Beispiel #1
0
def authorized():
    oauth_response = None
    try:
        oauth_response = google.authorized_response()
    except OAuthException as error:
        current_app.logger.warn(oauth_response.message)
        flash("{} - try again!".format(oauth_response.message), 'warning')
        return redirect(url_for('public.index'))

    if oauth_response is None:
        flash("Access denied: reason={} error={}"
              .format(request.args.get['error_reason'],
                      request.args['error_description']), 'danger')
        return abort(403)

    # add token to session, do it before validation to be able to fetch
    # additional data (like email) on the authenticated user
    session['google_token'] = (oauth_response['access_token'], '')

    # get additional user info with the access token
    google_user = google.get('userinfo')
    google_data = google_user.data

    user_obj = store.user(google_data['email'])
    if user_obj is None:
        flash('your email is not whitelisted, contact admin.', 'warning')
        return redirect(url_for('public.index'))

    user_obj['name'] = google_data['name']
    user_obj['location'] = google_data['locale']
    user_obj['accessed_at'] = datetime.now()
    store.update_user(user_obj)
    return perform_login(user_obj)
Beispiel #2
0
def update_tracks_settings():
    """Update custom track settings for a user according to form choices"""
    user_obj = store.user(email=current_user.email)
    selected_tracks = request.form.getlist("user_tracks") or []
    # update user in database with custom tracks info
    user_obj["igv_tracks"] = selected_tracks
    store.update_user(user_obj)
    return redirect(request.referrer)
Beispiel #3
0
def login():
    """Login a user if they have access."""
    if "next" in request.args:
        session["next_url"] = request.args["next"]

    user_id = None
    user_mail = None

    if (current_app.config.get("LDAP_HOST",
                               current_app.config.get("LDAP_SERVER"))
            and request.method == "POST"):
        ldap_authorized = controllers.ldap_authorized(
            request.form.get("ldap_user"), request.form.get("ldap_password"))
        if ldap_authorized is True:
            user_id = request.form.get("ldap_user")
        else:
            flash("User not authorized by LDAP server", "warning")
            return redirect(url_for("public.index"))

    if current_app.config.get("GOOGLE"):
        if session.get("email"):
            user_mail = session["email"]
            session.pop("email", None)
        else:
            LOG.info("Google Login!")
            redirect_uri = url_for(".authorized", _external=True)
            try:
                return oauth_client.google.authorize_redirect(redirect_uri)
            except Exception as ex:
                flash(
                    "An error has occurred while logging in user using Google OAuth"
                )

    if request.args.get("email"):  # log in against Scout database
        user_mail = request.args.get("email")
        LOG.info("Validating user %s email %s against Scout database", user_id,
                 user_mail)

    user_obj = store.user(email=user_mail, user_id=user_id)
    if user_obj is None:
        flash("User not found in Scout database", "warning")
        return redirect(url_for("public.index"))

    user_obj["accessed_at"] = datetime.now()
    if session.get("name"):  # These args come from google auth
        user_obj["name"] = session.get("name")
        user_obj["locale"] = session.get("locale")
    store.update_user(user_obj)

    user_dict = LoginUser(user_obj)
    return perform_login(user_dict)
Beispiel #4
0
def login():
    """Login a user if they have access."""
    if "next" in request.args:
        session["next_url"] = request.args["next"]

    user_id = None
    user_mail = None
    if current_app.config.get("LDAP_HOST") and request.method == "POST":
        form = LDAPLoginForm()
        LOG.info("Validating LDAP user")
        if not form.validate_on_submit():
            flash(
                "username-password combination is not valid, plase try again",
                "warning")
            return redirect(url_for("public.index"))
        user_id = form.username.data

    if current_app.config.get("GOOGLE"):
        if session.get("email"):
            user_mail = session["email"]
            session.pop("email", None)
        else:
            LOG.info("Google Login!")
            redirect_uri = url_for(".authorized", _external=True)
            try:
                return oauth_client.google.authorize_redirect(redirect_uri)
            except Exception as ex:
                flash(
                    "An error has occurred while logging in user using Google OAuth"
                )

    if request.args.get("email"):  # log in against Scout database
        user_mail = request.args.get("email")
        LOG.info("Validating user %s email %s against Scout database", user_id,
                 user_mail)

    user_obj = store.user(email=user_mail, user_id=user_id)
    if user_obj is None:
        flash("User not found", "warning")
        return redirect(url_for("public.index"))

    user_obj["accessed_at"] = datetime.now()
    if session.get("name"):  # These args come from google auth
        user_obj["name"] = session.get("name")
        user_obj["locale"] = session.get("locale")
    store.update_user(user_obj)

    user_dict = LoginUser(user_obj)
    return perform_login(user_dict)
Beispiel #5
0
def login():
    """Login a user if they have access."""
    if "next" in request.args:
        session["next_url"] = request.args["next"]

    user_id = None
    user_mail = None
    if current_app.config.get("LDAP_HOST") and request.method == "POST":
        form = LDAPLoginForm()
        LOG.info("Validating LDAP user")
        if not form.validate_on_submit():
            flash(
                "username-password combination is not valid, plase try again",
                "warning")
            return redirect(url_for("public.index"))
        user_id = form.username.data

    if current_app.config.get("GOOGLE"):
        if session.get("email"):
            user_mail = session["email"]
            session.pop("email")
        else:
            LOG.info("Validating Google user login")
            callback_url = url_for(".authorized", _external=True)
            return google.authorize(callback=callback_url)

    if request.args.get("email"):  # log in against Scout database
        user_mail = request.args.get("email")
        LOG.info("Validating user {} against Scout database".format(user_id))

    user_obj = store.user(email=user_mail, user_id=user_id)
    if user_obj is None:
        flash("User not whitelisted", "warning")
        return redirect(url_for("public.index"))

    user_obj["accessed_at"] = datetime.now()
    if session.get("name"):  # These args come from google auth
        user_obj["name"] = session.get("name")
        user_obj["locale"] = session.get("locale")
    store.update_user(user_obj)

    user_dict = LoginUser(user_obj)
    return perform_login(user_dict)
Beispiel #6
0
def authorized():
    oauth_response = None
    try:
        oauth_response = google.authorized_response()
    except OAuthException as error:
        current_app.logger.warn(oauth_response.message)
        flash("{} - try again!".format(oauth_response.message), 'warning')
        return redirect(url_for('public.index'))

    if oauth_response is None:
        flash("Access denied: reason={} error={}"
              .format(request.args.get['error_reason'],
                      request.args['error_description']), 'danger')
        return abort(403)

    # add token to session, do it before validation to be able to fetch
    # additional data (like email) on the authenticated user
    session['google_token'] = (oauth_response['access_token'], '')

    # get additional user info with the access token
    google_user = google.get('userinfo')
    google_data = google_user.data

    user_obj = store.user(google_data['email'])

    # Try again with lower-cased email address if no match
    if user_obj is None:
        user_obj = store.user(google_data['email'].lower())
        
    if user_obj is None:
        flash("email not whitelisted: {}".format(google_data['email']), 'warning')
        return redirect(url_for('public.index'))

    user_obj['name'] = google_data['name']
    user_obj['location'] = google_data['locale']
    user_obj['accessed_at'] = datetime.now()
    store.update_user(user_obj)
    return perform_login(user_obj)