def inject_template_vars():
"""
Sets the custom variables that are available inside templates.
"""
return {
'logged_in': logged_in(),
'user': get_session_user(),
'FolderPermission': FolderPermission,
'SystemPermission': SystemPermissions
}
def login():
username = ''
password = ''
next_url = ''
login_error = ''
next_url_default = internal_url_for('browse')
if request.method == 'POST':
try:
# Get parameters
username = request.form.get('username', '')
password = request.form.get('password', '')
next_url = request.form.get('next', '')
if not password:
login_error = 'You must enter your password'
if not username:
login_error = 'You must enter your username'
if not login_error:
# Log in
user = authenticate_user(username, password, data_engine, logger)
if user is not None:
if user.status == User.STATUS_ACTIVE:
# Success
log_in(user)
return redirect(next_url or next_url_default)
else:
login_error = 'Sorry, your account is disabled.'
else:
login_error = '''Sorry, your username and password were not recognised.
Please try again.'''
# Slow down scripted attacks
logger.warn('Incorrect login for username ' + username)
sleep(1)
except Exception as e:
if not log_security_error(e, request):
logger.error('Error performing login: '******'DEBUG']:
raise
login_error = 'Sorry, an error occurred. Please try again later.'
else:
# If already logged in, go to the default page
if logged_in():
next_url = request.args.get('next', '')
return redirect(next_url or next_url_default)
# Not logged in, or unsuccessful login
return render_template(
'login.html',
username=username,
next=next_url,
err_msg=login_error
)
def _check_internal_request(request, session, from_web, require_login,
required_permission_flag=None):
"""
A low-level component implementing request scheme, port, session and
optional system permission checking for an "internal" web request.
Incorporates _check_port and _check_ssl_request.
Returns a Flask redirect or response if there is a problem, otherwise None.
"""
# Check the port first
if app.config['INTERNAL_BROWSING_PORT']:
port_response = _check_port(request, app.config['INTERNAL_BROWSING_PORT'], from_web)
if port_response:
return port_response
# Check SSL second, so that if we need to redirect to HTTPS
# we know we're already on the correct port number
if app.config['INTERNAL_BROWSING_SSL']:
ssl_response = _check_ssl_request(request, from_web)
if ssl_response:
return ssl_response
# Check the session is logged in
if require_login:
if not logged_in():
if from_web:
from_path = request.path
if len(request.args) > 0:
from_path += '?' + url_encode(request.args)
# Go to login page, redirecting to original destination on success
return redirect(internal_url_for('login', next=from_path))
else:
# Return an error
return make_api_error_response(AuthenticationError(
'You must be logged in to access this function'
))
# Check admin permission
if required_permission_flag:
try:
permissions_engine.ensure_permitted(
required_permission_flag, get_session_user()
)
except SecurityError as e:
# Return an error
if from_web:
return make_response(str(e), 403)
else:
return make_api_error_response(e)
# OK
return None
