def decorated_function(*args, **kwargs): remote_address = request.environ["REMOTE_ADDR"] client_address = request.environ.get("HTTP_X_FORWARDED_FOR", remote_address) rest_request = request.path.startswith("/rest/") endpoint = "/".join(request.path.split("/")[:2 + rest_request]) request_property = f"{request.method.lower()}_requests" endpoint_rbac = vs.rbac[request_property].get(endpoint) if not current_user.is_authenticated: login_user(db.get_user("admin")) username = getattr(current_user, "name", "Unknown") if not endpoint_rbac: status_code = 404 else: try: result = function(*args, **kwargs) status_code = 200 except (db.rbac_error, Forbidden): status_code = 403 except NotFound: status_code = 404 except Exception: status_code, traceback = 500, format_exc() log = (f"USER: {username} ({client_address}) - " f"{request.method} {request.path} ({status_code})") if status_code == 500: log += f"\n{traceback}" env.log(Server.status_log_level[status_code], log, change_log=False) if status_code == 200: return result elif endpoint == "/login" or request.method == "GET" and not rest_request: if (not current_user.is_authenticated and not rest_request and endpoint != "/login"): url = url_for("blueprint.route", page="login", next_url=request.url) return redirect(login_url(url)) next_url = request.args.get("next_url") login_link = login_url( url_for("blueprint.route", page="login", next_url=next_url)) return ( render_template("error.html", error=status_code, login_url=login_link), status_code, ) else: error_message = Server.status_error_message[status_code] alert = f"Error {status_code} - {error_message}" return jsonify({"alert": alert}), status_code
def test_login_url_generation(self): PROTECTED = 'http://localhost/protected' self.assertEqual('/login?n=%2Fprotected', login_url('/login', PROTECTED, 'n')) self.assertEqual('/login?next=%2Fprotected', login_url('/login', PROTECTED)) expected = 'https://auth.localhost/login' + \ '?next=http%3A%2F%2Flocalhost%2Fprotected' self.assertEqual(expected, login_url('https://auth.localhost/login', PROTECTED)) self.assertEqual('/login?affil=cgnu&next=%2Fprotected', login_url('/login?affil=cgnu', PROTECTED))
def pga_unauthorised(): lm = current_app.login_manager login_message = None if lm.login_message: if lm.localize_callback is not None: login_message = lm.localize_callback(lm.login_message) else: login_message = lm.login_message if not lm.login_view or request.is_xhr: # Only 401 is not enough to distinguish pgAdmin login is required. # There are other cases when we return 401. For eg. wrong password # supplied while connecting to server. # So send additional 'info' message. return make_json_response( status=401, success=0, errormsg=login_message, info='PGADMIN_LOGIN_REQUIRED' ) if login_message: flash(login_message, category=lm.login_message_category) return redirect(login_url(lm.login_view, request.url))
def pga_unauthorised(): lm = current_app.login_manager login_message = None if lm.login_message: if lm.localize_callback is not None: login_message = lm.localize_callback(lm.login_message) else: login_message = lm.login_message if not lm.login_view or request.is_xhr: # Only 401 is not enough to distinguish pgAdmin login is required. # There are other cases when we return 401. For eg. wrong password # supplied while connecting to server. # So send additional 'info' message. return make_json_response(status=401, success=0, errormsg=login_message, info='PGADMIN_LOGIN_REQUIRED') if login_message: flash(login_message, category=lm.login_message_category) return redirect(login_url(lm.login_view, request.url))
def unauthorize_loader(): '''callback method required by unautorized_handler of login_manager this method is executed, if authentication is failed or never login @return: redirect login page ''' print('unauth') return redirect(login_url('login', request.url))
def unauthorized_callback(): if request.method == 'GET': response = redirect(login_url('accounts.login', request.url)) return response return redirect(url_for('accounts.login'))
def decorated_function(request_id, *args, **kwargs): if not current_user.is_authenticated or current_user.is_anonymous: return redirect( login_url(login_manager.login_view, next_url=request.url)) return f(request_id) if is_allowed( user=current_user, request_id=request_id, permission=permission) else abort(403)
