def auth_logout():
if not g.fas_user:
return redirect(url_for('view_main'))
FAS.logout()
session.clear()
flash(_('You have been logged out'))
return redirect(url_for('view_main'))
def auth_login():
if not 'next' in request.args and not 'next' in session:
return redirect(url_for('view_main'))
if 'next' in request.args:
session['next'] = request.args['next']
if g.fas_user and not ('timeout' in session and session['timeout']): # We can also have "timeout" as of 0.4.0, indicating PAPE or application configuration requires a re-auth
log_debug('Info', {'message': 'User tried to login but is already authenticated'})
return redirect(session['next'])
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
if (not app.config['AVAILABLE_FILTER']) or (username in app.config['AVAILABLE_TO']):
if FAS.login(username, password):
log_info('Success', {'username': username, 'message': 'User authenticated succesfully'})
session['last_auth_time'] = time()
session['timeout'] = False
session['trust_root'] = ''
session.modified = True
return redirect(session['next'])
else:
log_warning('Failure', {'username': username, 'message': 'User entered incorrect username or password'})
flash(_('Incorrect username or password'))
else:
log_warning('Failure', {'username': username, 'message': 'Tried to login with an account that is not allowed to use this service'})
flash(_('This service is limited to the following users: %(users)s', users=', '.join(app.config['AVAILABLE_TO'])))
return render_template('login.html', trust_root=session['trust_root'])