def post(self):
args = self.parser.parse_args()
username = args.get('userName')
password = args.get('password')
user = User.query.filter_by(
username=username
).first()
# return 'hello'
if user and user.check_password(password):
login_user(user)
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user.id)
)
return {'token': user.generate_auth_token().decode('ascii'), 'msg': '登录成功!'}
else:
return {'msg': '密码或用户名不正确!!!!'}, 401
def login():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password')
return redirect(url_for('login'))
login_user(user, remember=form.remember_me.data)
# Testing Principal identity - change identity
identity_changed.send(current_app._get_current_object(), identity=Identity(user.id))
# End test
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('index')
return redirect(next_page)
return render_template('login.html', title='Sign In', form=form)
def login():
username = request.form.get('user')
password = request.form.get('pwd')
if request.form.get('rmb') is None:
remember = False
else:
remember = True
user = users.query.filter_by(username=username).first()
if not user:
return render_template('new_login.html', error=u"用户不存在")
if not user.check_password(password):
return render_template('new_login.html', error=u"密码不匹配")
login_user(user, remember=remember)
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user.username)
)
return redirect(url_for('stock.home', usersname=user.username))
def login():
"""
Login route:
1. authenticate the user
2. login_user
"""
email = request.form.get('email')
password = request.form.get('password')
remember = request.form.get('remember', False)
user = authenticate_user(email, password)
login_user(user, remember)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return jsonify(user_schema.dump(user))
def _check_token():
header_key = _security.token_authentication_header
args_key = _security.token_authentication_key
header_token = request.headers.get(header_key, None)
token = request.args.get(args_key, header_token)
if request.get_json(silent=True):
if not isinstance(request.json, list):
token = request.json.get(args_key, token)
user = _security.login_manager.token_callback(token)
if user and user.is_authenticated:
app = current_app._get_current_object()
_request_ctx_stack.top.user = user
identity_changed.send(app, identity=Identity(user.id))
return True
return False
def login():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
remember = request.form.get('remember-me')
user = User.query.filter_by(username=username).first()
if user:
if user.check_password(password):
login_user(user, remember=remember)
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user.id)
)
flash(u'登录成功。', category='success')
return redirect(url_for('index'))
flash(u'用户名和密码不匹配。', category='error')
return render_template('login_user.html')
def login():
data = utils.get_request_data()
try:
user = models.User.objects.get(username=data["username"])
except models.User.DoesNotExist:
user = None
if not user or not user.verify_password(data["password"]):
raise exception_handler.Unauthorized(
"username or password does not match")
success = login_user(user, data["remember_me"], True)
user.last_login = datetime.datetime.now()
user.save()
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.username))
return utils.make_json_response(200, user.to_dict())
def reload_app(server_hostname):
# Close any existing connection.
close_db_filter(None)
# Reload the database config.
app.config['SERVER_HOSTNAME'] = server_hostname[len('http://'):]
configure(app.config)
# Reload random after the process split, as it cannot be used uninitialized across forks.
Random.atfork()
# Required for anonymous calls to not exception.
g.identity = Identity(None, 'none')
if os.environ.get('DEBUGLOG') == 'true':
logging.config.fileConfig(logfile_path(debug=True), disable_existing_loggers=False)
return 'OK'
def login():
if current_user.is_authenticated:
return redirect(request.args.get('next') or url_for('portal.index'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(name=form.username.data).first()
password = form.password.data
if user is not None and user.verify_password(password):
login_user(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return redirect(
request.args.get('next') or url_for('portal.index'))
else:
flash(u'用户名或密码错误。')
return render_template('auth/login.html', form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('choices'))
form = LoginForm()
if form.validate_on_submit():
Employee = employee.query.filter_by(username=form.username.data).first()
if Employee.verified == False:
flash("Id is not yet approved by admin, please contact Brandon/Ken","danger")
return redirect(url_for('home'))
elif Employee and bcrypt.check_password_hash(Employee.password, form.password.data):
login_user(Employee, remember=form.remember.data)
identity_changed.send(current_app._get_current_object(),
identity=Identity(Employee.employeeID))
return redirect(url_for('front'))
else:
flash('Login Unsuccessful. Please confirm password', 'danger')
return render_template('signin.html', form=form)
def request_reissue(certificate, commit):
"""
Reissuing certificate and handles any exceptions.
