def remote_authorize(*args, **kwargs): """Login via JSON from another application. :param string email: Email associated with user account :param string password: Password assocaited with user account :return bool """ form_class = _security.login_form error_message = 'No credentials provided' if request.json: form = form_class(MultiDict(request.json)) else: abort(403, error_message) if form.validate_on_submit(): login_user(form.user, remember=form.remember.data) after_this_request(_commit) current_user = form.user else: abort(403, error_message) if not hasattr(current_user, 'id'): abort(403, error_message) return True
def register(login_failed=False, **kwargs): if current_user.is_authenticated(): return redirect(request.referrer or '/') form = RegisterForm() ds = get_extension('security', app=current_app).datastore if form.validate_on_submit(): user = ds.create_user( fullname=form.fullname.data, email=form.email.data, password=form.password.data) ds.commit() login_user(user) ds.commit() flash('Account created successfully', 'info') return index(show_modal='profile') if form.errors: show_modal = 'signup' else: show_modal = None return index(register_form=form, show_modal=show_modal)
def login(): if request.method == "GET": if current_user.is_authenticated: return redirect(url_for('main.feed')) else: return render_template('mod_auth/log_in.html') elif request.method == "POST": email = request.form['email'] password = request.form['password'] user_input = user_mongo_utils.get_user(email=email) if user_input is None: error = 'Please write both username and password', 'error' return render_template('mod_auth/log_in.html', error=error) elif user_input != None: password_check = bcrypt.check_password_hash( user_input.password, password) email_check = True if user_input.email == email else False if not email_check: error = 'Wrong email' return render_template('mod_auth/log_in.html', error=error) elif not password_check: error = 'Wrong password' return render_template('mod_auth/log_in.html', error=error) elif password_check and email_check: login_user(user_input) # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(current_user.id)) return redirect(url_for('main.feed'))
def post(self): args = self.reqparse.parse_args() user = User.authenticate(args) if user: login_user(user) return dict(user=user.name()), 200 return 'Invalid username or password', 400
def new_dhbox(): users_and_passes = [] admins_and_passes = [] form = request.form data = {key: request.form.getlist(key)[0] for key in request.form.keys()} for key in data: users_dict = key users_dict = ast.literal_eval(users_dict) users = users_dict['users'] for user in users: if 'name' in user: if 'email' in user: # Then is DH Box admin name_check = User.query.filter(User.name == user['name']).first() email_check = User.query.filter(User.name == user['email']).first() if name_check or email_check: print "Username taken. Already has a DH Box." return str('failure') admin_user = user['name'] admin_email = user['email'] admin_pass = user['pass'] admin_user_object = user_datastore.create_user(email=admin_email, name=admin_user, password=admin_pass) db.session.commit() login_user(admin_user_object) the_new_dhbox = DockerBackend.setup_new_dhbox(admin_user, admin_pass, admin_email) return str('Successfully created a new DH Box.')
def demo(): username = '******' + ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(10)) demo_user_object = user_datastore.create_user(email=username + '@demo.com', name=username, password='******') db.session.commit() login_user(demo_user_object) new_dhbox = DockerBackend.demo_dhbox(username) return redirect('/dhbox/' + username, 301)
def login(): #form = LoginForm() rm = resources.model form = UserLogin() # g.last_login = '' if form.validate_on_submit(): login_user(form.user, remember=False) flash("Logged is successfully.") if session['referer'] != '': if session["referer"] == '/': label_user = db.session.query(rm.Label).filter_by(user_id=current_user.id).first() if label_user: return redirect('/') else: return redirect('/get_label') else: return redirect(session['referer']) else: return redirect('/get_label') else: if request.form.getlist('btn_register'): return redirect('/register') if request.form.getlist('btn_return'): return redirect('/return_label') return render_template('register_label.html', form=form)
