def signin():
form = EmailPasswordForm()
if form.validate_on_submit():
try:
user = User(email=form.email.data, password=form.password.data)
if user:
if not user.is_authenticated:
from ..words.user import need_active_info
flash(need_active_info.format(user=user.username))
return redirect(url_for('home.index'))
else:
login_user(user)
next = request.args.get('next')
# principal identity
identity = Identity(user.id)
identity_changed.send(app, identity=identity)
return redirect(
request.args.get(next, url_for('home.index')))
except Exception as e:
flash(e)
return render_template('user/signin.html', form=form)
def signup():
if 'openid' not in session:
abort(403)
form = OpenIdSignupForm(next=request.args.get("next"),
username=request.args.get("name"),
email=request.args.get("email"))
if form.validate_on_submit():
user = User(openid=session.pop('openid'))
form.populate_obj(user)
db.session.add(user)
db.session.commit()
session.permanent = True
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash(_("Welcome, %%s") % user.username, "success")
next_url = form.next.data or \
url_for("user.posts", username=user.username)
return redirect(next_url)
return render_template("openid/signup.html", form=form)
def signup():
form = SignupForm(next=request.args.get("next"))
if form.validate_on_submit():
user = User()
form.populate_obj(user)
db.session.add(user)
db.session.commit()
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash(_("Welcome, %(name)s", name=user.username), "success")
next_url = form.next.data
if not next_url or next_url == request.path:
next_url = url_for('user.posts', username=user.username)
return redirect(next_url)
return render_template("account/signup.html", form=form)
def n():
i = mkadmin()
identity_changed.send(app, identity=i)
with admin_denied.require():
pass
return Response("OK")
def logout():
logout_user()
for key in ('identity.name', 'identity.auth_type'):
session.pop(key, None)
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect('login')
def login():
"""
Login.
"""
form = LoginForm()
if form.validate_on_submit():
em = form.email.data.strip().lower()
u = User.find_one({'email': em})
if not u or not check_password_hash(u.password, form.password.data):
return render_template('public/login.html', form=form, error=_('User name or password incorrect!'))
# Keep the user info in the session using Flask-Login
login_user(u)
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(), identity=Identity(u.get_id()))
next_url = form.next_url.data
if not next_url:
next_url = '/'
return redirect(next_url)
next_url = request.args.get('next', '')
form.next_url.data = next_url
return render_template('public/login.html', form=form)
def signup():
form = SignupForm(next=request.args.get('next',None))
if form.validate_on_submit():
code = UserCode.query.filter_by(code=form.code.data).first()
if code:
user = User(role=code.role)
form.populate_obj(user)
db.session.add(user)
db.session.delete(code)
db.session.commit()
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash(_("Welcome, %(name)s", name=user.nickname), "success")
next_url = form.next.data
if not next_url or next_url == request.path:
next_url = url_for('frontend.people', username=user.username)
return redirect(next_url)
else:
form.code.errors.append(_("Code is not allowed"))
return render_template("account/signup.html", form=form)
def user_passwd_edit(post_id):
error = None
# if not writer_permission.can():
# error = u'你没有验证账户,不能修改密码,请尽快验证账户.'
# return jsonify(judge=False, error=error)
form = EditPasswdForm()
action = EditManager(post_id, form)
if form.validate_on_submit() and request.method == "POST":
user = User.query.filter_by(id=post_id).first()
if check_password_hash(user.password, form.passwd.data):
action.edit_user_passwd()
flash('密码修改成功,请重新登陆')
logout_user()
for key in ('identity.id', 'identity.auth_type'):
session.pop(key, None)
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
error = "密码修改"
return jsonify(judge=True, error=error)
else:
error = u'密码错误,请重新输入'
return jsonify(judge=False, error=error)
else:
if form.errors:
return return_errors(form)
else:
pass
return redirect(url_for('index.index'))
def login():
title = '登录'
info = {}
info['m_name'] = session['name'] if 'name' in session else ''
if request.method == 'POST':
username = request.form.get('mobile')
password = request.form.get('password')
user = ds.queryUser(username)
if (user is None):
return jsonify(msg='该用户不存在', status='402')
if not user.check_password(password):
return jsonify(msg='错误的用户名或密码', status='401')
user.last_login_time = datetime.now()
session['name'] = username
# Using the Flask-Login to processing and check the login status for
# user. Remember the user's login status.
remember = request.form.get('remember') == 'true'
login_user(user, remember)
# Tell Flask-Principal the identity changed
identity_changed.send(app._get_current_object(),
identity=Identity(user.id))
return jsonify(msg='OK',status='200')
return render_template('login_v2.html', info=info,title=title)
def login_view():
if is_json(request):
form = LoginForm(csrf_enabled=False)
else:
form = LoginForm()
