Ejemplo n.º 1
0
 def oauth_logout():
     if not current_user.is_authenticated:
         return redirect(get_post_logout_redirect())
     for key in list(session.keys()):
         session.pop(key)
     logout_user()
     return redirect(get_post_logout_redirect())
Ejemplo n.º 2
0
def confirm_email(token):
    """View function which handles a email confirmation request."""

    expired, invalid, user = confirm_email_token_status(token)

    if not user or invalid:
        invalid = True

    already_confirmed = user is not None and user.confirmed_at is not None
    expired_and_not_confirmed = expired and not already_confirmed

    if expired_and_not_confirmed:
        send_confirmation_instructions(user)

    if invalid or expired_and_not_confirmed:
        return redirect(get_url(_security.confirm_error_view))

    if confirm_user(user):
        after_this_request(_commit)

    if user != current_user:
        logout_user()
        login_user(user)

    return redirect(get_url(_security.post_confirm_view))
Ejemplo n.º 3
0
def logout():
    if current_user.is_authenticated:
        current_app.logger.info('{} logged out'.format(current_user.username))
        logout_user()
        return redirect(url_for('Public.index'))
    else:
        return '<h1>you are not logged in</h1>'
Ejemplo n.º 4
0
 def webserver_logout():
     logout_user()
     return Response(
         render_template(
             "browser/kerberos_logout.html",
             login_url=url_for('security.login'),
         ))
Ejemplo n.º 5
0
def protected():
    print current_user.to_json()
    print ', '.join(['%s:%s' % item for item in current_user.__dict__.items()])
    if current_user <> AnonymousUser and not current_user.is_active:
        logout_user()
        return "you've been logged out!"
    return "protected view!"
Ejemplo n.º 6
0
def test_load_permissions_on_identity_loaded(app):
    """Check that the needs are loaded properly in the user Identity."""
    InvenioAccess(app)

    with app.test_request_context():
        identity_changed.send(current_app._get_current_object(),
                              identity=AnonymousIdentity())
        assert g.identity.provides == {any_user}

    with app.test_request_context():
        user = testutils.create_test_user('*****@*****.**')
        login_user(user)
        assert g.identity.provides == {
            any_user, authenticated_user, UserNeed(user.id)
        }
        logout_user()
        # FIXME: The user is still authenticatd when the identity loader
        # is called during logout. We could filter on AnonymousIdentity, but
        # This would be inconsistent as the UserNeed(user.id) is still there.
        # This will pass even if it is unexpected:
        # assert g.identity.provides == {
        #     any_user, authenticated_user, UserNeed(user.id)
        # }
        # Forcing the identity to reload again cleans the mess. In practice
        # this won't be needed as the identity is reloaded between requests.
        identity_changed.send(current_app._get_current_object(),
                              identity=AnonymousIdentity())
        assert g.identity.provides == {any_user}
Ejemplo n.º 7
0
    def before_request():
        """Login the default user if running in desktop mode"""

        # Check the auth key is valid, if it's set, and we're not in server
        # mode, and it's not a help file request.
        if not config.SERVER_MODE and app.PGADMIN_INT_KEY != '' and (
            ('key' not in request.args
             or request.args['key'] != app.PGADMIN_INT_KEY) and
                request.cookies.get('PGADMIN_INT_KEY') != app.PGADMIN_INT_KEY
                and request.endpoint != 'help.static'):
            abort(401)

        if not config.SERVER_MODE and not current_user.is_authenticated:
            user = user_datastore.get_user(config.DESKTOP_USER)
            # Throw an error if we failed to find the desktop user, to give
            # the sysadmin a hint. We'll continue to try to login anyway as
            # that'll through a nice 500 error for us.
            if user is None:
                app.logger.error(
                    'The desktop user %s was not found in the configuration '
                    'database.' % config.DESKTOP_USER)
                abort(401)
            login_user(user)

