def identity_loader_session(): """Load the identity from the session.""" try: identity = Identity( session['identity.id'], session['identity.auth_type']) if current_app.config.get('ENABLE_SUPERPOWERS_FOR_EVERYONE', False): egroups = get_egroups_roles_relations() identity.provides = set(egroups['data-preservation-admins']) else: identity.provides = session['identity.provides'] return identity except KeyError: return None
def reset_password(): """GET /reset-password: choose new password """ # get password-reset entry f = (PasswordResetRequest.key == request.args.get('key'), User.email == request.args.get('email')) r = PasswordResetRequest.query.filter(*f).first() # return error response if link doesn't exist or wrong email if r == None or r.user.email != request.args['email']: return render_template('/auth/reset-password-error.html'), 400 # expired if older than 1 day delta = datetime.datetime.utcnow() - r.create_ts if delta.days > 0: db.session.delete(r) db.session.flush() return render_template('/auth/reset-password-error.html'), 400 # handle form form = ResetPasswordForm() if form.validate_on_submit(): # save new password u = r.user u.password = generate_password_hash(form.password.data) db.session.add(u) # login user login_user(u, remember=True) identity_changed.send(current_app._get_current_object(), identity=Identity(u.id)) # delete password reset db.session.delete(r) db.session.flush() return render_template('/auth/reset-password-followup.html') return render_template('/auth/reset-password.html', form=form)
def post(self): arg = self.parser.parse_args() user = User_model.query.filter_by(username=arg.ID).first() error = None if user is None: error = 'ID is not exist.' elif not check_password_hash(user.password, arg.pwd): error = 'Incorrect password.' if error is None: identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) login_user(user) return {"msg": error, "user": { "username": user.username, "name": user.name }} return { "msg": error, "user": None }
def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] user = User.query.filter_by(user_name=username, user_pass=password).one_or_none() if username == '': flash('请输入用户名') return render_template('login.html') elif password == '': flash('请输入密码') return render_template('login.html') elif user is not None: login_user(user, remember=True) identity_changed.send(current_app._get_current_object(), identity=Identity(user.user_id)) return redirect(url_for('pagecs')) else: flash('用户名或密码不正确') return render_template('login.html') db.session.close() return render_template('login.html')
def login(): # login page if current_user.is_authenticated: return redirect(url_for('auth.account')) form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if user is None or not user.check_password(form.password.data): flash('Invalid username or password', 'warning') return redirect(url_for('auth.login')) flash('Successful login.', 'info') login_user(user, remember=form.remember_me.data) next = request.args.get('next') if not is_safe_url(next): return abort(400) if user.role == 'admin': identity_changed.send( current_app._get_current_object(), identity=Identity(user.id) ) return redirect(next or url_for('main.index')) return render_template('auth/login.html', title='Sign In', form=form)
def login(): if current_user.is_authenticated: return redirect(url_for('start_page')) form = LoginForm() if form.validate_on_submit(): print('name: {}, password: {}, remember me: {}'.format( form.username.data, form.password.data, form.remember_me.data)) user = Person.nodes.get_or_none(name=form.username.data) if user is None or not user.check_password(form.password.data): flash('Неправильный логин или пароль!!!') return redirect(url_for('login')) login_user(user, form.remember_me.data) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) next_page = request.args.get('next') if not next_page or url_parse(next_page).netloc != '': next_page = url_for('start_page') return redirect(next_page) return render_template('login.html', title='Sign In', form=form)
def create_account(): """GET|POST /create-account: create account form handler """ form = CreateAccountForm() if form.validate_on_submit(): # add user to database u = User(email=form.email.data, password=generate_password_hash(form.password.data)) db.session.add(u) db.session.flush() # send verification email send_verification_email(u) # login user login_user(u, remember=True) identity_changed.send(current_app._get_current_object(), identity=Identity(u.id)) return redirect(request.args.get('next') or url_for('content.home')) return render_template('/auth/create-account.html', form=form)
def process_login(username, password, remember=False, flash_=True): try: user = User.objects().get(username=username, deleted=None) if not user.check_password(password): raise InvalidLoginError() except (User.DoesNotExist, InvalidLoginError): login = Login() login.visitor = g.visitor login.username = username login.successful = False login.save() if flash_: flash('Login information incorrect', 'error') return False login_user(user, remember=remember) identity_changed.send(current_app._get_current_object(), identity=Identity(str(user.id))) login = Login() login.visitor = g.visitor login.user = user login.successful = True login.save() user.sessions.append(login) user.save() current_app.logger.info('User login successful: %s - Log: %s' % (user.id, login.id)) if flash_: flash('Login successful! Welcome, %s!' % user, 'success') return True
