def reauth():
if request.method == 'POST':
confirm_login()
flash(u'Reauthenticated')
return redirect(request.args.get('next') or url_for('main.index'))
return render_template('reauth.html')
def refresh():
form = LoginForm()
if form.validate_on_submit():
confirm_login()
flash("Authentication refreshed", "success")
return redirect(request.args.get("next") or url_for("index"))
return render_template("login.html", login_form=form)
def login_view():
next_url = request.args.get('next', default='/', type=str)
if app.config.get('IGNORE_AUTH'):
fake_id = 'anonymous_superuser'
anonymous_superuser = models.User.query.get(fake_id)
if not anonymous_superuser:
anonymous_superuser = models.User(
id=fake_id,
email_address='*****@*****.**',
superuser=1)
db.session.add(anonymous_superuser);
db.session.commit()
login_user(anonymous_superuser)
confirm_login()
return redirect(next_url)
# Inspired by:
# http://stackoverflow.com/questions/9499286
# /using-google-oauth2-with-flask
params = dict(
response_type='code',
client_id=config.GOOGLE_OAUTH2_CLIENT_ID,
redirect_uri=config.GOOGLE_OAUTH2_REDIRECT_URI,
scope=GOOGLE_OAUTH2_SCOPES,
state=urllib.quote(next_url),
)
target_url = '%s?%s' % (
GOOGLE_OAUTH2_AUTH_URL, urllib.urlencode(params))
logging.debug('Redirecting user to login at url=%r', target_url)
return redirect(target_url)
def reauth():
if request.method == "POST":
confirm_login()
return redirect(request.args.get("next") or '/admin')
template_data = {}
return render_template("/auth/reauth.html", **template_data)
def reauth():
if request.method == "POST":
confirm_login()
flash(u"Reauthenticated.")
return redirect(request.args.get("next") or url_for("index"))
return render_template("reauth.html")
def reauth():
"""Reauths a user for page that require a fresh login."""
if request.method == "POST":
confirm_login()
flash(__("Reauthentication successful"), "info")
return redirect(url_for("home_page"))
def reauth():
if request.method == "POST":
confirm_login()
flash(u"Reauthenticated.")
return redirect(request.args.get("next") or '/admin')
templateData = {}
return render_template("/auth/login.html", **templateData)
def reauth():
""" confirm_login sets the current session as fresh. Sessions become stale when they are reloaded from a cookie.
"""
if request.method == "POST":
confirm_login()
#~ flash(u"Регистрация обновлена.")
return redirect(request.args.get("next") or url_for("cabinetPage"))
return render_template("reauth.html")
def login_auth():
# TODO: Handle when the 'error' parameter is present
params = dict(
code=request.args.get('code'),
client_id=config.GOOGLE_OAUTH2_CLIENT_ID,
client_secret=config.GOOGLE_OAUTH2_CLIENT_SECRET,
redirect_uri=config.GOOGLE_OAUTH2_REDIRECT_URI,
grant_type='authorization_code'
)
payload = urllib.urlencode(params)
logging.debug('Posting for token to url=%r, payload=%r',
GOOGLE_OAUTH2_TOKEN_URL, payload)
fetch_request = urllib2.Request(GOOGLE_OAUTH2_TOKEN_URL, payload)
conn = urllib2.urlopen(fetch_request, timeout=FETCH_TIMEOUT_SECONDS)
data = conn.read()
result_dict = json.loads(data)
params = dict(
access_token=result_dict['access_token']
)
payload = urllib.urlencode(params)
target_url = '%s?%s' % (GOOGLE_OAUTH2_USERINFO_URL, payload)
logging.debug('Fetching user info from url=%r', target_url)
fetch_request = urllib2.Request(target_url)
conn = urllib2.urlopen(fetch_request, timeout=FETCH_TIMEOUT_SECONDS)
data = conn.read()
result_dict = json.loads(data)
logging.debug('Result user info dict: %r', result_dict)
email_address = result_dict['email']
if not result_dict['verified_email']:
abort(flask.Response('Your email address must be verified', 403))
user_id = '%s:%s' % (models.User.GOOGLE_OAUTH2, result_dict['id'])
user = models.User.query.get(user_id)
if not user:
user = models.User(id=user_id)