        # if the server is restarted the in memory key will be lost
        # but the user session may still be active. Logout the user
        # to get the key again when login
        if config.SERVER_MODE and current_user.is_authenticated and \
                current_app.keyManager.get() is None and \
                request.endpoint not in ('security.login', 'security.logout'):
            logout_user()
Ejemplo n.º 8
0
 def post(self):
     logout_user()
     return {
         "version": api_version,
         "message": "Successfully logged out",
         "data": {}
     }, 200
Ejemplo n.º 9
0
def confirm_change_email(token):
    """View function which handles a change email confirmation request.
    Based on confirm_email in Flask-Security."""
    expired, invalid, user, new_email = (
        confirm_change_email_token_status(token))

    if not user or invalid:
        invalid = True
        do_flash(*get_message('INVALID_CONFIRMATION_TOKEN'))
    if expired:
        send_change_email_confirmation_instructions(user, new_email)
        do_flash(*(('You did not confirm your change of email within {0}. '
                    'New instructions to confirm your change of email have '
                    'been sent to {1}.'
                    ).format(_security.confirm_email_within, new_email),
                   'error'))
    if invalid or expired:
        return redirect(url_for('home'))

    if user != current_user:
        logout_user()
        login_user(user)

    if change_user_email(user, new_email):
        after_this_request(_commit)
        msg = ('Thank you. Your change of email has been confirmed.',
               'success')
    else:
        msg = ('Your change of email has already been confirmed.' 'info')

    do_flash(*msg)
    return redirect(url_for('home'))
Ejemplo n.º 10
0
def logout():
    try:
        logout_user()
        return redirect(url_for('main.index'))
    except Exception as inst:
        message = {"result":"error"}
        logging.error(str(type(inst))+'\n Tipo de error: '+str(inst)+ '['+str(datetime.now())+']')
        return render_template('error.html')
Ejemplo n.º 11
0
def logout():
    if current_user.is_authenticated:
        logout_user()

    if not request.is_json:
        return redirect(url_for('admin.index'))

    return '', HTTPStatus.NO_CONTENT
Ejemplo n.º 12
0
def logout():
    """View function which handles a logout request."""

    logout_user()
    _logger.debug('User logged out')
    next_url = request.args.get('next', None)
    post_logout_url = get_url(_security.post_logout_view)
    return redirect(next_url or post_logout_url)
Ejemplo n.º 13
0
 def delete(self):
     args = self.parser['delete'].parse_args()
     if current_user.authorize(args['password']):
         user_store.delete_user(current_user)
         db.session.commit()
         logout_user()
         return {'Message': 'Account removed'}
     else:
         return errors.InvalidCredentials()
Ejemplo n.º 14
0
 def post(self):
     if current_user.is_want_leave:
         user_datastore.delete_user(current_user)
         logout_user()
         user_datastore.commit()
         flash('Your account is successfully deleted!')
         return redirect(url_for('MainView:index'))
     else:
         flash('It is wrong approach!!!')
         return render_template('error/404.html')
Ejemplo n.º 15
0
def delete_account():
    user = flask_login.current_user
    if request.method == 'GET':
        return render_template('delete-account.html', user=user)
    else:
        dbu = User.query.get(user.id)
        logout_user()
        db.session.delete(dbu)
        db.session.commit()
        return redirect('/', code=303)
Ejemplo n.º 16
0
 def change_password(self, pk):
     user = self.get_one(str(pk))
     form = CanellaChangePasswordForm(user=user)
     if form.validate_on_submit():
         change_password(user, form.password.data)
         db.session.commit()
         if user.email == current_user.email:
             logout_user()
         flash(gettext('Password changed successfully'))
         return redirect(url_for('.index_view'))
     return self.render('admin/model/create.html', form=form)
Ejemplo n.º 17
0
    def kerberos_logout():
        logout_user()
        if 'KRB5CCNAME' in session:
            # Remove the credential cache
            cache_file_path = session['KRB5CCNAME'].split(":")[1]
            if path.exists(cache_file_path):
                remove(cache_file_path)

