def login():
if octoprint.server.userManager is not None and "user" in request.values.keys(
) and "pass" in request.values.keys():
username = request.values["user"]
password = request.values["pass"]
if "remember" in request.values.keys(
) and request.values["remember"] == "true":
remember = True
else:
remember = False
user = octoprint.server.userManager.findUser(username)
if user is not None:
if octoprint.server.userManager.checkPassword(username, password):
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
return make_response(("User unknown or password incorrect", 401, []))
elif "passive" in request.values.keys():
user = current_user
if user is not None and not user.is_anonymous():
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
elif s().getBoolean(["accessControl", "autologinLocal"]) \
and s().get(["accessControl", "autologinAs"]) is not None \
and s().get(["accessControl", "localNetworks"]) is not None \
or s().getBoolean(["accessControl", "autologinWeb"]) is True: #modify by kevin, for auto login web
autologinAs = s().get(["accessControl", "autologinAs"])
localNetworks = netaddr.IPSet([])
for ip in s().get(["accessControl", "localNetworks"]):
localNetworks.add(ip)
try:
remoteAddr = util.getRemoteAddress(request)
if netaddr.IPAddress(remoteAddr) in localNetworks \
or s().getBoolean(["accessControl", "autologinWeb"]) is True: #modify by kevin, for auto login web
if netaddr.IPAddress(remoteAddr) in localNetworks:
autologinAs = s().getBoolean([
"accessControl", "defaultUsers", "admin",
"username"
])
user = octoprint.server.userManager.findUser(autologinAs)
if user is not None:
login_user(
user,
remember=True) #modify by kevin, for autoLogin
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
except:
logger = logging.getLogger(__name__)
logger.exception(
"Could not autologin user %s for networks %r" %
(autologinAs, localNetworks))
return NO_CONTENT
def get_identity(b64token, cursor=None):
if cursor is None:
cursor = database.get_db().cursor()
rows = cursor.execute('''
SELECT
user.id AS user_id,
user.permissions AS user_permissions,
patch_request.id AS patch_request_id,
strftime("%s","now") > token_expires_at AS token_expired
FROM user LEFT JOIN patch_request
ON user.id = patch_request.created_by AND patch_request.open = 1
WHERE user.b64token = ?''', (b64token,)).fetchall()
if not rows:
return UnauthenticatedIdentity(
'invalid_token', 'The access token is invalid')
if rows[0]['token_expired']:
return UnauthenticatedIdentity(
'invalid_token', 'The access token expired')
identity = Identity(rows[0]['user_id'], auth_type='bearer')
identity.b64token = b64token
for p in json.loads(rows[0]['user_permissions']):
identity.provides.add(tuple(p))
for r in rows:
if r['patch_request_id'] is not None:
identity.provides.add(UpdatePatchNeed(value=r['patch_request_id']))
return identity
def login():
if userManager is not None and "user" in request.values.keys(
) and "pass" in request.values.keys():
username = request.values["user"]
password = request.values["pass"]
if "remember" in request.values.keys(
) and request.values["remember"] == "true":
remember = True
else:
remember = False
user = userManager.findUser(username)
if user is not None:
if user.check_password(
users.UserManager.createPasswordHash(password)):
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
return app.make_response(
("User unknown or password incorrect", 401, []))
elif "passive" in request.values.keys():
user = current_user
if user is not None and not user.is_anonymous():
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
return jsonify(SUCCESS)
def login():
if octoprint.server.userManager is not None and "user" in request.values.keys(
) and "pass" in request.values.keys():
username = request.values["user"]
password = request.values["pass"]
if "remember" in request.values.keys(
) and request.values["remember"] == "true":
remember = True
else:
remember = False
user = octoprint.server.userManager.findUser(username)
if user is not None:
if user.has_password():
if user.check_password(
octoprint.server.userManager.createPasswordHash(
password)):
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
else:
try:
astroprintCloud().signin(username, password)
except (AstroPrintCloudNoConnectionException, ConnectionError):
return make_response(
("AstroPrint.com can't be reached", 503, []))
return make_response(("User unknown or password incorrect", 401, []))
elif "passive" in request.values.keys():
user = current_user
if user is not None and not user.is_anonymous:
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