def load_or_creator_user(token): '''根据token载入或创建用户 ''' import datetime user = User.query.filter_by(uid = int(token.uid)).first() if user is None: print 'user is not created' # create user user_info = client.users.show.get(uid = token.uid) user = User(token.uid, json.dumps(user_info), json.dumps(token)) user.active = True user.create_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") user.last_login_time = user.create_time db.session.add(user) db.session.commit() login_user(user) else: print 'user has been created' # load user user.token = json.dumps(token) user_info = client.users.show.get(uid = token.uid) user.info = json.dumps(user_info) user.active = True user.last_login_time = datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S") db.session.commit() login_user(user)
def register(provider_id=None): if current_user.is_authenticated(): return redirect(request.referrer or '/') if provider_id: provider = get_provider_or_404(provider_id) connection_values = session.pop('failed_login_connection', None) else: provider = None connection_values = None app.logger.debug("Attemption to register with connection_values: %s" % repr(connection_values)) if connection_values is not None: ds = app.security.datastore fake_email = connection_values['provider_user_id'] + "*****@*****.**" user = ds.create_user(email=fake_email, password="******") ds.commit() connection_values['user_id'] = user.id connect_handler(connection_values, provider) login_user(user) ds.commit() flash('Account created successfully', 'info') return redirect(url_for('index')) return abort(404)
def admin_view_as(): user_id = request.args.get('user_id') u = User.query.filter_by(id=user_id).first() if u: logout_user() login_user(u) return redirect(url_for('client.home'))
def check_if_user_exists(data, *args, **kwargs): if current_user.is_authenticated(): data["user_id"] = current_user.id return user_name = data.get('user_name') user_email = data.get('user_email') user_legacy_email = None if 'user_legacy_email' in data: user_legacy_email = data.get('user_legacy_email') del data['user_legacy_email'] if not user_name: raise ProcessingException(description=ExceptionMessages.MISSING_PARAM.format(param='user_name'), code=401) if not user_email: raise ProcessingException(description=ExceptionMessages.MISSING_PARAM.format(param='user_email'), code=401) user, is_new = models.User.get_or_create_by_email(email=user_email, role_name=Constants.REVIEWER_ROLE, user_legacy_email=user_legacy_email, name=user_name) if not is_new: # TODO maybe display a passwd field if user is not new? raise ProcessingException(description=ExceptionMessages.USER_EXISTS % user_email, code=401) db.session.add(user) db.session.commit() login_user(user) if 'user_name' in data: del data['user_name'] del data['user_email'] data['user_id'] = user.id
def login(self): parser = self.get_parser() parser.add_argument('phone', type=str, required=True, location='json') parser.add_argument('password', type=StringParam.check, required=True, location='json', min=6, max=20) phone, password = self.get_params('phone', 'password') password = hashlib.md5(password).hexdigest().upper() user = user_datastore.find_user(phone=phone) if not user or user.password != password or not (user.has_role( RoleType.admin) or user.has_role(RoleType.student)): self.bad_request(errorcode.INVALID_USER) login_user(user, True) user.last_login_time = datetime.now() user.save() role_name = RoleType.admin if len( user.roles) > 1 else user.roles[0].name return { 'id': user.id, 'role': role_name, 'chinese_name': user.chinese_name, 'english_name': user.english_name }
def twitter_authenticated(): pincode = request.args.get('oauth_verifier') consumer = oauth.Consumer(key=consumer_key, secret=consumer_secret) token = oauth.Token(session['request_token']['oauth_token'], session['request_token']['oauth_token_secret']) client = oauth.Client(consumer, token) body = urllib.urlencode({'oauth_callback': callback_uri, 'oauth_verifier': pincode }) resp, content = client.request(access_token_url, "POST", body=body) if resp['status'] != '200': raise Exception("Invalid response from Twitter."+ resp['status']) """ This is what you'll get back from Twitter. Note that it includes the user's user_id and screen_name. { 'oauth_token_secret': 'IcJXPiJh8be3BjDWW50uCY31chyhsMHEhqJVsphC3M', 'user_id': '120889797', 'oauth_token': '120889797-H5zNnM3qE0iFoTTpNEHIz3noL9FKzXiOxwtnyVOD', 'screen_name': 'heyismysiteup' } """ access_token = dict(cgi.parse_qsl(content)) user = User.query.filter_by(username=access_token['screen_name']).first() if user is None: role = Role.query.filter(Role.name=="User").first() user = user_datastore.create_user(username=access_token['screen_name'], email="email", password="******") user_datastore.add_role_to_user(user, role) user.oauth_token = access_token['oauth_token'] user.oauth_secret = access_token['oauth_token_secret'] user.social = "twitter" db.session.commit() login_user(user) return redirect(url_for('blog.index'))
def login(): if request.method == 'GET': next = request.values.get('next', '/') return render_template('security/login.html', next=next) elif request.method == 'POST': u = User(email=request.values.get('email')) security.login_user(u)
