def api_signin(): print(request.data) print(request.content_type) if not request.json: email = request.form['email'] password = request.form['password'] else: email = request.json.get('email') password = request.json.get('password') user = User.objects(email=email).first() if not user or not user.check_password(password): return jsonify({ 'code': 0, 'data': {}, 'tip': 'wrong email or wrong password' }) elif user.group == Group.block or user.group == Group.delete: return jsonify({ 'code': 0, 'data': {}, 'tip': 'no right access' }) else: token = user.generate_token() data = jsonify({ 'code': 1, 'data': {'id': str(user.id), 'email': user.email, 'token': token} }) response = current_app.make_response(data) response.set_cookie("token", token, httponly=True) return response
def raspberry_user_delete(): body = request.get_json() obj = Raspberry.get({"id": body["raspberry_id"]}) user = User.get({"id": get_jwt_identity()}) user.raspberries.remove(obj) db.session.commit() return {"message": Config.DELETE_MESSAGE}, 203
def wrapped(*args, **kwargs): token = request.headers.get('token') or request.cookies.get('token') user = User.verify_token(token) if not user: return redirect(url_for('main.login_page')) g.user = user return f(*args, **kwargs)
def raspberry_user_put(): body = request.get_json() obj = Raspberry.get({"id": body["raspberry_id"]}) user = User.get({"id": get_jwt_identity()}) user.raspberries.append(obj) db.session.commit() return {"message": Config.POST_MESSAGE, "object": obj}, 201
def user_index(): raspberry_id = request.args.get('raspberry_id') if raspberry_id: obj = User.query.join(Raspberry, User.raspberries).filter(Raspberry.id == raspberry_id).all() return jsonify(obj) else: return jsonify(User.index())
def user_post(): try: body = request.get_json() obj = User.post(body) return {"message": Config.POST_MESSAGE, "object": obj}, 201 except InvalidRequestError: db.session().rollback() return jsonify({'message': 'an invalid request'}), 409 except IntegrityError: return jsonify({'message': 'an integrity error occurred'}), 409
def api_signup(): email = request.json.get('email') password = request.json.get('password') code = request.json.get('code') if email is None or password is None: print('None...') abort(400) code = Code.objects(value=code).first() if not code: return jsonify({ 'code': 0, 'tip': "wrong code" }) if User.objects(email=email).first() is not None: return jsonify({ 'code': 0, 'tip': "email already registered" }) try: user = User(email=email) user.set_password(password) user.save() code.delete() return jsonify({ 'code': 1, 'data': {'id': str(user.id), 'email': user.email} }) except db.errors.ValidationError: return jsonify({ 'code': 0, 'tip': 'wrong email' })
def check_user_before_request(): if "user" not in session: g.user = BasicUser.gen_user() session["user"] = g.user.to_dict() else: userid = session.get('user')["id"] user = User.get_user_by_id(userid) # this for when clear db usage if user is None: user = BasicUser.gen_user() session["user"] = user.to_dict() g.user = user
def api_login(): username = request.form.get("username") password = request.form.get("password") password = hashlib.sha512(password).hexdigest() user = User.validate_user(username=username, password=password) if user is None: return jsonify(dict(rcode==404)) g.user = user session["user"] = g.user.to_dict() return jsonify(rcode=200)
def decorated_function(*args, **kwargs): r = request.path if "user" not in session: flash("You need to login first!", "danger") return redirect(url_for('login', r=r)) else: g.user = User.get_user_by_id(session["user"]["id"]) if g.user is None: return redirect(url_for('login', r=r)) def inject_user(): if "user" not in g: g.user = User.get_user_by_id(session.get("user", {}).get("id")) return dict(cur_user=g.user) app.template_context_processors[None].append(inject_user) return f(*args, **kwargs)
def api_delete_user(uid): if g.user.group != Group.admin: abort(400) try: user = User.objects(id=uid).first() if not user: abort(400) user.delete() return jsonify({ 'code': 1, }) except db.errors.ValidationError: return jsonify({ 'code': 0, 'tip': 'wrong id' })
def login(): username = request.form.get("username") password = request.form.get("password") password = hashlib.sha512(password).hexdigest() user = User.validate_user(username=username, password=password) if user is None: flash("user/password error!") return redirect("/") g.user = user session["user"] = g.user.to_dict() return redirect("/")
def user_get(_id): obj = User.get({"id": _id}) return jsonify(obj)
def inject_user(): if "user" not in g: g.user = User.get_user_by_id(session.get("user", {}).get("id")) return dict(cur_user=g.user)
