def login(): # If user is already logged in, send them back if g.user: return redirect(get_next_url(referrer=True), code=303) loginform = LoginForm() openidform = OpenIdForm(csrf_session_key='csrf_openid') if request.method == 'GET': openidform.openid.data = 'http://' formid = request.form.get('form.id') if request.method == 'POST' and formid == 'openid': if openidform.validate(): return oid.try_login(openidform.openid.data, ask_for=['email', 'fullname', 'nickname']) elif request.method == 'POST' and formid == 'login': if loginform.validate(): user = loginform.user login_internal(user) if loginform.remember.data: session.permanent = True else: session.permanent = False flash('You are now logged in', category='info') return render_redirect(get_next_url(), code=303) if request.is_xhr and formid == 'login': return render_template('forms/loginform.html', loginform=loginform) else: return render_template('login.html', openidform=openidform, loginform=loginform, oiderror=oid.fetch_error(), oidnext=oid.get_next_url())
def login(): # If user is already logged in, send them back if g.user: return redirect(get_next_url(referrer=True), code=303) loginform = LoginForm() openidform = OpenIdForm(csrf_session_key="csrf_openid") if request.method == "GET": openidform.openid.data = "http://" formid = request.form.get("form.id") if request.method == "POST" and formid == "openid": if openidform.validate(): return oid.try_login(openidform.openid.data, ask_for=["email", "fullname", "nickname"]) elif request.method == "POST" and formid == "login": if loginform.validate(): user = loginform.user login_internal(user) if loginform.remember.data: session.permanent = True else: session.permanent = False flash("You are now logged in", category="info") return render_redirect(get_next_url(), code=303) if request.is_xhr and formid == "login": return render_template("forms/loginform.html", loginform=loginform) else: return render_template( "login.html", openidform=openidform, loginform=loginform, oiderror=oid.fetch_error(), oidnext=oid.get_next_url(), )
def register(): form = RegisterForm() if form.validate_on_submit(): user = register_internal(None, form.fullname.data, form.password.data) user.username = form.username.data or None useremail = UserEmailClaim(user=user, email=form.email.data) db.session.add(useremail) db.session.commit() send_email_verify_link(useremail) login_internal(user) flash("You are now one of us. Welcome aboard!", category='info') if 'next' in request.args: return redirect(request.args['next'], code=303) else: return redirect(url_for('index'), code=303) return render_form(form=form, title='Register an account', formid='register', submit='Register')
def register(): form = RegisterForm() if form.validate_on_submit(): user = register_internal(None, form.fullname.data, form.password.data) if form.username.data: user.username = form.username.data useremail = UserEmailClaim(user=user, email=form.email.data) db.session.add(useremail) db.session.commit() send_email_verify_link(useremail) login_internal(user) flash("You are now one of us. Welcome aboard!", category="info") if "next" in request.args: return redirect(request.args["next"], code=303) else: return redirect(url_for("index"), code=303) return render_form(form=form, title="Register an account", formid="register", submit="Register")
def config_external_id(service, service_name, user, userid, username, fullname, avatar, access_token, secret, token_type, next_url): session['avatar_url'] = avatar extid = UserExternalId.query.filter_by(service=service, userid=userid).first() session['userid_external'] = {'service': service, 'userid': userid, 'username': username} if extid is not None: extid.oauth_token = access_token extid.oauth_token_secret = secret extid.oauth_token_type = token_type extid.username = username # For twitter: update username if it changed db.session.commit() login_internal(extid.user) flash('You have logged in as %s via %s' % (username, service_name)) return else: # If caller wants this id connected to an existing user, do it. if not user: user = register_internal(None, fullname, None) extid = UserExternalId(user=user, service=service, userid=userid, username=username, oauth_token=access_token, oauth_token_secret=secret, oauth_token_type=token_type) # If the service provided a username that is valid for LastUser and not already in use, assign # it to this user if valid_username(username): if User.query.filter_by(username=username).first() is None: user.username = username db.session.add(extid) db.session.commit() login_internal(user) if user: flash('You have logged in as %s via %s. This id has been linked to your existing account' % (username, service_name)) else: flash('You have logged in as %s via %s. This is your first time here' % (username, service_name)) # redirect the user to profile edit page to fill in more details return url_for('profile_edit', _external=True, next=next_url)
def login_openid_success(resp): """ Called when OpenID login succeeds """ openid = resp.identity_url if openid.startswith('https://profiles.google.com/') or openid.startswith('https://www.google.com/accounts/o8/id?id='): service = 'google' else: service = 'openid' extid = UserExternalId.query.filter_by(service=service, userid=openid).first() if extid is not None: login_internal(extid.user) session['userid_external'] = {'service': service, 'userid': openid} flash("You are now logged in", category='info') return redirect(get_next_url()) else: firsttime = True username = None if resp.email: useremail = UserEmail.query.filter_by(email=resp.email).first() if openid.startswith('https://profiles.google.com/') or openid.startswith('https://www.google.com/accounts/o8/id?id='): # Google id. Trust the email address. if useremail: # User logged in previously using a different Google OpenID endpoint # Add this new endpoint to the existing user account user = useremail.user firsttime = False else: # No previous record for email address, so register a new user user = register_internal(None, resp.fullname or resp.nickname or openid, None) user.add_email(resp.email, primary=True) else: # Not a Google id. Do not trust an OpenID-provided email address. # This must be treated as a claim, not as a confirmed email address. # Step 1. Make a new account user = register_internal(None, resp.fullname or resp.nickname or openid, None) # Step 2. If this email address is not already known, register a claim. # If it is an existing registered email address, ignore it. OpenID metadata # cannot be trusted; anyone can setup an OpenID server that will allow the user # to claim any email address. if not useremail: emailclaim = UserEmailClaim(user=user, email=resp.email) db.session.add(emailclaim) send_email_verify_link(emailclaim) else: # First login and no email address provided. Create a new user account user = register_internal(None, resp.fullname or resp.nickname or openid, None) # Set username for Google ids if openid.startswith('https://profiles.google.com/'): # Use profile name as username parts = openid.split('/') while not parts[-1]: parts.pop(-1) username = parts[-1] elif openid.startswith('https://www.google.com/accounts/o8/id?id='): # Use email address as username username = resp.email # Record this OpenID/Google id for the user extid = UserExternalId(user = user, service = service, userid = openid, username = username, oauth_token = None, oauth_token_secret = None) db.session.add(extid) db.session.commit() login_internal(user) session['userid_external'] = {'service': service, 'userid': openid} if firsttime: flash("You are now logged in. This is your first time here, so please fill in a few details about yourself", category='info') return redirect(url_for('profile_edit', _external=True, next=get_next_url())) else: flash("You are now logged in.", category='info') return redirect(get_next_url())