elif s().getBoolean(["accessControl", "autologinLocal"]) \
and s().get(["accessControl", "autologinAs"]) is not None \
and s().get(["accessControl", "localNetworks"]) is not None:
autologinAs = s().get(["accessControl", "autologinAs"])
localNetworks = netaddr.IPSet([])
for ip in s().get(["accessControl", "localNetworks"]):
localNetworks.add(ip)
try:
remoteAddr = util.getRemoteAddress(request)
if netaddr.IPAddress(remoteAddr) in localNetworks:
user = octoprint.server.userManager.findUser(autologinAs)
if user is not None:
login_user(user)
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
except:
logger = logging.getLogger(__name__)
logger.exception(
"Could not autologin user %s for networks %r" %
(autologinAs, localNetworks))
return NO_CONTENT
def wrapper(*args, **kwargs):
if isinstance(getattr(g, 'user', None), User):
identity_changed.send(current_app._get_current_object(),
identity=Identity(g.user.uid))
return func(*args, **kwargs)
ip = request.remote_addr
if ip.strip() in current_app.config.get("WHITE_LIST"):
key = request.values.get("_key")
user = UserCache.get(key)
if user:
g.user = user
return func(*args, **kwargs)
else:
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return jsonify(code=400, message="invalid _key and _secret")
key = request.values.get('_key')
secret = request.values.get('_secret')
path = request.path
keys = sorted(request.values.keys())
req_args = [
request.values[k] for k in keys
if str(k) not in ("_key", "_secret")
]
current_app.logger.debug('args is %s' % req_args)
user, authenticated = User.query.authenticate_with_key(
key, secret, req_args, path)
if user and authenticated:
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.uid))
return func(*args, **kwargs)
else:
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return jsonify(code=400, message="invalid _key and _secret")
def test_identity_allowed():
p1 = Permission(RolePermit('boss'), RolePermit('lackey'))
p2 = Permission(RolePermit('lackey'))
i = Identity(1)
i.provides(RolePermit('boss'))
assert p1.allows(i) == True
assert p2.allows(i) == False
def test_identity_creation():
i = Identity(1)
i.provides(RolePermit('user'))
assert i.provides == set([RolePermit('user')])
i.provides(RolePermit('admin'), RolePermit('operator'))
assert i.provides == set([RolePermit('user'), RolePermit('admin'),
RolePermit('operator')])
def login():
if userManager is not None and "user" in request.values.keys(
) and "pass" in request.values.keys():
username = request.values["user"]
password = request.values["pass"]
if "remember" in request.values.keys(
) and request.values["remember"] == "true":
remember = True
else:
remember = False
user = userManager.findUser(username)
if user is not None:
if user.check_password(
users.UserManager.createPasswordHash(password)):
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
return app.make_response(
("User unknown or password incorrect", 401, []))
elif "passive" in request.values.keys():
user = current_user
if user is not None and not user.is_anonymous():
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
elif settings().getBoolean(["accessControl", "autologinLocal"]) \
and settings().get(["accessControl", "autologinAs"]) is not None \
and settings().get(["accessControl", "localNetworks"]) is not None:
autologinAs = settings().get(["accessControl", "autologinAs"])
localNetworks = netaddr.IPSet([])
for ip in settings().get(["accessControl", "localNetworks"]):
localNetworks.add(ip)
try:
remoteAddr = util.getRemoteAddress(request)
if netaddr.IPAddress(remoteAddr) in localNetworks:
user = userManager.findUser(autologinAs)
if user is not None:
login_user(user)
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
except:
logger = logging.getLogger(__name__)
logger.exception(
"Could not autologin user %s for networks %r" %
(autologinAs, localNetworks))
return jsonify(SUCCESS)
def select_role():
form = RoleForm()
errors = list()
form.roles.choices = current_user.roles
if form.is_submitted():
current_user.current_role = form.roles.data
identity_changed.send(current_app._get_current_object(), identity=Identity(current_user.id))
if not UserProfileManager.has_ui_assistant() and current_user.master:
current_user.set_master(None)
identity_changed.send(current_app._get_current_object(), identity=Identity(current_user.id))
return redirect_after_user_change()
return render_template('user/select_role.html', form=form, errors=errors)
def wrapper(*args, **kwargs):
if isinstance(getattr(g, 'user', None), User):
identity_changed.send(current_app._get_current_object(),