def _authenticate(self, data_dict): user = _security.datastore.find_user(email=data_dict["email"]) if verify_password(data_dict["password"], user.password): login_user(user) else: raise t.DataError({"email": "Can't find anyone with this credentials"}) return data_dict
def post(self): parser = request.get_json() email = parser.get('email') password = parser.get('password') if email is None or password is None: abort(400) # missing arguments user = user_datastore.create_user(email=email,password=utils.encrypt_password(password)) login_user(user, remember = True) return 201
def login(): form = LoginForm() if form.validate_on_submit(): username = request.form['username'] password = request.form['password'] session['user_id'] = form.user.id user = User.objects.filter(username=username, password=password).get() login_user(user, remember=False) return redirect(url_for('/user')) return render_template('security/login_user.html', login=form)
def _authenticate(self, data_dict): user = security.datastore.find_user(email=data_dict['email']) if verify_password(data_dict.get('password'), user.password): login_user(user) else: raise t.DataError( {'email': "Can't find anyone with this credentials"}) return data_dict
def login_view(self): # handle user login form = LoginForm(request.form) if helpers.validate_form_on_submit(form): if form.validate(): login_user(form.user) if current_user.is_authenticated(): return redirect(url_for('.index')) return redirect(url_for_security('login', next=url_for('.index')))
def _authenticate(self, data_dict): user = security.datastore.find_user(email=data_dict['email']) if verify_password(data_dict.get('password'), user.password): login_user(user) else: raise t.DataError({ 'email': "Can't find anyone with this credentials" }) return data_dict
def wechat_bind(): user = GitlabAccount.authorize( request.values["state"], request.values["code"] ) logout_user() login_user(user) db.session.commit() return redirect(url_for("index"))
def post(self): args = reqparse.RequestParser() \ .add_argument('username', type=str, location='json', required=True, help="用户名不能为空") \ .add_argument("password", type=str, location='json', required=True, help="密码不能为空") \ .parse_args() user = User.authenticate(args['username'], args['password']) if user: login_user(user=user) return {"message": "登录成功", "token": user.get_auth_token()}, 200 else: return {"message": "用户名或密码错误"}, 401
def login(): form = LoginForm() print request.args if form.validate_on_submit(): # login and validate the user... login_user(form.user, remember=form.remember.data) flash("Bienvenido!") return redirect(form.next.data) next_s = request.args.get("next") if request.method == "POST": flash(u"Contraseña o Usuario incorrecto. Intente nuevamente.") return render_template("login.html", form=form, next=next_s)
def demo(): username = '******' + ''.join( random.choice(string.ascii_uppercase + string.digits) for _ in range(10)) demo_user_object = user_datastore.create_user(email=username + '@demo.com', name=username, password='******', dhbox_duration=3600) db.session.commit() login_user(demo_user_object) DockerBackend.demo_dhbox(username) return redirect('/dhbox/' + username, 301)
def login(): form_class = _security.login_form form = form_class() if form.validate_on_submit(): login_user(form.user, remember=form.remember.data) after_this_request(_commit) if not request.json: return redirect(get_post_login_redirect(form.next.data)) return render_html('content/login.html', login_user_form=form)
def user_login(): form = LoginForm() next = request.args.get('next') if form.validate_on_submit(): flash('Successfully logged in as %s' % form.user.username) session['user_id'] = form.user.id user = User.query.get(form.user.id) login_user(user) if next != "None": return redirect(next) else: return redirect(url_for('blog.index')) return render_template('login.html', form=form)
def on_login_failed(sender, provider, oauth_response): connection_values = get_connection_values_from_oauth_response( provider, oauth_response) connection_values['display_name'] = connection_values['display_name'][ 'givenName'] + " " + connection_values['display_name']['familyName'] connection_values['full_name'] = connection_values['display_name'] session['google_id'] = connection_values['provider_user_id'] user = user_datastore.create_user(google_id=session['google_id']) user_datastore.commit() connection_values['user_id'] = user.id connect_handler(connection_values, provider) login_user(user) db.session.commit() return render_template('index.html')
