def reauth(): if request.method == 'POST': confirm_login() flash(u'Reauthenticated') return redirect(request.args.get('next') or url_for('main.index')) return render_template('reauth.html')
def refresh(): form = LoginForm() if form.validate_on_submit(): confirm_login() flash("Authentication refreshed", "success") return redirect(request.args.get("next") or url_for("index")) return render_template("login.html", login_form=form)
def login_view(): next_url = request.args.get('next', default='/', type=str) if app.config.get('IGNORE_AUTH'): fake_id = 'anonymous_superuser' anonymous_superuser = models.User.query.get(fake_id) if not anonymous_superuser: anonymous_superuser = models.User( id=fake_id, email_address='*****@*****.**', superuser=1) db.session.add(anonymous_superuser); db.session.commit() login_user(anonymous_superuser) confirm_login() return redirect(next_url) # Inspired by: # http://stackoverflow.com/questions/9499286 # /using-google-oauth2-with-flask params = dict( response_type='code', client_id=config.GOOGLE_OAUTH2_CLIENT_ID, redirect_uri=config.GOOGLE_OAUTH2_REDIRECT_URI, scope=GOOGLE_OAUTH2_SCOPES, state=urllib.quote(next_url), ) target_url = '%s?%s' % ( GOOGLE_OAUTH2_AUTH_URL, urllib.urlencode(params)) logging.debug('Redirecting user to login at url=%r', target_url) return redirect(target_url)
def reauth(): if request.method == "POST": confirm_login() return redirect(request.args.get("next") or '/admin') template_data = {} return render_template("/auth/reauth.html", **template_data)
def reauth(): if request.method == "POST": confirm_login() flash(u"Reauthenticated.") return redirect(request.args.get("next") or url_for("index")) return render_template("reauth.html")
def reauth(): """Reauths a user for page that require a fresh login.""" if request.method == "POST": confirm_login() flash(__("Reauthentication successful"), "info") return redirect(url_for("home_page"))
def reauth(): if request.method == "POST": confirm_login() flash(u"Reauthenticated.") return redirect(request.args.get("next") or '/admin') templateData = {} return render_template("/auth/login.html", **templateData)
def reauth(): """ confirm_login sets the current session as fresh. Sessions become stale when they are reloaded from a cookie. """ if request.method == "POST": confirm_login() #~ flash(u"Регистрация обновлена.") return redirect(request.args.get("next") or url_for("cabinetPage")) return render_template("reauth.html")
def login_auth(): # TODO: Handle when the 'error' parameter is present params = dict( code=request.args.get('code'), client_id=config.GOOGLE_OAUTH2_CLIENT_ID, client_secret=config.GOOGLE_OAUTH2_CLIENT_SECRET, redirect_uri=config.GOOGLE_OAUTH2_REDIRECT_URI, grant_type='authorization_code' ) payload = urllib.urlencode(params) logging.debug('Posting for token to url=%r, payload=%r', GOOGLE_OAUTH2_TOKEN_URL, payload) fetch_request = urllib2.Request(GOOGLE_OAUTH2_TOKEN_URL, payload) conn = urllib2.urlopen(fetch_request, timeout=FETCH_TIMEOUT_SECONDS) data = conn.read() result_dict = json.loads(data) params = dict( access_token=result_dict['access_token'] ) payload = urllib.urlencode(params) target_url = '%s?%s' % (GOOGLE_OAUTH2_USERINFO_URL, payload) logging.debug('Fetching user info from url=%r', target_url) fetch_request = urllib2.Request(target_url) conn = urllib2.urlopen(fetch_request, timeout=FETCH_TIMEOUT_SECONDS) data = conn.read() result_dict = json.loads(data) logging.debug('Result user info dict: %r', result_dict) email_address = result_dict['email'] if not result_dict['verified_email']: abort(flask.Response('Your email address must be verified', 403)) user_id = '%s:%s' % (models.User.GOOGLE_OAUTH2, result_dict['id']) user = models.User.query.get(user_id) if not user: user = models.User(id=user_id) # Email address on the account may change, user ID will stay the same. # Do not allow the user to claim existing build invitations with their # old email address. if user.email_address != email_address: user.email_address = email_address user.last_seen = datetime.datetime.utcnow() db.session.add(user) db.session.commit() login_user(user) confirm_login() # Clear all flashed messages from the session on login. flask.get_flashed_messages() final_url = urllib.unquote(request.args.get('state')) logging.debug('User is logged in. Redirecting to url=%r', final_url) return redirect(final_url)
