def login(): """Logs the user in.""" if current_user is not None and current_user.is_authenticated: return redirect_or_next(url_for("forum.index")) current_limit = getattr(g, 'view_rate_limit', None) login_recaptcha = False if current_limit is not None: window_stats = limiter.limiter.get_window_stats(*current_limit) stats_diff = flaskbb_config["AUTH_REQUESTS"] - window_stats[1] login_recaptcha = stats_diff >= flaskbb_config["LOGIN_RECAPTCHA"] form = LoginForm() if login_recaptcha and flaskbb_config["RECAPTCHA_ENABLED"]: form = LoginRecaptchaForm() if form.validate_on_submit(): try: user = User.authenticate(form.login.data, form.password.data) if not login_user(user, remember=form.remember_me.data): flash(_("In order to use your account you have to activate it " "through the link we have sent to your email " "address."), "danger") return redirect_or_next(url_for("forum.index")) except AuthenticationError: flash(_("Wrong username or password."), "danger") return render_template("auth/login.html", form=form, login_recaptcha=login_recaptcha)
def login(): """Logs the user in.""" if current_user is not None and current_user.is_authenticated: return redirect_or_next(url_for("forum.index")) current_limit = getattr(g, 'view_rate_limit', None) login_recaptcha = False if current_limit is not None: window_stats = limiter.limiter.get_window_stats(*current_limit) stats_diff = flaskbb_config["AUTH_REQUESTS"] - window_stats[1] login_recaptcha = stats_diff >= flaskbb_config["LOGIN_RECAPTCHA"] form = LoginForm(request.form) if form.validate_on_submit(): try: user = User.authenticate(form.login.data, form.password.data) if not login_user(user, remember=form.remember_me.data): flash( _("In order to use your account you have to activate it " "through the link we have sent to your email " "address."), "danger") return redirect_or_next(url_for("forum.index")) except AuthenticationError: flash(_("Wrong username or password."), "danger") return render_template("auth/login.html", form=form, login_recaptcha=login_recaptcha)
def register(): """Register a new user.""" if current_user is not None and current_user.is_authenticated: return redirect_or_next(url_for("forum.index")) if not flaskbb_config["REGISTRATION_ENABLED"]: flash(_("The registration has been disabled."), "info") return redirect_or_next(url_for("forum.index")) form = RegisterForm(request.form) form.language.choices = available_languages() form.language.default = flaskbb_config['DEFAULT_LANGUAGE'] form.process(request.form) # needed because a default is overriden if form.validate_on_submit(): user = form.save() if flaskbb_config["ACTIVATE_ACCOUNT"]: send_activation_token.delay(user) flash( _("An account activation email has been sent to %(email)s", email=user.email), "success") else: login_user(user) flash(_("Thanks for registering."), "success") return redirect_or_next(url_for('forum.index')) return render_template("auth/register.html", form=form)
def register(): """Register a new user.""" if current_user is not None and current_user.is_authenticated: return redirect_or_next(url_for("forum.index")) if not flaskbb_config["REGISTRATION_ENABLED"]: flash(_("The registration has been disabled."), "info") return redirect_or_next(url_for("forum.index")) form = RegisterForm(request.form) form.language.choices = available_languages() form.language.default = flaskbb_config["DEFAULT_LANGUAGE"] form.process(request.form) # needed because a default is overriden if form.validate_on_submit(): user = form.save() if flaskbb_config["ACTIVATE_ACCOUNT"]: send_activation_token(user) flash(_("An account activation email has been sent to %(email)s", email=user.email), "success") else: login_user(user) flash(_("Thanks for registering."), "success") return redirect_or_next(url_for("forum.index")) return render_template("auth/register.html", form=form)
def post(self, report_id=None): # AJAX request if request.get_json() is not None: ids = request.get_json().get("ids") if not ids: return jsonify(message="No ids provided.", category="error", status=404) data = [] for report in Report.query.filter(Report.id.in_(ids)).all(): report.zapped_by = current_user.id report.zapped = time_utcnow() report.save() data.append({ "id": report.id, "type": "read", "reverse": False, "reverse_name": None, "reverse_url": None }) return jsonify(message="{} reports marked as read.".format( len(data)), category="success", data=data, status=200) # mark single report as read if report_id: report = Report.query.filter_by(id=report_id).first_or_404() if report.zapped: flash( _("Report %(id)s is already marked as read.", id=report.id), "success") return redirect_or_next(url_for("management.reports")) report.zapped_by = current_user.id report.zapped = time_utcnow() report.save() flash(_("Report %(id)s marked as read.", id=report.id), "success") return redirect_or_next(url_for("management.reports")) # mark all as read reports = Report.query.filter(Report.zapped == None).all() report_list = [] for report in reports: report.zapped_by = current_user.id report.zapped = time_utcnow() report_list.append(report) db.session.add_all(report_list) db.session.commit() flash(_("All reports were marked as read."), "success") return redirect_or_next(url_for("management.reports"))