identity=Identity(g.user.uid))
return func(*args, **kwargs)
ip = request.remote_addr
if request.data:
request_args = dict()
_args = request.data.split("&")
for arg in _args:
if arg:
request_args[arg.split("=")[0]] = \
urllib.unquote(arg.split("=")[1])
else:
request_args = request.values
key = request_args.get('_key')
secret = request_args.get('_secret')
if not key and not secret and \
ip.strip() in current_app.config.get("WHITE_LIST"):
ip = ip.strip()
user = UserCache.get(ip)
if user:
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.uid))
return func(*args, **kwargs)
else:
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return abort(400, "invalid _key and _secret")
path = request.path
keys = sorted(request_args.keys())
req_args = [
request_args[k] for k in keys if str(k) not in ("_key", "_secret")
]
current_app.logger.debug('args is %s' % req_args)
user, authenticated = User.query.authenticate_with_key(
key, secret, req_args, path)
if user and authenticated:
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get("uid")))
return func(*args, **kwargs)
else:
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return abort(400, "invalid _key and _secret")
def login():
if request.method == "GET":
if current_user.is_authenticated:
return redirect(url_for('main.feed'))
else:
return render_template('mod_auth/log_in.html')
elif request.method == "POST":
email = request.form['email']
password = request.form['password']
user_input = user_mongo_utils.get_user(email=email)
if user_input is None:
error = 'Please write both username and password', 'error'
return render_template('mod_auth/log_in.html', error=error)
elif user_input != None:
password_check = bcrypt.check_password_hash(
user_input.password, password)
email_check = True if user_input.email == email else False
if not email_check:
error = 'Wrong email'
return render_template('mod_auth/log_in.html', error=error)
elif not password_check:
error = 'Wrong password'
return render_template('mod_auth/log_in.html', error=error)
elif password_check and email_check:
login_user(user_input)
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(current_user.id))
return redirect(url_for('main.feed'))
def login():
"""View function for login.
Flask-OpenID will receive the Authentication-information
from relay party.
"""
# Will check the account right or not.
form = LoginForm()
openid_form = OpenIDForm()
if openid_form.validate_on_submit():
return openid.try_login(openid_form.openid_url.data,
ask_for=['nickname', 'email'],
ask_for_optional=['fullname'])
openid_errors = openid.fetch_error()
if openid_errors:
flash(openid_errors, category="danger")
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).one()
# Using the Flask-Login to processing and check the login status for user
# Remember the user's login status.
login_user(user, remember=form.remember.data)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash("You have been logged in.", category="success")
return redirect(url_for('blog.home'))
return render_template('login.html', form=form, openid_form=openid_form)
def login():
data = request.values
if hasattr(request, "json") and request.json:
data = request.json
if octoprint.server.userManager.enabled and "user" in data and "pass" in data:
username = data["user"]
password = data["pass"]
if "remember" in data and data["remember"] in valid_boolean_trues:
remember = True
else:
remember = False
if "usersession.id" in session:
_logout(current_user)
user = octoprint.server.userManager.findUser(username)
if user is not None:
if octoprint.server.userManager.checkPassword(username, password):
if not user.is_active():
return make_response(("Your account is deactivated", 403, []))
if octoprint.server.userManager.enabled:
user = octoprint.server.userManager.login_user(user)
session["usersession.id"] = user.session
g.user = user
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id()))
return jsonify(user.asDict())
return make_response(("User unknown or password incorrect", 401, []))
elif "passive" in data:
return passive_login()
return NO_CONTENT
def login():
"""
Handle the login try of a user
"""
#In case the user is already logged in, we redirect to index
if current_user.is_authenticated:
return redirect(url_for('index'))
form = LoginForm()
try:
if form.validate_on_submit():
user_to_log = User.objects(username=form.username.data).first()
login_user(user_to_log)
user_to_log.handler_logging_successful()
cust_logger.info("Logged on user {} successfully".format(
user_to_log.username))
flash('Logged in successfully.')