def login(): if current_user.is_authenticated: return redirect(url_for('user.index')) form = LoginForm() if form.validate_on_submit(): number = form.number.data password = form.password.data remember = form.remember.data user = User.query.filter(User.number == number).first() if user: if number == user.number and user.validate_password(password): login_user(user, remember) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash('登录成功', 'success') return redirect( request.args.get('next') or url_for('user.index')) flash('密码错误', 'warning') return redirect(url_for('.login')) flash('用户名错误', 'warning') return redirect(url_for('.login')) return render_template('auth/login.html', form=form)
def login_user(user, remember=None): """Perform the login routine. If *SECURITY_TRACKABLE* is used, make sure you commit changes after this request (i.e. ``app.security.datastore.commit()``). :param user: The user to login :param remember: Flag specifying if the remember cookie should be set. Defaults to ``False`` """ if remember is None: remember = config_value("DEFAULT_REMEMBER_ME") if not _login_user(user, remember): # pragma: no cover return False if _security.trackable: remote_addr = request.remote_addr or None # make sure it is None old_current_login, new_current_login = ( user.current_login_at, _security.datetime_factory(), ) old_current_ip, new_current_ip = user.current_login_ip, remote_addr user.last_login_at = old_current_login or new_current_login user.current_login_at = new_current_login user.last_login_ip = old_current_ip user.current_login_ip = new_current_ip user.login_count = user.login_count + 1 if user.login_count else 1 _datastore.put(user) session["fs_cc"] = "set" identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return True
def login(): """ """ if current_user.is_authenticated: return redirect(url_for('home')) form = LoginForm() # Validate Login if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() # Login and validate the user. if user is not None and user.password is not None \ and user.verify_password(form.password.data): login_user(user, remember=False) current_user.authenticated = True current_user.logged_in = True session['user_id'] = current_user.id # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) # update the database db.session.add(current_user) db.session.commit() flash('Logged in successfully.') # if user is a user direct to userdashboard if current_user.has_roles("user"): return redirect(url_for('user_dashboard', user=current_user)) # if user is a driver direct to driver dashboard if current_user.has_roles("driver"): return redirect( url_for('driver_dashboard', driver=current_user)) else: flash('Invalid username or passowrd') return redirect(url_for('login')) return render_template('login.html', title='Sign In', form=form)
def user_signin(user=None): form = LoginForm(request.form) if not current_user.is_anonymous: if form.type.data == 'json': return jsonify({'result': 'error', 'message': 'Already logged!'}) return render_template( 'user/logout.html', title='Logout', name=current_user.name, next=url_for('user_signin'), ) if request.method == 'POST': if form.validate(): login_user(form.user, remember=form.remember.data) identity_changed.send(app, identity=Identity(form.user.id)) if form.type.data == 'json': return jsonify({'result': 'ok'}) flash('Successfully logged in as {0}'.format(form.user.name)) return redirect(get_next()) else: if form.type.data == 'json': return jsonify({ 'result': 'error', 'message': 'Invalid email or password!' }) return render_template( 'user/signin.html', title='Sign in', form=form, next=get_next(), )
def conduct_call( client, resource, url_for, method, params, body=None, expected_code=200, headers=None, raw_body=None, ): """ Conducts a call to a Flask endpoint. """ params = add_csrf_param(client, params) final_url = url_for(resource, **params) headers = headers or {} headers.update({"Content-Type": "application/json"}) if body is not None: body = json.dumps(body) if raw_body is not None: body = raw_body # Required for anonymous calls to not exception. g.identity = Identity(None, "none") rv = client.open(final_url, method=method, data=body, headers=headers) msg = "%s %s: got %s expected: %s | %s" % ( method, final_url, rv.status_code, expected_code, rv.data, ) assert rv.status_code == expected_code, msg return rv
def login(): form = LoginForm() if current_user.is_authenticated: return redirect('/admin') if request.method == 'POST': # print(form.validate_on_submit()) # print(bcrypt.generate_password_hash(p).decode('utf-8')) if form.validate_on_submit(): u = form.username.data p = form.password.data # user = User.query.filter(User.username==u,User.password==p) user = User.query.filter_by(username=form.username.data).one() login_user(user, remember=form.remember.data) m = identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) # print(u,p,m) flash('Logged in successfully') # next = request.args.get('next') # if not is_safe_url(next): # return abort(400) # return redirect(next or url_for('index')) return redirect('/admin') return render_template('admin/login.html', form=form)
