def login():
"""Logs the user in."""
if current_user is not None and current_user.is_authenticated:
return redirect_or_next(url_for("forum.index"))
current_limit = getattr(g, 'view_rate_limit', None)
login_recaptcha = False
if current_limit is not None:
window_stats = limiter.limiter.get_window_stats(*current_limit)
stats_diff = flaskbb_config["AUTH_REQUESTS"] - window_stats[1]
login_recaptcha = stats_diff >= flaskbb_config["LOGIN_RECAPTCHA"]
form = LoginForm()
if login_recaptcha and flaskbb_config["RECAPTCHA_ENABLED"]:
form = LoginRecaptchaForm()
if form.validate_on_submit():
try:
user = User.authenticate(form.login.data, form.password.data)
if not login_user(user, remember=form.remember_me.data):
flash(_("In order to use your account you have to activate it "
"through the link we have sent to your email "
"address."), "danger")
return redirect_or_next(url_for("forum.index"))
except AuthenticationError:
flash(_("Wrong username or password."), "danger")
return render_template("auth/login.html", form=form,
login_recaptcha=login_recaptcha)
def login():
"""Logs the user in."""
if current_user is not None and current_user.is_authenticated:
return redirect_or_next(url_for("forum.index"))
current_limit = getattr(g, 'view_rate_limit', None)
login_recaptcha = False
if current_limit is not None:
window_stats = limiter.limiter.get_window_stats(*current_limit)
stats_diff = flaskbb_config["AUTH_REQUESTS"] - window_stats[1]
login_recaptcha = stats_diff >= flaskbb_config["LOGIN_RECAPTCHA"]
form = LoginForm(request.form)
if form.validate_on_submit():
try:
user = User.authenticate(form.login.data, form.password.data)
if not login_user(user, remember=form.remember_me.data):
flash(
_("In order to use your account you have to activate it "
"through the link we have sent to your email "
"address."), "danger")
return redirect_or_next(url_for("forum.index"))
except AuthenticationError:
flash(_("Wrong username or password."), "danger")
return render_template("auth/login.html",
form=form,
login_recaptcha=login_recaptcha)
def register():
"""Register a new user."""
if current_user is not None and current_user.is_authenticated:
return redirect_or_next(url_for("forum.index"))
if not flaskbb_config["REGISTRATION_ENABLED"]:
flash(_("The registration has been disabled."), "info")
return redirect_or_next(url_for("forum.index"))
form = RegisterForm(request.form)
form.language.choices = available_languages()
form.language.default = flaskbb_config['DEFAULT_LANGUAGE']
form.process(request.form) # needed because a default is overriden
if form.validate_on_submit():
user = form.save()
if flaskbb_config["ACTIVATE_ACCOUNT"]:
send_activation_token.delay(user)
flash(
_("An account activation email has been sent to %(email)s",
email=user.email), "success")
else:
login_user(user)
flash(_("Thanks for registering."), "success")
return redirect_or_next(url_for('forum.index'))
return render_template("auth/register.html", form=form)
def register():
"""Register a new user."""
if current_user is not None and current_user.is_authenticated:
return redirect_or_next(url_for("forum.index"))
if not flaskbb_config["REGISTRATION_ENABLED"]:
flash(_("The registration has been disabled."), "info")
return redirect_or_next(url_for("forum.index"))
form = RegisterForm(request.form)
form.language.choices = available_languages()
form.language.default = flaskbb_config["DEFAULT_LANGUAGE"]
form.process(request.form) # needed because a default is overriden
if form.validate_on_submit():
user = form.save()
if flaskbb_config["ACTIVATE_ACCOUNT"]:
send_activation_token(user)
flash(_("An account activation email has been sent to %(email)s", email=user.email), "success")
else:
login_user(user)
flash(_("Thanks for registering."), "success")
return redirect_or_next(url_for("forum.index"))
return render_template("auth/register.html", form=form)
def post(self, report_id=None):
# AJAX request
if request.get_json() is not None:
ids = request.get_json().get("ids")
if not ids:
return jsonify(message="No ids provided.",
category="error",
status=404)
data = []
for report in Report.query.filter(Report.id.in_(ids)).all():
report.zapped_by = current_user.id
report.zapped = time_utcnow()
report.save()
data.append({
"id": report.id,
"type": "read",
"reverse": False,
"reverse_name": None,
"reverse_url": None
})
return jsonify(message="{} reports marked as read.".format(
len(data)),
category="success",
data=data,
status=200)
# mark single report as read
if report_id:
report = Report.query.filter_by(id=report_id).first_or_404()
if report.zapped:
flash(
_("Report %(id)s is already marked as read.",
id=report.id), "success")
return redirect_or_next(url_for("management.reports"))
report.zapped_by = current_user.id
report.zapped = time_utcnow()
report.save()