# Email address on the account may change, user ID will stay the same.
# Do not allow the user to claim existing build invitations with their
# old email address.
if user.email_address != email_address:
user.email_address = email_address
user.last_seen = datetime.datetime.utcnow()
db.session.add(user)
db.session.commit()
login_user(user)
confirm_login()
# Clear all flashed messages from the session on login.
flask.get_flashed_messages()
final_url = urllib.unquote(request.args.get('state'))
logging.debug('User is logged in. Redirecting to url=%r', final_url)
return redirect(final_url)
def login_auth():
# TODO: Handle when the 'error' parameter is present
params = dict(
code=request.args.get('code'),
client_id=config.GOOGLE_OAUTH2_CLIENT_ID,
client_secret=config.GOOGLE_OAUTH2_CLIENT_SECRET,
redirect_uri=config.GOOGLE_OAUTH2_REDIRECT_URI,
grant_type='authorization_code'
)
payload = urllib.urlencode(params)
logging.debug('Posting for token to url=%r, payload=%r',
GOOGLE_OAUTH2_TOKEN_URL, payload)
fetch_request = urllib2.Request(GOOGLE_OAUTH2_TOKEN_URL, payload)
conn = urllib2.urlopen(fetch_request, timeout=FETCH_TIMEOUT_SECONDS)
data = conn.read()
result_dict = json.loads(data)
params = dict(
access_token=result_dict['access_token']
)
payload = urllib.urlencode(params)
target_url = '%s?%s' % (GOOGLE_OAUTH2_USERINFO_URL, payload)
logging.debug('Fetching user info from url=%r', target_url)
fetch_request = urllib2.Request(target_url)
conn = urllib2.urlopen(fetch_request, timeout=FETCH_TIMEOUT_SECONDS)
data = conn.read()
result_dict = json.loads(data)
logging.debug('Result user info dict: %r', result_dict)
email_address = result_dict['email']
if not result_dict['verified_email']:
abort(flask.Response('Your email address must be verified', 403))
user_id = '%s:%s' % (models.User.GOOGLE_OAUTH2, result_dict['id'])
user = models.User.query.get(user_id)
if not user:
user = models.User(id=user_id)
# Email address on the account may change, user ID will stay the same.
# Do not allow the user to claim existing build invitations with their
# old email address.
if user.email_address != email_address:
user.email_address = email_address
user.last_seen = datetime.datetime.utcnow()
db.session.add(user)
db.session.commit()
login_user(user)
confirm_login()
# Clear all flashed messages from the session on login.
flask.get_flashed_messages()
final_url = urllib.unquote(request.args.get('state'))
logging.debug('User is logged in. Redirecting to url=%r', final_url)
return redirect(final_url)
def reauth():
if request.method == "POST" and "username" in request.form:
username = request.form["username"]
user = check_login(username,request.form.get("password",""))
if user is not None:
confirm_login()
return redirect(request.args.get("next") or url_for(".index"))
else:
flash("Sorry, your information did not match our records.")
return render_template("admin/login.html")
def reauth():
form = ReauthForm(next=request.args.get("next"))
if request.method == "POST":
user, authenticated = User.authenticate(current_user.name, form.password.data)
if user and authenticated:
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect("/change_password")
flash(_("Password is wrong."), "error")
return render_template("frontend/reauth.html", form=form)
def refresh_login():
form = PasswordForm()
if form.validate_on_submit():
if current_user.check_password(form.password.data):
confirm_login()
return redirect(request.args.get("next") or url_for("index"))
else:
flash("Incorrect password.")
return redirect(url_for('refresh_login'))
return render_template('accounts/refresh.html', form=form)
def reauth():
if request.method == "POST":
confirm_login()
flash(u"Reauthenticated.")