:param certificate:
:param commit:
:return:
"""
# set the lemur identity for all cli commands
identity_changed.send(current_app._get_current_object(),
identity=Identity(1))
details = get_certificate_primitives(certificate)
print_certificate_details(details)
if commit:
new_cert = reissue_certificate(certificate, replace=True)
metrics.send('certificate_reissue_success', 'counter', 1)
print("[+] New certificate named: {0}".format(new_cert.name))
def login():
form = forms.LoginForm()
if form.validate_on_submit():
try:
user = models.User.objects.get(username=form.username.data)
except models.User.DoesNotExist:
user = None
if user and user.verify_password(form.password.data):
login_user(user, form.remember_me.data)
user.last_login = datetime.datetime.now
user.save()
identity_changed.send(current_app._get_current_object(), identity=Identity(user.username))
return redirect(request.args.get('next') or url_for('blog_admin.index'))
flash('Invalid username or password', 'danger')
return render_template('accounts/login.html', form=form)
def login():
data = request.values
if hasattr(request, "json") and request.json:
data = request.json
if octoprint.server.userManager.enabled and "user" in data and "pass" in data:
username = data["user"]
password = data["pass"]
if "remember" in data and data["remember"] in valid_boolean_trues:
remember = True
else:
remember = False
if "usersession.id" in session:
_logout(current_user)
user = octoprint.server.userManager.findUser(username)
if user is not None:
if octoprint.server.userManager.checkPassword(username, password):
if not user.is_active():
return make_response(("Your account is deactivated", 403, []))
if octoprint.server.userManager.enabled:
user = octoprint.server.userManager.login_user(user)
session["usersession.id"] = user.session
g.user = user
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id()))
remote_addr = get_remote_address(request)
logging.getLogger(__name__).info("Actively logging in user {} from {}".format(user.get_id(), remote_addr))
response = user.asDict()
response["_is_external_client"] = s().getBoolean(["server", "ipCheck", "enabled"]) \
and not util_net.is_lan_address(remote_addr,
additional_private=s().get(["server", "ipCheck", "trustedSubnets"]))
return jsonify(response)
return make_response(("User unknown or password incorrect", 401, []))
elif "passive" in data:
return passive_login()
return NO_CONTENT
def decorated_function(*args, **kwargs):
if not request.headers.get('Authorization'):
response = jsonify(message='Missing authorization header')
response.status_code = 401
return response
try:
token = request.headers.get('Authorization').split()[1]
except Exception as e:
return dict(message='Token is invalid'), 403
try:
payload = jwt.decode(token, current_app.config['LEMUR_TOKEN_SECRET'])
except jwt.DecodeError:
return dict(message='Token is invalid'), 403
except jwt.ExpiredSignatureError:
return dict(message='Token has expired'), 403
except jwt.InvalidTokenError:
return dict(message='Token is invalid'), 403
if 'aid' in payload:
access_key = api_key_service.get(payload['aid'])
if access_key.revoked:
return dict(message='Token has been revoked'), 403
if access_key.ttl != -1:
current_time = datetime.utcnow()
expired_time = datetime.fromtimestamp(access_key.issued_at + access_key.ttl)
if current_time >= expired_time:
return dict(message='Token has expired'), 403
user = user_service.get(payload['sub'])
if not user.active:
return dict(message='User is not currently active'), 403
g.current_user = user
if not g.current_user:
return dict(message='You are not logged in'), 403
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(), identity=Identity(g.current_user.id))
return f(*args, **kwargs)
def example_data(base_app):
"""Create a collection of example records, datasets and DMPs."""
