def password_login(): """Provides email and password authentication.""" data = request_data() email = data.get('email') password = data.get('password') if not email or not password: abort(404) log_event(request) q = Role.by_email(email) q = q.filter(Role.password_digest != None) # noqa role = q.first() # Try a password authentication and an LDAP authentication if it is enabled if role and role.check_password(password) is False: return Unauthorized("Authentication has failed.") elif not role: role = Role.authenticate_using_ldap(email, password) if not role: return Unauthorized("Authentication has failed.") session['user'] = role.id session['next_url'] = extract_next_url(request) return jsonify({ 'logout': url_for('.logout'), 'api_key': role.api_key, 'role': role })
def oauth_init(provider): oauth_provider = oauth.remote_apps.get(provider) if not oauth_provider: abort(404) callback_url = url_for('.oauth_callback', provider=provider, next=extract_next_url(request)) return oauth_provider.authorize(callback=callback_url)
def login(provider=None): if not provider: # by default use the first provider if none is requested, # which is a useful default if there's only one provider = oauth.remote_apps.keys()[0] oauth_provider = oauth.remote_apps.get(provider) if not oauth_provider: abort(404) log_event(request) session['next_url'] = extract_next_url(request) callback_url = url_for('.callback', provider=provider) return oauth_provider.authorize(callback=callback_url)
def oauth_callback(provider): oauth_provider = oauth.remote_apps.get(provider) if not oauth_provider: abort(404) resp = oauth_provider.authorized_response() if resp is None or isinstance(resp, OAuthException): log.warning("Failed OAuth: %r", resp) return Unauthorized("Authentication has failed.") response = signals.handle_oauth_session.send(provider=oauth_provider, oauth=resp) db.session.commit() for (_, role) in response: if role is None: continue log.info("Logged in: %r", role) next_url = extract_next_url(request) next_url, _ = urldefrag(next_url) next_url = '%s#token=%s' % (next_url, create_token(role)) return redirect(next_url) log.error("No OAuth handler for %r was installed.", provider) return Unauthorized("Authentication has failed.")
def password_login(): """Provides email and password authentication.""" data = request_data() email = data.get('email') password = data.get('password') if not email or not password: abort(404) log_event(request) role = Role.by_email(email).filter(Role.password_digest != None).first() if not (role and role.check_password(password)): return Unauthorized("Authentication has failed.") session['user'] = role.id session['next_url'] = extract_next_url(request) return jsonify({ 'logout': url_for('.logout'), 'api_key': role.api_key, 'role': role })
def test_extract_next_url_safe(self): req = Request.from_values('/?next=/help') self.assertEqual('/help', extract_next_url(req))
def test_extract_next_url_unsafe(self): req = Request.from_values('/?next={}'.format(self.fake.url())) self.assertEqual('http://localhost:5000/', extract_next_url(req))
def test_extract_next_url_blank(self): req = Request.from_values('') self.assertEqual('http://localhost:5000/', extract_next_url(req))
def test_extract_next_url_blank(self): req = Request.from_values('') self.assertEqual('/', extract_next_url(req))