def login(): data = dict(request.get_json()) if 'email' not in data or 'password' not in data: return login_response(None, False, False) with DBConnection() as conn: col = conn.db.get_collection(db_config.USER_COL) user = col.find_one({'email': data['email']}) if not user: return login_response(data['email'], None, False, False) auth_success = auth_user(user, data['password']) user_id = user['user_id'] if auth_success else None return login_response(data['email'], user_id, True, auth_success)
def login(): error = None next_url = request.args.get('next', url_for('index')) if request.method == 'POST': email = request.form.get('email') password = request.form.get('password') remember = request.form.get('remember', "no") == "yes" if not all([email, password]): error = 'Email and password is required!' else: user = auth_user(email, password) if user is None: error = 'Invalid email or password!' else: if login_user(user, remember=remember): flash('Logged in successfully.') return redirect(next_url) return render_template('login.html', error=error)
def show_login(): page_name = 'login' if request.method.lower() == 'get': page_content = render_template("login.html") return render_page(page_content, "login") username = request.form.get("username") or "" password = request.form.get("password") or "" verification_code = request.form.get("verification_code") or "" if not (username and password and verification_code): page_content = render_template("login.html", message='Missing field') return render_page(page_content, page_name) if not utils.auth_user(username, password): page_content = render_template("login.html", message='Invalid credentials') return render_page(page_content, page_name) user = utils.check_username(username) seed = utils.generate_seed(username, user["user_ip"]) totp_key = utils.get_totp_key(seed) totp = pyotp.TOTP(totp_key) if verification_code != totp.now(): page_content = render_template("login.html", message='Invalid verification code') return render_page(page_content, page_name) # user/pass/totp all valid by now session_cookie = utils.make_cookie(app.config["COOKIE_SECRET"], username, request.remote_addr) response = app.make_response(redirect("/")) response.set_cookie('session', session_cookie) return response page_content = render_template("login.html") return render_page(page_content, page_name)
def show_login(): page_name = "login" if request.method.lower() == "get": page_content = render_template('login.html') return render_page(page_content, 'login') username = request.form.get('username') or '' password = request.form.get('password') or '' verification_code = request.form.get('verification_code') or '' if not (username and password and verification_code): page_content = render_template('login.html', message="Missing field") return render_page(page_content, page_name) if not utils.auth_user(username, password): page_content = render_template('login.html', message="Invalid credentials") return render_page(page_content, page_name) user = utils.check_username(username) seed = utils.generate_seed(username, user['user_ip']) totp_key = utils.get_totp_key(seed) totp = pyotp.TOTP(totp_key) if verification_code != totp.now(): page_content = render_template('login.html', message="Invalid verification code") return render_page(page_content, page_name) # user/pass/totp all valid by now session_cookie = utils.make_cookie(app.config['COOKIE_SECRET'], username, request.remote_addr) response = app.make_response(redirect('/')) response.set_cookie("session", session_cookie) return response page_content = render_template('login.html') return render_page(page_content, page_name)