flash(_("Report %(id)s marked as read.", id=report.id), "success")
return redirect_or_next(url_for("management.reports"))
# mark all as read
reports = Report.query.filter(Report.zapped == None).all()
report_list = []
for report in reports:
report.zapped_by = current_user.id
report.zapped = time_utcnow()
report_list.append(report)
db.session.add_all(report_list)
db.session.commit()
flash(_("All reports were marked as read."), "success")
return redirect_or_next(url_for("management.reports"))
def post(self):
form = self.form()
if form.validate_on_submit():
registration_info = UserRegistrationInfo(
username=form.username.data,
password=form.password.data,
group=4,
email=form.email.data,
language=form.language.data
)
service = self.registration_service_factory()
try:
service.register(registration_info)
except StopValidation as e:
form.populate_errors(e.reasons)
return render_template("auth/register.html", form=form)
except PersistenceError:
logger.exception("Database error while persisting user")
flash(
_(
"Could not process registration due"
"to an unrecoverable error"
), "danger"
)
return render_template("auth/register.html", form=form)
current_app.pluggy.hook.flaskbb_event_user_registered(
username=registration_info.username
)
return redirect_or_next(url_for('forum.index'))
return render_template("auth/register.html", form=form)
def post(self):
form = self.form()
if form.validate_on_submit():
registration_info = UserRegistrationInfo(
username=form.username.data,
password=form.password.data,
group=4,
email=form.email.data,
language=form.language.data)
service = self.registration_service_factory()
try:
service.register(registration_info)
except StopValidation as e:
form.populate_errors(e.reasons)
return render_template("auth/register.html", form=form)
except PersistenceError:
logger.exception("Database error while persisting user")
flash(
_("Could not process registration due"
"to an unrecoverable error"), "danger")
return render_template("auth/register.html", form=form)
current_app.pluggy.hook.flaskbb_event_user_registered(
username=registration_info.username)
return redirect_or_next(url_for('forum.index'))
return render_template("auth/register.html", form=form)
def post(self):
form = self.form()
if form.validate_on_submit():
user = form.save()
if flaskbb_config["ACTIVATE_ACCOUNT"]:
# Any call to an expired model requires a database hit, so
# accessing user.id would cause an DetachedInstanceError.
# This happens because the `user`'s session does no longer exist.
# So we just fire up another query to make sure that the session
# for the newly created user is fresh.
# PS: `db.session.merge(user)` did not work for me.
user = User.query.filter_by(email=user.email).first()
send_activation_token.delay(user)
flash(
_("An account activation email has been sent to %(email)s", email=user.email),
"success"
)
else:
login_user(user)
flash(_("Thanks for registering."), "success")
return redirect_or_next(url_for('forum.index'))
return render_template("auth/register.html", form=form)
def post(self, report_id=None):
if request.get_json() is not None:
ids = request.get_json().get("ids")
if not ids:
return jsonify(
message="No ids provided.",
category="error",
status=404
)
data = []
for report in Report.query.filter(Report.id.in_(ids)).all():
if report.delete():
data.append(
{
"id": report.id,
"type": "delete",
"reverse": False,
"reverse_name": None,
"reverse_url": None
}
)
return jsonify(
message="{} reports deleted.".format(len(data)),
category="success",
data=data,
status=200
)
report = Report.query.filter_by(id=report_id).first_or_404()
report.delete()
flash(_("Report deleted."), "success")
return redirect_or_next(url_for("management.reports"))
def get(self):
if not login_fresh():
if current_user.password is None:
if current_app.discordAuth.authorized:
confirm_login()
return current_app.discordAuth.create_session()
return render_template("auth/reauth.html", form=self.form())
return redirect_or_next(current_user.url)
def post(self, user_id=None):
if not Permission(CanBanUser, identity=current_user):
flash(
_("You do not have the permissions to ban this user."),
"danger"
)
return redirect(url_for("management.overview"))
# ajax request
if request.get_json() is not None:
ids = request.get_json().get("ids")
if not ids:
return jsonify(
message="No ids provided.",
category="error",
status=404
)
data = []
users = User.query.filter(User.id.in_(ids)).all()
for user in users:
# don't let a user ban himself and do not allow a moderator
# to ban a admin user
if (current_user.id == user.id or
Permission(IsAdmin, identity=user) and
Permission(Not(IsAdmin), current_user)):
continue
elif user.ban():
data.append({
"id": user.id,
"type": "ban",
"reverse": "unban",
"reverse_name": _("Unban"),
"reverse_url": url_for("management.unban_user", user_id=user.id)