records = []
rec_dir = os.path.join(os.path.dirname(__file__), "data", "records")
service = BibliographicRecordService()
identity = Identity(1)
identity.provides.add(any_user)
# create some records from the example data
for fn in sorted(f for f in os.listdir(rec_dir) if f.endswith(".json")):
ffn = os.path.join(rec_dir, fn)
with open(ffn, "r") as rec_file:
data = json.load(rec_file)
rec = service.create(identity, data)
records.append(rec._record)
# create some datasets
datasets = []
for i in range(7):
ds_id = "dataset-%s" % (i + 1)
rec = records[i]
rec_pid = rec.pid
ds = Dataset.create(ds_id, rec_pid)
datasets.append(ds)
unused_records = records[7:]
# create some DMPs
dss = datasets
dmp1 = DataManagementPlan.create("dmp-1", [dss[0]])
dmp2 = DataManagementPlan.create("dmp-2", [dss[0], dss[1], dss[2]])
dmp3 = DataManagementPlan.create("dmp-3", [dss[2], dss[3]])
dmp4 = DataManagementPlan.create("dmp-4", [dss[4], dss[5]])
unused_datasets = [dss[6]]
used_datasets = datasets[:6]
return {
"records": records,
"unused_records": unused_records,
"datasets": datasets,
"used_datasets": used_datasets,
"unused_datasets": unused_datasets,
"dmps": [dmp1, dmp2, dmp3, dmp4],
}
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
user = User.get_one_user(username, password)
if username == '':
flash('请输入用户名')
return render_template('login.html')
elif password == '':
flash('请输入密码')
return render_template('login.html')
elif user is not None:
login_user(user, remember=True)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.user_id))
return redirect(url_for('main.pagecs'))
else:
flash('用户名或密码不正确')
return render_template('login.html')
def get_identity(permission_name: str = "any_user", role_name: str = None):
"""Get an identity to perform tasks.
Default permission is "any_user"
"""
identity = Identity(0)
permission = any_user
if permission_name == "system_process":
permission = system_process
if role_name:
role = current_accounts.datastore.find_role(role_name)
if role:
identity.provides.add(RoleNeed(role_name))
else:
raise Exception(f"Role {role_name} does not exist")
identity.provides.add(permission)
return identity
def reset_password():
"""GET /reset-password: choose new password
"""
# get password-reset entry
f = (PasswordResetRequest.key == request.args.get('key'),
User.email == request.args.get('email'))
r = PasswordResetRequest\
.query\
.filter(*f)\
.filter(PasswordResetRequest.fk_user == User.id)\
.first()
# return error response if link doesn't exist or wrong email
if r == None or r.user.email != request.args['email']:
return render_template('/auth/reset-password-error.html'), 400
# expired if older than 1 day
delta = datetime.datetime.utcnow() - r.create_ts
if delta.days > 0:
db.session.delete(r)
db.session.flush()
return render_template('/auth/reset-password-error.html'), 400
# handle form
form = ResetPasswordForm()
if form.validate_on_submit():
# save new password
u = r.user
u.password = generate_password_hash(form.password.data)
db.session.add(u)
# login user
login_user(u, remember=True)
identity_changed.send(current_app._get_current_object(),
identity=Identity(u.id))
# delete password reset
db.session.delete(r)
db.session.flush()
return render_template('/auth/reset-password-followup.html')
return render_template('/auth/reset-password.html', form=form)
def login():
# if the user is already logged in redirect to homepage.
if g.user is not None and g.user.is_authenticated:
return redirect(url_for('flicket_bp.index'))
# load the LogInForm from forms.py
form = LogInForm()
if form.validate_on_submit():
user = FlicketUser.query.filter_by(username=form.username.data).first()
session['remember_me'] = form.remember_me.data
identity_changed.send(app, identity=Identity(user.id))
login_user(user)
# set the user token, authentication token is required for api use.
user.get_token()
db.session.commit()
flash(gettext('You were logged in successfully.'), category='success')
return redirect(url_for('flicket_bp.index'))
return render_template('login.html', title='Log In', form=form)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
check = request.form.get('check')
user = User.query.filter_by(username=username).first()
if user and user.check_password_hash(password):
if check:
login_user(user,remember=True)
else:
login_user(user)
#登录时的身份变化
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user.id))
return redirect(url_for('main.index'))
else:
flash("账户或密码错误!")