def fb_authorized(): # check to make sure the user authorized the request if not 'code' in request.args: flash('You did not authorize the request') return redirect(url_for('auth.login')) # make a request for the access token credentials using code redirect_uri = url_for('auth.fb_authorized', _external=True) data = { 'code': request.args['code'], 'grant_type': 'authorization_code', 'redirect_uri': redirect_uri } # authorize_url = facebook.get_authorize_url(request_token) session = facebook.get_auth_session(data=data) # session = OAuth2Session(facebook.client_id, facebook.client_secret, access_token=data['code']) # the "me" response me = session.get( '/me?locale=en_US&fields=first_name,last_name,email,about,picture' ).json() first_name = me['first_name'] last_name = me['last_name'] password = ''.join(random.choice('abcdefghij') for _ in range(10)) id = me['id'] user_json = { "facebook_id": id, "name": first_name, "lastname": last_name, "email": '', "username": first_name + last_name + '-' + str(ObjectId()), "password": bcrypt.generate_password_hash(password, rounds=12), "active": True, "user_slug": slugify(first_name + ' ' + last_name), "roles": [user_mongo_utils.get_role_id('individual')], "organization": [] } user = user_mongo_utils.get_user_by_facebook_id(id) if user == None: # Regiser user user_mongo_utils.add_user(user_json) user = user_mongo_utils.get_user_by_facebook_id(id) # login user login_user(user) else: login_user(user) return redirect(url_for('profile.profile_settings', username=user.username))
def register_new_user(**kwargs): from survaider.security.controller import user_datastore reg_dat = get_connection_values_from_oauth_response(kwargs['provider'], kwargs['oauth_response']) user = user_datastore.create_user(email = reg_dat['email'], password = str(uuid.uuid4())) user.metadata['full_name'] = reg_dat['full_name'] if 'full_name' in reg_dat else reg_dat['display_name'] if 'display_name' in reg_dat else None user.save() reg_dat['user_id'] = str(user) connect_handler(reg_dat, kwargs['provider']) login_user(user) return True
def login_user_if_possible(data, *args, **kwargs): if "user_email" in data and "user_password" in data: email = data["user_email"] password = data["user_password"] user = models.User.query.filter_by(email=email).first() if not user: raise ProcessingException(description='unauthorized', code=401) if not verify_password(password, user.password): raise ProcessingException(description='unauthorized', code=401) login_user(user) del data["user_password"] if 'user_name' in data: del data['user_name'] del data['user_email'] data["user_id"] = user.id
def post(self): parser = request.get_json() if parser is None: abort(400) email = parser.get('email') password = parser.get('password') if email is None or password is None: abort(400) if user_datastore.find_user(email=email) is None: abort(403) user = user_datastore.find_user(email=email) if user.verify_password(password) is False: abort(403) login_user(user, remember = True) return jsonify({"message": "Login as %s" % current_user.email})
def post(self): data = get_data() if data is not None: form = self.form_class(MultiDict(data)) else: form = self.form_class() if form.validate_on_submit(): login_user(form.user, remember=form.remember.data) after_this_request(_commit) # This returns the response and the status code. See function. return authentication_response(form) return form.as_json(), 400
def login(): if current_user.is_authenticated(): return redirect(request.referrer or '/') form = LoginForm() if form.validate_on_submit(): login_user(form.user, remember=form.remember.data) return redirect(get_post_login_redirect()) return render_template('security/login.html', active_nav_band = "Login", form=form)
def return_label(): ''' Retrun label ''' rm = resources.model fill_selects() weather = get_weather() if weather: track = db.session.query(rm.Track).filter_by(id=weather.track).first() g.session = weather.session else: track = False if not track: name = u"Трек не выбран" else: name = track.name form = ReturnLabel() if current_user.is_anonymous(): g.anonymous = 1 user_info = None else: g.anonymous = 0 user_info = db.session.query(rm.UserInfo).filter_by(id=current_user.user_info).first() if form.validate_on_submit(): rf = request.form if rf.getlist('btn_user_ok'): login_user(form.user, remember=False) if current_user.is_active(): g.anonymous = 0 user_info = db.session.query(rm.UserInfo).filter_by(id=current_user.user_info).first() if rf.getlist('btn_ok'): label=re.sub(r'(\.)+',r'',rf.getlist('label_id')[0]) label_id = db.session.query(rm.Label).filter_by(label_id=label).first() if label_id == None: g.label_id = 'None' return render_template('return_label.html', form=form, weather=weather, track=name, user_info=user_info) if label_id != None and label_id.user_id == 0: g.label_id = 0 return render_template('return_label.html', form=form, weather=weather, track=name, user_info=user_info) if label_id != None and label_id.user_id > 0: # g.label_id = label_id.label_id db.session.query(rm.Label).filter_by(label_id=label).update({'user_id':0}) db.session.commit() return render_template('return_label.html', form=form, weather=weather, track=name, user_info=user_info) if rf.getlist('btn_cancel'): return redirect('/admin') return render_template('return_label.html', form=form, weather=weather, track=name, user_info=user_info)
