def initialise(self):
"""
The application needs initialisation to load the database
connection etc. In previous versions this was done with the
initialisation of the class in the __init__ method. This is
now separated into this function.
"""
#: Check if the secret key is defined, if not raise an
#: exception since it is required
assert self.secret_key, 'Secret Key is not defined in config'
#: Load the cache
self.load_cache()
#: Initialise the CSRF handling
self.csrf_protection = CsrfProtect()
self.csrf_protection.init_app(self)
self.view_functions['static'] = self.send_static_file
# Backend initialisation
self.load_backend()
#: Initialise the login handler
login_manager = LoginManager()
login_manager.user_loader(self._pool.get('nereid.user').load_user)
login_manager.header_loader(
self._pool.get('nereid.user').load_user_from_header
)
login_manager.token_loader(
self._pool.get('nereid.user').load_user_from_token
)
login_manager.unauthorized_handler(
self._pool.get('nereid.user').unauthorized_handler
)
login_manager.login_view = "nereid.website.login"
login_manager.anonymous_user = self._pool.get('nereid.user.anonymous')
login_manager.init_app(self)
self.login_manager = login_manager
# Monkey patch the url_for method from flask-login to use
# the nereid specific url_for
flask.ext.login.url_for = url_for
self.template_context_processors[None].append(
self.get_context_processors()
)
# Add the additional template context processors
self.template_context_processors[None].append(
nereid_default_template_ctx_processor
)
# Add template_filters registered using decorator
for name, function in self.get_template_filters():
self.jinja_env.filters[name] = function
# Finally set the initialised attribute
self.initialised = True
def setup_app(app):
"""Setup login extension."""
app.config.setdefault('CFG_OPENID_AUTHENTICATION', False)
app.config.setdefault('CFG_OAUTH1_AUTHENTICATION', False)
app.config.setdefault('CFG_OAUTH2_AUTHENTICATION', False)
@app.errorhandler(401)
def do_login_first(error=401):
"""Displays login page when user is not authorised."""
if request.is_xhr:
return g._("Authorization failure"), 401
if current_user.is_guest:
flash(g._("Please sign in to continue."), 'info')
else:
flash(g._("Authorization failure."), 'danger')
from invenio.modules.accounts.views.accounts import login
return login(referer=request.url), 401
# Let's create login manager.
_login_manager = LoginManager(app)
_login_manager.login_view = app.config.get('CFG_LOGIN_VIEW',
'webaccount.login')
_login_manager.anonymous_user = UserInfo
_login_manager.unauthorized_handler(do_login_first)
@_login_manager.user_loader
def _load_user(uid):
"""
Function should not raise an exception if uid is not valid
or User was not found in database.
"""
return UserInfo(int(uid))
return app
def create_app(config):
app = Flask(__name__, static_url_path='', static_folder=STATIC_PATH)
init_app_config(app, config)
init_logger(app)
app.url_map.strict_slashes = False
lm = LoginManager()
lm.unauthorized_handler(basic_unauthorized)
lm.init_app(app)
lm.user_loader(load_user)
lm.session_protection = "strong"
# this patch needs because chrome will ignore cookies when using ip.
app.session_interface.get_cookie_domain = lambda _app: None
flex = FlexRestManager(db_base=Base, db_session_callback=global_session)
flex.init_app(app)
register_blueprints(app, BLUEPRINTS)
@app.after_request
def after_request(response):
dbs = global_session(create=False)
dbs and dbs.close()
return response
@app.route('/favicon.ico')
def favicon():
return app.send_static_file('images/favicon.ico')
return app
def initialise(self):
"""
The application needs initialisation to load the database
connection etc. In previous versions this was done with the
initialisation of the class in the __init__ method. This is
now separated into this function.