return redirect(request.args.get("next") or url_for("index"))
contentObj = Content()
templateData = {
'content' : contentObj.getAllText(language=session['language'])
}
return render_template("/auth/reauth.html", **templateData)
def reauth():
"""
Reauthenticates a user
"""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
confirm_login()
flash(("Reauthenticated"), "success")
return redirect(request.args.get("next") or url_for("user.profile"))
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or url_for("user.profile", username=current_user.username))
def reauth():
form = ReauthForm(next=request.args.get('next'))
if request.method == 'POST':
user, authenticated = User.authenticate(current_user.name,
form.password.data)
if user and authenticated:
confirm_login()
flash(_('Reauthenticated.'), 'success')
return redirect('/change_password')
flash(_('Password is wrong.'), 'error')
return render_template('frontend/reauth.html', form=form)
def reauth():
form = ReauthForm(next=request.args.get('next'))
if request.method == 'POST':
user, authenticated = User.authenticate(current_user.name,
form.password.data)
if user and authenticated:
confirm_login()
flash(_('Reauthenticated.'), 'success')
return redirect(form.next.data or url_for('user.change_password'))
flash(_('Password is incorrect.'), 'warning')
return render_template('user/reauth.html', form=form)
def reauth():
form = ReauthForm(next=request.args.get('next'))
if request.method == 'POST':
user, authenticated = User.authenticate(current_user.name,
form.password.data)
if user and authenticated:
confirm_login()
flash(_('Reauthenticated.'), 'success')
return redirect(form.next.data or url_for('user.change_password'))
flash(_('Password is incorrect.'), 'warning')
return render_template('user/reauth.html', form=form)
def reauth():
form = ReauthForm(next=request.args.get('next'))
if request.method == 'POST':
user, authenticated = User.authenticate(current_user.name,
form.password.data)
if user and authenticated:
confirm_login()
flash(_('Reauthenticated.'), 'success')
return redirect('/change_password')
flash(_('Password is wrong.'), 'error')
return render_template('frontend/reauth.html', form=form)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.choose_service'))
form = LoginForm()
if form.validate_on_submit():
user = user_api_client.get_user_by_email_or_none(form.email_address.data)
user = _get_and_verify_user(user, form.password.data)
if user and user.state == 'pending':
flash("You haven't verified your email or mobile number yet.")
return redirect(url_for('main.sign_in'))
if user and session.get('invited_user'):
invited_user = session.get('invited_user')
if user.email_address != invited_user['email_address']:
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
if user:
# Remember me login
if not login_fresh() and \
not current_user.is_anonymous and \
current_user.id == user.id and \
user.is_active:
confirm_login()
services = service_api_client.get_services({'user_id': str(user.id)}).get('data', [])
if (len(services) == 1):
return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
else:
return redirect(url_for('main.choose_service'))
session['user_details'] = {"email": user.email_address, "id": user.id}
if user.is_active:
user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
if request.args.get('next'):
return redirect(url_for('.two_factor', next=request.args.get('next')))
else:
return redirect(url_for('.two_factor'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(Markup((
"The email address or password you entered is incorrect."
" <a href={password_reset}>Forgot your password</a>?"
).format(password_reset=url_for('.forgot_password'))
))
return render_template('views/signin.html', form=form)
def refresh_login():
form = RefreshLoginForm()
if form.validate_on_submit():
user = User.authenticate(current_user.username, form.password.data)
if user:
confirm_login()
flash('Refreshed login', 'success')
return redirect(url_for('users.profile'))
flash('Invalid password', 'error')
return render_template('users/refresh_login.html', form=form)
def reauthenticate():
# This isn't wrapped with login_required because it wouldn't make sense
# to require a login to access the reauthenticate page. Instead, the
# following if statement takes its place.
if not current_user.is_authenticated or login_fresh():
return redirect(url_for('main.index'))
form = ReauthenticationForm()
if form.validate_on_submit():
if verify_password(current_user, form.password.data):
confirm_login()
LogEvent.reauthenticate(current_user)
return form.redirect('main.index')
flash_it(AuthMessages.INVALID_PASSWORD)
return render_template('auth/reauthenticate.html', form=form)
def refresh_login():
error = None
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = app.db.auth_user(
request.form['username'],
request.form['password'])
if user:
confirm_login(user)
logger.info('User: %s - login auth success.' % (request.form['username']))
return redirect(url_for('user_home', username=user.username))
else:
logger.info('User: %s - login auth failure.' % (request.form['username']))
error = 'Invalid username or password.'
return render_template('user/login.html', form=form, error=error)
def refresh():
form = RefreshForm()
if form.validate_on_submit():
user = current_app.bouncer.user_class.find(email = form.email.data)
if user:
if user.verify_password(form.password.data):
confirm_login()
return redirect(session.pop('next', None) or url_for('index'))
if request.method == 'POST':
flash(_cfg('flash.login_error', 'Invalid username or password.'), 'error')
else:
session['next'] = request.args.get('next')
providers = {}
for k in current_app.bouncer.get_oauth_providers():
providers[k] = current_app.bouncer.get_oauth_provider(k)['display_name']
return render_template('bouncer/refresh.html', form = form, providers = providers)
def reauth():
""" """
form = ReauthForm(next=request.args.get('next'))
if form.validate_on_submit():
user, authenticated = User.authenticate(current_user.username,
form.password.data)
if user and authenticated:
confirm_login()
flash('Reauthentication complete.')
