def inject_template_vars(): """ Sets the custom variables that are available inside templates. """ return { 'logged_in': logged_in(), 'user': get_session_user(), 'FolderPermission': FolderPermission, 'SystemPermission': SystemPermissions }
def login(): username = '' password = '' next_url = '' login_error = '' next_url_default = internal_url_for('browse') if request.method == 'POST': try: # Get parameters username = request.form.get('username', '') password = request.form.get('password', '') next_url = request.form.get('next', '') if not password: login_error = 'You must enter your password' if not username: login_error = 'You must enter your username' if not login_error: # Log in user = authenticate_user(username, password, data_engine, logger) if user is not None: if user.status == User.STATUS_ACTIVE: # Success log_in(user) return redirect(next_url or next_url_default) else: login_error = 'Sorry, your account is disabled.' else: login_error = '''Sorry, your username and password were not recognised. Please try again.''' # Slow down scripted attacks logger.warn('Incorrect login for username ' + username) sleep(1) except Exception as e: if not log_security_error(e, request): logger.error('Error performing login: '******'DEBUG']: raise login_error = 'Sorry, an error occurred. Please try again later.' else: # If already logged in, go to the default page if logged_in(): next_url = request.args.get('next', '') return redirect(next_url or next_url_default) # Not logged in, or unsuccessful login return render_template( 'login.html', username=username, next=next_url, err_msg=login_error )
def _check_internal_request(request, session, from_web, require_login, required_permission_flag=None): """ A low-level component implementing request scheme, port, session and optional system permission checking for an "internal" web request. Incorporates _check_port and _check_ssl_request. Returns a Flask redirect or response if there is a problem, otherwise None. """ # Check the port first if app.config['INTERNAL_BROWSING_PORT']: port_response = _check_port(request, app.config['INTERNAL_BROWSING_PORT'], from_web) if port_response: return port_response # Check SSL second, so that if we need to redirect to HTTPS # we know we're already on the correct port number if app.config['INTERNAL_BROWSING_SSL']: ssl_response = _check_ssl_request(request, from_web) if ssl_response: return ssl_response # Check the session is logged in if require_login: if not logged_in(): if from_web: from_path = request.path if len(request.args) > 0: from_path += '?' + url_encode(request.args) # Go to login page, redirecting to original destination on success return redirect(internal_url_for('login', next=from_path)) else: # Return an error return make_api_error_response(AuthenticationError( 'You must be logged in to access this function' )) # Check admin permission if required_permission_flag: try: permissions_engine.ensure_permitted( required_permission_flag, get_session_user() ) except SecurityError as e: # Return an error if from_web: return make_response(str(e), 403) else: return make_api_error_response(e) # OK return None