def api_signin():
print(request.data)
print(request.content_type)
if not request.json:
email = request.form['email']
password = request.form['password']
else:
email = request.json.get('email')
password = request.json.get('password')
user = User.objects(email=email).first()
if not user or not user.check_password(password):
return jsonify({
'code': 0,
'data': {},
'tip': 'wrong email or wrong password'
})
elif user.group == Group.block or user.group == Group.delete:
return jsonify({
'code': 0,
'data': {},
'tip': 'no right access'
})
else:
token = user.generate_token()
data = jsonify({
'code': 1,
'data': {'id': str(user.id),
'email': user.email,
'token': token}
})
response = current_app.make_response(data)
response.set_cookie("token", token, httponly=True)
return response
def raspberry_user_delete():
body = request.get_json()
obj = Raspberry.get({"id": body["raspberry_id"]})
user = User.get({"id": get_jwt_identity()})
user.raspberries.remove(obj)
db.session.commit()
return {"message": Config.DELETE_MESSAGE}, 203
def wrapped(*args, **kwargs):
token = request.headers.get('token') or request.cookies.get('token')
user = User.verify_token(token)
if not user:
return redirect(url_for('main.login_page'))
g.user = user
return f(*args, **kwargs)
def raspberry_user_put():
body = request.get_json()
obj = Raspberry.get({"id": body["raspberry_id"]})
user = User.get({"id": get_jwt_identity()})
user.raspberries.append(obj)
db.session.commit()
return {"message": Config.POST_MESSAGE, "object": obj}, 201
def user_index():
raspberry_id = request.args.get('raspberry_id')
if raspberry_id:
obj = User.query.join(Raspberry, User.raspberries).filter(Raspberry.id == raspberry_id).all()
return jsonify(obj)
else:
return jsonify(User.index())
def user_post():
try:
body = request.get_json()
obj = User.post(body)
return {"message": Config.POST_MESSAGE, "object": obj}, 201
except InvalidRequestError:
db.session().rollback()
return jsonify({'message': 'an invalid request'}), 409
except IntegrityError:
return jsonify({'message': 'an integrity error occurred'}), 409
def api_signup():
email = request.json.get('email')
password = request.json.get('password')
code = request.json.get('code')
if email is None or password is None:
print('None...')
abort(400)
code = Code.objects(value=code).first()
if not code:
return jsonify({
'code': 0,
'tip': "wrong code"
})
if User.objects(email=email).first() is not None:
return jsonify({
'code': 0,
'tip': "email already registered"
})
try:
user = User(email=email)
user.set_password(password)
user.save()
code.delete()
return jsonify({
'code': 1,
'data': {'id': str(user.id),
'email': user.email}
})
except db.errors.ValidationError:
return jsonify({
'code': 0,
'tip': 'wrong email'
})
def check_user_before_request():
if "user" not in session:
g.user = BasicUser.gen_user()
session["user"] = g.user.to_dict()
else:
userid = session.get('user')["id"]
user = User.get_user_by_id(userid)
# this for when clear db usage
if user is None:
user = BasicUser.gen_user()
session["user"] = user.to_dict()
g.user = user
def api_login():
username = request.form.get("username")
password = request.form.get("password")
password = hashlib.sha512(password).hexdigest()
user = User.validate_user(username=username,
password=password)
if user is None:
return jsonify(dict(rcode==404))
g.user = user
session["user"] = g.user.to_dict()
return jsonify(rcode=200)
def decorated_function(*args, **kwargs):
r = request.path
if "user" not in session:
flash("You need to login first!", "danger")
return redirect(url_for('login', r=r))
else:
g.user = User.get_user_by_id(session["user"]["id"])
if g.user is None:
return redirect(url_for('login', r=r))
def inject_user():
if "user" not in g:
g.user = User.get_user_by_id(session.get("user", {}).get("id"))
return dict(cur_user=g.user)
app.template_context_processors[None].append(inject_user)
return f(*args, **kwargs)
def api_delete_user(uid):
if g.user.group != Group.admin:
abort(400)
try:
user = User.objects(id=uid).first()
if not user:
abort(400)
user.delete()
return jsonify({
'code': 1,
})
except db.errors.ValidationError:
return jsonify({
'code': 0,
'tip': 'wrong id'
})
def login():
username = request.form.get("username")
password = request.form.get("password")
password = hashlib.sha512(password).hexdigest()
user = User.validate_user(username=username,
password=password)
if user is None:
flash("user/password error!")
return redirect("/")
g.user = user
session["user"] = g.user.to_dict()
return redirect("/")
def user_get(_id):
obj = User.get({"id": _id})
return jsonify(obj)
def inject_user():
if "user" not in g:
g.user = User.get_user_by_id(session.get("user", {}).get("id"))
return dict(cur_user=g.user)
def login() -> Union[str, Response]:
"""User login page."""
if current_user.get_id():
next_url = request.args.get("next", default="/")
if is_safe_url(next_url, app.config["ALLOWED_HOSTS"]) is False:
return abort(400)
return redirect(next_url)
# if demo, login as first user
if app.config.get("DEMO"):
session.pop("_flashes", None)
user = User.query.first()
if user:
login_user(user, remember=True)
else:
flash("Something broke!")
next_url = request.args.get("next", default="/")
if is_safe_url(next_url, app.config["ALLOWED_HOSTS"]) is False:
return abort(400)
return redirect(next_url)
if request.method == "POST" and app.config["AUTH_METHOD"] in ["LDAP", "DEV"]:
user = request.form.get("user", "")
password = request.form.get("password", "")
if app.config["AUTH_METHOD"] == "LDAP": # pragma: no cover
ldap = LDAP(app) # type: ignore[no-untyped-call]
ldap_details = ldap.bind_user(user, password) # type: ignore[no-untyped-call]
if ldap_details is None or password == "": # noqa: S105
executor.submit(log_login, request.form["user"], 3)
flash("Invalid login, please try again!")
return render_template("pages/login.html.j2", title="Login")
# require specific user group
# fmt: off
if "REQUIRED_GROUPS" in app.config and not set(
app.config["REQUIRED_GROUPS"]
).issubset(
set(ldap.get_user_groups(user=user.lower())) # type: ignore[no-untyped-call]
):
executor.submit(log_login, request.form["user"], 3)
flash(
"You must be part of the %s group(s) to use this site."