#change the identity for permissions, raising the identity changed event :
identity_changed.send(current_app._get_current_object(),
identity=Identity(current_user.get_id()))
return redirect(url_for('index'))
except Exception as e:
cust_logger.exception(e)
cust_logger.warning("Couldn't log on user, redirection to login page")
flash('The server is experiencing troubles and failed to register you. Please retry '\
'or contact our customer service if the problem persists')
return render_template('login.html', form=form)
#flash(form.errors)
cust_logger.info("From failed to be validated")
return render_template('login.html', form=form)
def login_google(token, userinfo, **params):
login_user(users_model.upsert_user(userinfo))
identity = Identity(userinfo['id'])
identity_changed.send(app, identity=identity)
return redirect(url_for('index'))
def login(username, blogger):
this_user = TestUser(username)
login_user(this_user)
if blogger:
identity_changed.send(current_app._get_current_object(),
identity=Identity(username))
return redirect("/")
def login_user(user, remember=None):
"""Performs the login and sends the appropriate signal."""
if remember is None:
remember = config_value('DEFAULT_REMEMBER_ME')
if not _login_user(user, remember):
return False
if _security.trackable:
old_current_login, new_current_login = user.current_login_at, datetime.utcnow()
remote_addr = request.remote_addr or 'untrackable'
old_current_ip, new_current_ip = user.current_login_ip, remote_addr
user.last_login_at = old_current_login or new_current_login
user.current_login_at = new_current_login
user.last_login_ip = old_current_ip or new_current_ip
user.current_login_ip = new_current_ip
user.login_count = user.login_count + 1 if user.login_count else 1
_datastore.put(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return True
def authorized():
resp = google.authorized_response()
if resp is None:
return 'Access denied: reason=%s error=%s' % (
request.args['error_reason'],
request.args['error_description']
)
session['google_token'] = (resp['access_token'], '')
me = google.get('userinfo')
user = app.models.user.User.query.filter_by(email=me.data['email']).first()
if user is None:
return 'Your user is not part of a system'
else:
login_user(user)
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
next = session["next"]
if (next):
return redirect(next)
else:
return redirect('/admin')
return jsonify({"data": me.data})
def login():
"""Handle login; show form or process results."""
form = LoginForm()
openid_form = OpenIDForm()
if openid_form.validate_on_submit():
return oid.try_login(
openid_form.openid.data,
ask_for=['nickname', 'email'],
ask_for_optional=['fullname'],
)
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).one()
login_user(user, remember=form.remember.data)
identity_changed.send(current_app._get_current_object(), identity=Identity(user.id))
flash("You have been logged in.", category="success")
return redirect(url_for('blog.home'))
openid_errors = oid.fetch_error()
if openid_errors:
flash(openid_errors, category='danger')
return render_template('login.html', form=form, openid_form=openid_form)
def facebook_authorized(response):
if response is None:
# In a real case, this should return error message/description
return redirect(url_for('index'))
next = request.args.get('next')
token = response['access_token']
me = GraphAPI.me(token).json()
user = User.get_or_create(me['id'], me['name'], me['email'])
if not user.is_active():
return 'Your account has been deactivated. Contact the admin for it \
to be reinstated.'
login_user(user, remember=True)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
if next:
return redirect(next)
return redirect(url_for('index'))
def login_user(user, remember=None):
""" Performs the login routine.
:param user: The user to login
:param remember: Flag specifying if the remember cookie should be set. Defaults to ``False``
"""
if remember is None:
remember = config_value('DEFAULT_REMEMBER_ME')
if not _login_user(user, remember):
return False
if _security.trackable and hasattr(user, "track"):
user_track = getattr(user, "track")
# if 'X-Forwarded-For' not in request.headers:
# remote_addr = request.remote_addr or 'untracable'
# else:
# remote_addr = request.headers.getlist("X-Forwarded-For")[0]
remote_addr = request.remote_addr or 'untracable'
old_current_login, new_current_login = user_track.current_login_at, datetime.now(
)
old_current_ip, new_current_ip = user_track.current_login_ip, remote_addr
user_track.last_login_at = old_current_login or new_current_login
user_track.current_login_at = new_current_login
user_track.last_login_ip = old_current_ip or new_current_ip
user_track.current_login_ip = new_current_ip
user_track.login_count = user_track.login_count + 1 if user_track.login_count else 1
_datastore.put(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return True
def login():
form = LoginForm(login=request.args.get("login", None),
next=request.args.get("next", None))
# TBD: ensure "next" field is passed properly
if form.validate_on_submit():
user, authenticated = \