})
return jsonify(
message="{} users banned.".format(len(data)),
category="success",
data=data,
status=200
)
user = User.query.filter_by(id=user_id).first_or_404()
# Do not allow moderators to ban admins
if Permission(IsAdmin, identity=user) and Permission(
Not(IsAdmin), identity=current_user):
flash(_("A moderator cannot ban an admin user."), "danger")
return redirect(url_for("management.overview"))
if not current_user.id == user.id and user.ban():
flash(_("User is now banned."), "success")
else:
flash(_("Could not ban user."), "danger")
return redirect_or_next(url_for("management.banned_users"))
def post(self):
form = self.form()
if form.validate_on_submit():
if current_user.check_password(form.password.data):
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url)
flash(_("Wrong password."), "danger")
return render_template("auth/reauth.html", form=form)
def reauth():
"""Reauthenticates a user."""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
if current_user.check_password(form.password.data):
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url)
flash(_("Wrong password."), "danger")
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or current_user.url)
def reauth():
"""Reauthenticates a user."""
if not login_fresh():
form = ReauthForm(request.form)
if form.validate_on_submit():
if current_user.check_password(form.password.data):
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url)
flash(_("Wrong password."), "danger")
return render_template("auth/reauth.html", form=form)
return redirect(request.args.get("next") or current_user.url)
def login():
"""Logs the user in."""
if current_user is not None and current_user.is_authenticated:
return redirect_or_next(url_for("forum.index"))
current_limit = getattr(g, 'view_rate_limit', None)
login_recaptcha = False
if current_limit is not None:
window_stats = limiter.limiter.get_window_stats(*current_limit)
stats_diff = flaskbb_config["AUTH_REQUESTS"] - window_stats[1]
login_recaptcha = stats_diff >= flaskbb_config["LOGIN_RECAPTCHA"]
form = LoginForm(request.form)
if form.validate_on_submit():
try:
user = User.authenticate(form.login.data, form.password.data)
login_user(user, remember=form.remember_me.data)
return redirect_or_next(url_for("forum.index"))
except AuthenticationError:
flash(_("Wrong username or password."), "danger")
return render_template("auth/login.html", form=form,
login_recaptcha=login_recaptcha)
def register():
"""Register a new user."""
if current_user is not None and current_user.is_authenticated:
return redirect_or_next(url_for("forum.index"))
if not flaskbb_config["REGISTRATION_ENABLED"]:
flash(_("The registration has been disabled."), "info")
return redirect_or_next(url_for("forum.index"))
form = RegisterForm(request.form)
form.language.choices = get_available_languages()
form.language.default = flaskbb_config['DEFAULT_LANGUAGE']
form.process(request.form) # needed because a default is overriden
if form.validate_on_submit():
user = form.save()
if flaskbb_config["ACTIVATE_ACCOUNT"]:
# Any call to an expired model requires a database hit, so
# accessing user.id would cause an DetachedInstanceError.
# This happens because the `user`'s session does no longer exist.
# So we just fire up another query to make sure that the session
# for the newly created user is fresh.
# PS: `db.session.merge(user)` did not work for me.
user = User.query.filter_by(email=user.email).first()
send_activation_token.delay(user)
flash(
_("An account activation email has been sent to %(email)s",
email=user.email), "success")
else:
login_user(user)
flash(_("Thanks for registering."), "success")
return redirect_or_next(url_for('forum.index'))
return render_template("auth/register.html", form=form)
def post(self):
form = self.form()
if form.validate_on_submit():
try:
user = User.authenticate(form.login.data, form.password.data)
if not login_user(user, remember=form.remember_me.data):
flash(
_("In order to use your account you have to "
"activate it through the link we have sent to "
"your email address."), "danger")
return redirect_or_next(url_for("forum.index"))
except AuthenticationError:
flash(_("Wrong username or password."), "danger")
return render_template("auth/login.html", form=form)
def post(self):
form = self.form()
if form.validate_on_submit():
auth_manager = self.authentication_manager_factory()
try:
user = auth_manager.authenticate(identifier=form.login.data,
secret=form.password.data)
login_user(user, remember=form.remember_me.data)
return redirect_or_next(url_for("forum.index"))
except StopAuthentication as e:
flash(e.reason, "danger")
except Exception:
flash(_("Unrecoverable error while handling login"))
return render_template("auth/login.html", form=form)
def register():
"""Register a new user."""
