def reauth():
print login_fresh()
if request.method == "POST":
confirm_login()
flash(u"Reauthenticated.")
return redirect(request.args.get("next") or url_for("index"))
return render_template("reauth.html")
def set_password():
"""修改密码"""
form = PasswordForm()
if form.validate_on_submit():
data = form.data #获取数据
print('用户编号{}'.format(current_user.get_id()))
user = User.query.get(current_user.get_id())
user.password = generate_password_hash(data['password'])
db.session.commit()
flash('修改成功')
login_fresh()
return redirect(url_for('home.login'))
return render_template('/home/user/secret.html', form=form)
def login():
if g.user is not None and g.user.is_authenticated:
login_fresh()
return redirect(url_for('index'))
form = LoginForm()
if form.validate_on_submit():
# user = db.session.query(Users).filter(Users.email == form.email.data).first()
user = Users.query.filter_by(email=form.email.data).first()
if user is not None and user.verify_password(form.password.data):
login_user(user, form.remeber.data)
flash('登录成功.')
return redirect(request.args.get('next') or url_for('index'))
else:
flash('邮箱或密码错误')
return render_template('login.html', form=form)
def change_password():
user = None
if current_user.is_authenticated:
if not login_fresh():
return login_manager.needs_refresh()
user = current_user
elif 'activation_key' in request.values and 'email' in request.values:
activation_key = request.values['activation_key']
email = request.values['email']
user = User.query.filter_by(activation_key=activation_key) \
.filter_by(email=email).first()
if user is None:
abort(403)
form = ChangePasswordForm(activation_key=user.activation_key)
if form.validate_on_submit():
user.password = form.password.data
user.activation_key = None
db.session.add(user)
db.session.commit()
flash("Your password has been changed, please log in again", "success")
return redirect(url_for("frontend.login"))
return render_template("frontend/change_password.html", form=form)
def login():
if current_user.is_authenticated and login_fresh():
return redirect(url_for("main.home"))
form = LoginForm()
picture = generate_header_picture()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if not form.validate_email(form.email):
flash("Email does not exist. Please try again", "danger")
elif not bcrypt.check_password_hash(user.password, form.password.data):
flash("Incorrect password. Please try again", "danger")
else:
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
if next_page:
return redirect(next_page)
else:
return redirect(url_for("main.home"))
return render_template("login.html",
form=form,
picture=picture,
current_login_type="personal account",
needed_login_type="company")
def login_refresh() -> ResponseType:
"""
Show a form to refresh a user's login after their login has become stale.
:return: The response for this view.
"""
if login_fresh():
return redirect(url_for('main.index'))
form = LoginRefreshForm()
if form.validate_on_submit():
user = User.refresh_login(form.password.data)
if user:
# Login refresh succeeded.
flash(_('Welcome, %(name)s!', name=user.name))
next_page = get_next_page()
return redirect(next_page)
flash(_('Invalid password.'), 'error')
return render_template('userprofile/login.html',
title=_('Confirm Login'),
form=form)
def user_preferences(user_id):
if 'token' in flask.request.args:
token = flask.request.args.get('token')
data = verify_token(token,
salt='password',
secret_key=flask.current_app.config['SECRET_KEY'])
if data is not None:
return reset_password()
else:
# es ist egal, ob eingeloggt oder nicht
return confirm_email()
elif flask_login.current_user.is_authenticated:
if user_id != flask_login.current_user.id:
return flask.abort(403)
else:
if not flask_login.login_fresh():
# ensure only fresh sessions can edit preferences including passwords and api tokens
return flask.redirect(
flask.url_for('.refresh_sign_in',
next=flask.url_for(
'.user_preferences',
user_id=flask_login.current_user.id)))
# user eingeloggt, change preferences möglich
user = flask_login.current_user
return change_preferences(user, user_id)
else:
return flask.current_app.login_manager.unauthorized()
def change_password():
user = None
if current_user.is_authenticated():
if not login_fresh():
return login_manager.needs_refresh()
user = current_user
elif 'activation_key' in request.values and 'email' in request.values:
activation_key = request.values['activation_key']
email = request.values['email']
user = User.query.filter_by(activation_key=activation_key) \
.filter_by(email=email).first()
if user is None:
abort(403)
form = ChangePasswordForm(activation_key=user.activation_key)
if form.validate_on_submit():
user.password = form.password.data
user.activation_key = None
db.session.add(user)
db.session.commit()
flash(_("Su contrasena ha sido cambiada, favor vuelva a loguearse"),
"success")
return redirect(url_for("frontend.login"))
return render_template("frontend/change_password.html", form=form)
def get(self):
if current_user.is_authenticated:
user = current_user
fresh = login_fresh()
logger.info('User %s (%s) already authenticated. Fresh: %s',
user.username, user.id, fresh)
confirm_login()
else:
user = create_anonymous_user()
login_user(user, remember=True)
parsed_user = row_to_dict(user)
response = jsonify({
'user': {
k: parsed_user[k]
for k in ['anonymous', 'confirmed', 'email', 'id', 'username']
}
})
response = set_cookies(
response, {
'username': user.username,
'email': '',
'user_id': user.id,
'confirmed': False,
'anonymous': True
})
return response
def modify_request(request_id):
"""Handles POST requests that modify :py:class:`~.models.Request`\s.