if form.validate_on_submit(): # authenticates the user too
# TODO: set timeout for this user
# TODO: set remote data for this user (hostname, etc.)
pk = auth.set_user_data(form.user)
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(form.user.id, pk))
next_url = form.next.data
if is_json(request):
return jsonify({'login': '******', 'private_token': pk})
else:
# TODO: Set authentication data on return value (private_token)
if not next_url or next_url == request.path:
next_url = url_for('user.index', username=form.user.username)
return redirect(next_url)
if is_json(request):
return jsonify_form(form)
return render_template('login.html', form=form)
def logout():
logout_user()
# notify the change of role
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect("/")
def login():
from .forms import LoginForm
if request.method == 'POST':
form = LoginForm(request.form)
if form.validate_on_submit():
user = form.user
# TODO: support token auth in @loging_required, refer to flask_security @auth_required
# login_required
login_user(user, force=True)
# flask principal
from flask_principal import identity_changed, Identity
from flask import current_app
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
next = request.args.get('next')
# next_is_valid should check if the user has valid
# permission to access the `next` url
# if not next_is_valid(next):
# return flask.abort(400)
if 'admin' in user.roles_name:
return redirect(next or '/admin/')
elif 'editor' in user.roles_name:
return redirect(next or '/admin/')
else:
return redirect(next or '/')
elif request.method == 'GET':
form = LoginForm()
return render_template('security/login.html', form=form)
def login(username, blogger):
this_user = TestUser(username)
login_user(this_user)
if blogger:
identity_changed.send(current_app._get_current_object(),
identity=Identity(username))
return redirect("/")
def login():
#----------------------------------------------------------------------
# define form
form = LoginForm()
# Validate form input
#if flask.request.method == "POST" and form.validate_on_submit():
if form.validate_on_submit():
try:
# Retrieve the user from the datastore
user = racedb.find_user(form.email.data)
# flag user doesn't exist or incorrect password
if not (user and user.check_password(form.password.data)):
return flask.render_template('login.html', form=form, error='username or password invalid')
# we're good
# Keep the user info in the session using Flask-Login
login_user(user)
flask.session['logged_in'] = True
flask.session['user_name'] = user.name
flask.session.permanent = True
# Tell Flask-Principal the identity changed
identity_changed.send(
flask.current_app._get_current_object(),
identity = Identity(user.id))
userclubs = getuserclubs(user)
# zero clubs is an internal error in the databse
if not(userclubs):
db.session.rollback()
raise dbConsistencyError,'no clubs found in database'
# give user access to the first club in the list if no club already chosen
# club_choices set in nav module. If this club.id is not in club_choices,
# need to reset to first available
if 'club_id' not in flask.session or flask.session['club_id'] not in [c[0] for c in userclubs]:
club = Club.query.filter_by(id=userclubs[0][0]).first()
flask.session['club_id'] = club.id
flask.session['club_name'] = club.name
# set default year to be current year
today = timeu.epoch2dt(time.time())
flask.session['year'] = today.year
# log login
app.logger.debug("logged in user '{}'".format(flask.session['user_name']))
# commit database updates and close transaction
db.session.commit()
return flask.redirect(flask.request.args.get('next') or flask.url_for('index'))
except:
# roll back database updates and close transaction
db.session.rollback()
raise
return flask.render_template('login.html', form=form)
def post(self):
request_arg = RequestMethod_parser.parse_args()
requestMethod = request_arg['requestMethod']
if requestMethod == "POST":
args = login_parser.parse_args()
userName = args['userName']
password = args['password']
user = User.query.filter(User.userName == userName).first()
if user == None:
abort(401, message="userName error")
elif user.verify_password(password) is not True:
abort(401, message="password error")
else:
session.permanent = True
login_user(user)
ip = str(request.remote_addr)
log = LoginLog(current_user.userName, ip)
db.session.add(log)
db.session.commit()
identity_changed.send(
current_app._get_current_object(), identity=Identity(user.id))
elif requestMethod == "DELETE":
# Remove the user information from the session
logout_user()
for key in ('identity.name', 'identity.auth_type'):
session.pop(key, None)
else:
abort(404, message="api not found")
def logout():
logout_user()
for key in ('indentity_name', 'identity.auth_type'):
session.pop(key, None)
identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity())
next_url = request.args.get('next', '/')
return redirect(next_url)
def login():
data = request.values
if hasattr(request, "json") and request.json:
data = request.json
if octoprint.server.userManager.enabled and "user" in data and "pass" in data:
username = data["user"]
password = data["pass"]
if "remember" in data and data["remember"] in valid_boolean_trues:
remember = True
else:
remember = False
if "usersession.id" in session:
_logout(current_user)
user = octoprint.server.userManager.findUser(username)
if user is not None:
if octoprint.server.userManager.checkPassword(username, password):
if not user.is_active():
return make_response(("Your account is deactivated", 403, []))
if octoprint.server.userManager.enabled:
user = octoprint.server.userManager.login_user(user)
session["usersession.id"] = user.session
g.user = user
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id()))
return jsonify(user.asDict())
return make_response(("User unknown or password incorrect", 401, []))
elif "passive" in data:
return passive_login()
return NO_CONTENT
def load_user_from_request(req):
api_key = req.args.get('api_key')
if api_key:
user = get_user_by_api_key(api_key)
if user:
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
user.login_type = API_LOGIN
return user
api_key = req.headers.get('Authorization')
if api_key:
api_key = api_key.replace('Basic ', '', 1)
try:
api_key = base64.b64decode(api_key)
except TypeError:
pass
user = get_user_by_api_key(api_key)
if user:
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
user.login_type = API_LOGIN
return user
return None
def login_user(user, remember=None):
"""Performs the login routine.