def fake_login(): """ Dummy login function. Logs in any user without password. This should only made available during development! This currently is only added to the URL rules if the application is started manually. When running as a WSGI app (f.ex.: behind Apache), this route is unavailable for obvious reasons. """ from flask.ext.security import login_user from flask import request if not current_app.debug: return 'Access Denied!', 500 usermail = request.args.get('email', '*****@*****.**') user_query = mdl.DB.session.query(mdl.User).filter_by(email=usermail) user = user_query.first() if not user: user = current_app.user_datastore.create_user( email=usermail, name='Fake User', active=True, confirmed_at=datetime.now(), ) else: mdl.DB.session.add(user) if 'admin' in usermail: role_query = mdl.DB.session.query(mdl.Role).filter_by( name=mdl.Role.ADMIN) try: role = role_query.one() except NoResultFound: role = mdl.Role(name=mdl.Role.ADMIN) user.roles.append(role) elif 'staff' in usermail: role_query = mdl.DB.session.query(mdl.Role).filter_by(name='staff') try: role = role_query.one() except NoResultFound: role = mdl.Role(name=mdl.Role.STAFF) user.roles.append(role) current_app.user_datastore.commit() login_user(user) mdl.DB.session.commit() return redirect(url_for('root.profile'))
def authenticate(): """ Authenticate user email: valid, registered email address password: valid password for email """ payload = get_post_payload() email = param_required('email', payload) password = param_required('password', payload) user = models.User.query.filter_by(email=email).first() if not user: raise DbException('unknown user', 400) if not verify_password(password, user.password): raise DbException('invalid password', 400) login_user(user) return jsonify({})
def get_object(self, id): """ overriding base get_object flow """ if request.json and 'token' in request.json: token = request.json['token'] expired, invalid, instance = confirm_email_token_status(token) confirm_user(instance) instance.save() login_user(instance, True) elif current_user.is_superuser(): instance = User.query.get_or_404(id) else: instance = current_user instance is None and abort(http.NOT_FOUND) return instance
def google_authorized(): # check to make sure the user authorized the request if not 'code' in request.args: flash('You did not authorize the request') return redirect(url_for('auth.login')) # make a request for the access token credentials using code redirect_uri = url_for('auth.google_authorized', _external=True) data = { 'code': request.args['code'], 'grant_type': 'authorization_code', 'redirect_uri': redirect_uri } g_session = google.get_auth_session(data=data, decoder=json.loads) me = g_session.get('userinfo').json() first_name = me['given_name'] last_name = me['family_name'] password = ''.join(random.choice('abcdefghij') for _ in range(10)) id = me['id'] user_json = { "facebook_id": id, "name": first_name, "lastname": last_name, "email": '', "username": first_name + last_name + '-' + str(ObjectId()), "password": bcrypt.generate_password_hash(password, rounds=12), "active": True, "user_slug": slugify(first_name + ' ' + last_name), "roles": [user_mongo_utils.get_role_id('individual')], "organization": [] } user = user_mongo_utils.get_user_by_facebook_id(id) if user == None: # Regiser user user_mongo_utils.add_user(user_json) user = user_mongo_utils.get_user_by_facebook_id(id) # login user login_user(user) else: login_user(user) return redirect(url_for('profile.profile_settings', username=user.username))