        return Response(render_template("browser/kerberos_logout.html",
                                        login_url=url_for('security.login'),
                                        ))
Ejemplo n.º 18
0
def delete_account():
    user = flask_login.current_user
    if request.method == 'GET':
        return render_template('delete-account.html',
                               user=user)
    else:
        dbu = User.query.get(user.id)
        logout_user()
        db.session.delete(dbu)
        db.session.commit()
        return redirect('/', code=303)
Ejemplo n.º 19
0
def logout():
  id = session['session_id']
  b = Borg()
  db_proxy = b.settings[id]['dbProxy']
  db_proxy.close()
  del b.settings[id]
  session.pop(id,None)
  logout_user()
  resp_dict = {'message': 'Logged out'}
  resp = make_response(encode(resp_dict), OK)
  resp.headers['Content-type'] = 'application/json'
  return resp
Ejemplo n.º 20
0
    def post(self, **kwargs):
        """Confirm user email."""
        user = self.get_user(**kwargs)

        if user != current_user:
            logout_user()

        if confirm_user(user):
            after_this_request(_commit)
            return jsonify({"message": get_message("EMAIL_CONFIRMED")[0]})
        else:
            return jsonify({"message": get_message("ALREADY_CONFIRMED")[0]})
Ejemplo n.º 21
0
def logout():
    id = session['session_id']
    b = Borg()
    db_proxy = b.settings[id]['dbProxy']
    db_proxy.close()
    del b.settings[id]
    session.pop(id, None)
    logout_user()
    resp_dict = {'message': 'Logged out'}
    resp = make_response(encode(resp_dict), OK)
    resp.headers['Content-type'] = 'application/json'
    return resp
Ejemplo n.º 22
0
 def oauth_authorize():
     auth_obj = session['auth_obj']
     auth_obj.set_current_source(auth_obj.source.get_source_name())
     status, msg = auth_obj.login()
     if status:
         session['auth_source_manager'] = auth_obj.as_dict()
         if 'auth_obj' in session:
             session.pop('auth_obj')
         return redirect(get_post_login_redirect())
     if 'auth_obj' in session:
         session.pop('auth_obj')
     logout_user()
     flash(msg, 'danger')
     return redirect(get_post_login_redirect())
Ejemplo n.º 23
0
def log_out():
    utils.logout_user()

    token = request.args.get('token')

    serializer = current_app.extensions['security'].remember_token_serializer
    data = serializer.loads(token)
    user_id = data[0]
    #Find the User
    user = User.query.filter_by(id=user_id).first()

    user.token = None
    user.is_logged_in = False

    db.session.commit()
    status = True
    return jsonify({"success": status})
Ejemplo n.º 24
0
    def post(self):
        args = self.parser['post'].parse_args()

        if user_store.find_user(email=args['email']):
            return errors.UserAlreadyExist()
        if args['password'] != args['confirm']:
            return errors.PasswordConfirmationInvalid()

        user = user_store.create_user(email=args['email'],
                                      password=args['password'])
        profile = Profile(user=user, name=args['name'])
        msg = send_confirmation_email(args['email'], args['name'])
        if msg.status_code not in [250]:
            return errors.CouldNotSendEmail()
        else:
            db.session.commit()
            logout_user()
            return {'user': user.email}
Ejemplo n.º 25
0
def destroy(user_id):
    """
    Delete user.

    @login_required

    :param user_id:
    :return:
    """
    user = users.get_or_404(user_id)
    if users.user_equals_me(user):
        users.delete_user(user)
        if not current_app.testing:
            logout_user()
        return {}
    if users.has_admin():
        users.delete_user(user)
        return {}
    else:
        return {}, 401
Ejemplo n.º 26
0
def check_youckan_cookie():
    # Do not interfere with authorize endpoint
    if request.endpoint == 'youckan.authorized':
        return

    # Force session open and close depending on the youckan session state
    session_cookie_name = current_app.config['YOUCKAN_SESSION_COOKIE']
    logged_cookie_name = '{0}.logged'.format(current_app.config['YOUCKAN_AUTH_COOKIE'])

    if session_cookie_name in request.cookies and logged_cookie_name in request.cookies:
        session_id = request.cookies[session_cookie_name]

        if not current_user.is_authenticated or 'youckan.token' not in session:
            return youckan.authorize(
                callback=url_for('youckan.authorized', _external=True, _scheme='https'),
                state=encode_state(session_id),
                next=request.url.replace('http://', 'https://')
            )
    elif current_user.is_authenticated:
        logout_user()
Ejemplo n.º 27
0
def destroy(user_id):
    """
    Delete user.