:param user: The user to login
:param remember: Flag specifying if the remember cookie should be set. Defaults to ``False``
"""
if remember is None:
remember = config_value("DEFAULT_REMEMBER_ME")
if not _login_user(user, remember): # pragma: no cover
return False
if _security.trackable:
remote_addr = request.remote_addr or None # make sure it is None and not ''
old_current_login, new_current_login = user.current_login_at, datetime.utcnow()
old_current_ip, new_current_ip = user.current_login_ip, remote_addr
user.last_login_at = old_current_login or new_current_login
user.current_login_at = new_current_login
user.last_login_ip = old_current_ip
user.current_login_ip = new_current_ip
user.login_count = user.login_count + 1 if user.login_count else 1
_datastore.put(user)
identity_changed.send(current_app._get_current_object(), identity=Identity(user.id))
return True
def login():
error = None
form = LoginForm()
if form.validate_on_submit() and request.method == "POST":
validate_code = session['validate_code']
validate = form.code.data
if validate.lower() != validate_code.lower():
return jsonify(judge=False, error=u'验证码错误')
else:
name = form.name.data
passwd = form.passwd.data
remember = request.get_json()["remember"]
user = User.load_by_name(name)
if user and User.check_password(user.passwd, passwd):
if remember:
session.permanent = True
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash(u'你已成功登陆')
return jsonify(judge=True, error=error)
else:
error = u'用户名或密码错误'
return jsonify(judge=False, error=error)
else:
if form.errors:
return return_errors(form)
else:
pass
return render_template('auth/login.html', form=form, error=error)
def logout_user():
"""Logs out the current. This will also clean up the remember me cookie if it exists."""
for key in ("identity.name", "identity.auth_type"):
session.pop(key, None)
identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity())
_logout_user()
def login():
form = LoginForm(login=request.args.get('login',None),
next=request.args.get('next',None))
if form.validate_on_submit():
user, authenticated = User.query.authenticate(form.login.data,
form.password.data)
if user and authenticated:
session.permanent = form.remember.data
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash(_("Welcome back, %(name)s", name=user.username), "success")
next_url = form.next.data
if not next_url or next_url == request.path:
next_url = url_for('frontend.people', username=user.username)
return redirect(next_url)
else:
flash(_("Sorry, invalid login"), "error")
return render_template("account/login.html", form=form)
def login(cls, app, username, password, remember=False, force=False,
fresh=True):
if app.config.opsy['enable_ldap']:
result = ldap_manager.authenticate(username, password)
if not result.status == AuthenticationResponseStatus.success:
return False
full_name_attr = app.config.opsy['ldap_user_full_name_attr']
email_attr = app.config.opsy['ldap_user_email_attr']
group_name_attr = app.config.opsy['ldap_group_name_attr']
email = result.user_info[email_attr]
full_name = result.user_info[full_name_attr]
user = cls.query.wtfilter_by(name=result.user_id).first()
if not user:
user = cls.create(username, email=email, full_name=full_name)
else:
user.update(email=email, full_name=full_name)
groups = [x[group_name_attr] for x in result.user_groups]
for role in user.roles:
if role.ldap_group:
user.roles.remove(role)
for role in Role.query.filter(Role.ldap_group.in_(groups)).all():
user.roles.append(role)
user.save()
else:
user = cls.query.wtfilter_by(name=username).first()
if not user:
return False
if not user.verify_password(password):
return False
if login_user(user, remember=remember):
identity_changed.send(
app._get_current_object(), # pylint: disable=W0212
identity=Identity(user.id))
return user.get_session_token(app)
return False
def login_user(user, remember=None):
"""Performs the login routine.
:param user: The user to login
:param remember: Flag specifying if the remember cookie should be set. Defaults to ``False``
"""
if remember is None:
remember = config_value('DEFAULT_REMEMBER_ME')
if not _login_user(user, remember): # pragma: no cover
return False
if _security.trackable:
if 'X-Forwarded-For' in request.headers:
remote_addr = request.headers.getlist("X-Forwarded-For")[0].rpartition(' ')[-1]
else:
remote_addr = request.remote_addr or 'untrackable'
old_current_login, new_current_login = user.current_login_at, datetime.utcnow()
old_current_ip, new_current_ip = user.current_login_ip, remote_addr
user.last_login_at = old_current_login or new_current_login
user.current_login_at = new_current_login
user.last_login_ip = old_current_ip or new_current_ip
user.current_login_ip = new_current_ip
user.login_count = user.login_count + 1 if user.login_count else 1
_datastore.put(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return True
def login():
"""Login route"""
class LoginForm(Form):
"""Login form"""
username = StringField('Username', validators=[validators.required()])
password = PasswordField('Password', validators=[validators.required()])
form = LoginForm()
# Validate form
if form.validate_on_submit():
username = request.form['username']
password = request.form['password']
# Attempt login via api
try:
user_dict = current_app.users_api.login(username=username, \
password=password, response=True)
except ReceivedErrorResponse as e:
logger.warning('Invalid username or password')
flash('Invalid username or password')
except Exception as e:
logger.error(str(e))
flash('Sorry, but you could not log in')
else:
user = User(user_dict['id'], username, user_dict['roles'])
if login_user(user, remember=True):
# Flask-Principal
identity_changed.send(current_app._get_current_object(), \
identity=Identity(user.user_id))
# Redirect
logger.info('Logged in as %s', username)
flash('Logged in as %s' % username)
return redirect(request.args.get('next') or url_for('home'))
else:
logger.error('Sorry but you could not log in')
flash('Sorry, but you could not log in')
return render_template('login.html', url=url_for('.login'), form=form)
def decorated_function(*args, **kwargs):
if not request.headers.get('Authorization'):
response = jsonify(message='Missing authorization header')
response.status_code = 401
return response
try:
token = request.headers.get('Authorization').split()[1]
except Exception as e:
return dict(message='Token is invalid'), 403
try:
payload = jwt.decode(token, current_app.config['LEMUR_TOKEN_SECRET'])
except jwt.DecodeError:
return dict(message='Token is invalid'), 403
except jwt.ExpiredSignatureError:
return dict(message='Token has expired'), 403
except jwt.InvalidTokenError:
return dict(message='Token is invalid'), 403
user = user_service.get(payload['sub'])
if not user.active:
return dict(message='User is not currently active'), 403
g.current_user = user
if not g.current_user:
return dict(message='You are not logged in'), 403
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(), identity=Identity(g.current_user.id))
return f(*args, **kwargs)
def request_reissue(certificate, commit):
"""
Reissuing certificate and handles any exceptions.