def reauth(): if request.method == "POST" and "username" in request.form: username = request.form["username"] user = check_login(username,request.form.get("password","")) if user is not None: confirm_login() return redirect(request.args.get("next") or url_for(".index")) else: flash("Sorry, your information did not match our records.") return render_template("admin/login.html")
def reauth(): form = ReauthForm(next=request.args.get("next")) if request.method == "POST": user, authenticated = User.authenticate(current_user.name, form.password.data) if user and authenticated: confirm_login() flash(_("Reauthenticated."), "success") return redirect("/change_password") flash(_("Password is wrong."), "error") return render_template("frontend/reauth.html", form=form)
def refresh_login(): form = PasswordForm() if form.validate_on_submit(): if current_user.check_password(form.password.data): confirm_login() return redirect(request.args.get("next") or url_for("index")) else: flash("Incorrect password.") return redirect(url_for('refresh_login')) return render_template('accounts/refresh.html', form=form)
def reauth(): if request.method == "POST": confirm_login() flash(u"Reauthenticated.") return redirect(request.args.get("next") or url_for("index")) contentObj = Content() templateData = { 'content' : contentObj.getAllText(language=session['language']) } return render_template("/auth/reauth.html", **templateData)
def reauth(): """ Reauthenticates a user """ if not login_fresh(): form = ReauthForm(request.form) if form.validate_on_submit(): confirm_login() flash(("Reauthenticated"), "success") return redirect(request.args.get("next") or url_for("user.profile")) return render_template("auth/reauth.html", form=form) return redirect(request.args.get("next") or url_for("user.profile", username=current_user.username))
def reauth(): form = ReauthForm(next=request.args.get('next')) if request.method == 'POST': user, authenticated = User.authenticate(current_user.name, form.password.data) if user and authenticated: confirm_login() flash(_('Reauthenticated.'), 'success') return redirect('/change_password') flash(_('Password is wrong.'), 'error') return render_template('frontend/reauth.html', form=form)
def reauth(): form = ReauthForm(next=request.args.get('next')) if request.method == 'POST': user, authenticated = User.authenticate(current_user.name, form.password.data) if user and authenticated: confirm_login() flash(_('Reauthenticated.'), 'success') return redirect(form.next.data or url_for('user.change_password')) flash(_('Password is incorrect.'), 'warning') return render_template('user/reauth.html', form=form)
def sign_in(): if current_user and current_user.is_authenticated: return redirect(url_for('main.choose_service')) form = LoginForm() if form.validate_on_submit(): user = user_api_client.get_user_by_email_or_none(form.email_address.data) user = _get_and_verify_user(user, form.password.data) if user and user.state == 'pending': flash("You haven't verified your email or mobile number yet.") return redirect(url_for('main.sign_in')) if user and session.get('invited_user'): invited_user = session.get('invited_user') if user.email_address != invited_user['email_address']: flash("You can't accept an invite for another person.") session.pop('invited_user', None) abort(403) else: invite_api_client.accept_invite(invited_user['service'], invited_user['id']) if user: # Remember me login if not login_fresh() and \ not current_user.is_anonymous and \ current_user.id == user.id and \ user.is_active: confirm_login() services = service_api_client.get_services({'user_id': str(user.id)}).get('data', []) if (len(services) == 1): return redirect(url_for('main.service_dashboard', service_id=services[0]['id'])) else: return redirect(url_for('main.choose_service')) session['user_details'] = {"email": user.email_address, "id": user.id} if user.is_active: user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) if request.args.get('next'): return redirect(url_for('.two_factor', next=request.args.get('next'))) else: return redirect(url_for('.two_factor')) # Vague error message for login in case of user not known, locked, inactive or password not verified flash(Markup(( "The email address or password you entered is incorrect." " <a href={password_reset}>Forgot your password</a>?" ).format(password_reset=url_for('.forgot_password')) )) return render_template('views/signin.html', form=form)