def register(provider_id=None): print 'REGISTER' if current_user.is_authenticated(): return redirect(request.referrer or '/') print 'HELLLLLLOOOOO' form = RegisterForm() if provider_id: print provider_id provider = get_provider_or_404(provider_id) connection_values = session.get('failed_login_connection', None) else: provider = None connection_values = None print 'true?' print provider print connection_values print form.validate_on_submit() print form.email.data if provider and connection_values and form.validate_on_submit(): char_set = string.ascii_uppercase + string.digits ds = current_app.security.datastore user = ds.create_user(email=form.email.data, password=''.join(random.sample( char_set * 32, 32))) user.api_key = ''.join(random.sample(char_set * 32, 32)) ds.commit() # See if there was an attempted social login prior to registering # and if so use the provider connect_handler to save a connection connection_values = session.pop('failed_login_connection', None) if connection_values: connection_values['user_id'] = user.id connect_handler(connection_values, provider) if login_user(user): ds.commit() flash('Account created successfully', 'info') return redirect(url_for('profile')) return render_template('thanks.html', user=user) login_failed = int(request.args.get('login_failed', 0)) print "login failed? " print login_failed return render_template('register.html', form=form, provider=provider, login_failed=login_failed, connection_values=connection_values)
def register_new_user(**kwargs): from survaider.security.controller import user_datastore reg_dat = get_connection_values_from_oauth_response( kwargs['provider'], kwargs['oauth_response']) user = user_datastore.create_user(email=reg_dat['email'], password=str(uuid.uuid4())) user.metadata['full_name'] = reg_dat[ 'full_name'] if 'full_name' in reg_dat else reg_dat[ 'display_name'] if 'display_name' in reg_dat else None user.save() reg_dat['user_id'] = str(user) connect_handler(reg_dat, kwargs['provider']) login_user(user) return True
def check_if_user_exists(data, *args, **kwargs): if current_user.is_authenticated(): data["user_id"] = current_user.id return user_name = data.get('user_name') user_email = data.get('user_email') user_legacy_email = None if 'user_legacy_email' in data: user_legacy_email = data.get('user_legacy_email') del data['user_legacy_email'] if not user_name: raise ProcessingException( description=ExceptionMessages.MISSING_PARAM.format( param='user_name'), code=401) if not user_email: raise ProcessingException( description=ExceptionMessages.MISSING_PARAM.format( param='user_email'), code=401) user, is_new = models.User.get_or_create_by_email( email=user_email, role_name=Constants.REVIEWER_ROLE, user_legacy_email=user_legacy_email, name=user_name) if not is_new: # TODO maybe display a passwd field if user is not new? raise ProcessingException(description=ExceptionMessages.USER_EXISTS % user_email, code=401) db.session.add(user) db.session.commit() login_user(user) if 'user_name' in data: del data['user_name'] del data['user_email'] data['user_id'] = user.id
def sign_up(): if request.method == "GET": return render_template('mod_auth/sign_up.html') elif request.method == "POST": name = request.form['name'] lastname = request.form['lastname'] email = request.form["email"] password = request.form["password"] confirm_password = request.form['confirm_password'] user_check = user_mongo_utils.get_user(email=email) if user_check: error = "A user with that e-mail already exists in the database" return render_template('mod_auth/sign_up.html', error=error) else: if password == confirm_password: user_json = { "name": name, "lastname": lastname, "email": email, "username": name + lastname + '-' + str(ObjectId()), "password": bcrypt.generate_password_hash(password, rounds=12), "active": True, "user_slug": slugify(name + ' ' + lastname), "roles": [user_mongo_utils.get_role_id('individual')], "organization": [] } # Regiser user user_mongo_utils.add_user(user_json) # login user user_data = user_mongo_utils.get_user(email=email) login_user(user_data) return redirect( url_for('profile.profile_settings', username=user_data.username)) else: error = "Passowrds didn't match" return render_template('mod_auth/sign_up.html', error=error)
def new_dhbox(): data = {key: request.form.getlist(key)[0] for key in request.form.keys()} for key in data: users_dict = key users_dict = ast.literal_eval(users_dict) users = users_dict['users'] for user in users: if 'name' in user: if 'email' in user: # Then is DH Box admin name_check = User.query.filter( User.name == user['name']).first() email_check = User.query.filter( User.name == user['email']).first() if name_check or email_check: print "Username taken. Already has a DH Box." return str('failure') admin_user = user['name'] admin_email = user['email'] admin_pass = user['pass'] if user['duration'] == 'day': duration = 86400 elif user['duration'] == 'week': duration = 604800 else: duration = 2592000 # if user['duration'] == 'week': # duration = 604800 # elif user['duration'] == 'month': # duration = 2592000 # else: # duration = 13148730 admin_user_object = user_datastore.create_user( email=user['email'], name=user['name'], password=user['pass'], dhbox_duration=duration) db.session.commit() login_user(admin_user_object) the_new_dhbox = DockerBackend.setup_new_dhbox( admin_user, admin_pass, admin_email) return str('Successfully created a new DH Box.')
