def authorized(): oauth_response = None try: oauth_response = google.authorized_response() except OAuthException as error: current_app.logger.warn(oauth_response.message) flash("{} - try again!".format(oauth_response.message), 'warning') return redirect(url_for('public.index')) if oauth_response is None: flash("Access denied: reason={} error={}" .format(request.args.get['error_reason'], request.args['error_description']), 'danger') return abort(403) # add token to session, do it before validation to be able to fetch # additional data (like email) on the authenticated user session['google_token'] = (oauth_response['access_token'], '') # get additional user info with the access token google_user = google.get('userinfo') google_data = google_user.data user_obj = store.user(google_data['email']) if user_obj is None: flash('your email is not whitelisted, contact admin.', 'warning') return redirect(url_for('public.index')) user_obj['name'] = google_data['name'] user_obj['location'] = google_data['locale'] user_obj['accessed_at'] = datetime.now() store.update_user(user_obj) return perform_login(user_obj)
def update_tracks_settings(): """Update custom track settings for a user according to form choices""" user_obj = store.user(email=current_user.email) selected_tracks = request.form.getlist("user_tracks") or [] # update user in database with custom tracks info user_obj["igv_tracks"] = selected_tracks store.update_user(user_obj) return redirect(request.referrer)
def login(): """Login a user if they have access.""" if "next" in request.args: session["next_url"] = request.args["next"] user_id = None user_mail = None if (current_app.config.get("LDAP_HOST", current_app.config.get("LDAP_SERVER")) and request.method == "POST"): ldap_authorized = controllers.ldap_authorized( request.form.get("ldap_user"), request.form.get("ldap_password")) if ldap_authorized is True: user_id = request.form.get("ldap_user") else: flash("User not authorized by LDAP server", "warning") return redirect(url_for("public.index")) if current_app.config.get("GOOGLE"): if session.get("email"): user_mail = session["email"] session.pop("email", None) else: LOG.info("Google Login!") redirect_uri = url_for(".authorized", _external=True) try: return oauth_client.google.authorize_redirect(redirect_uri) except Exception as ex: flash( "An error has occurred while logging in user using Google OAuth" ) if request.args.get("email"): # log in against Scout database user_mail = request.args.get("email") LOG.info("Validating user %s email %s against Scout database", user_id, user_mail) user_obj = store.user(email=user_mail, user_id=user_id) if user_obj is None: flash("User not found in Scout database", "warning") return redirect(url_for("public.index")) user_obj["accessed_at"] = datetime.now() if session.get("name"): # These args come from google auth user_obj["name"] = session.get("name") user_obj["locale"] = session.get("locale") store.update_user(user_obj) user_dict = LoginUser(user_obj) return perform_login(user_dict)
def login(): """Login a user if they have access.""" if "next" in request.args: session["next_url"] = request.args["next"] user_id = None user_mail = None if current_app.config.get("LDAP_HOST") and request.method == "POST": form = LDAPLoginForm() LOG.info("Validating LDAP user") if not form.validate_on_submit(): flash( "username-password combination is not valid, plase try again", "warning") return redirect(url_for("public.index")) user_id = form.username.data if current_app.config.get("GOOGLE"): if session.get("email"): user_mail = session["email"] session.pop("email", None) else: LOG.info("Google Login!") redirect_uri = url_for(".authorized", _external=True) try: return oauth_client.google.authorize_redirect(redirect_uri) except Exception as ex: flash( "An error has occurred while logging in user using Google OAuth" ) if request.args.get("email"): # log in against Scout database user_mail = request.args.get("email") LOG.info("Validating user %s email %s against Scout database", user_id, user_mail) user_obj = store.user(email=user_mail, user_id=user_id) if user_obj is None: flash("User not found", "warning") return redirect(url_for("public.index")) user_obj["accessed_at"] = datetime.now() if session.get("name"): # These args come from google auth user_obj["name"] = session.get("name") user_obj["locale"] = session.get("locale") store.update_user(user_obj) user_dict = LoginUser(user_obj) return perform_login(user_dict)
def login(): """Login a user if they have access.""" if "next" in request.args: session["next_url"] = request.args["next"] user_id = None user_mail = None if current_app.config.get("LDAP_HOST") and request.method == "POST": form = LDAPLoginForm() LOG.info("Validating LDAP user") if not form.validate_on_submit(): flash( "username-password combination is not valid, plase try again", "warning") return redirect(url_for("public.index")) user_id = form.username.data if current_app.config.get("GOOGLE"): if session.get("email"): user_mail = session["email"] session.pop("email") else: LOG.info("Validating Google user login") callback_url = url_for(".authorized", _external=True) return google.authorize(callback=callback_url) if request.args.get("email"): # log in against Scout database user_mail = request.args.get("email") LOG.info("Validating user {} against Scout database".format(user_id)) user_obj = store.user(email=user_mail, user_id=user_id) if user_obj is None: flash("User not whitelisted", "warning") return redirect(url_for("public.index")) user_obj["accessed_at"] = datetime.now() if session.get("name"): # These args come from google auth user_obj["name"] = session.get("name") user_obj["locale"] = session.get("locale") store.update_user(user_obj) user_dict = LoginUser(user_obj) return perform_login(user_dict)
def authorized(): oauth_response = None try: oauth_response = google.authorized_response() except OAuthException as error: current_app.logger.warn(oauth_response.message) flash("{} - try again!".format(oauth_response.message), 'warning') return redirect(url_for('public.index')) if oauth_response is None: flash("Access denied: reason={} error={}" .format(request.args.get['error_reason'], request.args['error_description']), 'danger') return abort(403) # add token to session, do it before validation to be able to fetch # additional data (like email) on the authenticated user session['google_token'] = (oauth_response['access_token'], '') # get additional user info with the access token google_user = google.get('userinfo') google_data = google_user.data user_obj = store.user(google_data['email']) # Try again with lower-cased email address if no match if user_obj is None: user_obj = store.user(google_data['email'].lower()) if user_obj is None: flash("email not whitelisted: {}".format(google_data['email']), 'warning') return redirect(url_for('public.index')) user_obj['name'] = google_data['name'] user_obj['location'] = google_data['locale'] user_obj['accessed_at'] = datetime.now() store.update_user(user_obj) return perform_login(user_obj)