def refresh_login(): form = RefreshLoginForm() if form.validate_on_submit(): user = User.authenticate(current_user.username, form.password.data) if user: confirm_login() flash('Refreshed login', 'success') return redirect(url_for('users.profile')) flash('Invalid password', 'error') return render_template('users/refresh_login.html', form=form)
def reauthenticate(): # This isn't wrapped with login_required because it wouldn't make sense # to require a login to access the reauthenticate page. Instead, the # following if statement takes its place. if not current_user.is_authenticated or login_fresh(): return redirect(url_for('main.index')) form = ReauthenticationForm() if form.validate_on_submit(): if verify_password(current_user, form.password.data): confirm_login() LogEvent.reauthenticate(current_user) return form.redirect('main.index') flash_it(AuthMessages.INVALID_PASSWORD) return render_template('auth/reauthenticate.html', form=form)
def refresh_login(): error = None form = LoginForm(request.form) if request.method == 'POST' and form.validate(): user = app.db.auth_user( request.form['username'], request.form['password']) if user: confirm_login(user) logger.info('User: %s - login auth success.' % (request.form['username'])) return redirect(url_for('user_home', username=user.username)) else: logger.info('User: %s - login auth failure.' % (request.form['username'])) error = 'Invalid username or password.' return render_template('user/login.html', form=form, error=error)
def refresh(): form = RefreshForm() if form.validate_on_submit(): user = current_app.bouncer.user_class.find(email = form.email.data) if user: if user.verify_password(form.password.data): confirm_login() return redirect(session.pop('next', None) or url_for('index')) if request.method == 'POST': flash(_cfg('flash.login_error', 'Invalid username or password.'), 'error') else: session['next'] = request.args.get('next') providers = {} for k in current_app.bouncer.get_oauth_providers(): providers[k] = current_app.bouncer.get_oauth_provider(k)['display_name'] return render_template('bouncer/refresh.html', form = form, providers = providers)
def reauth(): """ """ form = ReauthForm(next=request.args.get('next')) if form.validate_on_submit(): user, authenticated = User.authenticate(current_user.username, form.password.data) if user and authenticated: confirm_login() flash('Reauthentication complete.') return redirect(form.next.data or url_for('admin.index')) else: form.non_field_errors = [u'Incorrect password'] return render_template('user/reauth.html', form=form)
def reauth(): if confirm_login(): flash('Reauthenticated', 'success') return redirect( request.args.get('next') or request.referrer or url_for('frontend.index'))
def reauth(): """ Reauthenticates a user """ if not login_fresh(): form = ReauthForm(request.form) if form.validate_on_submit(): confirm_login() flash(("Reauthenticated"), "success") return redirect( request.args.get("next") or url_for("user.profile")) return render_template("auth/reauth.html", form=form) return redirect( request.args.get("next") or url_for("user.profile", username=current_user.username))
def reauth(): form = ReauthForm(next=request.args.get('next')) if request.method == 'POST': user, authenticated = User.authenticate(current_user.username, form.password.data) if user and authenticated: confirm_login() current_app.logger.debug('reauth: %s' % session['_fresh']) flash(_('Reauthenticate.'), 'success') # Reauthenticate return redirect('/change_password') flash(_(u'Password is wrong.'), 'error') #Password is wrong. return render_template('reauth.html', newtaskform = TaskForm(), form=form)
