def oauth_logout(): if not current_user.is_authenticated: return redirect(get_post_logout_redirect()) for key in list(session.keys()): session.pop(key) logout_user() return redirect(get_post_logout_redirect())
def login(): """ Entry point for all the authentication sources. The user input will be validated and authenticated. """ form = _security.login_form() auth_obj = AuthSourceManager(form, config.AUTHENTICATION_SOURCES) session['_auth_source_manager_obj'] = None # Validate the user if not auth_obj.validate(): for field in form.errors: for error in form.errors[field]: flash(error, 'warning') return flask.redirect(get_post_logout_redirect()) # Authenticate the user status, msg = auth_obj.authenticate() if status: # Login the user status, msg = auth_obj.login() if not status: flash(gettext(msg), 'danger') return flask.redirect(get_post_logout_redirect()) session['_auth_source_manager_obj'] = auth_obj.as_dict() return flask.redirect(get_post_login_redirect()) flash(gettext(msg), 'danger') return flask.redirect(get_post_logout_redirect())
def login(): """ Entry point for all the authentication sources. The user input will be validated and authenticated. """ form = _security.login_form() auth_obj = AuthSourceManager(form, config.AUTHENTICATION_SOURCES) session['_auth_source_manager_obj'] = None # Validate the user if not auth_obj.validate(): for field in form.errors: for error in form.errors[field]: flash(error, 'warning') return flask.redirect(get_post_logout_redirect()) # Authenticate the user status, msg = auth_obj.authenticate() if status: # Login the user status, msg = auth_obj.login() current_auth_obj = auth_obj.as_dict() if not status: if current_auth_obj['current_source'] ==\ KERBEROS: return flask.redirect('{0}?next={1}'.format( url_for('authenticate.kerberos_login'), url_for('browser.index'))) flash(gettext(msg), 'danger') return flask.redirect(get_post_logout_redirect()) session['_auth_source_manager_obj'] = current_auth_obj return flask.redirect(get_post_login_redirect()) elif isinstance(msg, Response): return msg flash(gettext(msg), 'danger') response = flask.redirect(get_post_logout_redirect()) return response
def login(): """ Entry point for all the authentication sources. The user input will be validated and authenticated. """ form = _security.login_form() auth_obj = AuthSourceManager(form, copy.deepcopy(config.AUTHENTICATION_SOURCES)) if OAUTH2 in config.AUTHENTICATION_SOURCES \ and 'oauth2_button' in request.form: session['auth_obj'] = auth_obj session['auth_source_manager'] = None username = form.data['email'] user = User.query.filter_by(username=username, auth_source=INTERNAL).first() if user: if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0: user.locked = True else: user.locked = False db.session.commit() if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0: flash( gettext('Your account is locked. Please contact the ' 'Administrator.'), 'warning') logout_user() return redirect(get_post_logout_redirect()) # Validate the user if not auth_obj.validate(): for field in form.errors: flash_login_attempt_error = None if user and field in config.LOGIN_ATTEMPT_FIELDS: if config.MAX_LOGIN_ATTEMPTS > 0: user.login_attempts += 1 left_attempts = \ config.MAX_LOGIN_ATTEMPTS - user.login_attempts if left_attempts > 1: flash_login_attempt_error = \ gettext('{0} more attempts remaining.'. format(left_attempts)) else: flash_login_attempt_error = \ gettext('{0} more attempt remaining.'. format(left_attempts)) db.session.commit() for error in form.errors[field]: if flash_login_attempt_error: error = error + flash_login_attempt_error flash_login_attempt_error = None flash(error, 'warning') return redirect(get_post_logout_redirect()) # Authenticate the user status, msg = auth_obj.authenticate() if status: # Login the user status, msg = auth_obj.login() current_auth_obj = auth_obj.as_dict() if not status: if current_auth_obj['current_source'] == \ KERBEROS: return redirect('{0}?next={1}'.format( url_for('authenticate.kerberos_login'), url_for('browser.index'))) flash(msg, 'danger') return redirect(get_post_logout_redirect()) session['auth_source_manager'] = current_auth_obj if user: user.login_attempts = 0 db.session.commit() if 'auth_obj' in session: session.pop('auth_obj') return redirect(get_post_login_redirect()) elif isinstance(msg, Response): return msg elif 'oauth2_button' in request.form and not isinstance(msg, str): return msg if 'auth_obj' in session: session.pop('auth_obj') flash(msg, 'danger') response = redirect(get_post_logout_redirect()) return response
