def persona_login():
# Must have the assertion.
if 'assertion' not in request.form:
abort(400)
location = app.config['SERVER_NAME']
if location is None:
# Do a best guess effort of the localhost and port number.
location = ':'.join(['localhost', str(app.config['SERVER_PORT'])])
# Send the assertion to Mozilla's verifier service.
assertion_info = {
'assertion': request.form['assertion'],
'audience': location,
}
r = requests.post('https://verifier.login.persona.org/verify',
data=assertion_info,
verify=True)
if not r.ok:
print('Failed to post to Persona.')
abort(500)
data = r.json()
if data.get('status') == 'okay':
user = app.user_storage.find_by_email(data['email'])
if user is None:
# Generate a password that the Persona user will not be told about.
# This is to help prevent hackers from logging in using an empty
# password hash of a Persona user.
password = util.generate_password()
pwhash = security.generate_password_hash(password)
user = User(
data['email'], # Use the email as the username.
data['email'],
'persona',
pwhash)
app.user_storage.create(user)
login_user(user)
return jsonify({
# Pass back whatever redirect was provided.
'next': request.form.get('next')
})
else:
abort(401)
def persona_login():
# Must have the assertion.
if 'assertion' not in request.form:
abort(400)
location = app.config['SERVER_NAME']
if location is None:
# Do a best guess effort of the localhost and port number.
location = ':'.join(['localhost', str(app.config['SERVER_PORT'])])
# Send the assertion to Mozilla's verifier service.
assertion_info = {
'assertion': request.form['assertion'],
'audience': location,
}
r = requests.post('https://verifier.login.persona.org/verify',
data=assertion_info, verify=True)
if not r.ok:
print('Failed to post to Persona.')
abort(500)
data = r.json()
if data.get('status') == 'okay':
user = app.user_storage.find_by_email(data['email'])
if user is None:
# Generate a password that the Persona user will not be told about.
# This is to help prevent hackers from logging in using an empty
# password hash of a Persona user.
password = util.generate_password()
pwhash = security.generate_password_hash(password)
user = User(data['email'], # Use the email as the username.
data['email'],
'persona',
pwhash)
app.user_storage.create(user)
login_user(user)
return jsonify({
# Pass back whatever redirect was provided.
'next': request.form.get('next')
})
else:
abort(401)
def add_user():
if current_user.name != app.config['ADMINISTRATOR']:
flash('You don\'t have permission to do that.')
return redirect(url_for('index'))
form = AddUserForm()
if form.validate_on_submit():
password = util.generate_password()
pwhash = security.generate_password_hash(password)
user = User(form.username.data,
'', # Email is not used.
'password',
pwhash)
app.user_storage.create(user)
return render_template('user_confirmation.html',
username=form.username.data,
password=password)
return render_template('add_user.html', form=form)
def add_user():
if current_user.name != app.config['ADMINISTRATOR']:
flash('You don\'t have permission to do that.')
return redirect(url_for('index'))
form = AddUserForm()
if form.validate_on_submit():
password = util.generate_password()
pwhash = security.generate_password_hash(password)
user = User(
form.username.data,
'', # Email is not used.
'password',
pwhash)
app.user_storage.create(user)
return render_template('user_confirmation.html',
username=form.username.data,
password=password)
return render_template('add_user.html', form=form)