def login(): if current_user.is_authenticated: return redirect(url_for('index')) form = LoginForm() # Check the form data if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if user is None or not user.check_password(form.password.data): flash('Invalid username or password') # log information app.logger.info('"%s" logged in failed', form.username.data) return redirect(url_for('login')) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) login_user(user, remember=form.remember_me.data) #log information app.logger.info('"%s" logged in successfully', user.username) next_page = request.args.get('next') if not next_page or url_parse(next_page).netloc != '': next_page = url_for('index') return redirect(next_page) return render_template('user/login.html',title='Login',form=form)
def login(): # A hypothetical login form that uses Flask-WTF form = LoginForm() # Validate form input if form.validate_on_submit(): # Retrieve the user from the hypothetical datastore user = User.query.filter_by(login=form.login.data).first() # Compare passwords (use password hashing production) if form.password.data == user.password: # Keep the user info in the session using Flask-Login login_user(user) # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return redirect(request.args.get('next') or '/') return render_template('authorization/login.html', form=form, current_user=current_user)
def login(): # A hypothetical login form that uses Flask-WTF # form = LoginForm() # Validate form input if request.method == 'POST': username = request.form.get('user_id') password = request.form.get('user_password') #if form.validate_on_submit(): # Retrieve the user from the hypothetical datastore user = UserDao.get_user(username) # Compare passwords (use password hashing production) if password == user.password: # Keep the user info in the session using Flask-Login login_user(user) # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return redirect(url_for('auth.protected')) return '''''
def register_admin(): form = RegisterAdminForm() if form.validate_on_submit(): number = form.number.data name = form.name.data dept_id = form.dept_id.data role_id = form.role_id.data phone = form.phone.data password = form.password.data user = User(number=number, name=name, dept_id=dept_id, role_id=role_id, phone=phone) user.set_password(password) db.session.add(user) db.session.commit() login_user(user) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash('注册成功,已登录', 'success') return redirect(url_for('user.index')) return render_template('auth/register_admin.html', form=form)
def login(): ''' 超级用户登录界面 ''' form = SuperLoginForm() # 验证输入的信息 if form.validate_on_submit(): try: user = models.User.objects.get(username=form.username.data) except models.User.DoesNotExist: user = None if user and user.verify_password(form.password.data): if user.role == 'super_admin': login_user(user) user.last_login_time = datetime.datetime.now user.save() identity_changed.send(current_app._get_current_object(), identity=Identity(user.username)) return redirect(url_for('super_admin.device')) else: flash('该账号为普通账号,请从普通管理员入口登录!', 'warning') flash('用户名或密码错误', 'danger') return render_template('super_admin/login.html', form=form)
def verifica_user(): user_json = session['barzinga_user'] user = User.query().filter(User.email == user_json["email"]).get() if not user: # user = User(name = user_json['name'], email=user_json['email'], photo_url=user_json['picture'], money=0.0, admin=False, rfid=str('')) user = User(name = '', email=user_json['email'], photo_url=user_json['picture'], money=0.0, admin=False, rfid=str('')) user.put() user_document = search.Document( fields=[ search.TextField(name='name', value=user.name), search.TextField(name='email', value=user.email) ]) search.Index(name='user').put(user_document) elif not user.photo_url: user.photo_url = user_json['picture'] user.put() identity = Identity(user.key.id()) identity_changed.send(current_app._get_current_object(), identity=identity)
def post(self): parser = reqparse.RequestParser() parser.add_argument('login', type=str) parser.add_argument('password', type=str) parser.add_argument('totp', type=str) # OR parser.add_argument('api_key', type=str) args = parser.parse_args() if not (args.get('login') or args.get('api_key')): abort(400, "Must provide login or api key") # let sigil take care of the other error handling, # just relay the message to the user user = request_authentication(args.get('login'), args.get('password'), args.get('totp'), args.get('api_key')) if user.get('username'): login = user['username'] login_user(User(login, user['provides'])) session['provides'] = user['provides'] identity_changed.send(current_app._get_current_object(), identity=Identity(login)) return ("success", 200) abort(401, "Could not log in")