return redirect(form.next.data or url_for('admin.index'))
else:
form.non_field_errors = [u'Incorrect password']
return render_template('user/reauth.html', form=form)
def reauth():
if confirm_login():
flash('Reauthenticated', 'success')
return redirect(
request.args.get('next') or request.referrer
or url_for('frontend.index'))
def reauth():
"""
Reauthenticates a user
"""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
confirm_login()
flash(("Reauthenticated"), "success")
return redirect(
request.args.get("next") or url_for("user.profile"))
return render_template("auth/reauth.html", form=form)
return redirect(
request.args.get("next")
or url_for("user.profile", username=current_user.username))
def reauth():
""" """
form = ReauthForm(next=request.args.get('next'))
if form.validate_on_submit():
user, authenticated = User.authenticate(current_user.username,
form.password.data)
if user and authenticated:
confirm_login()
flash('Reauthentication complete.')
return redirect(form.next.data or url_for('admin.index'))
else:
form.non_field_errors = [u'Incorrect password']
return render_template('user/reauth.html', form=form)
def reauth():
form = ReauthForm(next=request.args.get('next'))
if request.method == 'POST':
user, authenticated = User.authenticate(current_user.username,
form.password.data)
if user and authenticated:
confirm_login()
current_app.logger.debug('reauth: %s' % session['_fresh'])
flash(_('Reauthenticate.'), 'success') # Reauthenticate
return redirect('/change_password')
flash(_(u'Password is wrong.'), 'error') #Password is wrong.
return render_template('reauth.html',
newtaskform = TaskForm(),
form=form)
def login(data):
data = data or dict()
usr = user.get_by_username(data.get('login'))
if not usr:
usr = user.get_by_email(data.get('login'))
if not usr:
raise ValidationError('Invalid login or password')
if not user.verify_password(usr, data.get('password')):
raise ValidationError('Invalid login or password')
remember = parse_boolean(data.get('remember'))
login_user(usr, remember=remember)
confirm_login()
return usr
def login(data):
data = data or dict()
usr = user.get_by_username(data.get('login'))
if not usr:
usr = user.get_by_email(data.get('login'))
if not usr:
raise ValidationError('Invalid login or password')
if not user.verify_password(usr, data.get('password')):
raise ValidationError('Invalid login or password')
remember = parse_boolean(data.get('remember'))
login_user(usr, remember=remember)
confirm_login()
return usr
def reauth():
"""Recreate a session."""
current_app.logger.info('Entering session.views.reauth()...')
# TODO: Verify current_user.email = form.data.email
form = LoginForm()
if form.validate_on_submit():
user, authenticated = User.authenticate(form.email.data, form.password.data)
if user and authenticated:
confirm_login()
response = jsonify(status='success', data=user.session_as_dict())
response.status_code = 200
current_app.logger.debug('Returning success; response.data=[%s]' % response.data)
return response
current_app.logger.debug('Returning fail; data = [%s].' % form.errors)
return jsonify(status='fail', data=form.errors)
def reauthenticate():
"""The form page to ask user enter their password to revalidate their
stale session.
If a user let the system remember his or her login at :func:`signup`,
we then call it a persistent session. This is because such session
will not be expired within just hours of time, nor will it become
invalid after quitting the browser.
We call a recovered session after a relaunch of the browser or time
expiration a stale session. Sometimes we may want to make sure the
user owns the permission before taking any operations. In these
situations, the stale sessions are not enough.
So :class:`reauthenticate` view force the user to refresh their stale
session. You may decorate the view by
:func:`~railgun.website.credential.fresh_login_required` to ensure
this.
If the credential passes validation, the user will be redirected to
:func:`index` view, unless the `next` argument is given in the query
string, where a redirection to `next` will take place.
:route: /reauthenticate/
:method: GET, POST
:template: reauthenticate.html
:form: :class:`~railgun.website.forms.ReAuthenticateForm`
"""
# Re-authenticate form is just like signin but do not contain "remember"
form = ReAuthenticateForm()
next_url = request.args.get('next')
if form.validate_on_submit():
# Check whether the user exists
user = authenticate(current_user.name, form.password.data)
if user:
confirm_login()
return redirect(next_url or url_for('index'))
# Report password error
flash(_('Incorrect password.'), 'danger')
return render_template('reauthenticate.html', form=form, next=next_url)
def reauthenticate():
"""The form page to ask user enter their password to revalidate their
stale session.