:param certificate:
:param commit:
:return:
"""
status = FAILURE_METRIC_STATUS
try:
print("[+] {0} is eligible for re-issuance".format(certificate.name))
# set the lemur identity for all cli commands
identity_changed.send(current_app._get_current_object(), identity=Identity(1))
details = get_certificate_primitives(certificate)
print_certificate_details(details)
if commit:
new_cert = reissue_certificate(certificate, replace=True)
print("[+] New certificate named: {0}".format(new_cert.name))
status = SUCCESS_METRIC_STATUS
except Exception as e:
sentry.captureException()
current_app.logger.exception("Error reissuing certificate.", exc_info=True)
print(
"[!] Failed to reissue certificates. Reason: {}".format(
e
)
)
metrics.send('certificate_reissue', 'counter', 1, metric_tags={'status': status})
def signup():
"""
Signup.
"""
form = SignupForm()
if form.validate_on_submit():
if not form.password.data == form.repassword.data:
return render_template('public/signup.html', form=form, error=_('Password dismatch!'))
em = form.email.data.strip().lower()
u = User.find_one({'email': em})
if u:
return render_template('public/signup.html', form=form, error=_('This email has been registered!'))
u = User()
u.email = em
u.password = unicode(generate_password_hash(form.password.data.strip()))
u.name = u.email.split('@')[0]
u.save()
current_app.logger.info('A new user created, %s' % u)
send_support_email('signup()', u'New user %s with id %s.' % (u.email, u._id))
# Keep the user info in the session using Flask-Login
login_user(u)
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(), identity=Identity(u.get_id()))
return redirect('/')
return render_template('public/signup.html', form=form)
def _perform_login(self, user):
user = prepare_user(user)
login_user(user)
# Notify flask principal that the identity has changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
def logout():
flash(_("You are now logged out"), "success")
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect(url_for('frontend.index'))
def _check_http_auth():
auth = request.authorization or BasicAuth(username=None, password=None)
if not auth.username:
return False
user = _security.datastore.get_user(auth.username)
if user and user.verify_and_update_password(auth.password):
_security.datastore.commit()
app = current_app._get_current_object()
_request_ctx_stack.top.user = user
identity_changed.send(app, identity=Identity(user.id))
return True
return False
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).one()
login_user(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash("Logged in successfully.", "success")
return redirect(request.args.get("next") or url_for(".home"))
return render_template("login.html", form=form)
def decorated_function(*args, **kwargs):
if not request.headers.get("Authorization"):
response = jsonify(message="Missing authorization header")
response.status_code = 401
return response
try:
token = request.headers.get("Authorization").split()[1]
except Exception as e:
return dict(message="Token is invalid"), 403
try:
header_data = fetch_token_header(token)
payload = jwt.decode(token,
current_app.config["LEMUR_TOKEN_SECRET"],
algorithms=[header_data["alg"]])
except jwt.DecodeError:
return dict(message="Token is invalid"), 403
except jwt.ExpiredSignatureError:
return dict(message="Token has expired"), 403
except jwt.InvalidTokenError:
return dict(message="Token is invalid"), 403
if "aid" in payload:
access_key = api_key_service.get(payload["aid"])
if access_key.revoked:
return dict(message="Token has been revoked"), 403
if access_key.ttl != -1:
current_time = datetime.utcnow()
# API key uses days
expired_time = datetime.fromtimestamp(
access_key.issued_at) + timedelta(days=access_key.ttl)
if current_time >= expired_time:
return dict(message="Token has expired"), 403
user = user_service.get(payload["sub"])
if not user.active:
return dict(message="User is not currently active"), 403
g.current_user = user
if not g.current_user:
return dict(message="You are not logged in"), 403
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(g.current_user.id))
return f(*args, **kwargs)
def user_loader_callback(identity):
auth_identity = Identity(identity)
# in case of a user or node an auth id is shared as identity,
if isinstance(identity, int):
# auth_identity = Identity(identity)
auth = db.Authenticatable.get(identity)
if isinstance(auth, db.Node):
for rule in db.Role.get_by_name("node").rules:
auth_identity.provides.add(
RuleNeed(name=rule.name,
scope=rule.scope,
operation=rule.operation))
if isinstance(auth, db.User):
# add role permissions
for role in auth.roles:
for rule in role.rules:
auth_identity.provides.add(
RuleNeed(name=rule.name,
scope=rule.scope,
operation=rule.operation))
# add 'extra' permissions
for rule in auth.rules:
auth_identity.provides.add(
RuleNeed(name=rule.name,
scope=rule.scope,
operation=rule.operation))
identity_changed.send(current_app._get_current_object(),
identity=auth_identity)
return auth
else:
for rule in db.Role.get_by_name("container").rules:
auth_identity.provides.add(
RuleNeed(name=rule.name,
scope=rule.scope,
operation=rule.operation))
identity_changed.send(current_app._get_current_object(),
identity=auth_identity)
log.debug(identity)
return identity
def login():
login_form = UserLogin()
register_form = UserRegistration()
if login_form.validate_on_submit():
username = login_form.username.data
password = login_form.password.data
remember_me = login_form.remember_me.data
user = User.query.filter(
func.lower(User.username) == func.lower(username)).first()
if login_user(user, remember_me):
flash("You were logged in.", "success")
if user.invitations.count():
markup = f'You have {user.invitations.count()} team invitations'
markup += f'- click <a href="{url_for("invitations")}">here</a> to view them.'