def post(self): form = self.form() if form.validate_on_submit(): registration_info = UserRegistrationInfo( username=form.username.data, password=form.password.data, group=4, email=form.email.data, language=form.language.data ) service = self.registration_service_factory() try: service.register(registration_info) except StopValidation as e: form.populate_errors(e.reasons) return render_template("auth/register.html", form=form) except PersistenceError: logger.exception("Database error while persisting user") flash( _( "Could not process registration due" "to an unrecoverable error" ), "danger" ) return render_template("auth/register.html", form=form) current_app.pluggy.hook.flaskbb_event_user_registered( username=registration_info.username ) return redirect_or_next(url_for('forum.index')) return render_template("auth/register.html", form=form)
def post(self): form = self.form() if form.validate_on_submit(): registration_info = UserRegistrationInfo( username=form.username.data, password=form.password.data, group=4, email=form.email.data, language=form.language.data) service = self.registration_service_factory() try: service.register(registration_info) except StopValidation as e: form.populate_errors(e.reasons) return render_template("auth/register.html", form=form) except PersistenceError: logger.exception("Database error while persisting user") flash( _("Could not process registration due" "to an unrecoverable error"), "danger") return render_template("auth/register.html", form=form) current_app.pluggy.hook.flaskbb_event_user_registered( username=registration_info.username) return redirect_or_next(url_for('forum.index')) return render_template("auth/register.html", form=form)
def post(self): form = self.form() if form.validate_on_submit(): user = form.save() if flaskbb_config["ACTIVATE_ACCOUNT"]: # Any call to an expired model requires a database hit, so # accessing user.id would cause an DetachedInstanceError. # This happens because the `user`'s session does no longer exist. # So we just fire up another query to make sure that the session # for the newly created user is fresh. # PS: `db.session.merge(user)` did not work for me. user = User.query.filter_by(email=user.email).first() send_activation_token.delay(user) flash( _("An account activation email has been sent to %(email)s", email=user.email), "success" ) else: login_user(user) flash(_("Thanks for registering."), "success") return redirect_or_next(url_for('forum.index')) return render_template("auth/register.html", form=form)
def post(self, report_id=None): if request.get_json() is not None: ids = request.get_json().get("ids") if not ids: return jsonify( message="No ids provided.", category="error", status=404 ) data = [] for report in Report.query.filter(Report.id.in_(ids)).all(): if report.delete(): data.append( { "id": report.id, "type": "delete", "reverse": False, "reverse_name": None, "reverse_url": None } ) return jsonify( message="{} reports deleted.".format(len(data)), category="success", data=data, status=200 ) report = Report.query.filter_by(id=report_id).first_or_404() report.delete() flash(_("Report deleted."), "success") return redirect_or_next(url_for("management.reports"))
def get(self): if not login_fresh(): if current_user.password is None: if current_app.discordAuth.authorized: confirm_login() return current_app.discordAuth.create_session() return render_template("auth/reauth.html", form=self.form()) return redirect_or_next(current_user.url)