User.query.authenticate(form.login.data,
form.password.data)
if user and authenticated:
# Flask-Login
login_user(user, remember = form.remember.data)
# change identity
identity=Identity(user.username)
identity_changed.send(current_app._get_current_object(),
identity = identity)
# next_url
next_url = form.next.data
if not next_url or next_url == 'home.index':
next_url = url_for('user.jobs', username=user.username)
flash(u"登录成功", "successfully")
return redirect(next_url)
else:
flash(u"账号或密码错误", "error")
return render_template("account/login.html", form=form)
def signup():
if 'openid' not in session:
abort(403)
form = OpenIdSignupForm(next=request.args.get("next"),
username=request.args.get("name"),
email=request.args.get("email"))
if form.validate_on_submit():
user = User(openid=session.pop('openid'))
form.populate_obj(user)
db.session.add(user)
db.session.commit()
session.permanent = True
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash(_("Welcome, %%s") % user.username, "success")
next_url = form.next.data or \
url_for("user.posts", username=user.username)
return redirect(next_url)
return render_template("openid/signup.html", form=form)
def login():
'''form view'''
pg_name = "Login"
error = None
form = LoginForm(request.form) # create instance of LoginForm request.form
if request.method == "POST" and form.validate_on_submit():
user = Users.query.filter_by(username=request.form["username"]).first()
if user is not None and user.check_password(form.password.data):
login_user(
user
) # function manages session cookie. User model needs to be updated to allow user to be considered active
# Tell Flask-Principal the identity changed
identity_changed.send(app, identity=Identity(user.username))
flash(
"User %s logged in successfully" %
(form.username.data)) # returns a message on next page to user
return redirect(
url_for("main.home")
) # redirect tells the client web browser to navigate to a different page
else:
error = "Invalid user credentials. Please try again."
return render_template("login.html",
pg_name=pg_name,
title="Sign In",
form=form,
error=error) # pass LoginForm object to template
def login():
# login form that uses Flask-WTF
form = LoginForm()
errors = list()
# Validate form input
if form.validate_on_submit():
# Retrieve the user from the hypothetical datastore
user = db.session.query(Users).filter(
Users.login == form.login.data.strip()).first()
if user:
check_user = User(user.login)
# Compare passwords (use password hashing production)
if check_user.check_password(form.password.data.strip(),
user.password):
# Keep the user info in the session using Flask-Login
login_user(user)
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return redirect(request.args.get('next') or url_for('index'))
else:
errors.append(u'Неверная пара логин/пароль')
else:
errors.append(u'Нет пользователя с логином <b>%s</b>' %
form.login.data.strip())
return render_template('user/login.html', form=form, errors=errors)
def login_handler():
form = UserLoginForm()
default_next_page = request.values.get('next',
url_for('account.index_handler'))
if request.method == 'POST' and form.validate():
user = User.query.filter(
or_(User.email == form.key_name.data,
User.username == form.key_name.data)).first()
if user is None:
flash(u'User does not exist', 'error')
return redirect(url_for('account.login_handler'))
elif not user.is_active():
flash(u'User has been disabled', 'error')
return redirect(url_for('account.login_handler'))
elif user.check_password(form.password.data):
login_user(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash(u'Login successfully', 'success')
return redirect(default_next_page)
else:
flash(u'Current password is incorrect', 'error')
return redirect(url_for('account.login_handler'))
else:
return render_template('account/user_login.html', form=form)
def decorated_view(*args, **kwargs):
# if OctoPrint hasn't been set up yet, abort
if settings().getBoolean([
"server", "firstRun"
]) and (octoprint.server.userManager is None
or not octoprint.server.userManager.hasBeenCustomized()):
return make_response("OctoPrint isn't setup yet", 403)
# if API is globally enabled, enabled for this request and an api key is provided that is not the current UI API key, try to use that
apikey = getApiKey(request)
if settings().get(
["api", "enabled"]
) and apiEnabled and apikey is not None and apikey != octoprint.server.UI_API_KEY:
if apikey == settings().get(["api", "key"]):
# master key was used
user = ApiUser()
else:
# user key might have been used
user = octoprint.server.userManager.findUser(apikey=apikey)
if user is None:
return make_response("Invalid API key", 401)
if login_user(user, remember=False):
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return func(*args, **kwargs)
# call regular login_required decorator
#TODO: remove this temporary disablement of login requirement
#return login_required(func)(*args, **kwargs)
return func(*args, **kwargs)
def create_or_login(response):
'''
This is the hook for OpenID.try_login and is being called after a response
has been received.