flash(Markup(markup), "info")
return redirect(request.args.get("next") or url_for('index'))
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
else:
flash("Login failed, user not validated", "error")
return redirect(url_for("verify_status", username=username))
elif register_form.validate_on_submit():
username = register_form.username.data.strip()
password = register_form.password.data
email = register_form.email.data
new_user = User(username, password, email)
body = render_template("emails/account/verification.txt",
recipient=new_user,
email_changed=False)
mail.send_message(
subject=f"Welcome to {app.config['LONG_NAME']}, {username}",
recipients=[new_user.email],
body=body)
db.session.add(new_user)
db.session.commit()
flash("Your account has been created, confirm your email to verify.",
"success")
return redirect(url_for('verify_status', username=username))
return render_template('account/login.html',
login_form=login_form,
register_form=register_form)
def register():
error = None
form = RegisterForm()
if form.validate_on_submit() and request.method == "POST":
validate_code = session['validate_code']
validate = form.code.data
if validate.lower() != validate_code.lower():
return jsonify(judge=False, error=_('The validate code is error'))
else:
useremail = User.load_by_email(form.email.data)
username = User.load_by_name(form.name.data)
if username is not None:
error = _('The name has been registered')
return jsonify(judge=False, error=error)
elif useremail is not None:
error = _('The email has been registered')
return jsonify(judge=False, error=error)
else:
account = User()
account.name = form.name.data,
account.email = form.email.data,
account.passwd = form.passwd.data,
account.roles = 'visitor'
account.registered_time = datetime.now()
'''邮箱验证'''
token = email_token(account.email)
confirm_url = url_for('auth.confirm',
token=token,
_external=True)
html = render_template('templet/email.html',
confirm_url=confirm_url)
subject = _("Please confirm your email")
# email_send(account.email, html, subject)
account.send_email_time = datetime.now()
db.session.add(account)
db.session.commit()
login_user(account)
identity_changed.send(current_app._get_current_object(),
identity=Identity(account.id))
flash(_('An email has been sent to your.Please receive'))
return jsonify(judge=True, error=error)
else:
if form.errors:
return return_errors(form)
else:
pass
return render_template('auth/register.html', form=form)
def login_user(user, remember=None, authn_via=None):
"""Perform the login routine.
If *SECURITY_TRACKABLE* is used, make sure you commit changes after this
request (i.e. ``app.security.datastore.commit()``).
:param user: The user to login
:param remember: Flag specifying if the remember cookie should be set.
Defaults to ``False``
:param authn_via: A list of strings denoting which mechanism(s) the user
authenticated with.
These should be one or more of ["password", "sms", "authenticator", "email"] or
other 'auto-login' mechanisms.
