def password_login():
"""Provides email and password authentication."""
data = request_data()
email = data.get('email')
password = data.get('password')
if not email or not password:
abort(404)
log_event(request)
q = Role.by_email(email)
q = q.filter(Role.password_digest != None) # noqa
role = q.first()
# Try a password authentication and an LDAP authentication if it is enabled
if role and role.check_password(password) is False:
return Unauthorized("Authentication has failed.")
elif not role:
role = Role.authenticate_using_ldap(email, password)
if not role:
return Unauthorized("Authentication has failed.")
session['user'] = role.id
session['next_url'] = extract_next_url(request)
return jsonify({
'logout': url_for('.logout'),
'api_key': role.api_key,
'role': role
})
def oauth_init(provider):
oauth_provider = oauth.remote_apps.get(provider)
if not oauth_provider:
abort(404)
callback_url = url_for('.oauth_callback',
provider=provider,
next=extract_next_url(request))
return oauth_provider.authorize(callback=callback_url)
def login(provider=None):
if not provider:
# by default use the first provider if none is requested,
# which is a useful default if there's only one
provider = oauth.remote_apps.keys()[0]
oauth_provider = oauth.remote_apps.get(provider)
if not oauth_provider:
abort(404)
log_event(request)
session['next_url'] = extract_next_url(request)
callback_url = url_for('.callback', provider=provider)
return oauth_provider.authorize(callback=callback_url)
def oauth_callback(provider):
oauth_provider = oauth.remote_apps.get(provider)
if not oauth_provider:
abort(404)
resp = oauth_provider.authorized_response()
if resp is None or isinstance(resp, OAuthException):
log.warning("Failed OAuth: %r", resp)
return Unauthorized("Authentication has failed.")
response = signals.handle_oauth_session.send(provider=oauth_provider,
oauth=resp)
db.session.commit()
for (_, role) in response:
if role is None:
continue
log.info("Logged in: %r", role)
next_url = extract_next_url(request)
next_url, _ = urldefrag(next_url)
next_url = '%s#token=%s' % (next_url, create_token(role))
return redirect(next_url)
log.error("No OAuth handler for %r was installed.", provider)
return Unauthorized("Authentication has failed.")
def password_login():
"""Provides email and password authentication."""
data = request_data()
email = data.get('email')
password = data.get('password')
if not email or not password:
abort(404)
log_event(request)
role = Role.by_email(email).filter(Role.password_digest != None).first()
if not (role and role.check_password(password)):
return Unauthorized("Authentication has failed.")
session['user'] = role.id
session['next_url'] = extract_next_url(request)
return jsonify({
'logout': url_for('.logout'),
'api_key': role.api_key,
'role': role
})
def test_extract_next_url_safe(self):
req = Request.from_values('/?next=/help')
self.assertEqual('/help', extract_next_url(req))
def test_extract_next_url_unsafe(self):
req = Request.from_values('/?next={}'.format(self.fake.url()))
self.assertEqual('http://localhost:5000/', extract_next_url(req))
def test_extract_next_url_blank(self):
req = Request.from_values('')
self.assertEqual('http://localhost:5000/', extract_next_url(req))
def test_extract_next_url_blank(self):
req = Request.from_values('')
self.assertEqual('/', extract_next_url(req))