def login(): """For GET requests, display the login form. For POSTS, login the current user by processing the form and storing the taskid.""" msg='' form = LoginForm() if form.validate_on_submit(): try: user = User.query.get(int(form.userid.data)) except: user = False #check if task id belongs to user try: task_id = tasks_users.query.filter_by(task_id=form.taskid.data).first() 1/(task_id.user_id==user.id) except: user = False if user: user.authenticated = True db.session.add(user) db.session.commit() #log the user in login_user(user, remember=True) #set up task flask.session['taskid']=form.taskid.data #get all buildings gids from task and storing in session flask.session['bdg_gids'] = task.query.filter_by(id=flask.session['taskid']).first().bdg_gids #get all img gids from task and storing in session flask.session['img_gids'] = task.query.filter_by(id=flask.session['taskid']).first().img_ids #flags for screened buildings flask.session['screened'] = [False]*len(flask.session['bdg_gids']) #language is set in babel locale in __init__.py #get gid's of attribute values as defined in dic_attribute_value as python dictionary dic_attribute_val_query=dic_attribute_value.query.all()#.options(load_only("gid","attribute_value")) dic_attribute_val_py={} for attribute in dic_attribute_val_query: dic_attribute_val_py[attribute.attribute_value] = attribute.gid flask.session['dic_attribute_val_py']=dic_attribute_val_py return flask.redirect(flask.url_for("main")) else: msg='Wrong combination of UserID and TaskID' return flask.render_template("index.htm", form=form,msg=msg)
def foursquare_login(): import foursquare client = foursquare.Foursquare( client_id=app.config['FOURSQUARE_CLIENT_ID'], client_secret=app.config['FOURSQUARE_CLIENT_SECRET'], redirect_uri=url_for('.foursquare_login', _external=True)) if 'error' in request.args: flash('Foursquare login failed: {}'.format(request.args['error'])) return redirect(url_for_security('login'), 307) elif 'code' in request.args: access_token = client.oauth.get_token(request.args['code']) client.set_access_token(access_token) foursquare_user = client.users() try: email = foursquare_user['user']['contact']['email'] except KeyError: app.logger.debug( "Failed to pluck email from {}".format(foursquare_user), exc_info=True) flash("Couldn't determine your email address from Foursquare") return redirect(url_for_security('login'), 307) user = user_datastore.find_user(email=email) if user is None: user = user_datastore.create_user(email=email) if user.foursquare_access_token != access_token: user.foursquare_access_token = access_token user_datastore.commit() login_user(user) # TODO: stuff next into the session, pull it back out here declared = session.pop('FOURSQUARE_POST_LOGIN_NEXT', None) redirect_to = get_post_login_redirect(declared=declared) return redirect(redirect_to, 307) else: auth_uri = client.oauth.auth_url() session['FOURSQUARE_POST_LOGIN_NEXT'] = request.args.get('next') return redirect(auth_uri, 307)
def another_try(app, provider_id, oauth_response): connect_handler = providers[provider_id].connect_handler connection_values = connect_handler.get_connection_values(oauth_response) user_kwargs = { 'first_name': connection_values['display_name'], 'email': "{}@{}".format(connection_values['provider_user_id'], connection_values['provider_id']), 'password': uuid.uuid4().hex, 'roles': [app.config['USER_ROLE']] } user = user_ds.find_user(email=user_kwargs['email']) or \ user_ds.create_user(**user_kwargs) connection_values['user_id'] = user.id connection_ds.create_connection(**connection_values) connection_ds.commit() login_user(user) redirect('/account/')
def post(self): """ Registers a user. JSON params - username (string), password (string) Returns - form with inline errors if error, authentication response otherwise. """ data = get_data() if data is not None: form = self.form_class(MultiDict(data)) else: form = self.form_class() if form.validate_on_submit(): user = register_user(**form.to_dict()) form.user = user if not _security.confirmable or _security.login_without_confirmation: after_this_request(_commit) login_user(user) # This returns the response and the status code. See function. return authentication_response(form) return form.as_json(), 400
def register(login_failed=False, **kwargs): if current_user.is_authenticated(): return redirect(request.referrer or '/') form = RegisterForm() ds = get_extension('security', app=current_app).datastore if form.validate_on_submit(): user = ds.create_user(fullname=form.fullname.data, email=form.email.data, password=form.password.data) ds.commit() login_user(user) ds.commit() flash('Account created successfully', 'info') return index(show_modal='profile') if form.errors: show_modal = 'signup' else: show_modal = None return index(register_form=form, show_modal=show_modal)