def login(): if current_user.is_authenticated: return redirect(url_for('public.index')) form = LoginForm() if form.validate_on_submit(): # get by email valida user = User.get_by_email(form.email.data) if user is not None and user.check_password(form.password.data): # funcion provista por Flask-Login, el segundo parametro gestiona el "recordar" login_user(user, remember=form.remember_me.data) next_page = request.args.get('next', None) if not next_page: next_page = url_for('public.index') app_actual = current_app._get_current_object() identity_changed.send(app_actual, identity=Identity(user.id)) return redirect(url_for('public.index')) else: flash('Usuario o contraseña inválido') return redirect(url_for('auth.login')) # no logueado, dibujamos el login con el form vacio return render_template('login.html', form=form)
def post(self): if request.form.get('login_github'): session['oauth_callback_type'] = 'login' return github_auth.github_auth() # return 'login_github' form = forms.LoginForm(obj=request.form) if form.validate(): try: user = models.User.objects.get(username=form.username.data) except models.User.DoesNotExist: user = None if user and user.verify_password(form.password.data): login_user(user, form.remember_me.data) user.last_login = datetime.datetime.now user.save() identity_changed.send(current_app._get_current_object(), identity=Identity(user.username)) return redirect( request.args.get('next') or url_for('main.index')) flash('Invalid username or password', 'danger') return self.get(form=form)
def register(): form = RegistrationForm() if form.validate_on_submit(): # Register an existing guest user # TODO: What about a registered user visiting the registration form? if current_user.is_authenticated: current_user.username = form.username.data current_user.email = form.email.data current_user.password = form.password.data current_user.follow(current_user) current_user.save() send_confirmation_email() return redirect(url_for('dashboard.dashboard')) # Register a new user else: user = User( email=form.email.data, username=form.username.data, password=form.password.data, ).save() user.follow(user) login_user(user.seen()) # Flask-Principal: Create an Identity object and signal that the identity has changed, # which triggers on_identify_changed() and on_identify_loaded(). Identity() takes a unique ID. identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return redirect(url_for('dashboard.dashboard')) return render_template( 'auth/register.html', title="Register", form=form, )
def login_user(user, remember=None): """Performs the login routine. :param user: The user to login :param remember: Flag specifying if the remember cookie should be set. Defaults to ``False`` """ if remember is None: remember = config_value('DEFAULT_REMEMBER_ME') if not _login_user(user, remember): # pragma: no cover create_login_log(user, 0) return False if _security.trackable: if 'X-Forwarded-For' in request.headers: remote_addr = request.headers.getlist( "X-Forwarded-For")[0].rpartition(' ')[-1] else: remote_addr = request.remote_addr or 'untrackable' old_current_login, new_current_login = user.current_login_at, datetime.utcnow( ) old_current_ip, new_current_ip = user.current_login_ip, remote_addr user.last_login_at = old_current_login or new_current_login user.current_login_at = new_current_login user.last_login_ip = old_current_ip or new_current_ip user.current_login_ip = new_current_ip user.login_count = user.login_count + 1 if user.login_count else 1 _datastore.put(user) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) create_login_log(user, 1) return True
def post(self): self.reqparse.add_argument('clientId', type=str, required=True, location='json') self.reqparse.add_argument('redirectUri', type=str, required=True, location='json') self.reqparse.add_argument('code', type=str, required=True, location='json') args = self.reqparse.parse_args() # you can either discover these dynamically or simply configure them access_token_url = current_app.config.get('PING_ACCESS_TOKEN_URL') user_api_url = current_app.config.get('PING_USER_API_URL') secret = current_app.config.get('PING_SECRET') id_token, access_token = exchange_for_access_token( args['code'], args['redirectUri'], args['clientId'], secret, access_token_url=access_token_url ) jwks_url = current_app.config.get('PING_JWKS_URL') validate_id_token(id_token, args['clientId'], jwks_url) user, profile = retrieve_user(user_api_url, access_token) roles = create_user_roles(profile) update_user(user, profile, roles) if not user.active: metrics.send('login', 'counter', 1, metric_tags={'status': FAILURE_METRIC_STATUS}) return dict(message='The supplied credentials are invalid'), 403 # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) metrics.send('login', 'counter', 1, metric_tags={'status': SUCCESS_METRIC_STATUS}) return dict(token=create_token(user))