def post(self, user_id=None): if not Permission(CanBanUser, identity=current_user): flash( _("You do not have the permissions to ban this user."), "danger" ) return redirect(url_for("management.overview")) # ajax request if request.get_json() is not None: ids = request.get_json().get("ids") if not ids: return jsonify( message="No ids provided.", category="error", status=404 ) data = [] users = User.query.filter(User.id.in_(ids)).all() for user in users: # don't let a user ban himself and do not allow a moderator # to ban a admin user if (current_user.id == user.id or Permission(IsAdmin, identity=user) and Permission(Not(IsAdmin), current_user)): continue elif user.ban(): data.append({ "id": user.id, "type": "ban", "reverse": "unban", "reverse_name": _("Unban"), "reverse_url": url_for("management.unban_user", user_id=user.id) }) return jsonify( message="{} users banned.".format(len(data)), category="success", data=data, status=200 ) user = User.query.filter_by(id=user_id).first_or_404() # Do not allow moderators to ban admins if Permission(IsAdmin, identity=user) and Permission( Not(IsAdmin), identity=current_user): flash(_("A moderator cannot ban an admin user."), "danger") return redirect(url_for("management.overview")) if not current_user.id == user.id and user.ban(): flash(_("User is now banned."), "success") else: flash(_("Could not ban user."), "danger") return redirect_or_next(url_for("management.banned_users"))
def post(self): form = self.form() if form.validate_on_submit(): if current_user.check_password(form.password.data): confirm_login() flash(_("Reauthenticated."), "success") return redirect_or_next(current_user.url) flash(_("Wrong password."), "danger") return render_template("auth/reauth.html", form=form)
def reauth(): """Reauthenticates a user.""" if not login_fresh(): form = ReauthForm(request.form) if form.validate_on_submit(): if current_user.check_password(form.password.data): confirm_login() flash(_("Reauthenticated."), "success") return redirect_or_next(current_user.url) flash(_("Wrong password."), "danger") return render_template("auth/reauth.html", form=form) return redirect(request.args.get("next") or current_user.url)
def reauth(): """Reauthenticates a user.""" if not login_fresh(): form = ReauthForm(request.form) if form.validate_on_submit(): if current_user.check_password(form.password.data): confirm_login() flash(_("Reauthenticated."), "success") return redirect_or_next(current_user.url) flash(_("Wrong password."), "danger") return render_template("auth/reauth.html", form=form) return redirect(request.args.get("next") or current_user.url)
def login(): """Logs the user in.""" if current_user is not None and current_user.is_authenticated: return redirect_or_next(url_for("forum.index")) current_limit = getattr(g, 'view_rate_limit', None) login_recaptcha = False if current_limit is not None: window_stats = limiter.limiter.get_window_stats(*current_limit) stats_diff = flaskbb_config["AUTH_REQUESTS"] - window_stats[1] login_recaptcha = stats_diff >= flaskbb_config["LOGIN_RECAPTCHA"] form = LoginForm(request.form) if form.validate_on_submit(): try: user = User.authenticate(form.login.data, form.password.data) login_user(user, remember=form.remember_me.data) return redirect_or_next(url_for("forum.index")) except AuthenticationError: flash(_("Wrong username or password."), "danger") return render_template("auth/login.html", form=form, login_recaptcha=login_recaptcha)
def register(): """Register a new user.""" if current_user is not None and current_user.is_authenticated: return redirect_or_next(url_for("forum.index")) if not flaskbb_config["REGISTRATION_ENABLED"]: flash(_("The registration has been disabled."), "info") return redirect_or_next(url_for("forum.index")) form = RegisterForm(request.form) form.language.choices = get_available_languages() form.language.default = flaskbb_config['DEFAULT_LANGUAGE'] form.process(request.form) # needed because a default is overriden if form.validate_on_submit(): user = form.save() if flaskbb_config["ACTIVATE_ACCOUNT"]: # Any call to an expired model requires a database hit, so # accessing user.id would cause an DetachedInstanceError. # This happens because the `user`'s session does no longer exist. # So we just fire up another query to make sure that the session # for the newly created user is fresh. # PS: `db.session.merge(user)` did not work for me. user = User.query.filter_by(email=user.email).first() send_activation_token.delay(user) flash( _("An account activation email has been sent to %(email)s", email=user.email), "success") else: login_user(user) flash(_("Thanks for registering."), "success") return redirect_or_next(url_for('forum.index')) return render_template("auth/register.html", form=form)
def post(self): form = self.form() if form.validate_on_submit(): try: user = User.authenticate(form.login.data, form.password.data) if not login_user(user, remember=form.remember_me.data): flash( _("In order to use your account you have to " "activate it through the link we have sent to " "your email address."), "danger") return redirect_or_next(url_for("forum.index")) except AuthenticationError: flash(_("Wrong username or password."), "danger") return render_template("auth/login.html", form=form)