return render_template('login.html')
def user_signup():
form = RegistrationForm(request.form)
if not current_user.is_anonymous:
if form.type.data == 'json':
return jsonify({'result': 'error', 'message': 'Already logged!'})
return render_template(
'user/logout.html',
title='Logout',
name=current_user.name,
next=url_for('user_signup'),
)
if request.method == 'POST':
if form.validate():
user = User(
email=form.email.data,
name=form.name.data,
password=form.password.data,
)
db.session.add(user)
db.session.commit()
login_user(form.user, remember=form.remember.data)
identity_changed.send(app, identity=Identity(form.user.id))
if form.type.data == 'json':
return jsonify({'result': 'ok'})
flash('Thank you for registering!')
return redirect(get_next())
else:
if form.type.data == 'json':
return jsonify({'result': 'error', 'message': 'Invalid data!'})
return render_template(
'user/signup.html',
title='Registering new user',
form=form,
next=get_next(),
)
def validate_pin():
pin = request.values["pin"]
if pin:
user = octoprint.server.userManager.getLoggedUser()
if user:
if user.check_pin(pin):
#log the use in
login_user(user, remember=False)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
return OK
else:
return make_response(("Invalid PIN", 401, []))
return make_response(("No logged user", 403, []))
return make_response(("Invalid data", 400, []))
def dummy_login():
if request.method == 'GET':
return render_template('login.html')
else:
user = User.query.filter_by(username=request.form['username']).first()
if user is None:
flash("Given username doesn't exist!", 'danger')
return render_template('login.html')
elif validate_password(user, request.form['password']):
log_user = LoginUser(user.username, user.permission)
login_user(log_user)
identity_changed.send(app, identity=Identity(current_user.id))
flash("User successfully logged", 'success')
return redirect(url_for('home'))
else:
flash("Username/Password combination doesn't match!", 'danger')
return render_template('login.html')
def auth():
#定义了用户,真正开发此功能,可以把用户从数据库中取出,改变其中的某个状态,赋给功能
#字段中的role表示的是权限,特征就是角色\职位
userinfo = {"name": "lili", "roles": "admin"}
#用户登陆了,必然session中会有数据.flask-principal根据session来工作.
#把用户的数据写在了session中
session["userinfo"] = userinfo
#把当前用户的权限通知给Principal,又由于Principal把app作为参数使用
#就相当于通知了当前的应用当前用户的状态,这个方法必须要有的通知.
#identity_changed表示身份的变更,用send方法发送给当前的app
#flask可以获取当前app,flask里有current_app表示的就是当前app
#current_app._get_current_object功能是把当前的app作为对象拿出
#参数identity表示的就是身份
#下面这句话的功能,就是通知当前app有一种身份用户登录了系统,这种人身份名字是lili
identity_changed.send(current_app._get_current_object(),
identity=Identity(userinfo["name"]))
#加一个提示信息, 表示执行了这个内容
return "login"
def login():
if current_user.is_authenticated:
return redirect(url_for('auth.account'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password', 'warning')
return redirect(url_for('auth.login'))
flash('Successful login.', 'info')
login_user(user, remember=form.remember_me.data)
next = request.args.get('next')
if not is_safe_url(next):
return abort(400)
if user.role == 'admin':
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return redirect(next or url_for('main.index'))
return render_template('auth/login.html', title='Sign In', form=form)
def _check_token():
print('Flask security - decorators - _check_token')
print('request', request)
#help(request.__str__)
#help(_security.login_manager)
print(request.headers)
#print('ha l\'attributo _request_callback',hasattr(_security.login_manager, "_request_callback"))
#print('ha l\'attributo request_callback',hasattr(_security.login_manager, "request_callback"))
user = _security.login_manager._request_callback(request)
print('user', user, 'is_authenticated', user.is_authenticated)
if user and user.is_authenticated:
app = current_app._get_current_object()
_request_ctx_stack.top.user = user
identity_changed.send(app, identity=Identity(user.id))
return True
return False
def _check_token():