Because of the numerous possible forms, this function bounces execution to
a more specific function based on the form's "id\_" field.
:param int request_id: the ID of the request.
"""
srp_request = Request.query.get_or_404(request_id)
# Force fresh permissions
if not login_fresh():
return login_manager.needs_refresh()
if request.form['id_'] == 'modifier':
return _add_modifier(srp_request)
elif request.form['id_'] == 'payout':
return _change_payout(srp_request)
elif request.form['id_'] == 'action':
return _add_action(srp_request)
elif request.form['id_'] == 'void':
return _void_modifier(srp_request)
elif request.form['id_'] == 'details':
return _change_details(srp_request)
elif request.form['id_'] == 'note':
return _add_note(srp_request)
else:
return abort(400)
def modify_request(request_id):
"""Handles POST requests that modify :py:class:`~.models.Request`\s.
Because of the numerous possible forms, this function bounces execution to
a more specific function based on the form's "id\_" field.
:param int request_id: the ID of the request.
"""
srp_request = Request.query.get_or_404(request_id)
# Force fresh permissions
if not login_fresh():
return login_manager.needs_refresh()
if request.form['id_'] == 'modifier':
return _add_modifier(srp_request)
elif request.form['id_'] == 'payout':
return _change_payout(srp_request)
elif request.form['id_'] == 'action':
return _add_action(srp_request)
elif request.form['id_'] == 'void':
return _void_modifier(srp_request)
elif request.form['id_'] == 'details':
return _change_details(srp_request)
elif request.form['id_'] == 'note':
return _add_note(srp_request)
else:
return abort(400)
def change_password():
user = None
if current_user.is_authenticated():
if not login_fresh():
return login_manager.needs_refresh()
user = current_user
elif 'activation_key' in request.values and 'email' in request.values:
activation_key = request.values['activation_key']
email = request.values['email']
user = User.query.filter_by(activation_key=activation_key) \
.filter_by(email=email).first()
if user is None:
abort(403)
form = ChangePasswordForm(email=user.email, activation_key=user.activation_key)
if form.validate_on_submit():
user.password = form.password.data
user.activation_key = None
db.session.add(user)
db.session.commit()
flash(_("Your password has been changed, please log in again"),
"success")
return redirect(url_for("user.login"))
return render_template("user/change_password.html", user=user, form=form)
def refresh_login():
if current_user.is_authenticated and login_fresh():
next_page = get_next_page(request.args.get("next"))
return redirect(next_page)
prefered_webauthn = strtobool(request.args.get("webauthn", "false"))
if prefered_webauthn:
return render_template("webauthn/login_with_webauthn.html")
form = RefreshLogin()
user_id = current_user.get_id()
database_id = User.get_database_id(user_id)
user = User.query.filter_by(did=database_id).first()
webauthn = Webauthn.query.filter_by(user_id=database_id).first()
webauthn_enabled = webauthn.is_enabled if webauthn is not None else False
if form.validate_on_submit():
if user.check_password(form.password.data):
confirm_login()
else:
flash(_("Invalid password"))
return redirect(url_for("auth.refresh_login"))
next_page = get_next_page(request.args.get("next"))
return redirect(next_page)
return render_template(
"auth/refresh_login.html",
title=_("Refresh your session"),
form=form,
webauthn_enabled=webauthn_enabled,
)
def decorated_view(*args, **kwargs):
if usm._login_disabled:
return func(*args, **kwargs)
elif not current_user.is_authenticated:
return func(*args, **kwargs)
elif not login_fresh():
return func(*args, **kwargs)
return abort(401)
def re_authenticate():
if login_fresh(): # How does this do ??