"""
if remember is None:
remember = config_value("DEFAULT_REMEMBER_ME")
if not _login_user(user, remember): # pragma: no cover
return False
if _security.trackable:
remote_addr = request.remote_addr or None # make sure it is None
old_current_login, new_current_login = (
user.current_login_at,
_security.datetime_factory(),
)
old_current_ip, new_current_ip = user.current_login_ip, remote_addr
user.last_login_at = old_current_login or new_current_login
user.current_login_at = new_current_login
user.last_login_ip = old_current_ip
user.current_login_ip = new_current_ip
user.login_count = user.login_count + 1 if user.login_count else 1
_datastore.put(user)
session["fs_cc"] = "set" # CSRF cookie
session["fs_paa"] = time.time() # Primary authentication at - timestamp
identity_changed.send(
current_app._get_current_object(), identity=Identity(user.fs_uniquifier)
)
user_authenticated.send(
current_app._get_current_object(), user=user, authn_via=authn_via
)
return True
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).one()
login_user(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash('登录成功!!!', category='success')
if user:
session['user_id'] = user.id
session.permanent = True
return redirect(url_for('report_bp.index')) # 跳转到页面
else:
return redirect(url_for('user_bp.register'))
return render_template('login.html', form=form)
def post_login():
form_email = request.form['email']
form_pass = request.form['password']
user = modules.User.query.filter_by(email=form_email).first()
if user is None:
print("No user with this email")
elif user.check_password(form_pass):
print(user.first_name + ' Logged in successfully.', file=sys.stderr)
login_user(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return redirect(url_for('dashboard'))
else:
print("Invalid password")
return render_template('main/login.html')
def or_mixed2():
result = []
admin_or_editor_mixed = (admin_permission | editor_role_permission)
i = Identity('admin')
identity_changed.send(app, identity=i)
with admin_or_editor_mixed.require():
result.append('good')
i = Identity('editor')
identity_changed.send(app, identity=i)
with admin_or_editor_mixed.require():
result.append('good')
return Response(''.join(result))
def login_user(app, request_data):
if 'username' not in request_data or 'password' not in request_data:
raise BadRequest('Username or password not specified')
username = request_data.get('username', None)
password = request_data.get('password', None)
pss_user, pss_user_dict = app.table_proxy.pss_users.get_pss_user(
username=username)
if not pss_user or not pss_user.verify_password(password):
raise Unauthorized('Bad password')
flask_logout_user()
if flask_login_user(pss_user) is False:
raise Unauthorized('User is not active')
identity_changed.send(app._get_current_object(),
identity=Identity(pss_user.pss_user_id))
return pss_user_dict
def login():
form = AdminLoginForm()
if form.validate_on_submit():
u = User.query.filter_by(username=form.username.data).first()
if u and u.verify_password(form.password.data):
if u.is_admin:
login_user(u, True)
identity_changed.send(current_app._get_current_object(),
identity=Identity(u.id))
return form.redirect('admin.index')
else:
flash('你不是管理员', 'warning')
else:
flash('用户名或密码错误', 'error')
return render_template('admin/login.html', title='后台登录', form=form)
def logout():
"""
Logout.
"""
logout_user()
# Remove session keys set by Flask-Principal
for key in ('identity.name', 'identity.auth_type'):
session.pop(key, None)
# Tell Flask-Principal the user is anonymous
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect("/")
def post(self):
#data = parser.parse_args()
data = request.get_json(force=True)
admin = UserDao.get_user_by_id(data['restaurant_admin_id'])
#管理员存在且密码验证正确,则返回餐厅的菜单界面
if (admin != None) and (service.hash_password_verify(
data['restaurant_admin_password'], admin.password, admin.id)):
login_user(admin)
identity_changed.send(current_app._get_current_object(),
identity=Identity(admin.id))
return {
'URL': "/restaurants/%d/menu" % (data['restaurant_id'])
}, 200
return {'message': 'Login error'}, 400
def logout():
logout_user()
# Remove session keys set by Flask-Principal
for key in ('identity.name', 'identity.auth_type'):
current_app.logger.debug("session.pop({})".format(key))
session.pop(key, None)
# Tell Flask-Principal the user is anonymous
current_app.logger.debug('In logout() identity_changed.send')
identity_changed.send(
current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect(url_for('.login'))
def logout():
""" Logout User and destroy its session """
# Remove the user information from the session
userlog = CmsUserLog.objects.filter(
id=current_user.get_userlog_id()).first()
userlog.logout_time = datetime.now()
userlog.save()
logout_user()
# Remove session keys set by Flask-Principal
for key in ('identity.name', 'identity.auth_type'):
session.pop(key, None)
# Tell Flask-Principal the user is anonymous
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
return redirect(app.config['BASE_URL'])
def logout():
# Clear session stored data
logout_user()
session.clear()
# Tell Flask-Principal the user is anonymous
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
# Redirect user to logout endpoint
params = {
'returnTo': url_for('main.index', _external=True),
'client_id': Config.AUTH0_CLIENT_ID
}
return redirect(auth0.api_base_url + '/v2/logout?' + urlencode(params))
def login():
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter(User.name == form.name.data).first()
if user is not None:
if check_password_hash(user.hash_pass, form.passwd.data):
login_user(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return redirect('dashboard')
else:
flash(u'密码不正确!')
else:
flash(u'用户不存在!')
