def selfcheck(): """check status before every request""" if app.specter.rpc is not None: type(app.specter.rpc).counter = 0 if not app.specter.chain: app.specter.check() if app.config.get("LOGIN_DISABLED"): app.login("admin")
def login(): """ login """ if request.method == "POST": rate_limit() auth = app.specter.config["auth"] if auth["method"] == "none": app.login("admin") app.logger.info("AUDIT: Successfull Login no credentials") return redirect_login(request) if auth["method"] == "rpcpasswordaspin": # TODO: check the password via RPC-call if app.specter.rpc is None: flash( "We could not check your password, maybe Bitcoin Core is not running or not configured?", "error", ) app.logger.info("AUDIT: Failed to check password") return ( render_template( "login.jinja", specter=app.specter, data={"controller": "controller.login"}, ), 401, ) rpc = app.specter.rpc.clone() rpc.password = request.form["password"] if rpc.test_connection(): app.login("admin") app.logger.info("AUDIT: Successfull Login via RPC-credentials") return redirect_login(request) elif auth["method"] == "usernamepassword": # TODO: This way both "User" and "user" will pass as usernames, should there be strict check on that here? Or should we keep it like this? username = request.form["username"] password = request.form["password"] user = app.specter.user_manager.get_user_by_username(username) if user: if verify_password(user.password, password): app.login(user.id) return redirect_login(request) # Either invalid method or incorrect credentials flash("Invalid username or password", "error") app.logger.info("AUDIT: Invalid password login attempt") return ( render_template( "login.jinja", specter=app.specter, data={"controller": "controller.login"}, ), 401, ) else: if app.config.get("LOGIN_DISABLED"): app.login("admin") return redirect("") return render_template( "login.jinja", specter=app.specter, data={"next": request.args.get("next")} )
def login(): ''' login ''' app.specter.check() if request.method == 'POST': # ToDo: check the password via RPC-call if app.specter.cli is None: flash( "We could not check your password, maybe Bitcoin Core is not running or not configured?", "error") app.logger.info("AUDIT: Failed to check password") return render_template('login.html', specter=app.specter, data={'controller': 'controller.login'}), 401 cli = app.specter.cli.clone() print("Loggning in with" + request.form['password']) cli.passwd = request.form['password'] if cli.test_connection(): app.login() app.logger.info("AUDIT: Successfull Login via RPC-credentials") flash('Logged in successfully.', "info") if request.form.get('next') and request.form.get( 'next').startswith("http"): response = redirect(request.form['next']) else: response = redirect(url_for('index')) return response else: flash('Invalid username or password', "error") app.logger.info("AUDIT: Invalid password login attempt") return render_template('login.html', specter=app.specter, data={'controller': 'controller.login'}), 401 else: if app.config.get('LOGIN_DISABLED'): return redirect('/') return render_template('login.html', specter=app.specter, data={'next': request.args.get('next')})
def login(): ''' login ''' app.specter.check() if request.method == 'POST': if app.specter.config['auth'] == 'none': app.login('admin') app.logger.info("AUDIT: Successfull Login no credentials") return redirect_login(request) if app.specter.config['auth'] == 'rpcpasswordaspin': # TODO: check the password via RPC-call if app.specter.cli is None: flash( "We could not check your password, maybe Bitcoin Core is not running or not configured?", "error") app.logger.info("AUDIT: Failed to check password") return render_template('login.jinja', specter=app.specter, data={'controller': 'controller.login'}), 401 cli = app.specter.cli.clone() cli.passwd = request.form['password'] if cli.test_connection(): app.login('admin') app.logger.info("AUDIT: Successfull Login via RPC-credentials") return redirect_login(request) elif app.specter.config['auth'] == 'usernamepassword': # TODO: This way both "User" and "user" will pass as usernames, should there be strict check on that here? Or should we keep it like this? username = request.form['username'] password = request.form['password'] user = User.get_user_by_name(app.specter, username) if user: if verify_password(user.password, password): app.login(user.id) return redirect_login(request) # Either invalid method or incorrect credentials flash('Invalid username or password', "error") app.logger.info("AUDIT: Invalid password login attempt") return render_template('login.jinja', specter=app.specter, data={'controller': 'controller.login'}), 401 else: if app.config.get('LOGIN_DISABLED'): app.login('admin') return redirect('/') return render_template('login.jinja', specter=app.specter, data={'next': request.args.get('next')})
def selfcheck(): """check status before every request""" if app.config.get('LOGIN_DISABLED'): app.login('admin')