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(form.password.data):
confirm_login() # How does this do ??
return redirect_back()
return render_template('auth/login.html', form=form)
def get(self):
if not login_fresh():
if current_user.password is None:
if current_app.discordAuth.authorized:
confirm_login()
return current_app.discordAuth.create_session()
return render_template("auth/reauth.html", form=self.form())
return redirect_or_next(current_user.url)
def re_authenticated():
if login_fresh():
return redirect(url_for("main.index"))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
return redirect_back()
return render_template("auth/login.html", form=form)
def super_admin_can_check():
if hasattr(current_user, 'login') and (current_user.login in config.super_admin) \
and Permission(TypeNeed("normal_login")).can():
if login_fresh():
return True
else:
raise RequestRedirect(url_for('login', next=request.url))
else:
return False
def estalogado():
if login_fresh():
return jsonify({
'retorno': 'usuario logado',
'id_usuario': current_user.id
}), 200
else:
return jsonify({'retorno':
'usuario nao logado, ou sessao expirada'}), 422
def enforce_user_freshness():
if current_user.is_authenticated and \
current_user.authmethod == self.name and \
login_fresh():
user = current_user._get_current_object()
if user.seconds_valid <= 0:
current_app.logger.debug(
"Marking '{}' as stale".format(user))
login_user(user, fresh=False)
self.session.token = user.token
def re_authenticate():
"""处理非新鲜登录的重认证"""
if login_fresh():
return redirect(url_for('blog.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(form.password.data):
confirm_login()
return redirect_back()
return render_template('auth/signin.html', form=form)
def re_authenticate():
"""当用户‘不新鲜’时访问带@fresh_login_required的视图时,重新认证"""
if login_fresh():
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
return redirect_back()
return render_template('auth/login.html', form=form)
def re_authenticate():
if login_fresh():
return redirect(url_for('main.index'))
form = ReLoginForm()
if form.validate_on_submit():
if current_user.validate_password(form.password.data):
confirm_login()
return redirect_back()
flash('密码错误, 请重新输入', 'warning')
return render_template('auth/login.jinja2', form=form)
def enforce_user_freshness():
if current_user.is_authenticated and \
current_user.authmethod == self.name and \
login_fresh():
user = current_user._get_current_object()
if user.seconds_valid <= 0:
current_app.logger.debug("Marking '{}' as stale".format(
user))
login_user(user, fresh=False)
self.session.token = user.token
def re_authenticate():
if login_fresh():
flash('活跃用户不需要重新登录', 'info')
return redirect(url_for('base'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
return redirect_back()
return render_template('user/login.html', form=form)
def reauth():
"""Reauthenticates a user."""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
if current_user.check_password(form.password.data):
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url)
flash(_("Wrong password."), "danger")
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or current_user.url)
def login():
if request.method == 'GET':
if flask_login.login_fresh():
return redirect(url_for('main'))
else:
return render_template('Login.html')
else:
name, ok = requestParse(request)
if ok:
nexturl = request.args.get('next')
return redirect(nexturl or url_for('main'))
else:
return render_template('Login.html', error='Fail to Login')
def re_authenticate():
''''对已经登录的用户重新认证,保持 “新鲜”。
类似 Github 等认证。对于一些敏感操作需要重新认证,例如修改密码。
'''
if login_fresh():
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
return redirect_back()
return render_template('auth/login.html', form=form)
def reauth():
"""Reauthenticates a user."""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
if current_user.check_password(form.password.data):
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url)
flash(_("Wrong password."), "danger")
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or current_user.url)
def re_authenticate():
if login_fresh():
return redirect(url_for('front.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(
form.password.data):
confirm_login()
log_user(content=render_template('logs/auth/login.html'))
return redirect_back()
return render_template('auth/login.html', form=form)
def re_authenticate():
"""
重新认证
"""
logger.info('url = ' + str(request.url))
# 刷新
if login_fresh():
return redirect(url_for('main.index'))
form = LoginForm()
if form.validate_on_submit() and current_user.validate_password(form.password.data):
confirm_login()
return redirect_back()
return render_template('auth/login.html', form=form)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.choose_service'))
form = LoginForm()
if form.validate_on_submit():
user = user_api_client.get_user_by_email_or_none(form.email_address.data)
user = _get_and_verify_user(user, form.password.data)
if user and user.state == 'pending':
return redirect(url_for('main.resend_email_verification'))
if user and session.get('invited_user'):
invited_user = session.get('invited_user')
if user.email_address != invited_user['email_address']:
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
if user:
# Remember me login
if not login_fresh() and \
not current_user.is_anonymous and \
current_user.id == user.id and \
user.is_active:
confirm_login()
services = service_api_client.get_active_services({'user_id': str(user.id)}).get('data', [])
if (len(services) == 1):
return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
else:
return redirect(url_for('main.choose_service'))
session['user_details'] = {"email": user.email_address, "id": user.id}
if user.is_active:
user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
if request.args.get('next'):
return redirect(url_for('.two_factor', next=request.args.get('next')))
else:
return redirect(url_for('.two_factor'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(Markup((
"The email address or password you entered is incorrect."