return render_template('login.html', form=form)
def login():
"""
# Log into account with a particular email and password
$ curl -k -X OPTIONS -H "Origin: GUI_DOMAIN" -H "Content-Type: application/json" --request POST \
--data '{"email":"EMAIL_ADDRESS","password":"******","remember":"True"}' \
-c cookie.txt https://localhost/login
# Response data from a successful login attempt (200 OK):
{
"return_msg": "OK",
"user": {
"email": "EMAIL_ADDRESS",
"is_admin": [true/false],
"name": "NAME",
"read_only_mode": false
}
}
# Response data from an unsuccessful login attempt (400 ERROR):
{
"return_msg": "Invalid Credentials",
"user": {
"logged_in": false
}
}
"""
req = parse_content(request)
if req is None:
return make_gui_response(json_header, 400, 'Content-Type not allowed')
email = req.get('email')
password = req.get('password')
remember = True if req.get('remember') else False
if email is None or password is None:
return make_gui_response(json_header, 400, 'email and password must be supplied in login request')
user = fetch_user(email)
# Check if user actually exists and compare provided and stored password hashes
if not user or not check_password_hash(user.password, password):
# Reload page if user doesn't exist or the password was incorrect
return make_gui_response(json_header, 400, 'Invalid Credentials')
# Login-Manager creates new user session
login_user(user, remember=remember)
session['is_admin'] = user.is_admin
# Tell Flask-Principal the identity has changed
identity_changed.send(current_app._get_current_object(), identity=Identity(user.id))
return make_gui_response(json_header, 200, 'OK')
def login():
data = request.values
if hasattr(request, "json") and request.json:
data = request.json
if octoprint.server.userManager.enabled and "user" in data and "pass" in data:
username = data["user"]
password = data["pass"]
if "remember" in data and data["remember"] in valid_boolean_trues:
remember = True
else:
remember = False
if "usersession.id" in session:
_logout(current_user)
user = octoprint.server.userManager.findUser(username)
if user is not None:
if octoprint.server.userManager.checkPassword(username, password):
if not user.is_active():
return make_response(
("Your account is deactivated", 403, []))
if octoprint.server.userManager.enabled:
user = octoprint.server.userManager.login_user(user)
session["usersession.id"] = user.session
g.user = user
login_user(user, remember=remember)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.get_id()))
remote_addr = get_remote_address(request)
logging.getLogger(__name__).info(
"Actively logging in user {} from {}".format(
user.get_id(), remote_addr))
response = user.asDict()
response["_is_external_client"] = s().getBoolean(["server", "ipCheck", "enabled"]) \
and not util_net.is_lan_address(remote_addr,
additional_private=s().get(["server", "ipCheck", "trustedSubnets"]))
return jsonify(response)
return make_response(("User unknown or password incorrect", 401, []))
elif "passive" in data:
return passive_login()
return NO_CONTENT
def post(self):
(email, password) = self.get_arguments()
try:
user = auth_service.check_auth(app, email, password)
access_token = create_access_token(identity=user["email"])
refresh_token = create_refresh_token(identity=user["email"])
auth_service.register_tokens(app, access_token, refresh_token)
identity_changed.send(
current_app._get_current_object(),
identity=Identity(user["id"])
)
if is_from_browser(request.user_agent):
response = jsonify({
"user": user,
"login": True
})
set_access_cookies(response, access_token)
set_refresh_cookies(response, refresh_token)
else:
response = {
"login": True,
"user": user,
"access_token": access_token,
"refresh_token": refresh_token
}
return response
except PersonNotFoundException:
current_app.logger.info("User is not registered.")
return {"login": False}, 400
except WrongUserException:
current_app.logger.info("User is not registered.")
return {"login": False}, 400
except WrongPasswordException:
current_app.logger.info("User gave a wrong password.")
return {"login": False}, 400
except NoAuthStrategyConfigured:
current_app.logger.info(
"Authentication strategy is not properly configured."
)
return {"login": False}, 400
except UnactiveUserException:
return {
"error": True,
"message": "User is unactive, he cannot log in."
}, 400
def post(self):
if "onelogin" not in current_app.config.get("ACTIVE_PROVIDERS"):
return "Onelogin is not enabled in the config. See the ACTIVE_PROVIDERS section.", 404
auth = OneLogin_Saml2_Auth(self.req, current_app.config.get("ONELOGIN_SETTINGS"))
self.reqparse.add_argument('return_to', required=False, default=current_app.config.get('WEB_PATH'))
self.reqparse.add_argument('acs', required=False)
self.reqparse.add_argument('sls', required=False)
args = self.reqparse.parse_args()
return_to = args['return_to']
if args['acs'] != None:
# valids the SAML response and checks if successfully authenticated
if self._consumer(auth):
email = auth.get_attribute(current_app.config.get("ONELOGIN_EMAIL_FIELD"))[0]
user = User.query.filter(User.email == email).first()
# if we get an sso user create them an account
if not user:
user = User(
email=email,
active=True,
role=current_app.config.get('ONELOGIN_DEFAULT_ROLE')
# profile_picture=profile.get('thumbnailPhotoUrl')
)
db.session.add(user)
db.session.commit()
db.session.refresh(user)
# Tell Flask-Principal the identity changed
identity_changed.send(current_app._get_current_object(), identity=Identity(user.id))
login_user(user)
db.session.commit()
db.session.refresh(user)
self_url = OneLogin_Saml2_Utils.get_self_url(self.req)
if 'RelayState' in request.form and self_url != request.form['RelayState']:
return redirect(auth.redirect_to(request.form['RelayState']), code=302)
else:
return redirect(current_app.config.get('BASE_URL'), code=302)
else:
return dict(message='OneLogin authentication failed.'), 403
elif args['sls'] != None:
return dict(message='OneLogin SLS not implemented yet.'), 405
else:
return redirect(auth.login(return_to=return_to))
def register():
form = RegForm()
if request.method == 'GET':