% app.config["REQUIRED_GROUPS"]
)
return render_template("pages/login.html.j2", title="Login")
# fmt: on
executor.submit(log_login, request.form["user"], 1)
user = User.query.filter(
(User.account_name == user.lower()) | (User.email == user.lower())
).first()
# if user isn't existing, create
if not user:
user = User() # type: ignore[call-arg]
# update user attributes
user.account_name = (
ldap_details.get(app.config["LDAP_ATTR_MAP"]["account_name"])[0]
.decode("utf-8")
.lower()
)
user.email = (
ldap_details.get(app.config["LDAP_ATTR_MAP"]["email"])[0]
.decode("utf-8")
.lower()
)
user.full_name = ldap_details.get(app.config["LDAP_ATTR_MAP"]["full_name"])[
0
].decode("utf-8")
user.first_name = ldap_details.get(
app.config["LDAP_ATTR_MAP"]["first_name"]
)[0].decode("utf-8")
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
next_url = request.args.get("next", default="/")
if is_safe_url(next_url, app.config["ALLOWED_HOSTS"]) is False:
return abort(400)
return redirect(next_url)
if app.config["AUTH_METHOD"] == "DEV": # pragma: no cover
user = User.query.filter(
(User.account_name == user.lower()) | (User.email == user.lower())
).first()
if user:
login_user(user, remember=True)
else:
flash("Invalid login, please try again!")
next_url = request.args.get("next", default="/")
if is_safe_url(next_url, app.config["ALLOWED_HOSTS"]) is False:
return abort(400)
return redirect(next_url)
# if login methods fail, add flash message
flash("Invalid login, please try again!")
# saml does not have a login page but redirects to idp
if app.config["AUTH_METHOD"] == "SAML": # pragma: no cover
saml = SAML(app)
saml_client = saml.saml_client_for()
# pylint: disable=W0612
reqid, info = saml_client.prepare_for_authenticate()
redirect_url = ""
# Select the IdP URL to send the AuthN request to
for key, value in info["headers"]:
if key == "Location":
redirect_url = value
# add next url to request to be appropriatly redirected
# after a successful login
next_url = request.args.get("next", "/")
if is_safe_url(next_url, app.config["ALLOWED_HOSTS"]):
redirect_url += "&RelayState=" + next_url
return redirect(redirect_url)
return render_template("pages/login.html.j2", title="Login")
def user_delete(_id):
User.delete({"id": _id})
return {"message": Config.DELETE_MESSAGE}, 203
def user_put(_id):
body = request.get_json()
obj = User.put({"id": _id}, body)
return {"message": Config.PUT_MESSAGE, "object": obj}
def idp_initiated() -> Response:
"""Get response from IDP."""
try:
saml = SAML(app)
saml_client = saml.saml_client_for()
authn_response = saml_client.parse_authn_request_response(
request.form["SAMLResponse"], entity.BINDING_HTTP_POST)
identity = authn_response.get_identity()
if "REQUIRED_GROUPS" in app.config and not set(
app.config["REQUIRED_GROUPS"]).issubset(
set(identity.get(app.config["SAML_ATTR_MAP"]["groups"]))):
session.pop("_flashes", None)
# user is not authorized.
flash("You must be part of the %s group(s) to use this site." %
app.config["REQUIRED_GROUPS"])
return redirect(app.config["NOT_AUTHORIZED_URL"])
logging.warning(identity)
if identity:
account_name = identity.get(
app.config["SAML_ATTR_MAP"]["account_name"])[0].lower()
email = identity.get(
app.config["SAML_ATTR_MAP"]["email"])[0].lower()
user = User.query.filter((User.account_name == account_name)
| (User.email == email)).first()
# if user isn't existing, create
if not user:
user = User()
# update user attributes
user.account_name = account_name
user.email = email
user.full_name = "%s %s" % (
identity.get(app.config["SAML_ATTR_MAP"]["first_name"])[0],
identity.get(app.config["SAML_ATTR_MAP"]["last_name"])[0],
)
user.first_name = identity.get(
app.config["SAML_ATTR_MAP"]["first_name"])[0]
db.session.add(user)
db.session.commit()
login_user(user, remember=True)
next_url = (request.args.get("next")
or request.args.get("RelayState")
or request.form.get("RelayState")
or app.config["LOGIN_REDIRECT_URL"])
if not is_safe_url(next_url, app.config["ALLOWED_HOSTS"]):
return abort(400)
session.pop("_flashes", None)
return redirect(next_url)
return redirect(app.congif["LOGIN_VIEW"])
except SignatureError as e:
flash(str(e))
return redirect(app.congif["SAML_ATTR_MAP"])
from flask import Flask
from web.model import DbPool, User
app = Flask(__name__)
if __name__ == '__main__':
session = DbPool.get_db_pool1()()
user = User(id='1', name='alan')
session.add(user)
session.commit()
session.close()
app.run(host='0.0.0.0', port=81, debug=app.config['DEBUG'])