if current_user is not None and current_user.is_authenticated:
return redirect_or_next(url_for("forum.index"))
if not flaskbb_config["REGISTRATION_ENABLED"]:
flash(_("The registration has been disabled."), "info")
return redirect_or_next(url_for("forum.index"))
form = RegisterForm(request.form)
form.language.choices = available_languages()
form.language.default = flaskbb_config['DEFAULT_LANGUAGE']
form.process(request.form) # needed because a default is overriden
if form.validate_on_submit():
user = form.save()
if flaskbb_config["ACTIVATE_ACCOUNT"]:
# Any call to an expired model requires a database hit, so
# accessing user.id would cause an DetachedInstanceError.
# This happens because the `user`'s session does no longer exist.
# So we just fire up another query to make sure that the session
# for the newly created user is fresh.
# PS: `db.session.merge(user)` did not work for me.
user = User.query.filter_by(email=user.email).first()
send_activation_token.delay(user)
flash(_("An account activation email has been sent to %(email)s",
email=user.email), "success")
else:
login_user(user)
flash(_("Thanks for registering."), "success")
return redirect_or_next(url_for('forum.index'))
return render_template("auth/register.html", form=form)
def post(self, user_id=None):
if not Permission(CanBanUser, identity=current_user):
flash(
_("You do not have the permissions to unban this user."),
"danger"
)
return redirect(url_for("management.overview"))
# ajax request
if request.get_json() is not None:
ids = request.get_json().get("ids")
if not ids:
return jsonify(
message="No ids provided.",
category="error",
status=404
)
data = []
for user in User.query.filter(User.id.in_(ids)).all():
if user.unban():
data.append(
{
"id": user.id,
"type": "unban",
"reverse": "ban",
"reverse_name": _("Ban"),
"reverse_url": url_for("management.ban_user",
user_id=user.id)
}
)
return jsonify(
message=f"{len(data)} users unbanned.",
category="success",
data=data,
status=200
)
user = User.query.filter_by(id=user_id).first_or_404()
if user.unban():
flash(_("User is now unbanned."), "success")
else:
flash(_("Could not unban user."), "danger")
return redirect_or_next(url_for("management.users"))
def post(self):
form = self.form()
if form.validate_on_submit():
auth_manager = self.authentication_manager_factory()
try:
user = auth_manager.authenticate(
identifier=form.login.data, secret=form.password.data
)
login_user(user, remember=form.remember_me.data)
return redirect_or_next(url_for("forum.index"))
except StopAuthentication as e:
flash(e.reason, "danger")
except Exception:
flash(_("Unrecoverable error while handling login"))
return render_template("auth/login.html", form=form)
def post(self):
form = self.form()
if form.validate_on_submit():
reauth_manager = self.reauthentication_factory()
try:
reauth_manager.reauthenticate(user=current_user,
secret=form.password.data)
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url, use_referrer=False)
except StopAuthentication as e:
flash(e.reason, "danger")
except Exception:
flash(_("Unrecoverable error while handling reauthentication"))
raise
return render_template("auth/reauth.html", form=form)
def post(self):
form = self.form()
if form.validate_on_submit():
reauth_manager = self.reauthentication_factory()
try:
reauth_manager.reauthenticate(
user=current_user, secret=form.password.data
)
confirm_login()
flash(_("Reauthenticated."), "success")
return redirect_or_next(current_user.url)
except StopAuthentication as e:
flash(e.reason, "danger")
except Exception:
flash(_("Unrecoverable error while handling reauthentication"))
raise
return render_template("auth/reauth.html", form=form)
def get(self):
if not login_fresh():
return render_template("auth/reauth.html", form=self.form())
return redirect_or_next(current_user.url)
def get(self):
if not login_fresh():
return render_template("auth/reauth.html", form=self.form())
return redirect_or_next(current_user.url)