# N.B. this isn't great Flask-Login 0.5.0 made this protected
# Issue https://github.com/maxcountryman/flask-login/issues/471
# was filed to restore public access. We want to call this via
# login_manager in case someone has overridden the login_manager which we
# allow.
if hasattr(_security.login_manager, "request_callback"):
# Pre 0.5.0
user = _security.login_manager.request_callback(request)
else:
user = _security.login_manager._request_callback(request)
if user and user.is_authenticated:
app = current_app._get_current_object()
_request_ctx_stack.top.user = user
identity_changed.send(app, identity=Identity(user.fs_uniquifier))
return True
return False
def request_reissue(certificate, commit):
"""
Reissuing certificate and handles any exceptions.
:param certificate:
:param commit:
:return:
"""
status = FAILURE_METRIC_STATUS
try:
print("[+] {0} is eligible for re-issuance".format(certificate.name))
# set the lemur identity for all cli commands
identity_changed.send(current_app._get_current_object(),
identity=Identity(1))
details = get_certificate_primitives(certificate)
print_certificate_details(details)
if commit:
new_cert = reissue_certificate(certificate, replace=True)
print("[+] New certificate named: {0}".format(new_cert.name))
status = SUCCESS_METRIC_STATUS
except Exception as e:
sentry.captureException(
extra={"certificate_name": str(certificate.name)})
current_app.logger.exception(
f"Error reissuing certificate: {certificate.name}", exc_info=True)
print(
f"[!] Failed to reissue certificate: {certificate.name}. Reason: {e}"
)
metrics.send(
"certificate_reissue",
"counter",
1,
metric_tags={
"status": status,
"certificate": certificate.name
},
)
def login():
login_form = UserLogin()
register_form = UserRegistration()
if login_form.validate_on_submit():
username = login_form.username.data
password = login_form.password.data
remember_me = login_form.remember_me.data
user = User.query.filter(func.lower(User.username) == func.lower(username)).first()
if login_user(user, remember_me):
flash("You were logged in.", "success")
if user.invitations.count():
markup = f'You have {user.invitations.count()} team invitations'
markup += f'- click <a href="{url_for("invitations")}">here</a> to view them.'
flash(Markup(markup), "info")
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return redirect(request.args.get("next") or url_for('index'))
else:
flash("Login failed, user not validated", "error")
return redirect(url_for("verify_status", username=username))
elif register_form.validate_on_submit():
username = register_form.username.data.strip()
password = register_form.password.data
email = register_form.email.data
new_user = User(username, password, email)
body = render_template("emails/account/verification.txt",
recipient=new_user, email_changed=False)
mail.send_message(subject=f"Welcome to {app.config['LONG_NAME']}, {username}",
recipients=[new_user.email], body=body)
db.session.add(new_user)
db.session.commit()
flash("Your account has been created, confirm your email to verify.", "success")
return redirect(url_for('verify_status', username=username))
return render_template('account/login.html', login_form=login_form,
register_form=register_form)
def login():
if current_user.is_authenticated:
return redirect(url_for('.get_reports'))
if request.method == 'POST':
username = request.form.get('username', '')
password = request.form.get('password', '')
try:
user = User.get(login=username)
if user is None:
raise ValueError
except ValueError:
current_app.logger.warning(
f'пользователь с именем {username} не существует')
flash('пользователь не существует')
return render_template('login.html', r=request)
try:
User.try_login(user.dn, password)
except ldap.INVALID_CREDENTIALS:
flash('неверный логин или пароль')
return render_template('login.html', r=request)
except ldap.SERVER_DOWN:
current_app.logger.error(f'Error connect to LDAP', exc_info=True)
flash('невозможно связаться с сервером LDAP для авторизации')
return render_template('login.html', r=request)
if user:
login_user(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
try:
db_log_user(user.id, request.path)
except Exception as e:
current_app.logger.error(
f'Error writing user logon to DB : {user.login}, url: {request.path}',
exc_info=True)
return redirect(
request.args.get('next') or url_for('.get_reports'))
else:
flash('пользователь не существует')
return render_template('login.html', r=request)
return render_template('login.html', r=request)