def signup(): title = "SignUp" next_url = request.args.get("next") or url_for(".index") form = SignUpForm() if form.validate_on_submit(): data = form.data user = UserService.create(**data) if user is not None: login_user(user, remember=True, force=True) # This is necessary to remember the user identity_changed.send(app, identity=Identity(user.id)) # include the username and api_token in the session # logger.info(next_url) resp = redirect(next_url) # Transfer auth token to the frontend for use with api requests # __xcred = base64.b64encode("%s:%s" % (user.id, user.get_auth_token())) key = "%s:%s" % (user.id, user.get_auth_token()) __xcred = base64.b64encode(key.encode()) resp.set_cookie("__xcred", __xcred) resp.set_cookie("current_user_id", value=str(user.id)) session.permanent = True flash("Signup Successful. Welcome to Feature Request App", "Welcome!") return resp else: login_error = "The username or password is invalid" return render_template("main/signup.html", **locals())
def login(): """Login route""" class LoginForm(Form): """Login form""" username = StringField('Username', validators=[validators.required()]) password = PasswordField('Password', validators=[validators.required()]) form = LoginForm() # Validate form if form.validate_on_submit(): username = request.form['username'] password = request.form['password'] # Attempt login via api try: user_dict = current_app.users_api.login(username=username, \ password=password, response=True) except ReceivedErrorResponse as e: logger.warning('Invalid username or password') flash('Invalid username or password') except Exception as e: logger.error(str(e)) flash('Sorry, but you could not log in') else: user = User(user_dict['id'], username, user_dict['roles']) if login_user(user, remember=True): # Flask-Principal identity_changed.send(current_app._get_current_object(), \ identity=Identity(user.user_id)) # Redirect logger.info('Logged in as %s', username) flash('Logged in as %s' % username) return redirect(request.args.get('next') or url_for('home')) else: logger.error('Sorry but you could not log in') flash('Sorry, but you could not log in') return render_template('login.html', url=url_for('.login'), form=form)
def login_user(user, **kwargs): """Perform the login routine. If SECURITY_TRACKABLE is used, make sure you commit changes after this request (i.e. ``app.security.datastore.commit()``). :param user: The user to login """ if 'remember' in kwargs: warnings.warn( "Remember me support has been removed.", DeprecationWarning ) if not _login_user(user, False): # pragma: no cover return False if _security.trackable: remote_addr = request.remote_addr or None # make sure it is None old_current_login, new_current_login = ( user.current_login_at, _security.datetime_factory() ) old_current_ip, new_current_ip = user.current_login_ip, remote_addr user.last_login_at = old_current_login or new_current_login user.current_login_at = new_current_login user.last_login_ip = old_current_ip user.current_login_ip = new_current_ip user.login_count = user.login_count + 1 if user.login_count else 1 _datastore.put(user) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return True
def load_vocabulary(source, filename): """Load vocabulary items from a vocabulary source.""" assert source == "json" records = [] identity = Identity(1) identity.provides.add(any_user) service = VocabulariesService() with open(filename) as json_file: json_array = json.load(json_file) assert len(json_array) > 0 vocabulary_type_name = json_array[0]["type"] vocabulary_type = VocabularyType(name=vocabulary_type_name) db.session.add(vocabulary_type) db.session.commit() with click.progressbar(json_array) as bar: for item_data in bar: # ensure each item is of the same type assert item_data["type"] == vocabulary_type_name copied_data = {} for key in item_data: value = item_data[key] if key != "type" and key != "id" and value is not None: copied_data[key] = value vocabulary_item_record = service.create( identity=identity, data={ "metadata": copied_data, "vocabulary_type_id": vocabulary_type.id, }, ) records.append(vocabulary_item_record) return records
def post(self): if "aad" not in current_app.config.get("ACTIVE_PROVIDERS"): return "AzureAD is not enabled in the config. See the ACTIVE_PROVIDERS section.", 404 default_state = 'clientId,{client_id},redirectUri,{redirectUri},return_to,{return_to}'.format( client_id=current_app.config.get('AAD_CLIENT_ID'), redirectUri=current_app.config.get('AAD_REDIRECT_URI'), return_to=current_app.config.get('WEB_PATH') ) self.reqparse.add_argument('code', type=str, required=True) self.reqparse.add_argument('id_token', type=str, required=True) self.reqparse.add_argument('state', type=str, required=False, default=default_state) args = self.reqparse.parse_args() client_id = args['state'].split(',')[1] redirect_uri = args['state'].split(',')[3] return_to = args['state'].split(',')[5] id_token = args['id_token'] if not validate_redirect_url(return_to): return_to = current_app.config.get('WEB_PATH') # fetch token public key jwks_url = current_app.config.get('AAD_JWKS_URL') # Validate id_token and extract username (email) username = self.validate_id_token(id_token, client_id, jwks_url) user = setup_user(username, '', current_app.config.get('AAD_DEFAULT_ROLE', 'View')) # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) login_user(user) db.session.commit() db.session.refresh(user) return redirect(return_to, code=302)
def __init__(self): Identity.__init__(self, "dummy")