python source code of mod

import sqlite3
from flask import Blueprint, render_template, redirect, request, g, session, make_response, flash
import libuser
import libsession
import libmfa

mod_user = Blueprint('mod_user', __name__, template_folder='templates')


@mod_user.route('/login', methods=['GET', 'POST'])
def do_login():

    session.pop('username', None)

    if request.method == 'POST':

        username = request.form.get('username')
        password = request.form.get('password')
        otp = request.form.get('otp')

        username = libuser.login(username, password)

        if not username:
            flash("Invalid user or password");
            return render_template('user.login.mfa.html')

        if libmfa.mfa_is_enabled(username):
            if not libmfa.mfa_validate(username, otp):
                flash("Invalid OTP");
                return render_template('user.login.mfa.html')

        response = make_response(redirect('/'))
        response = libsession.create(request=request, response=response, username=username)
        return response

    return render_template('user.login.mfa.html')


@mod_user.route('/create', methods=['GET', 'POST'])
def do_create():

    session.pop('username', None)

    if request.method == 'POST':

        username = request.form.get('username')
        password = request.form.get('password')
        email = request.form.get('password')

        session['username'] = libuser.login(username, password)

        if session['username']:
            return redirect('/')

    return render_template('user.create.html')


@mod_user.route('/chpasswd', methods=['GET'])
def do_chpasswd_get():
    return render_template('user.chpasswd.html')


@mod_user.route('/chpasswd', methods=['POST'])
def do_chpasswd_post():

    if 'username' not in g.session:
        return redirect('/')

    current_password = request.form.get('current_password')
    new_password = request.form.get('new_password')
    new_password_again = request.form.get('new_password_again')

    if not libuser.login(g.session['username'], current_password):
        flash("Invalid current password")
        return render_template('user.chpasswd.html')

    if new_password != new_password_again:
        flash("The passwords don't match")
        return render_template('user.chpasswd.html')

    if not libuser.is_password_allowed(new_password):
        flash("The password don't comply our requirements, please, choose another one.")
        return render_template('user.chpasswd.html')

    libuser.password_set(g.session['username'], new_password)
    return redirect('/')
    flash("Password changed")