def login(data): data = data or dict() usr = user.get_by_username(data.get('login')) if not usr: usr = user.get_by_email(data.get('login')) if not usr: raise ValidationError('Invalid login or password') if not user.verify_password(usr, data.get('password')): raise ValidationError('Invalid login or password') remember = parse_boolean(data.get('remember')) login_user(usr, remember=remember) confirm_login() return usr
def reauth(): """Recreate a session.""" current_app.logger.info('Entering session.views.reauth()...') # TODO: Verify current_user.email = form.data.email form = LoginForm() if form.validate_on_submit(): user, authenticated = User.authenticate(form.email.data, form.password.data) if user and authenticated: confirm_login() response = jsonify(status='success', data=user.session_as_dict()) response.status_code = 200 current_app.logger.debug('Returning success; response.data=[%s]' % response.data) return response current_app.logger.debug('Returning fail; data = [%s].' % form.errors) return jsonify(status='fail', data=form.errors)
def reauthenticate(): """The form page to ask user enter their password to revalidate their stale session. If a user let the system remember his or her login at :func:`signup`, we then call it a persistent session. This is because such session will not be expired within just hours of time, nor will it become invalid after quitting the browser. We call a recovered session after a relaunch of the browser or time expiration a stale session. Sometimes we may want to make sure the user owns the permission before taking any operations. In these situations, the stale sessions are not enough. So :class:`reauthenticate` view force the user to refresh their stale session. You may decorate the view by :func:`~railgun.website.credential.fresh_login_required` to ensure this. If the credential passes validation, the user will be redirected to :func:`index` view, unless the `next` argument is given in the query string, where a redirection to `next` will take place. :route: /reauthenticate/ :method: GET, POST :template: reauthenticate.html :form: :class:`~railgun.website.forms.ReAuthenticateForm` """ # Re-authenticate form is just like signin but do not contain "remember" form = ReAuthenticateForm() next_url = request.args.get('next') if form.validate_on_submit(): # Check whether the user exists user = authenticate(current_user.name, form.password.data) if user: confirm_login() return redirect(next_url or url_for('index')) # Report password error flash(_('Incorrect password.'), 'danger') return render_template('reauthenticate.html', form=form, next=next_url)
def create_or_login(resp): h = hashlib.new('ripemd160') session['openid'] = resp.identity_url user = None h.update(resp.identity_url) print session['openid'], h.hexdigest() identity = db.session.query(Identity).filter_by(url=h.hexdigest()).first() if identity: user = db.session.query(User).get(identity.user_id) if user is not None: if g.user.is_authenticated(): confirm_login() g.user = user login_user(user, remember=True) flash(u'Successfully signed in') return redirect_back('main.MainView:index') return redirect(url_for('account.ProfileView:create', next=oid.get_next_url(), name=resp.fullname or resp.nickname, email=resp.email))
def reauth(): """ User re authentication view """ app.logger.debug('User reauth') form = ReauthForm(next=request.args.get('next', None)) #if the login is fresh there is no need to re-authenticate if login_fresh(): return redirect(generate_redirect_url(next_=form.next.data)) if form.validate_on_submit(): user, authenticated = authenticate(current_user.get_username(), form.password.data) if user and authenticated: user.set_last_signon() confirm_login() return redirect(generate_redirect_url(next_=form.next.data)) else: flash('Sorry, invalid login parameters', 'error') return render_template('reauth.html', form=form)
def reauth(): if request.method == "POST": confirm_login() return redirect(request.args.get("next") or '/admin') return redirect('/login/twitter')
def reauth(): if request.method == 'POST': confirm_login() flash(u'Reauthenticated.') return redirect(request.args.get('next') or url_for('api_root')) return render_template('reauth.html')
def _confirm_login(): confirm_login() return u''
def refresh(): # do stuff confirm_login() return True
def reauth(): confirm_login() return u"Login confirmed"