"""
#: Check if the secret key is defined, if not raise an
#: exception since it is required
assert self.secret_key, 'Secret Key is not defined in config'
#: Load the cache
self.load_cache()
#: Initialise the CSRF handling
self.csrf_protection = NereidCsrfProtect()
self.csrf_protection.init_app(self)
self.view_functions['static'] = self.send_static_file
# Backend initialisation
self.load_backend()
#: Initialise the login handler
login_manager = LoginManager()
login_manager.user_loader(self._pool.get('nereid.user').load_user)
login_manager.header_loader(
self._pool.get('nereid.user').load_user_from_header)
login_manager.token_loader(
self._pool.get('nereid.user').load_user_from_token)
login_manager.unauthorized_handler(
self._pool.get('nereid.user').unauthorized_handler)
login_manager.login_view = "nereid.website.login"
login_manager.anonymous_user = self._pool.get('nereid.user.anonymous')
login_manager.init_app(self)
self.login_manager = login_manager
# Monkey patch the url_for method from flask-login to use
# the nereid specific url_for
flask.ext.login.url_for = url_for
self.template_context_processors[None].append(
self.get_context_processors())
# Add the additional template context processors
self.template_context_processors[None].append(
nereid_default_template_ctx_processor)
# Add template_filters registered using decorator
for name, function in self.get_template_filters():
self.jinja_env.filters[name] = function
# Initialize Babel
Babel(self)
# Finally set the initialised attribute
self.initialised = True
def record_login_manager(state):
login_manager = LoginManager()
login_manager.login_view = 'FoodTruck.login'
login_manager.user_loader(load_user)
if state.app.config['SECRET_KEY'] == 'temp-key':
def _handler():
from flask import render_template
return render_template('error.html',
error="No secret key has been set!")
logger.debug("No secret key found, disabling website login.")
login_manager.unauthorized_handler(_handler)
login_manager.login_view = None
login_manager.init_app(state.app)
def setup_app(app):
"""Setup login extension."""
app.config.setdefault("CFG_OPENID_AUTHENTICATION", False)
app.config.setdefault("CFG_OAUTH1_AUTHENTICATION", False)
app.config.setdefault("CFG_OAUTH2_AUTHENTICATION", False)
@app.errorhandler(401)
def do_login_first(error=401):
"""Display login page when user is not authorised."""
if request.is_xhr:
return g._("Authorization failure"), 401
secure_url = url_for(request.endpoint, _external=True, _scheme="https", **request.view_args)
if not urllib.unquote(secure_url).startswith(request.base_url):
return redirect(secure_url)
if current_user.is_guest:
flash(g._("Please sign in to continue."), "info")
from invenio.modules.accounts.views.accounts import login
return login(referer=request.url), 401
else:
flash(g._("Authorization failure."), "danger")
from flask import render_template
return render_template("401.html"), 401
# Let's create login manager.
_login_manager = LoginManager(app)
_login_manager.login_view = app.config.get("CFG_LOGIN_VIEW", "webaccount.login")
_login_manager.anonymous_user = UserInfo
_login_manager.unauthorized_handler(do_login_first)
@user_logged_in.connect_via(app)
def _logged_in(sender, user):
"""Update last login date."""
from invenio.modules.accounts.models import User
User.query.filter_by(id=user.get_id()).update(dict(last_login=datetime.now()))
@_login_manager.user_loader
def _load_user(uid):
"""Do not raise an exception if uid is not valid or missing."""
