def load_user(): # pylint: disable=too-many-return-statements,too-many-branches # TODO: split into smaller functions # continue for assets if request.path.startswith("/static"): return # continue for logout page if request.path == url_for("auth.logout"): return # continue for terms page if request.path == url_for("auth.terms"): return if not is_authenticated(): g.user = None return log.debug("Loading user") # Ignore all non-admin users during maintenance or restricted mode. if (current_app.config["MAINTENANCE_MODE"] or current_app.config["RESTRICT_LOGIN"] and not current_app.config["IS_LOCAL"]) and not is_admin(): logout() flash("Login restricted.", "danger") return # don't override existing user if getattr(g, "user", None) is not None: log.debug("Reusing existing user %s", g.user) return data = session["user_info"] # Make sure old and incompatible sessions get dropped. if "type" not in data.keys(): logout() return login_type = LoginType(data["type"]) if login_type in (LoginType.GOOGLE, LoginType.LOCAL): login_id = data["email"] picture = data.get("picture") elif login_type == LoginType.GITHUB: login_id = data["login"] picture = data.get("avatar_url") else: log.error("Unsupported login type %r", login_type) flash("Login unsupported.", "danger") logout() return user = User.query.filter_by(login=login_id).one_or_none() is_new = False is_changed = False if not user: resp, invite_code = registration_required(login_id=login_id) if resp is not None: return resp if "@" in login_id: name, host = login_id.rsplit("@", 1) log.info("Creating new user %s...%s@%s (%s)", name[0], name[-1], host, login_type) else: name = login_id log.info( "Creating new user %s...%s (%s)", login_id[:2], login_id[-2:], login_type, ) user = User( login=login_id, full_name=data.get("name", name), profile_picture=picture, login_type=login_type, ) is_new = True if invite_code is not None: session.pop("invite_code") user.roles = invite_code.roles user.invite_code = invite_code invite_code.remaining_uses -= 1 if current_app.config["AUTO_ENABLE_INVITED_USERS"]: user.enable() db.session.add(invite_code) else: log.info("Updating user %s", user) if "name" in data and not user.full_name: user.full_name = data["name"] is_changed = True if picture and not user.profile_picture: user.profile_picture = picture is_changed = True if user.login_type is None: user.login_type = login_type # update automatic roles if is_new: user.roles.append(get_or_create_role(PredefinedRoles.USER)) email = data.get("email") if email in current_app.config["APPLICATION_ADMINS"]: user.roles.append(get_or_create_role(PredefinedRoles.ADMIN)) user.roles.append(get_or_create_role(PredefinedRoles.REVIEWER)) if is_new: user.state = UserState.ACTIVE is_changed = True elif email == "*****@*****.**": user.roles.append(get_or_create_role(PredefinedRoles.REVIEWER)) is_changed = True if is_changed or is_new: log.info("Saving user %s", user) db.session.add(user) db.session.commit() if user.is_blocked(): logout() flash("Account blocked", "danger") elif user.is_enabled(): g.user = user log.debug("Loaded user %s", g.user) if user.is_first_login(): user.enable() db.session.add(user) db.session.commit() flash( jinja2.Markup( "Welcome to Vulncode-DB!<br>" "Please take a look at your " f'<a href="{url_for("profile.index")}">profile page</a> ' "to review your settings."), "info", ) else: logout() flash("Account not yet activated", "danger")
def load_user(): # continue for assets if request.path.startswith('/static'): return # continue for logout page if request.path == url_for('auth.logout'): return # continue for terms page if request.path == url_for('auth.terms'): return if not is_authenticated(): g.user = None return log.debug('Loading user') # Ignore all non-admin users during maintenance or restricted mode. if (current_app.config["MAINTENANCE_MODE"] or current_app.config['RESTRICT_LOGIN'] and not current_app.config['IS_LOCAL']) and not is_admin(): logout() flash('Login restricted.', 'danger') return # don't override existing user if getattr(g, 'user', None) is not None: log.debug('Reusing existing user %s', g.user) return data = session["user_info"] email = data["email"] user = User.query.filter_by(email=email).one_or_none() is_new = False is_changed = False if not user: if not session.get('terms_accepted'): log.warn('Terms not accepted yet') request._authorized = True return redirect(url_for('auth.terms')) name, host = email.rsplit('@', 1) log.info('Creating new user %s...%s@%s', name[0], name[-1], host) user = User(email=email, full_name=data.get("name", name), profile_picture=data.get("picture")) is_new = True else: log.info('Updating user %s', user) if 'name' in data and user.full_name != data['name']: user.full_name = data["name"] is_changed = True if 'picture' in data and user.profile_picture != data['picture']: user.profile_picture = data["picture"] is_changed = True # update automatic roles if is_new: user.roles.append(get_or_create_role(PredefinedRoles.USER)) if email in current_app.config["APPLICATION_ADMINS"]: user.roles.append(get_or_create_role(PredefinedRoles.ADMIN)) user.roles.append(get_or_create_role(PredefinedRoles.REVIEWER)) if is_new: user.state = UserState.ACTIVE is_changed = True elif email == '*****@*****.**': user.roles.append(get_or_create_role(PredefinedRoles.REVIEWER)) is_changed = True if is_changed or is_new: log.info('Saving user %s', user) db.session.add(user) db.session.commit() if user.is_blocked(): logout() flash('Account blocked', 'danger') elif user.is_enabled(): g.user = user log.debug('Loaded user %s', g.user) else: logout() flash('Account not yet activated', 'danger')