def login(): if request.is_json: form = _security.login_form(MultiDict(request.get_json())) else: form = _security.login_form(request.form) if form.validate_on_submit(): login_user(form.user, remember=form.remember.data) after_this_request(_commit) if not request.is_json: return redirect(get_post_login_redirect(form.next.data)) if not request.is_json: return _security.render_template(config_value('LOGIN_USER_TEMPLATE'), login_user_form=form, **_ctx('login')) # override error messages if necessary confirmation_required = get_message('CONFIRMATION_REQUIRED')[0] if confirmation_required in form.errors.get('email', []): return jsonify({ 'error': confirmation_required, }), HTTPStatus.UNAUTHORIZED elif form.errors: username_fields = config_value('USER_IDENTITY_ATTRIBUTES') return jsonify({ 'error': f"Invalid {', '.join(username_fields)} and/or password." }), HTTPStatus.UNAUTHORIZED return jsonify({ 'user': form.user, 'token': form.user.get_auth_token(), })
def login(): """ Entry point for all the authentication sources. The user input will be validated and authenticated. """ form = _security.login_form() auth_obj = AuthSourceManager(form, config.AUTHENTICATION_SOURCES) session['_auth_source_manager_obj'] = None # Validate the user if not auth_obj.validate(): for field in form.errors: for error in form.errors[field]: flash(error, 'warning') return flask.redirect(get_post_logout_redirect()) # Authenticate the user status, msg = auth_obj.authenticate() if status: # Login the user status, msg = auth_obj.login() if not status: flash(gettext(msg), 'danger') return flask.redirect(get_post_logout_redirect()) session['_auth_source_manager_obj'] = auth_obj.as_dict() return flask.redirect(get_post_login_redirect()) flash(gettext(msg), 'danger') return flask.redirect(get_post_logout_redirect())
def login(): """ Entry point for all the authentication sources. The user input will be validated and authenticated. """ form = _security.login_form() auth_obj = AuthSourceManager(form, config.AUTHENTICATION_SOURCES) session['_auth_source_manager_obj'] = None # Validate the user if not auth_obj.validate(): for field in form.errors: for error in form.errors[field]: flash(error, 'warning') return flask.redirect(get_post_logout_redirect()) # Authenticate the user status, msg = auth_obj.authenticate() if status: # Login the user status, msg = auth_obj.login() current_auth_obj = auth_obj.as_dict() if not status: if current_auth_obj['current_source'] ==\ KERBEROS: return flask.redirect('{0}?next={1}'.format( url_for('authenticate.kerberos_login'), url_for('browser.index'))) flash(gettext(msg), 'danger') return flask.redirect(get_post_logout_redirect()) session['_auth_source_manager_obj'] = current_auth_obj return flask.redirect(get_post_login_redirect()) elif isinstance(msg, Response): return msg flash(gettext(msg), 'danger') response = flask.redirect(get_post_logout_redirect()) return response
def login(): """ Entry point for all the authentication sources. The user input will be validated and authenticated. """ form = _security.login_form() auth_obj = AuthSourceManager(form, copy.deepcopy(config.AUTHENTICATION_SOURCES)) if OAUTH2 in config.AUTHENTICATION_SOURCES \ and 'oauth2_button' in request.form: session['auth_obj'] = auth_obj session['auth_source_manager'] = None username = form.data['email'] user = User.query.filter_by(username=username, auth_source=INTERNAL).first() if user: if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0: user.locked = True else: user.locked = False db.session.commit() if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0: flash( gettext('Your account is locked. Please contact the ' 'Administrator.'), 'warning') logout_user() return redirect(get_post_logout_redirect()) # Validate the user if not auth_obj.validate(): for field in form.errors: flash_login_attempt_error = None if user and field in config.LOGIN_ATTEMPT_FIELDS: if config.MAX_LOGIN_ATTEMPTS > 0: user.login_attempts += 1 left_attempts = \ config.MAX_LOGIN_ATTEMPTS - user.login_attempts if left_attempts > 1: flash_login_attempt_error = \ gettext('{0} more attempts remaining.'. format(left_attempts)) else: flash_login_attempt_error = \ gettext('{0} more attempt remaining.'. format(left_attempts)) db.session.commit() for error in form.errors[field]: if flash_login_attempt_error: error = error + flash_login_attempt_error flash_login_attempt_error = None flash(error, 'warning') return redirect(get_post_logout_redirect()) # Authenticate the user status, msg = auth_obj.authenticate() if status: # Login the user status, msg = auth_obj.login() current_auth_obj = auth_obj.as_dict() if not status: if current_auth_obj['current_source'] == \ KERBEROS: return redirect('{0}?next={1}'.format( url_for('authenticate.kerberos_login'), url_for('browser.index'))) flash(msg, 'danger') return redirect(get_post_logout_redirect()) session['auth_source_manager'] = current_auth_obj if user: user.login_attempts = 0 db.session.commit() if 'auth_obj' in session: session.pop('auth_obj') return redirect(get_post_login_redirect()) elif isinstance(msg, Response): return msg elif 'oauth2_button' in request.form and not isinstance(msg, str): return msg if 'auth_obj' in session: session.pop('auth_obj') flash(msg, 'danger') response = redirect(get_post_logout_redirect()) return response