'''
session['user'] = {}
session['openid'] = response.identity_url
user = g.user or User.query.filter_by(openid=response.identity_url).first()
if user is None:
name = response.fullname or response.nickname
session['user']['email'] = response.email
params = dict(next=oid.get_next_url(), name=name)
return redirect(url_for('.first_login', **params))
g.user = user
identity = Identity(user.id)
# Notify Principal of the identity change
identity_changed.send(current_app._get_current_object(), identity=identity)
if user.openid != response.identity_url:
user.openid = response.identity_url
db_session.commit()
flash(u'OpenID identity changed')
else:
flash(u'Successfully signed in', 'hurray')
return redirect(oid.get_next_url())
def decorated_function(*args, **kwargs):
if not request.headers.get('Authorization'):
response = jsonify(message='Missing authorization header')
response.status_code = 401
return response
try:
token = request.headers.get('Authorization').split()[1]
except Exception as e:
return dict(message='Token is invalid'), 403
try:
payload = jwt.decode(token, current_app.config['LEMUR_TOKEN_SECRET'])
except jwt.DecodeError:
return dict(message='Token is invalid'), 403
except jwt.ExpiredSignatureError:
return dict(message='Token has expired'), 403
except jwt.InvalidTokenError:
return dict(message='Token is invalid'), 403
g.current_user = user_service.get(payload['sub'])
if not g.current_user:
return dict(message='You are not logged in'), 403
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(), identity=Identity(g.current_user.id))
return f(*args, **kwargs)
def signup():
form = SignupForm(next=request.args.get("next"))
if form.validate_on_submit():
user = User()
form.populate_obj(user)
db.session.add(user)
db.session.commit()
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash(_("Welcome, %(name)s", name=user.username), "success")
next_url = form.next.data
if not next_url or next_url == request.path:
next_url = url_for('user.posts', username=user.username)
return redirect(next_url)
return render_template("account/signup.html", form=form)
def login():
# login form that uses Flask-WTF
form = LoginForm()
errors = list()
# Validate form input
if form.validate_on_submit():
user = UserAuth.auth_user(form.login.data.strip(),
form.password.data.strip())
if user:
# Keep the user info in the session using Flask-Login
user.current_role = request.form['role']
if login_user(user):
session_save_user(user)
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return redirect(
request.args.get('next') or request.referrer
or url_for('index'))
else:
errors.append(u'Аккаунт неактивен')
else:
errors.append(u'Неверная пара логин/пароль')
return render_template('user/login.html', form=form, errors=errors)
def login():
if octoprint.server.userManager.enabled and "user" in request.values.keys(
) and "pass" in request.values.keys():
username = request.values["user"]
password = request.values["pass"]
if "remember" in request.values.keys(
) and request.values["remember"] == "true":
remember = True
else:
remember = False
if "usersession.id" in session:
_logout(current_user)
user = octoprint.server.userManager.findUser(username)
if user is not None:
if octoprint.server.userManager.checkPassword(username, password):
if octoprint.server.userManager.enabled:
user = octoprint.server.userManager.login_user(user)
session["usersession.id"] = user.get_session()
g.user = user
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return jsonify(user.asDict())
return make_response(("User unknown or password incorrect", 401, []))
elif "passive" in request.values:
return passive_login()
return NO_CONTENT
def login_user(user, remember=None):
"""Performs the login routine.
:param user: The user to login
:param remember: Flag specifying if the remember cookie should be set. Defaults to ``False``
"""
if remember is None:
remember = config_value('DEFAULT_REMEMBER_ME')
if not _login_user(user, remember):
return False
if _security.trackable:
old_current_login, new_current_login = user.current_login_at, datetime.utcnow(
)
remote_addr = request.remote_addr or 'untrackable'
old_current_ip, new_current_ip = user.current_login_ip, remote_addr
user.last_login_at = old_current_login or new_current_login
user.current_login_at = new_current_login
user.last_login_ip = old_current_ip or new_current_ip
user.current_login_ip = new_current_ip
user.login_count = user.login_count + 1 if user.login_count else 1
_datastore.put(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return True
def __init__(self, access_token, auth_type=None):
Identity.__init__(self, None, auth_type)
self.access_token = access_token
def __init__(self): Identity.__init__(self, "dummy")