def login() -> Union[str, Response]: """User login page.""" if current_user.get_id(): next_url = request.args.get("next", default="/") if is_safe_url(next_url, app.config["ALLOWED_HOSTS"]) is False: return abort(400) return redirect(next_url) # if demo, login as first user if app.config.get("DEMO"): session.pop("_flashes", None) user = User.query.first() if user: login_user(user, remember=True) else: flash("Something broke!") next_url = request.args.get("next", default="/") if is_safe_url(next_url, app.config["ALLOWED_HOSTS"]) is False: return abort(400) return redirect(next_url) if request.method == "POST" and app.config["AUTH_METHOD"] in ["LDAP", "DEV"]: user = request.form.get("user", "") password = request.form.get("password", "") if app.config["AUTH_METHOD"] == "LDAP": # pragma: no cover ldap = LDAP(app) # type: ignore[no-untyped-call] ldap_details = ldap.bind_user(user, password) # type: ignore[no-untyped-call] if ldap_details is None or password == "": # noqa: S105 executor.submit(log_login, request.form["user"], 3) flash("Invalid login, please try again!") return render_template("pages/login.html.j2", title="Login") # require specific user group # fmt: off if "REQUIRED_GROUPS" in app.config and not set( app.config["REQUIRED_GROUPS"] ).issubset( set(ldap.get_user_groups(user=user.lower())) # type: ignore[no-untyped-call] ): executor.submit(log_login, request.form["user"], 3) flash( "You must be part of the %s group(s) to use this site." % app.config["REQUIRED_GROUPS"] ) return render_template("pages/login.html.j2", title="Login") # fmt: on executor.submit(log_login, request.form["user"], 1) user = User.query.filter( (User.account_name == user.lower()) | (User.email == user.lower()) ).first() # if user isn't existing, create if not user: user = User() # type: ignore[call-arg] # update user attributes user.account_name = ( ldap_details.get(app.config["LDAP_ATTR_MAP"]["account_name"])[0] .decode("utf-8") .lower() ) user.email = ( ldap_details.get(app.config["LDAP_ATTR_MAP"]["email"])[0] .decode("utf-8") .lower() ) user.full_name = ldap_details.get(app.config["LDAP_ATTR_MAP"]["full_name"])[ 0 ].decode("utf-8") user.first_name = ldap_details.get( app.config["LDAP_ATTR_MAP"]["first_name"] )[0].decode("utf-8") db.session.add(user) db.session.commit() login_user(user, remember=True) next_url = request.args.get("next", default="/") if is_safe_url(next_url, app.config["ALLOWED_HOSTS"]) is False: return abort(400) return redirect(next_url) if app.config["AUTH_METHOD"] == "DEV": # pragma: no cover user = User.query.filter( (User.account_name == user.lower()) | (User.email == user.lower()) ).first() if user: login_user(user, remember=True) else: flash("Invalid login, please try again!") next_url = request.args.get("next", default="/") if is_safe_url(next_url, app.config["ALLOWED_HOSTS"]) is False: return abort(400) return redirect(next_url) # if login methods fail, add flash message flash("Invalid login, please try again!") # saml does not have a login page but redirects to idp if app.config["AUTH_METHOD"] == "SAML": # pragma: no cover saml = SAML(app) saml_client = saml.saml_client_for() # pylint: disable=W0612 reqid, info = saml_client.prepare_for_authenticate() redirect_url = "" # Select the IdP URL to send the AuthN request to for key, value in info["headers"]: if key == "Location": redirect_url = value # add next url to request to be appropriatly redirected # after a successful login next_url = request.args.get("next", "/") if is_safe_url(next_url, app.config["ALLOWED_HOSTS"]): redirect_url += "&RelayState=" + next_url return redirect(redirect_url) return render_template("pages/login.html.j2", title="Login")
def user_delete(_id): User.delete({"id": _id}) return {"message": Config.DELETE_MESSAGE}, 203
def user_put(_id): body = request.get_json() obj = User.put({"id": _id}, body) return {"message": Config.PUT_MESSAGE, "object": obj}
def idp_initiated() -> Response: """Get response from IDP.""" try: saml = SAML(app) saml_client = saml.saml_client_for() authn_response = saml_client.parse_authn_request_response( request.form["SAMLResponse"], entity.BINDING_HTTP_POST) identity = authn_response.get_identity() if "REQUIRED_GROUPS" in app.config and not set( app.config["REQUIRED_GROUPS"]).issubset( set(identity.get(app.config["SAML_ATTR_MAP"]["groups"]))): session.pop("_flashes", None) # user is not authorized. flash("You must be part of the %s group(s) to use this site." % app.config["REQUIRED_GROUPS"]) return redirect(app.config["NOT_AUTHORIZED_URL"]) logging.warning(identity) if identity: account_name = identity.get( app.config["SAML_ATTR_MAP"]["account_name"])[0].lower() email = identity.get( app.config["SAML_ATTR_MAP"]["email"])[0].lower() user = User.query.filter((User.account_name == account_name) | (User.email == email)).first() # if user isn't existing, create if not user: user = User() # update user attributes user.account_name = account_name user.email = email user.full_name = "%s %s" % ( identity.get(app.config["SAML_ATTR_MAP"]["first_name"])[0], identity.get(app.config["SAML_ATTR_MAP"]["last_name"])[0], ) user.first_name = identity.get( app.config["SAML_ATTR_MAP"]["first_name"])[0] db.session.add(user) db.session.commit() login_user(user, remember=True) next_url = (request.args.get("next") or request.args.get("RelayState") or request.form.get("RelayState") or app.config["LOGIN_REDIRECT_URL"]) if not is_safe_url(next_url, app.config["ALLOWED_HOSTS"]): return abort(400) session.pop("_flashes", None) return redirect(next_url) return redirect(app.congif["LOGIN_VIEW"]) except SignatureError as e: flash(str(e)) return redirect(app.congif["SAML_ATTR_MAP"])
from flask import Flask from web.model import DbPool, User app = Flask(__name__) if __name__ == '__main__': session = DbPool.get_db_pool1()() user = User(id='1', name='alan') session.add(user) session.commit() session.close() app.run(host='0.0.0.0', port=81, debug=app.config['DEBUG'])