" <a href={password_reset}>Forgot your password</a>?"
).format(password_reset=url_for('.forgot_password'))
))
return render_template('views/signin.html', form=form)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.choose_service'))
form = LoginForm()
if form.validate_on_submit():
user = user_api_client.get_user_by_email_or_none(form.email_address.data)
user = _get_and_verify_user(user, form.password.data)
if user and user.state == 'pending':
return redirect(url_for('main.resend_email_verification'))
if user and session.get('invited_user'):
invited_user = session.get('invited_user')
if user.email_address != invited_user['email_address']:
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
if user:
# Remember me login
if not login_fresh() and \
not current_user.is_anonymous and \
current_user.id == user.id and \
user.is_active:
confirm_login()
services = service_api_client.get_services({'user_id': str(user.id)}).get('data', [])
if (len(services) == 1):
return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
else:
return redirect(url_for('main.choose_service'))
session['user_details'] = {"email": user.email_address, "id": user.id}
if user.is_active:
user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
if request.args.get('next'):
return redirect(url_for('.two_factor', next=request.args.get('next')))
else:
return redirect(url_for('.two_factor'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(Markup((
"The email address or password you entered is incorrect."
" <a href={password_reset}>Forgot your password</a>?"
).format(password_reset=url_for('.forgot_password'))
))
return render_template('views/signin.html', form=form)
def delete():
if login_fresh() == True:
try:
error = None
user = session['user_id']
with switch_collection(User, 'users') as toDel:
User.objects(username=user).delete()
logout_user()
return 'User %s has been deleted' % user
except DoesNotExist:
raise BadRequest('User does not exist.')
else:
raise Unauthorized('Session is not fresh.')
def reauth():
"""
Reauthenticates a user
"""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
confirm_login()
flash("Reauthenticated", "success")
return redirect(request.args.get("next") or
url_for("user.profile"))
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or
url_for("user.profile", username=current_user.username))
def reauth():
"""
Reauthenticates a user
"""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect(request.args.get("next") or
url_for("user.profile"))
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or
url_for("user.profile", username=current_user.username))
def get_request_details(request_id=None, srp_request=None):
"""Handles responding to all of the :py:class:`~.models.Request` detail
functions.
The various modifier functions all depend on this function to create the
actual response content.
Only one of the arguments is required. The ``srp_request`` argument is a
conveniece to other functions calling this function that have already
retrieved the request.
:param int request_id: the ID of the request.
:param srp_request: the request.
:type srp_request: :py:class:`~.models.Request`
"""
if srp_request is None:
srp_request = Request.query.get_or_404(request_id)
# A user should always be able to access their own requests, but others
# need fresh sessions.
if current_user != srp_request.submitter and not login_fresh():
return login_manager.needs_refresh()
# Different templates are used for different roles
if current_user.has_permission(PermissionType.review,
srp_request.division):
template = 'request_review.html'
elif current_user.has_permission(PermissionType.pay, srp_request.division):
template = 'request_pay.html'
elif current_user == srp_request.submitter or current_user.has_permission(
PermissionType.audit):
template = 'request_detail.html'
else:
abort(403)
if request.is_json or request.is_xhr:
return jsonify(**srp_request._json(True))
if request.is_xml:
return xmlify('request.xml', srp_request=srp_request)
return render_template(
template,
srp_request=srp_request,
modifier_form=ModifierForm(formdata=None),
payout_form=PayoutForm(formdata=None),
action_form=ActionForm(formdata=None),
void_form=VoidModifierForm(formdata=None),
details_form=ChangeDetailsForm(formdata=None, obj=srp_request),
note_form=AddNote(formdata=None),
# TRANS: Title for the page showing the details about a single
# TRANS: SRP request.
title=gettext(u"Request #%(request_id)s", request_id=srp_request.id))
def get_request_details(request_id=None, srp_request=None):
"""Handles responding to all of the :py:class:`~.models.Request` detail
functions.