def reset_password(token): """View function that handles a reset password request.""" expired, invalid, user = reset_password_token_status(token) if invalid: do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN')) if expired: do_flash(*get_message('PASSWORD_RESET_EXPIRED', email=user.email, within=_security.reset_password_within)) if invalid or expired: return redirect(url_for('browser.forgot_password')) has_error = False form = _security.reset_password_form() if form.validate_on_submit(): try: update_password(user, form.password.data) except SOCKETErrorException as e: # Handle socket errors which are not covered by SMTPExceptions. logging.exception(str(e), exc_info=True) flash(gettext(SMTP_SOCKET_ERROR).format(e), 'danger') has_error = True except (SMTPConnectError, SMTPResponseException, SMTPServerDisconnected, SMTPDataError, SMTPHeloError, SMTPException, SMTPAuthenticationError, SMTPSenderRefused, SMTPRecipientsRefused) as e: # Handle smtp specific exceptions. logging.exception(str(e), exc_info=True) flash(gettext(SMTP_ERROR).format(e), 'danger') has_error = True except Exception as e: # Handle other exceptions. logging.exception(str(e), exc_info=True) flash(gettext(PASS_ERROR).format(e), 'danger') has_error = True if not has_error: after_this_request(view_commit) auth_obj = AuthSourceManager(form, [INTERNAL]) session['_auth_source_manager_obj'] = auth_obj.as_dict() if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0: flash( gettext('You successfully reset your password but' ' your account is locked. Please contact ' 'the Administrator.'), 'warning') return redirect(get_post_logout_redirect()) do_flash(*get_message('PASSWORD_RESET')) login_user(user) auth_obj = AuthSourceManager(form, [INTERNAL]) session['auth_source_manager'] = auth_obj.as_dict() return redirect( get_url(_security.post_reset_view) or get_url(_security.post_login_view)) return _security.render_template( config_value('RESET_PASSWORD_TEMPLATE'), reset_password_form=form, reset_password_token=token, **_ctx('reset_password'))
def cern_authorized_signup_handler(resp, remote, *args, **kwargs): """Handle sign-in/up functionality. :param remote: The remote application. :param resp: The response. :returns: Redirect response. """ # Remove any previously stored auto register session key session.pop(token_session_key(remote.name) + '_autoregister', None) # Store token in session # ---------------------- # Set token in session - token object only returned if # current_user.is_autenticated(). token = response_token_setter(remote, resp) handlers = current_oauthclient.signup_handlers[remote.name] # Sign-in/up user # --------------- if not current_user.is_authenticated: account_info = handlers['info'](resp) account_info_received.send(remote, token=token, response=resp, account_info=account_info) user = oauth_get_user( remote.consumer_key, account_info=account_info, access_token=token_getter(remote)[0], ) if user is None: # Auto sign-up if user not found form = create_csrf_disabled_registrationform() form = fill_form(form, account_info['user']) user = oauth_register(form) # if registration fails ... if user is None: # requires extra information session[token_session_key(remote.name) + '_autoregister'] = True session[token_session_key(remote.name) + '_account_info'] = account_info session[token_session_key(remote.name) + '_response'] = resp db.session.commit() return redirect(url_for( '.signup', remote_app=remote.name, )) # Authenticate user if not oauth_authenticate( remote.consumer_key, user, require_existing_link=False): return current_app.login_manager.unauthorized() # Link account # ------------ # Need to store token in database instead of only the session when # called first time. token = response_token_setter(remote, resp) # Setup account # ------------- if not token.remote_account.extra_data: account_setup = handlers['setup'](token, resp) account_setup_received.send(remote, token=token, response=resp, account_setup=account_setup) db.session.commit() account_setup_committed.send(remote, token=token) else: db.session.commit() # Redirect to next if current_user.is_authenticated and not egroup_admin(): logout_user() return redirect(get_post_logout_redirect()) next_url = get_session_next_url(remote.name) if next_url: return redirect(next_url) return redirect(url_for('invenio_oauthclient_settings.index'))