators=[DataRequired(), EqualTo('password')])
+    submit   = SubmitField('Register')
+
+class LoginForm(FlaskForm):
+    email    = StringField('Email', validators=[DataRequired(), Email()])
+    password = PasswordField('Password', validators=[DataRequired()])
+    submit   = SubmitField('Login')

plugins/auth/models.py

@@ -1,7 +1,9 @@
+# File: plugins/auth/models.py
+
 from werkzeug.security import generate_password_hash, check_password_hash
 from flask_login import UserMixin
 from datetime import datetime
-from app import db
+from app import db, login_manager
 
 class User(db.Model, UserMixin):
     __tablename__ = 'users'
@@ -15,14 +17,10 @@ class User(db.Model, UserMixin):
     excluded_from_analytics = db.Column(db.Boolean, default=False)
     created_at = db.Column(db.DateTime, default=datetime.utcnow)
 
-    # Soft-delete flag
     is_deleted      = db.Column(db.Boolean, nullable=False, default=False)
-    # Permanent ban flag
     is_banned       = db.Column(db.Boolean, nullable=False, default=False)
-    # Temporary suspension until this UTC datetime
     suspended_until = db.Column(db.DateTime, nullable=True)
 
-    # Use back_populates, not backref
     submitted_submissions = db.relationship(
         "Submission",
         foreign_keys="Submission.user_id",
@@ -42,3 +40,20 @@ class User(db.Model, UserMixin):
 
     def check_password(self, password):
         return check_password_hash(self.password_hash, password)
+
+
+# ─── Flask-Login integration ─────────────────────────────────────────────────
+
+def _load_user(user_id):
+    """Return a User by ID, or None."""
+    if not str(user_id).isdigit():
+        return None
+    return User.query.get(int(user_id))
+
+
+def register_user_loader(app):
+    """
+    Hook into Flask-Login to register the user_loader.
+    Called by our JSON-driven loader if declared in plugin.json.
+    """
+    login_manager.user_loader(_load_user)

plugins/auth/plugin.json

@@ -1,6 +1,27 @@
 {
-  "name": "auth",
-  "version": "1.0.0",
-  "description": "User authentication and authorization plugin",
-  "entry_point": null
+  "name": "Auth",
+  "version": "0.1.0",
+  "author": "Bryson Shepard <bryson@natureinpots.com>",
+  "description": "Handles user registration, login, logout, and invitation flows.",
+  "module": "plugins.auth",
+  "routes": {
+    "module": "plugins.auth.routes",
+    "blueprint": "bp",
+    "url_prefix": "/auth"
+  },
+  "models": [
+    "plugins.auth.models"
+  ],
+  "template_globals": [
+    {
+      "name": "current_user",
+      "callable": "flask_login.current_user"
+    }
+  ],
+  "user_loader": {
+    "module": "plugins.auth.models",
+    "callable": "register_user_loader"
+  },
+  "license": "Proprietary",
+  "repository": "https://github.com/your-org/your-app"
 }

plugins/auth/routes.py

@@ -1,51 +1,48 @@
-from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app
-from flask_login import login_user, logout_user, login_required
-from werkzeug.security import check_password_hash
-from app import db
-from .models import User
+# File: plugins/auth/routes.py
+
+from flask import Blueprint, render_template, redirect, flash, url_for, request
+from flask_login import login_user, logout_user, login_required
+from .models import User
+from .forms import LoginForm, RegistrationForm
+from app import db
+
+bp = Blueprint(
+    'auth',
+    __name__,
+    template_folder='templates/auth',  # ← now points at plugins/auth/templates/auth/
+    url_prefix='/auth'
+)
 
-bp = Blueprint('auth', __name__, template_folder='templates')
 
 @bp.route('/login', methods=['GET', 'POST'])
 def login():
-    if request.method == 'POST':
-        email = request.form['email']
-        password = request.form['password']
-        user = User.query.filter_by(email=email).first()
-        if user and check_password_hash(user.password_hash, password):
+    form = LoginForm()
+    if form.validate_on_submit():
+        user = User.query.filter_by(email=form.email.data).first()
+        if user and user.check_password(form.password.data):
             login_user(user)
             flash('Logged in successfully.', 'success')
-            return redirect(url_for('core_ui.home'))
-        else:
-            flash('Invalid credentials.', 'danger')
-    return render_template('auth/login.html')
+            return redirect(url_for('home'))
+        flash('Invalid email or password.', 'danger')
+    return render_template('login.html', form=form)  # resolves to templates/auth/login.html
+
 
 @bp.route('/logout')
 @login_required
 def logout():
     logout_user()
     flash('Logged out.', 'info')
-    return redirect(url_for('core_ui.home'))
+    return redirect(url_for('home'))
+
 
 @bp.route('/register', methods=['GET', 'POST'])
 def register():
-    if not current_app.config.get('ALLOW_REGISTRATION', True):
-        flash('Registration is currently closed.', 'warning')
+    form = RegistrationForm()
+    if form.validate_on_submit():
+        user = User(email=form.email.data)
+        user.set_password(form.password.data)
+        db.session.add(user)
+        db.session.commit()
+        flash('Account created! Please log in.', 'success')
         return redirect(url_for('auth.login'))
-
-    if request.method == 'POST':
-        email = request.form['email']
-        password = request.form['password']
-
-        existing_user = User.query.filter_by(email=email).first()
-        if existing_user:
-            flash('Email already registered.', 'warning')
-        else:
-            user = User(email=email)
-            user.set_password(password)
-            db.session.add(user)
-            db.session.commit()
-            flash('Account created. You can now log in.', 'success')
-            return redirect(url_for('auth.login'))
-
-    return render_template('auth/register.html')
+    return render_template('register.html', form=form)  # resolves to templates/auth/register.html

plugins/auth/templates/auth/login.html

@@ -1,4 +1,4 @@
-{% extends 'core_ui/base.html' %}
+{% extends 'core/base.html' %}
 {% block content %}
 <h2>Login</h2>
 <form method="POST" action="{{ url_for('auth.login') }}">

plugins/auth/templates/auth/register.html

@@ -1,4 +1,4 @@
-{% extends 'core_ui/base.html' %}
+{% extends 'core/base.html' %}
 {% block title %}Register{% endblock %}
 {% block content %}
 <h2>Register</h2>