If a user let the system remember his or her login at :func:`signup`,
we then call it a persistent session. This is because such session
will not be expired within just hours of time, nor will it become
invalid after quitting the browser.
We call a recovered session after a relaunch of the browser or time
expiration a stale session. Sometimes we may want to make sure the
user owns the permission before taking any operations. In these
situations, the stale sessions are not enough.
So :class:`reauthenticate` view force the user to refresh their stale
session. You may decorate the view by
:func:`~railgun.website.credential.fresh_login_required` to ensure
this.
If the credential passes validation, the user will be redirected to
:func:`index` view, unless the `next` argument is given in the query
string, where a redirection to `next` will take place.
:route: /reauthenticate/
:method: GET, POST
:template: reauthenticate.html
:form: :class:`~railgun.website.forms.ReAuthenticateForm`
"""
# Re-authenticate form is just like signin but do not contain "remember"
form = ReAuthenticateForm()
next_url = request.args.get('next')
if form.validate_on_submit():
# Check whether the user exists
user = authenticate(current_user.name, form.password.data)
if user:
confirm_login()
return redirect(next_url or url_for('index'))
# Report password error
flash(_('Incorrect password.'), 'danger')
return render_template('reauthenticate.html', form=form, next=next_url)
def create_or_login(resp):
h = hashlib.new('ripemd160')
session['openid'] = resp.identity_url
user = None
h.update(resp.identity_url)
print session['openid'], h.hexdigest()
identity = db.session.query(Identity).filter_by(url=h.hexdigest()).first()
if identity:
user = db.session.query(User).get(identity.user_id)
if user is not None:
if g.user.is_authenticated():
confirm_login()
g.user = user
login_user(user, remember=True)
flash(u'Successfully signed in')
return redirect_back('main.MainView:index')
return redirect(url_for('account.ProfileView:create', next=oid.get_next_url(),
name=resp.fullname or resp.nickname,
email=resp.email))
def reauth():
"""Recreate a session."""
current_app.logger.info('Entering session.views.reauth()...')
# TODO: Verify current_user.email = form.data.email
form = LoginForm()
if form.validate_on_submit():
user, authenticated = User.authenticate(form.email.data,
form.password.data)
if user and authenticated:
confirm_login()
response = jsonify(status='success', data=user.session_as_dict())
response.status_code = 200
current_app.logger.debug('Returning success; response.data=[%s]' %
response.data)
return response
current_app.logger.debug('Returning fail; data = [%s].' % form.errors)
return jsonify(status='fail', data=form.errors)
def reauth():
"""
User re authentication view
"""
app.logger.debug('User reauth')
form = ReauthForm(next=request.args.get('next', None))
#if the login is fresh there is no need to re-authenticate
if login_fresh():
return redirect(generate_redirect_url(next_=form.next.data))
if form.validate_on_submit():
user, authenticated = authenticate(current_user.get_username(), form.password.data)
if user and authenticated:
user.set_last_signon()
confirm_login()
return redirect(generate_redirect_url(next_=form.next.data))
else:
flash('Sorry, invalid login parameters', 'error')
return render_template('reauth.html', form=form)
def reauth():
if request.method == "POST":
confirm_login()
return redirect(request.args.get("next") or '/admin')
return redirect('/login/twitter')
def reauth():
if request.method == 'POST':
confirm_login()
flash(u'Reauthenticated.')
return redirect(request.args.get('next') or url_for('api_root'))
return render_template('reauth.html')
def _confirm_login():
confirm_login()
return u''
def refresh():
# do stuff
confirm_login()
return True
def reauth():
confirm_login()
return u"Login confirmed"
def refresh():
# do stuff
confirm_login()
return True
def reauth():
if request.method == "POST":
confirm_login()
flash(u"Reauthenticated.")
return redirect(request.args.get("next") or url_for("index"))
return render_template("reauth.html")
def reauth():
if confirm_login():
flash('Reauthenticated', 'success')
return redirect(
request.args.get('next') or request.referrer or url_for('frontend.index'))
def reauth():
confirm_login()
return u"Login confirmed"