def post(self): form = self.form() if form.validate_on_submit(): auth_manager = self.authentication_manager_factory() try: user = auth_manager.authenticate(identifier=form.login.data, secret=form.password.data) login_user(user, remember=form.remember_me.data) return redirect_or_next(url_for("forum.index")) except StopAuthentication as e: flash(e.reason, "danger") except Exception: flash(_("Unrecoverable error while handling login")) return render_template("auth/login.html", form=form)
def register(): """Register a new user.""" if current_user is not None and current_user.is_authenticated: return redirect_or_next(url_for("forum.index")) if not flaskbb_config["REGISTRATION_ENABLED"]: flash(_("The registration has been disabled."), "info") return redirect_or_next(url_for("forum.index")) form = RegisterForm(request.form) form.language.choices = available_languages() form.language.default = flaskbb_config['DEFAULT_LANGUAGE'] form.process(request.form) # needed because a default is overriden if form.validate_on_submit(): user = form.save() if flaskbb_config["ACTIVATE_ACCOUNT"]: # Any call to an expired model requires a database hit, so # accessing user.id would cause an DetachedInstanceError. # This happens because the `user`'s session does no longer exist. # So we just fire up another query to make sure that the session # for the newly created user is fresh. # PS: `db.session.merge(user)` did not work for me. user = User.query.filter_by(email=user.email).first() send_activation_token.delay(user) flash(_("An account activation email has been sent to %(email)s", email=user.email), "success") else: login_user(user) flash(_("Thanks for registering."), "success") return redirect_or_next(url_for('forum.index')) return render_template("auth/register.html", form=form)
def post(self, user_id=None): if not Permission(CanBanUser, identity=current_user): flash( _("You do not have the permissions to unban this user."), "danger" ) return redirect(url_for("management.overview")) # ajax request if request.get_json() is not None: ids = request.get_json().get("ids") if not ids: return jsonify( message="No ids provided.", category="error", status=404 ) data = [] for user in User.query.filter(User.id.in_(ids)).all(): if user.unban(): data.append( { "id": user.id, "type": "unban", "reverse": "ban", "reverse_name": _("Ban"), "reverse_url": url_for("management.ban_user", user_id=user.id) } ) return jsonify( message=f"{len(data)} users unbanned.", category="success", data=data, status=200 ) user = User.query.filter_by(id=user_id).first_or_404() if user.unban(): flash(_("User is now unbanned."), "success") else: flash(_("Could not unban user."), "danger") return redirect_or_next(url_for("management.users"))
def post(self): form = self.form() if form.validate_on_submit(): auth_manager = self.authentication_manager_factory() try: user = auth_manager.authenticate( identifier=form.login.data, secret=form.password.data ) login_user(user, remember=form.remember_me.data) return redirect_or_next(url_for("forum.index")) except StopAuthentication as e: flash(e.reason, "danger") except Exception: flash(_("Unrecoverable error while handling login")) return render_template("auth/login.html", form=form)
def post(self): form = self.form() if form.validate_on_submit(): reauth_manager = self.reauthentication_factory() try: reauth_manager.reauthenticate(user=current_user, secret=form.password.data) confirm_login() flash(_("Reauthenticated."), "success") return redirect_or_next(current_user.url, use_referrer=False) except StopAuthentication as e: flash(e.reason, "danger") except Exception: flash(_("Unrecoverable error while handling reauthentication")) raise return render_template("auth/reauth.html", form=form)
def post(self): form = self.form() if form.validate_on_submit(): reauth_manager = self.reauthentication_factory() try: reauth_manager.reauthenticate( user=current_user, secret=form.password.data ) confirm_login() flash(_("Reauthenticated."), "success") return redirect_or_next(current_user.url) except StopAuthentication as e: flash(e.reason, "danger") except Exception: flash(_("Unrecoverable error while handling reauthentication")) raise return render_template("auth/reauth.html", form=form)
def get(self): if not login_fresh(): return render_template("auth/reauth.html", form=self.form()) return redirect_or_next(current_user.url)
def get(self): if not login_fresh(): return render_template("auth/reauth.html", form=self.form()) return redirect_or_next(current_user.url)