The various modifier functions all depend on this function to create the
actual response content.
Only one of the arguments is required. The ``srp_request`` argument is a
conveniece to other functions calling this function that have already
retrieved the request.
:param int request_id: the ID of the request.
:param srp_request: the request.
:type srp_request: :py:class:`~.models.Request`
"""
if srp_request is None:
srp_request = Request.query.get_or_404(request_id)
# A user should always be able to access their own requests, but others
# need fresh sessions.
if current_user != srp_request.submitter and not login_fresh():
return login_manager.needs_refresh()
# Different templates are used for different roles
if current_user.has_permission(PermissionType.review,
srp_request.division):
template = 'request_review.html'
elif current_user.has_permission(PermissionType.pay, srp_request.division):
template = 'request_pay.html'
elif current_user == srp_request.submitter or current_user.has_permission(
PermissionType.audit):
template = 'request_detail.html'
else:
abort(403)
if request.is_json or request.is_xhr:
return jsonify(srp_request._json(True))
if request.is_xml:
return xmlify('request.xml', srp_request=srp_request)
return render_template(template, srp_request=srp_request,
modifier_form=ModifierForm(formdata=None),
payout_form=PayoutForm(formdata=None),
action_form=ActionForm(formdata=None),
void_form=VoidModifierForm(formdata=None),
details_form=ChangeDetailsForm(formdata=None, obj=srp_request),
note_form=AddNote(formdata=None),
# TRANS: Title for the page showing the details about a single
# TRANS: SRP request.
title=gettext(u"Request #%(request_id)s",
request_id=srp_request.id))
def confirm_reset_password():
"""
确认密码
:return:
"""
if request.method == 'GET':
if current_user.is_authenticated:
if not login_fresh():
return login_manager.needs_refresh()
user = current_user
elif 'activation_key' in request.args and 'email' in request.args:
activation_key = request.args.get('activation_key')
email = request.args.get('email')
user = User.objects(
Q(account__activation_key=activation_key)
& Q(account__email=email)).first()
else:
return Response('邮件已失效')
form = ConfirmResetPasswordForm(
activation_key=user.account.activation_key,
email=user.account.email)
return render_template('admin/user/confirm_reset_password.html',
form=form)
if request.method == 'POST':
form = ConfirmResetPasswordForm()
activation_key = form.activation_key.data
email = form.email.data
user = User.objects(
Q(account__activation_key=activation_key)
& Q(account__email=email)).first()
# 修改密码成功
if form.validate_on_submit():
user.account.password = form.password.data
user.account.activation_key = None
user.save()
flash(
gettext('your password has been changed, please login again'),
'success')
return render_template('admin/user/success_reset_password.html')
# 修改密码失败
flash(gettext('fail, please confirm your password'), 'success')
return render_template('admin/user/confirm_reset_password.html',
form=form)
def login_refresh() -> str:
"""
Show a form to refresh a user's login after their login has become stale.
:return: The HTML response.
"""
if login_fresh():
return redirect(url_for('main.index'))
form = LoginRefreshForm()
if form.validate_on_submit():
user = User.refresh_login(form.password.data)
if user:
# Login refresh succeeded.
flash(_('Welcome, %(name)s!', name=user.name))
next_page = get_next_page()
return redirect(next_page)
flash(_('Invalid password.'), 'error')
return render_template('userprofile/login.html', title=_('Confirm Login'), form=form)
def get(self):
if not login_fresh():
return render_template("auth/reauth.html", form=self.form())
return redirect_or_next(current_user.url)
def is_authenticated(self):
# To handle remember me token renewal
if not login_fresh():
return False
return super(User, self).is_authenticated
def check_fresh_login():
"""Checks if the login is fresh for the current user, otherwise the user
has to reauthenticate."""
if not login_fresh():
return current_app.login_manager.needs_refresh()
def is_accessible(self):
return admin_perm.can() and login_fresh()
def test_login_user_not_fresh(self):
with self.app.test_request_context():
result = login_user(notch, fresh=False)
self.assertTrue(result)
self.assertEqual(current_user.name, u'Notch')
self.assertIs(login_fresh(), False)
def is_fresh():
return unicode(login_fresh())