return UserInfo(int(uid))
return app
hist_css = Bundle('css/jquery.dataTables.css')
assets.register('js', main_js)
assets.register('css', main_css)
assets.register('foos_js', foos_js)
assets.register('foos_css', foos_css)
assets.register('hist_js', hist_js)
assets.register('hist_css', hist_css)
assets.register('players_css', players_css)
#import this after db is initualized above
from foosweb.views.player import mod as playersModule
from foosweb.views.auth import mod as authModule
from foosweb.views.foos import mod as foosModule
from foosweb.views.history import mod as histModule
from foosweb.views.teams import mod as teamModule
from foosweb.views.readme import mod as readmeModule
from foosweb.views.error import mod as errorModule
app.register_blueprint(playersModule)
app.register_blueprint(authModule)
app.register_blueprint(foosModule)
app.register_blueprint(histModule)
app.register_blueprint(teamModule)
app.register_blueprint(readmeModule)
app.register_blueprint(errorModule)
from foosweb.utils import user_loader, unauthorized
lm.user_loader(user_loader)
lm.unauthorized_handler(unauthorized)
class Auth:
GHOST = 0
USER = 1
ADMIN = 2
SUPER_ADMIN = 3
class Anonymous(AnonymousUserMixin):
def __init__(self):
self._id = None
def get_id(self):
return unicode('')
def __init__(self):
self.__login_manager = LoginManager()
self.config = {}
def init_app(self, app, config):
print 'Attaching LoginManager to app.'
self.__login_manager.init_app(app)
self.__login_manager.anonymous_user = Auth.Anonymous
self.config = config
def load_user(user_id):
if user_id == '':
return None
Users = Database['Users']
try:
return Users.User.find_one({'_id': ObjectId(user_id)})
except:
return None
def unauthorized():
return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED
self.__login_manager.user_loader(load_user)
self.__login_manager.unauthorized_handler(unauthorized)
self.__bcrypt = Bcrypt(app)
def login_manager(self):
return self.__login_manager
def require(self, user_level):
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if current_user.is_authenticated(
) and current_user.get_access_level() >= user_level:
return f(*args, **kwargs)
return self.__login_manager.unauthorized()
return decorated_function
return login_required
def login(self, user_object, password):
if user_object is not None:
if self.__bcrypt.check_password_hash(user_object['password'],
password):
if not login_user(user_object):
return resource_strings["USER_NOT_ACTIVATED"]
else:
return 'Invalid password'
else:
return 'Invalid email'
return None
def login_social(self, login_type, token):
user_object = None
try:
user_object = SocialSignin.verify(login_type, token)
except SocialSignin.Invalid as e:
return str(e)
login_user(user_object)
def logout(self):
logout_user()
def hash_password(self, password):
return self.__bcrypt.generate_password_hash(password)
# decorator that protects other users from PUT/POST/DELETE on you stuff
# user_id _must_ be passed in as 'user_id'
def only_me(self, function):
@wraps(function)
def inner(*args, **kwargs):
if kwargs['user_id'] != 'me':
return '{}', HTTP_401_UNAUTHORIZED
return function(*args, **kwargs)
return inner
class AuthLoginManager(object):
"""
Auth login manager
"""
manager = None
app = None
user_cls = None
token_cls = None
db = None
req_tok_type = None
def __init__(self, app, db, user_cls, token_cls):
"""
Constructor
"""
self.db = db
self.user_cls = user_cls
self.token_cls = token_cls
self.app = app
self.req_tok_type = (
app.config.get(
'AUTH_TOKEN_TYPE',
REQ_TOK_TYPES['header']
)
)
self.manager = LoginManager()
self.manager.request_loader(self._load_user_from_request)
self.manager.user_loader(self._load_user)
self.manager.token_loader(self._user_from_token)
self.manager.unauthorized_handler(self.unauthorized)
self.manager.init_app(self.app)
return None
def get_manager(self):
"""
Get login manager
"""
return self.manager
def _load_user_from_request(self, request):
"""
Callback to load a user from a Flask request object
See:
https://flask-login.readthedocs.org
/en/latest/#custom-login-using-request-loader
"""
req_token = (
request_helpers
.get_request_token(
self.req_tok_type,
request
)
)
if req_token is None:
return None
auth_token = self.token_cls.query.filter_by(token=req_token).first()
if auth_token is None:
return None
session['is_authenticated'] = True
session['auth_token'] = auth_token.token
return auth_token.user
def _load_user(self, user_id):
"""
Load a user from a user id
"""
return self.user_cls.get(user_id)
def _user_from_token(self, token):
"""
Gets a user from a token
"""
auth_token = self.token_cls.query.filter_by(token=token).first()
if auth_token is None:
return None
return auth_token.user
def unauthorized(self):
"""
Unauthorized handler
"""
headers = {}
headers['Content-Type'] = "application/json"
payload = {
'msg': "Not authorized",
'code': 'not_authorized'
}
return Response(json.dumps(payload), 401, headers)
def _setup_auth(self):
manager = LoginManager()
manager.init_app(self)
manager.request_loader(auth.authenticate)
manager.unauthorized_handler(auth.unauthorized)
class Auth:
GHOST = 0
USER = 1
ADMIN = 2
SUPER_ADMIN = 3
class Anonymous(AnonymousUserMixin):
def __init__(self):
self._id = None
def get_id(self):
return unicode('')
def __init__(self):
self.__login_manager = LoginManager()
self.config = {}
def init_app(self, app, config):
print 'Attaching LoginManager to app.'