    @login_required

    :param user_id:
    :return:
    """
    user = users.get_or_404(user_id)
    if users.user_equals_me(user):
        users.delete_user(user)
        if not current_app.testing:
            logout_user()
        return {}
    if users.has_admin():
        users.delete_user(user)
        return {}
    else:
        return {}, 401
Ejemplo n.º 28
0
def login_users_post():
    try:

        email = request.form.get('email')
        password = request.form.get('password')
        remember = True if request.form.get('remember') else False

        # Consultamos si existe un usuario ya registrado con el email.
        user = User.query.filter_by(email=email).first()

        # Verificamos si el usuario existe, encriptamos el password y lo comparamos con
        # el de la BD.
        if not user or not check_password_hash(user.password, password):
            # Si el usuario no existe o no coinciden los passwords
            flash('El usuario y/o la contraseña son incorrectos')
            # Error de Autenticación
            return redirect(url_for('auth.login_users'))

        # En este punto el usuario tiene los datos correctos
        try:

            # Creamos una sessión y logueamso al usuario.
            login_user(user, remember=remember)
            if current_user.has_role('cliente') or current_user.has_role(
                    'admin') or current_user.has_role('empleado'):
                flash('Bienvenido ' + current_user.name)
                return redirect(url_for('main.index'))
            else:
                logout_user()
                flash('No tienes permiso para acceder al sistema')
                return redirect(url_for('auth.login_users'))
        except:
            flash('Error al iniciar sesión')
            return redirect(url_for('auth.login_users'))
    except:
        flash('El usuario y/o la contraseña son incorrectos')
        return redirect(url_for('auth.login_users'))
    return redirect(url_for('main.index'))
Ejemplo n.º 29
0
 def _logout(self):
     logout_user()
Ejemplo n.º 30
0
def logout():
    logout_user()
    flash('You are logged out.', 'info')
    return redirect(url_for('public.home'))
Ejemplo n.º 31
0
def logout():
    '''Perform a local logout and redirect to youckan'''
    session.pop('youckan.token', None)
    logout_user()
    return redirect(urljoin(current_app.config['YOUCKAN_URL'], 'logout'))
Ejemplo n.º 32
0
    def logout(self):
        current_user.reset_secret()
        logout_user()

        return dict(status=200, message='You have been logged out')
Ejemplo n.º 33
0
def logout():
    utils.logout_user()
    return "logged out"
Ejemplo n.º 34
0
def protected():
    if current_user != AnonymousUser and not current_user.is_active:
        logout_user()
        return "you've been logged out!"
    return "Success, it's protected view!"
Ejemplo n.º 35
0
def logout():
    logout_user()
    return redirect("/")
Ejemplo n.º 36
0
def logout():
    logout_user()
    #flash(u'You have been signed out')
    flash(u'登出成功')

    return redirect("/login") #redirect(request.args.get('next', None))
Ejemplo n.º 37
0
Archivo: auth.py Proyecto: keho98/argos 
def logout():
    for token in ['twitter', 'facebook', 'google']:
        session.pop('{0}_oauth'.format(token), None)
    logout_user()
Ejemplo n.º 38
0
def reconnect(provider_id):
    """Tokens automatically refresh with login.
    Logs user out and starts provider login OAuth flow
    """
    logout_user()
    return login(provider_id)
Ejemplo n.º 39
0
def logout():
    logout_user()
    return redirect(url_for('index'))
Ejemplo n.º 40
0
def logout():
    logout_user()
    return redirect(url_for('base.index'))
Ejemplo n.º 41
0
def logout_mturk_user():
    session.clear()
    utils.logout_user()
Ejemplo n.º 42
0
def reconnect(provider_id):
    """Tokens automatically refresh with login.
    Logs user out and starts provider login OAuth flow
    """
    logout_user()
    return login(provider_id)
Ejemplo n.º 43
0
def logout():
    logout_user()
    #flash(u'You have been signed out')
    flash(u'登出成功')

    return redirect("/login") #redirect(request.args.get('next', None))