def login_invite(invite): user = User.query.filter_by(invite=invite).first() if user is None: abort(404) if current_user.is_authenticated: flash("You are already logged in!", "warning") return redirect(url_for("hello")) if user.is_admin or user.password != "": abort(403) loginUser(user) db.session.commit() return redirect(url_for("set_password_page"))
def switch_user(): form = SwitchUserForm(formdata=request.form) if request.method == "POST" and form.validate(): user = User.query.filter_by(username=form["username"].data).first() if user is None: flash("Unable to find user", "danger") elif loginUser(user): return redirect( url_for("users.profile", username=current_user.username)) else: flash("Unable to login as user", "danger") # Process GET or invalid POST return render_template("admin/switch_user.html", form=form)
def github_authorized(oauth_token): next_url = request.args.get("next") if oauth_token is None: flash("Authorization failed [err=gh-oauth-login-failed]", "danger") return redirect(url_for("user.login")) import requests # Get Github username url = "https://api.github.com/user" r = requests.get(url, headers={"Authorization": "token " + oauth_token}) username = r.json()["login"] # Get user by github username userByGithub = User.query.filter( func.lower(User.github_username) == func.lower(username)).first() # If logged in, connect if current_user and current_user.is_authenticated: if userByGithub is None: current_user.github_username = username db.session.commit() flash("Linked github to account", "success") return redirect(url_for("homepage.home")) else: flash("Github account is already associated with another user", "danger") return redirect(url_for("homepage.home")) # If not logged in, log in else: if userByGithub is None: flash("Unable to find an account for that Github user", "error") return redirect(url_for("users.claim")) elif loginUser(userByGithub): if current_user.password is None: return redirect( next_url or url_for("users.set_password", optional=True)) else: return redirect(next_url or url_for("homepage.home")) else: flash("Authorization failed [err=gh-login-failed]", "danger") return redirect(url_for("user.login"))
def user_claim_page(): username = request.args.get("username") if username is None: username = "" else: method = request.args.get("method") user = User.query.filter_by(forums_username=username).first() if user and user.rank.atLeast(UserRank.NEW_MEMBER): flash("User has already been claimed", "error") return redirect(url_for("user_claim_page")) elif user is None and method == "github": flash("Unable to get Github username for user", "error") return redirect(url_for("user_claim_page")) elif user is None: flash("Unable to find that user", "error") return redirect(url_for("user_claim_page")) if user is not None and method == "github": return redirect(url_for("github_signin_page")) token = None if "forum_token" in session: token = session["forum_token"] else: token = randomString(32) session["forum_token"] = token if request.method == "POST": ctype = request.form.get("claim_type") username = request.form.get("username") if username is None or len(username.strip()) < 2: flash("Invalid username", "error") elif ctype == "github": task = checkForumAccount.delay(username) return redirect( url_for("check_task", id=task.id, r=url_for("user_claim_page", username=username, method="github"))) elif ctype == "forum": user = User.query.filter_by(forums_username=username).first() if user is not None and user.rank.atLeast(UserRank.NEW_MEMBER): flash("That user has already been claimed!", "error") return redirect(url_for("user_claim_page")) # Get signature sig = None try: profile = getProfile("https://forum.minetest.net", username) sig = profile.signature except IOError: flash("Unable to get forum signature - does the user exist?", "error") return redirect(url_for("user_claim_page", username=username)) # Look for key if token in sig: if user is None: user = User(username) user.forums_username = username db.session.add(user) db.session.commit() if loginUser(user): return redirect(url_for("set_password_page")) else: flash("Unable to login as user", "error") return redirect( url_for("user_claim_page", username=username)) else: flash("Could not find the key in your signature!", "error") return redirect(url_for("user_claim_page", username=username)) else: flash("Unknown claim type", "error") return render_template("users/claim.html", username=username, key=token)