def test_login_url_generation_with_view(self): app = Flask(__name__) login_manager = LoginManager() login_manager.init_app(app) @app.route('/login') def login(): return '' with app.test_request_context(): self.assertEqual('/login?next=%2Fprotected', login_url('login', '/protected'))
def unauthorized(): """Called when the user tries to access an endpoint guarded with login_required but they are not authorized. Endpoints like /dashboard, /program/1, etc. redirect the user to the /login page. Endpoints like /api /query, /import, etc. resolve with 401 UNAUTHORIZED and a simple json error object. """ if (re.match(r'^(\/api|\/query|\/search)', request.path) or request.headers.get('X-Requested-By') == 'GGRC'): return json.dumps({'error': 'unauthorized'}), 401 return redirect(login_url('/login', request.url))
def unauthorized(): """Called when the user tries to access an endpoint guarded with login_required but they are not authorized. Endpoints like /dashboard, /program/1, etc. redirect the user to the /login page. Endpoints like /api /query, /import, etc. resolve with 401 UNAUTHORIZED and a simple json error object. """ if (re.match(r'^(\/api|\/query|\/search)', request.path) or request.headers.get('X-Requested-By') == 'gGRC'): return json.dumps({'error': 'unauthorized'}), 401 return redirect(login_url('/login', request.url))
def post(self): """ API interface for user registration """ if not current_user.is_authenticated: return auth_ns.abort(401, _('Invalid user')) # load submitted data name = auth_ns.payload['name'] if 'name' in auth_ns.payload else '' email = auth_ns.payload['email'] if 'email' in auth_ns.payload else '' password = auth_ns.payload[ 'password'] if 'password' in auth_ns.payload else '' # mimic the SignupForm form = SignupForm( data={ 'name': name, 'email': email, 'password': password, 'password2': password, }) form.skip_csrf_validation() status_code = 200 msg = '' # input data validation if form.validate_on_submit(): usvc = UserService() user, token, error = usvc.register_user(name, email, password) if user and token: # triger activation email confirm_url = login_url(login_view=url_for(all_urls['login'], _external=True), next_url=url_for( all_urls['confirm_email'], token=token.token)) html = render_template('activate.html', confirm_url=confirm_url) subject = _('Please confirm your email') send_email(current_app, user.email, subject, html) return normal_response() else: status_code = 401 msg = error or _('Unknown error in user registration') else: status_code = 401 msg = form.extract_errors() or _('Invalid username or password') return auth_ns.abort(status_code, msg or _('Unknown error'))
def signup(): # Bypass Login screen if user is logged in if current_user.is_authenticated: return redirect(url_for(all_urls['home'])) form = SignupForm() if request.method == 'POST' and form.validate_on_submit(): name = request.form.get('name', None) email = request.form.get('email', None) password = request.form.get('password', None) password2 = request.form.get('password2', None) if password and password2 and password == password2: usvc = UserService() user, token, error = usvc.register_user(name, email, password) if user and token: # triger activation email confirm_url = login_url( login_view=url_for( all_urls['login'], _external=True ), next_url=url_for( all_urls['confirm_email'], token=token.token )) html = render_template( 'activate.html', confirm_url=confirm_url ) subject = _('Please confirm your email') send_email(current_app, user.email, subject, html) flash( _('Activation email has been sent to your email box. Please confirm your email first.'), 'info' ) return redirect(request.args.get('next') or url_for(all_urls['login'])) else: flash(error or _('Unknown error in user registration'), 'error') else: flash(_('Both passwords must be the same.'), 'error') return render_template( 'signup.html', title=_('Sign Up'), form=form, url_login=url_for(all_urls['login']), url_signup=url_for(all_urls['signup']) )
def unauthorized(): if not login_manager.login_view: abort(401) return redirect(login_url(login_manager.login_view, request.url))
def decorated_function(request_id, *args, **kwargs): if not current_user.is_authenticated or current_user.is_anonymous: return redirect(login_url(login_manager.login_view, next_url=request.url)) return f(request_id) if is_allowed(user=current_user, request_id=request_id, permission=permission) else abort(403)
def test_login_url_no_next_url(self): self.assertEqual(login_url('/foo'), '/foo')
