def login_page():
"""If not logged in render login page, otherwise redirect to inventory"""
if 'jwt' in request.cookies:
try:
decode_token(request.cookies['jwt'])
return redirect('/inventory')
except Exception as e:
pass
token = request.cookies.get(COOKIE_NAME, '')
if token != '':
# Attempt to grab the user details
r = json.loads(requests.get('https://hackerapi.com/v2/users/me?token=' + token).text)
if 'id' in r and 'email' in r and 'event_roles' in r:
event_roles = r['event_roles']
is_organizer = check_role(event_roles, 'organizer')
is_hacker = check_role(event_roles, 'hacker')
if is_organizer or is_hacker:
hackerapi_id = str(r['id'])
name = r.get('legal_name', r.get('name', ''))
email = r['email']
phone = r.get('phone_number', '')
user = User.query.filter_by(hackerapi_id=hackerapi_id).first()
if user == None:
user = User(hackerapi_id, email, name, phone, is_organizer)
db.session.add(user)
else:
if name != '':
user.name = name
user.email = email
if phone != '':
user.phone = phone
user.is_organizer = is_organizer
db.session.commit()
token = jws.sign(hackerapi_id.encode('utf-8'), SECRET, algorithm='HS256')
response = app.make_response(redirect('/inventory'))
response.set_cookie('jwt', token)
response.set_cookie(COOKIE_NAME, '')
return response
response = app.make_response(render_template('pages/login.html'))
response.set_cookie(COOKIE_NAME, '')
return response
return redirect('https://auth.hackthenorth.com/?redirect=cog.team.hackthenorth.com/login')
def login_page():
if request.method == 'GET':
response = app.make_response(render_template('pages/login.html'))
return response
# POST
jwt = request.headers.get('Authorization')
# Attempt to grab the user details
profile, _ = get_profile_from_jwt(jwt)
if not profile:
return 'unauthorized jwt', 401
is_organizer = "admin" in profile.get(
"groups", []) or "hardware_admin" in profile.get("groups", [])
if not is_organizer and profile.get("status") != "admission_confirmed":
return 'user is not admin or ADMISSION_CONFIRMED status', 403
hackerapi_id = profile["id"]
first_name = profile.get("first_name", "")
last_name = profile.get("last_name", "")
name = first_name + " " + last_name
email = profile.get("email")
user = User.query.filter_by(hackerapi_id=hackerapi_id).first()
if user == None:
user = User(hackerapi_id, email, name, None, is_organizer)
user.first_name = first_name
user.last_name = last_name
db.session.add(user)
else:
if name != '':
user.name = name
user.email = email
user.is_organizer = is_organizer
db.session.commit()
response = app.make_response("")
response.set_cookie('jwt', jwt)
return response
def logout():
"""Log user out"""
response = app.make_response(redirect('/'))
response.set_cookie('jwt', '')
return response
def logout():
"""Log user out"""
response = app.make_response(redirect(os.getenv("LOGIN_URL") + "/logout"))
return response