def login():
if request.method == 'POST':
name, password = request.form['name'], request.form['password']
try:
if request.form['authentication_method'] == 'Local User':
user = fetch('User', name=name)
if user and password == user.password:
login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
elif request.form['authentication_method'] == 'LDAP Domain':
with Connection(ldap_client,
user=f'{app.config["LDAP_USERDN"]}\\{name}',
password=password,
auto_bind=True,
authentication=NTLM) as connection:
connection.search(
app.config['LDAP_BASEDN'],
f'(&(objectClass=person)(samaccountname={name}))',
search_scope=SUBTREE,
get_operational_attributes=True,
attributes=['cn', 'memberOf', 'mail'])
json_response = loads(
connection.response_to_json())['entries'][0]
if json_response:
user = {
'name': name,
'password': password,
'email':
json_response['attributes'].get('mail', '')
}
if any(app.config['LDAP_ADMIN_GROUP'] in s for s in
json_response['attributes']['memberOf']):
user['permissions'] = ['Admin']
new_user = factory('User', **user)
login_user(new_user)
return redirect(url_for('base_blueprint.dashboard'))
elif request.form['authentication_method'] == 'TACACS':
if tacacs_client.authenticate(name, password).valid:
user = factory('User', **{
'name': name,
'password': password
})
login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
abort(403)
except Exception as e:
info(f'Authentication failed ({str(e)})')
abort(403)
if not current_user.is_authenticated:
login_form = LoginForm(request.form)
authentication_methods = [('Local User', ) * 2]
if USE_LDAP:
authentication_methods.append(('LDAP Domain', ) * 2)
if USE_TACACS:
authentication_methods.append(('TACACS', ) * 2)
login_form.authentication_method.choices = authentication_methods
return render_template('login.html', login_form=login_form)
return redirect(url_for('base_blueprint.dashboard'))
def login():
if request.method == 'POST':
name = str(request.form['name'])
user_password = str(request.form['password'])
user = fetch(User, name=name)
if user:
if app.config['USE_VAULT']:
pwd = vault_helper(app, f'user/{user.name}')['password']
else:
pwd = user.password
if user_password == pwd:
login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
else:
try:
# tacacs_plus does not support py2 unicode, hence the
# conversion to string.
# TACACSClient cannot be saved directly to session
# as it is not serializable: this temporary fixes will create
# a new instance of TACACSClient at each TACACS connection
# attemp: clearly suboptimal, to be improved later.
tacacs_server = db.session.query(TacacsServer).one()
tacacs_client = TACACSClient(
str(tacacs_server.ip_address),
int(tacacs_server.port),
str(tacacs_server.password)
)
if tacacs_client.authenticate(
name,
user_password,
TAC_PLUS_AUTHEN_TYPE_ASCII
).valid:
user = User(name=name, password=user_password)
db.session.add(user)
db.session.commit()
login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
except NoResultFound:
pass
return render_template('errors/page_403.html')
if not current_user.is_authenticated:
return render_template(
'login.html',
login_form=LoginForm(request.form),
create_account_form=CreateAccountForm(request.form)
)
return redirect(url_for('base_blueprint.dashboard'))
def login():
if request.method == 'POST':
name, user_password = request.form['name'], request.form['password']
user = fetch('User', name=name)
if user:
if app.config['USE_VAULT']:
pwd = vault_helper(app, f'user/{user.name}')['password']
else:
pwd = user.password
if user_password == pwd:
login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
if not current_user.is_authenticated:
return render_template('login.html',
login_form=LoginForm(request.form),
create_account_form=CreateAccountForm(
request.form))
return redirect(url_for('base_blueprint.dashboard'))
def login():
if request.method == 'POST':
name = str(request.form['name'])
password = str(request.form['password'])
user = db.session.query(User).filter_by(name=name).first()
if user and cisco_type7.verify(password, user.password):
flask_login.login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
else:
try:
# tacacs_plus does not support py2 unicode, hence the
# conversion to string.
# TACACSClient cannot be saved directly to session
# as it is not serializable: this temporary fixes will create
# a new instance of TACACSClient at each TACACS connection
# attemp: clearly suboptimal, to be improved later.
encrypted_password = cisco_type7.hash(password)
tacacs_server = db.session.query(TacacsServer).one()
tacacs_client = TACACSClient(
str(tacacs_server.ip_address),
int(tacacs_server.port),
str(cisco_type7.decode(str(tacacs_server.password)))
)
if tacacs_client.authenticate(
name,
password,
TAC_PLUS_AUTHEN_TYPE_ASCII
).valid:
user = User(name=name, password=encrypted_password)
db.session.add(user)
db.session.commit()
flask_login.login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
except NoResultFound:
pass
return render_template('errors/page_403.html')
if not flask_login.current_user.is_authenticated:
return render_template(
'login.html',
login_form=LoginForm(request.form),
create_account_form=CreateAccountForm(request.form)
)
return redirect(url_for('base_blueprint.dashboard'))
def login():
if request.method == 'POST':
name, password = request.form['name'], request.form['password']
user = fetch('User', name=name)
if user:
if password == user.password:
login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
else:
abort(403)
elif USE_LDAP:
try:
with Connection(
ldap_client,
user=f'{app.config["LDAP_USERDN"]}\\{user}',
password=password,
auto_bind=True,
authentication=NTLM
) as connection:
connection.search(
app.config['LDAP_BASEDN'],
f'(&(objectClass=person)(samaccountname={name}))',
search_scope=SUBTREE,
get_operational_attributes=True,
attributes=['cn', 'memberOf']
)
except LDAPBindError:
abort(403)
elif USE_TACACS:
if tacacs_client.authenticate(name, password).valid:
user = factory('User', **{'name': name, 'password': password})
login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
else:
abort(403)
else:
abort(403)
if not current_user.is_authenticated:
return render_template('login.html', login_form=LoginForm(request.form))
return redirect(url_for('base_blueprint.dashboard'))
def login():
if request.method == 'POST':
name, password = request.form['name'], request.form['password']
user = fetch('User', name=name)
if user:
if password == user.password:
login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
else:
abort(403)
elif use_tacacs:
if tacacs_client.authenticate(name, password).valid:
user = factory('User', **{'name': name, 'password': password})
login_user(user)
return redirect(url_for('base_blueprint.dashboard'))
else:
abort(403)
else:
abort(403)
if not current_user.is_authenticated:
return render_template('login.html', login_form=LoginForm(request.form))
return redirect(url_for('base_blueprint.dashboard'))
def login() -> Union[Response, str]:
if request.method == "POST":
name, password = request.form["name"], request.form["password"]
try:
if request.form["authentication_method"] == "Local User":
user = fetch("User", name=name)
if user and password == user.password:
login_user(user)
return redirect(url_for("base_blueprint.dashboard"))
elif request.form["authentication_method"] == "LDAP Domain":
with Connection(
ldap_client,
user=f'{app.config["LDAP_USERDN"]}\\{name}',
password=password,
auto_bind=True,
authentication=NTLM,
) as connection:
connection.search(
app.config["LDAP_BASEDN"],
f"(&(objectClass=person)(samaccountname={name}))",
search_scope=SUBTREE,
get_operational_attributes=True,
attributes=["cn", "memberOf", "mail"],
)
json_response = loads(
connection.response_to_json())["entries"][0]
if json_response:
user = {
"name": name,
"password": password,
"email":
json_response["attributes"].get("mail", ""),
}
if any(group in s
for group in app.config["LDAP_ADMIN_GROUP"] for
s in json_response["attributes"]["memberOf"]):
user["permissions"] = ["Admin"]
new_user = factory("User", **user)
login_user(new_user)
return redirect(url_for("base_blueprint.dashboard"))
elif request.form["authentication_method"] == "TACACS":
if tacacs_client.authenticate(name, password).valid:
user = factory("User", **{
"name": name,
"password": password
})
login_user(user)
return redirect(url_for("base_blueprint.dashboard"))
abort(403)
except Exception as e:
info(f"Authentication failed ({str(e)})")
abort(403)
if not current_user.is_authenticated:
login_form = LoginForm(request.form)
authentication_methods = [("Local User", ) * 2]
if USE_LDAP:
authentication_methods.append(("LDAP Domain", ) * 2)
if USE_TACACS:
authentication_methods.append(("TACACS", ) * 2)
login_form.authentication_method.choices = authentication_methods
return render_template("login.html", login_form=login_form)
return redirect(url_for("base_blueprint.dashboard"))