def get_response_content(response_id): """ Currently only supports File Responses. Request Parameters: - token: (optional) ephemeral access token :return: response file contents or redirect to login if user not authenticated and no token provided or 400 error if response/file not found """ response_ = Responses.query.filter_by(id=response_id, deleted=False).one() if response_ is not None and response_.type == FILE: upload_path = os.path.join( current_app.config["UPLOAD_DIRECTORY"], response_.request_id ) filepath_parts = ( upload_path, response_.name ) filepath = os.path.join(*filepath_parts) serving_path = os.path.join( current_app.config['UPLOAD_SERVING_DIRECTORY'], response_.request_id, response_.name ) token = flask_request.args.get('token') if fu.exists(filepath): if response_.is_public: # then we just serve the file, anyone can view it @after_this_request def remove(resp): os.remove(serving_path) return resp return fu.send_file(*filepath_parts, as_attachment=True) else: # check presence of token in url if token is not None: resptok = ResponseTokens.query.filter_by( token=token, response_id=response_id).first() if resptok is not None: if response_.privacy != PRIVATE: @after_this_request def remove(resp): os.remove(serving_path) return resp return fu.send_file(*filepath_parts, as_attachment=True) else: delete_object(resptok) # if token not included, nonexistent, or is expired, but user is logged in if current_user.is_authenticated: # user is agency or is public and response is not private if (((current_user.is_public and response_.privacy != PRIVATE) or current_user.is_agency) # user is associated with request and UserRequests.query.filter_by( request_id=response_.request_id, user_guid=current_user.guid ).first() is not None): @after_this_request def remove(resp): os.remove(serving_path) return resp return fu.send_file(*filepath_parts, as_attachment=True) # user does not have permission to view file return abort(403) else: # redirect to login return redirect(login_url( login_manager.login_view, next_url=url_for('request.view', request_id=response_.request_id) )) return abort(404) # file does not exist
def unauthorized(): if request.method == 'GET': flash('Please log in to access this page', 'error') return redirect(login_url(url_for('login')))
def unauthorized(): flash('Please log in to access this page.', 'error') return redirect(login_url('login', request.url))
__author__ = 'mikec' import uuid from flask import Flask app = Flask(__name__) app.secret_key=uuid.uuid4().hex app.secret_key='sdfsdgfsdgdfgfhggdfghdfgdfgdfg' # dev only - using a constant secret key allows session logins to remain logged in between server restarts import flask_wtf flask_wtf.CsrfProtect(app) # Init flask-login: from flask_login import LoginManager,login_url login_manager = LoginManager() login_manager.login_view=login_url('/login') login_manager.init_app(app) import os.path app.config.from_pyfile( os.path.expanduser('~/.issues.cfg') ) upload_folder=os.path.abspath(os.path.join(os.path.dirname(__file__),'../uploads')) print upload_folder app.config['UPLOAD_FOLDER']=upload_folder from flask_mail import Mail mail=Mail(app) import issues.auth import issues.index
def unauthorized_callback(): if request.method == "GET": response = redirect(login_url("accounts.login", request.url)) return response return redirect(url_for("accounts.login"))
def unauthorized(): if request.method == 'GET': return redirect(login_url('/login', request.url)) else: return dict(error=True, message="Please Log In For Access"), 403
def not_authorized(e): """send the user to the login screen when they try to access a locked page""" flash("Confirm Your Identity to Proceed") return redirect(login_url("/login", next_url=url_for(request.endpoint)))
def unauthorized(): if request.method == 'GET': return redirect(login_url('auth.login', request.url)) else: return dict(error=True, message="Please log in for access."), 403
def unauthorized(): if request.method == 'GET': flash('Please log in to access this page') return redirect(login_url('auth.login', request.url)) else: return dict(error=True, message="Please log in for access."), 403
def unauthorized(): return redirect(login_url('login', request.url))
def _handle_view(self, *args, **kwargs): # noqa """Admin views requires login""" if current_app.config.get('ADMIN_REQUIRES_LOGIN') is True: if not current_user.is_authenticated: return redirect(login_url('quokka.login', next_url="/admin"))
def unauthorized_callback(): return redirect(login_url("login", request.url))