self.__login_manager.init_app(app)
self.__login_manager.anonymous_user = Auth.Anonymous
self.config = config
def load_user(user_id):
if user_id == '':
return None
Users = Database['Users']
try:
return Users.User.find_one({'_id': ObjectId(user_id)})
except:
return None
def unauthorized():
return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED
self.__login_manager.user_loader(load_user)
self.__login_manager.unauthorized_handler(unauthorized)
self.__bcrypt = Bcrypt(app)
def login_manager(self):
return self.__login_manager
def require(self, user_level):
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if current_user.is_authenticated() and current_user.get_access_level() >= user_level:
return f(*args, **kwargs)
return self.__login_manager.unauthorized()
return decorated_function
return login_required
def login(self, user_object, password):
if user_object is not None:
if self.__bcrypt.check_password_hash(user_object['password'], password):
if not login_user(user_object):
return resource_strings["USER_NOT_ACTIVATED"]
else:
return 'Invalid password'
else:
return 'Invalid email'
return None
def login_social(self, login_type, token):
user_object = None
try:
user_object = SocialSignin.verify(login_type, token)
except SocialSignin.Invalid as e:
return str(e)
login_user(user_object)
def logout(self):
logout_user()
def hash_password(self, password):
return self.__bcrypt.generate_password_hash(password)
# decorator that protects other users from PUT/POST/DELETE on you stuff
# user_id _must_ be passed in as 'user_id'
def only_me(self, function):
@wraps(function)
def inner(*args, **kwargs):
if kwargs['user_id'] != 'me':
return '{}', HTTP_401_UNAUTHORIZED
return function(*args, **kwargs)
return inner
admin_pwd = g.config.get('security/password')
return User(admin_id, admin_pwd)
return None
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = 'login'
login_manager.user_loader(load_user)
if _missing_secret_key:
def _handler():
raise FoodTruckConfigNotFoundError()
logger.debug("No secret key found, disabling website.")
login_manager.unauthorized_handler(_handler)
login_manager.login_view = None
try:
from flask.ext.bcrypt import Bcrypt
except ImportError:
logging.warning("Bcrypt not available... falling back to SHA512.")
logging.warning("Run `pip install Flask-Bcrypt` for more secure "
"password hashing.")
import hashlib
def generate_password_hash(password):
return hashlib.sha512(password.encode('utf8')).hexdigest()
cur = db.execute("select wishstr from wishlists where usr=?",[g.user.id])
items = cur.fetchall()
items = [i[0] for i in items]
return render_template("wishlist_search.html", user=g.user, items=items, form=form)
"""
Users and login
"""
@lm.user_loader
def load_user(userid):
return User.get(userid)
lm.unauthorized_handler(require_login)
@app.before_request
def before_request():
g.user = current_user
"""
SocketIO
"""
@socketio.on('message', namespace='/thechat')
def send_message(message):
if current_user.is_authenticated():
escaped_message = Markup.escape(message['data']) # escape the message before broadcasting it!
emit('response',{'data': escaped_message, 'user': current_user.id},broadcast=True)
else:
