def login():
if request.is_json:
form = _security.login_form(MultiDict(request.get_json()))
else:
form = _security.login_form(request.form)
if form.validate_on_submit():
login_user(form.user, remember=form.remember.data)
after_this_request(_commit)
if not request.is_json:
return redirect(get_post_login_redirect(form.next.data))
if not request.is_json:
return _security.render_template(config_value('LOGIN_USER_TEMPLATE'),
login_user_form=form,
**_ctx('login'))
# override error messages if necessary
confirmation_required = get_message('CONFIRMATION_REQUIRED')[0]
if confirmation_required in form.errors.get('email', []):
return jsonify({
'error': confirmation_required,
}), HTTPStatus.UNAUTHORIZED
elif form.errors:
username_fields = config_value('USER_IDENTITY_ATTRIBUTES')
return jsonify({
'error':
f"Invalid {', '.join(username_fields)} and/or password."
}), HTTPStatus.UNAUTHORIZED
return jsonify({
'user': form.user,
'token': form.user.get_auth_token(),
})
def login():
"""
Entry point for all the authentication sources.
The user input will be validated and authenticated.
"""
form = _security.login_form()
auth_obj = AuthSourceManager(form, config.AUTHENTICATION_SOURCES)
session['_auth_source_manager_obj'] = None
# Validate the user
if not auth_obj.validate():
for field in form.errors:
for error in form.errors[field]:
flash(error, 'warning')
return flask.redirect(get_post_logout_redirect())
# Authenticate the user
status, msg = auth_obj.authenticate()
if status:
# Login the user
status, msg = auth_obj.login()
if not status:
flash(gettext(msg), 'danger')
return flask.redirect(get_post_logout_redirect())
session['_auth_source_manager_obj'] = auth_obj.as_dict()
return flask.redirect(get_post_login_redirect())
flash(gettext(msg), 'danger')
return flask.redirect(get_post_logout_redirect())
def login():
"""
Entry point for all the authentication sources.
The user input will be validated and authenticated.
"""
form = _security.login_form()
auth_obj = AuthSourceManager(form, config.AUTHENTICATION_SOURCES)
session['_auth_source_manager_obj'] = None
# Validate the user
if not auth_obj.validate():
for field in form.errors:
for error in form.errors[field]:
flash(error, 'warning')
return flask.redirect(get_post_logout_redirect())
# Authenticate the user
status, msg = auth_obj.authenticate()
if status:
# Login the user
status, msg = auth_obj.login()
current_auth_obj = auth_obj.as_dict()
if not status:
if current_auth_obj['current_source'] ==\
KERBEROS:
return flask.redirect('{0}?next={1}'.format(
url_for('authenticate.kerberos_login'),
url_for('browser.index')))
flash(gettext(msg), 'danger')
return flask.redirect(get_post_logout_redirect())
session['_auth_source_manager_obj'] = current_auth_obj
return flask.redirect(get_post_login_redirect())
elif isinstance(msg, Response):
return msg
flash(gettext(msg), 'danger')
response = flask.redirect(get_post_logout_redirect())
return response
def login():
"""
Entry point for all the authentication sources.
The user input will be validated and authenticated.
"""
form = _security.login_form()
auth_obj = AuthSourceManager(form,
copy.deepcopy(config.AUTHENTICATION_SOURCES))
if OAUTH2 in config.AUTHENTICATION_SOURCES \
and 'oauth2_button' in request.form:
session['auth_obj'] = auth_obj
session['auth_source_manager'] = None
username = form.data['email']
user = User.query.filter_by(username=username,
auth_source=INTERNAL).first()
if user:
if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:
user.locked = True
else:
user.locked = False
db.session.commit()
if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:
flash(
gettext('Your account is locked. Please contact the '
'Administrator.'), 'warning')
logout_user()
return redirect(get_post_logout_redirect())
# Validate the user
if not auth_obj.validate():
for field in form.errors:
flash_login_attempt_error = None
if user and field in config.LOGIN_ATTEMPT_FIELDS:
if config.MAX_LOGIN_ATTEMPTS > 0:
user.login_attempts += 1
left_attempts = \
config.MAX_LOGIN_ATTEMPTS - user.login_attempts
if left_attempts > 1:
flash_login_attempt_error = \
gettext('{0} more attempts remaining.'.
format(left_attempts))
else:
flash_login_attempt_error = \
gettext('{0} more attempt remaining.'.
format(left_attempts))
db.session.commit()
for error in form.errors[field]:
if flash_login_attempt_error:
error = error + flash_login_attempt_error
flash_login_attempt_error = None
flash(error, 'warning')
return redirect(get_post_logout_redirect())
# Authenticate the user
status, msg = auth_obj.authenticate()
if status:
# Login the user
status, msg = auth_obj.login()
current_auth_obj = auth_obj.as_dict()
if not status:
if current_auth_obj['current_source'] == \
KERBEROS:
return redirect('{0}?next={1}'.format(
url_for('authenticate.kerberos_login'),
url_for('browser.index')))
flash(msg, 'danger')
return redirect(get_post_logout_redirect())
session['auth_source_manager'] = current_auth_obj
if user:
user.login_attempts = 0
db.session.commit()
if 'auth_obj' in session:
session.pop('auth_obj')
return redirect(get_post_login_redirect())
elif isinstance(msg, Response):
return msg
elif 'oauth2_button' in request.form and not isinstance(msg, str):
return msg
if 'auth_obj' in session:
session.pop('auth_obj')
flash(msg, 'danger')
response = redirect(get_post_logout_redirect())
return response