def _login_handler(provider_id, provider_user_id, oauth_response): """Shared method to handle the signin process """ if current_user.is_authenticated(): return redirect("/") display_name = get_display_name(provider_id) current_app.logger.debug('Attempting login via %s with provider user ' '%s' % (display_name, provider_user_id)) try: method = connection_datastore.get_connection_by_provider_user_id connection = method(provider_id, provider_user_id) user = user_datastore.with_id(connection.user_id) if login_user(user): redirect_url = session.pop(POST_OAUTH_LOGIN_SESSION_KEY, get_post_login_redirect()) current_app.logger.debug('User logged in via %s. Redirecting to ' '%s' % (display_name, redirect_url)) return redirect(redirect_url) else: current_app.logger.info('Inactive local user attempted ' 'login via %s.' % display_name) do_flash("Inactive user", "error") except ConnectionNotFoundError: current_app.logger.info('Login attempt via %s failed because ' 'connection was not found.' % display_name) msg = '%s account not associated with an existing user' % display_name do_flash(msg, 'error') """ except Exception, e: current_app.logger.error('Unexpected error signing in ' 'via %s: %s' % (display_name, e)) """ social_login_failed.send(current_app._get_current_object(), provider_id=provider_id, oauth_response=oauth_response) return redirect(login_manager.login_view)
def login(): form = LoginForm() if request.method == "POST" and "username" in request.form: username = request.form["username"] password = request.form["password"] remember = request.form.get("remember", "no") == "yes" user = User.query.filter_by(username=username, password=password).first() # TODO Hash password for check if user: if login_user(user, remember=remember): flash("Logged in!") return redirect(request.args.get("next") or url_for("index")) else: flash("Sorry, but you could not log in.") else: flash("Invalid username.") return render_template("login.html", form=form)
def register(provider_id=None): if current_user.is_authenticated(): return redirect(request.referrer or '/') form = RegisterForm() if provider_id: provider = get_provider_or_404(provider_id) connection_values = session.get('failed_login_connection', None) else: provider = None connection_values = None if form.validate_on_submit(): ds = current_app.security.datastore user = ds.create_user(email=form.email.data, password=form.password.data) ds.commit() # See if there was an attempted social login prior to registering # and if so use the provider connect_handler to save a connection connection_values = session.pop('failed_login_connection', None) if connection_values: connection_values['user_id'] = user.id connect_handler(connection_values, provider) if login_user(user): ds.commit() flash('Account created successfully', 'info') return redirect(url_for('profile')) return render_template('thanks.html', user=user) login_failed = int(request.args.get('login_failed', 0)) return render_template('register.html', form=form, provider=provider, login_failed=login_failed, connection_values=connection_values)
def setUp(self): ctx = self.app.test_request_context('/') ctx.push() login_user(self.SHOP_OWNER_USER)
def facebook_authorized(resp): next_url = request.args.get('next') or '/' if resp is None or 'access_token' not in resp: return redirect(next_url) session['facebook_token'] = (resp['access_token'], '') data = facebook.get('/me').data profile_picture = 'https://graph.facebook.com/' + data[ 'id'] + '/picture?width=1000' # profile_picture = facebook.get('/me/picture').data if 'id' in data and 'name' in data and 'email' in data and 'link' in data: provider_user_id = data['id'] name = data['name'] username = data['username'] user_email = data['email'] profile_url = data['link'] # profile_picture = profile_picture['url'] generated_name = str(uuid.uuid1()) + '.jpg' user = User.query.filter(User.email == user_email).first() if not user: user = users.create_user(name=name, email=user_email, password=None, active=True) users.commit() current_user_id = str(user.id) folder_path = app.config[ 'UPLOADS_FOLDER'] + '/user/' + current_user_id + '/' new_folder = os.path.dirname(folder_path) if not os.path.exists(new_folder): os.makedirs(new_folder) filepath = os.path.join(folder_path, generated_name) urllib.urlretrieve(profile_picture, filepath) new_photo = 'user/' + current_user_id + '/' + generated_name User.query.filter(User.id == user.id).update( {User.photo: new_photo}) connection = Connection.query.filter( Connection.user_id == user.id, Connection.provider_id == 'facebook').first() if not connection: print "no prior connection" connection = Connection(user=user, provider_id='facebook', provider_user_id=provider_user_id, access_token=resp['access_token'], profile_url=profile_url, image_url=generated_name, full_name=name, display_name=username) db.session.add(connection) db.session.commit() else: print "updating prior connection" connection.access_token = resp['access_token'] db.session.commit() if connection and login_user(user): users.commit() return redirect(next_url) return redirect("/login")