if User.query.count() > 0:
return make_response('Нет такой страницы', 404)
role = Role.query.filter_by(role='admin').one_or_none()
if role is None:
role = Role(id=1, role='admin')
db.session.add(role)
try:
db.session.commit()
except IntegrityError:
db.session.rollback()
raise InternalServerError(
"failed to write admin role to the database")
form.username.render_kw = {'value': 'admin'}
choices = [(role.id, role.role)]
# form.role.choices = [(role.id, role.role)]
form.role.render_kw = {'value': choices[0][0]}
form.phone.render_kw = {'value': '79272123456'}
return render_template('login/register.html',
form=form,
choices=choices)
if form.validate_on_submit():
user = User(username=Config.DEF_USER, id=1)
user.set_password(Config.DEF_PASSWORD)
user.role_id = int(form.role.data)
user.phone_number = Config.PHONE
db.session.add(user)
try:
db.session.commit()
except IntegrityError:
db.session.rollback()
raise InternalServerError(
"failed to write admin user to the database")
login_user(user, remember=True)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return redirect(url_for('admin_app.index'))
return form.errors
return {
'user': form.username.data,
'password': form.password.data,
'password2': form.password2.data,
'role': form.role.data,
'phone': form.phone.data,
'choices': form.role.choices
}
def authorized_engpsu():
client = oauth2.oauth2_client
try:
token = client.engpsu.authorize_access_token()
except Exception as e:
print(e)
return redirect(url_for("accounts.login"))
userinfo_response = client.engpsu.get("userinfo")
userinfo = userinfo_response.json()
user = models.User.objects(username=userinfo.get("username")).first()
if not user:
user = models.User(
username=userinfo.get("username"),
email=userinfo.get("email"),
first_name=userinfo.get("first_name"),
last_name=userinfo.get("last_name"),
status="active",
)
user.resources[client.engpsu.name] = userinfo
# if 'staff_id' in userinfo.keys():
# user.roles.append('staff')
# elif 'student_id' in userinfo.keys():
# user.roles.append('student')
if userinfo["username"].isdigit():
user.roles.append("student")
else:
user.roles.append("staff")
user.save()
login_user(user)
oauth2token = models.OAuth2Token(
name=client.engpsu.name,
user=user,
access_token=token.get("access_token"),
token_type=token.get("token_type"),
refresh_token=token.get("refresh_token", None),
expires=datetime.datetime.fromtimestamp(token.get("expires_in")),
)
oauth2token.save()
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.roles))
return redirect(url_for("dashboard.index"))
def signupsponsor():
"""
Sponsor sign-up page.
GET requests serve sign-up page.
POST requests validate form & user creation.
"""
form = SignupForm()
# validate if the user filled out the form correctly
# validate_on_submit is a built-in method
if form.validate_on_submit():
# make sure it's not an existing user
existing_user = User.query.filter_by(email=form.email.data).first()
if existing_user is None:
# create a new user
user = User(
name=form.name.data,
email=form.email.data,
organization=form.organization.data,
user_type='sponsor',
user_status='pending'
)
# use our set_password method
user.set_password(form.password.data)
# commit our new user record and log the user in
db.session.add(user)
db.session.commit() # Create new user
login_user(user, remember=False, duration=None, force=False, fresh=True)
# if everything goes well, they will be redirected to the main application
# new user now has a type, extract and send to permissions signal
# use identity_changed to send signal to flask_principal showing identity, user_type
identity_changed.send(current_app._get_current_object(), identity=Identity(user.id,user.user_type))
# placing identity_object into variable for print/display
identity_object = Identity(user.id,user.user_type)
# printing identity_object to console for verification
print('Sent: ',identity_object,' ...to current_app', file=sys.stderr)
return redirect(url_for('sponsor_bp.dashboard_sponsor'))
flash('A user already exists with that email address.')
return render_template(
'signup_sponsor.jinja2',
title='Create a Sponsor Account.',
form=form,
template='signup-page',
body="Sign up for a Sponsor account."
)
def login():
form = LoginForm()
register_form = RegisterForm()
if form.validate_on_submit():
user = users.query.filter_by(username=form.username.data).one()
login_user(user, remember=form.remember.data)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.username))
# phone = "13234045805"
# text = "【253云通讯】您的验证码是1234"
# send_sms(text, phone)
flash("You have been logged in", category="success")
return redirect(url_for('stock.home', usersname=user.username))
return render_template('main/login.html',
form=form,
register_form=register_form)
def get(self):
try:
logout()
identity_changed.send(current_app._get_current_object(),
identity=AnonymousIdentity())
except KeyError:
return {"Access token not found."}, 500
logout_data = {"logout": True}
if is_from_browser(request.user_agent):
response = jsonify(logout_data)
unset_jwt_cookies(response)
return response
else:
return logout_data
def post(self):
login, password = request.json.get('login'), request.json.get(
'password')
if login and password:
user = User.query.filter_by(login=login).first()
if user and user.check_password(password):
print '------', user.is_active
login_user(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return MessageResponse('Login Success')
raise LoginError()
def login():
form = LoginForm()
if form.validate_on_submit():
# session['username'] = form.username.data
user = User.query.filter_by(username=form.username.data).one()
login_user(user, remember=form.remember.data)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
flash("You have been logged in.", category='success')
return redirect(url_for('blog.home'))
return render_template('login.html', form=form)
def logout():
# Remove the user information from the session
logout_user()
flash('You are logged out', 'warning')
# Remove session keys set by Flask-Principal
for key in ('identity.name', 'identity.auth_type', 'hid_access_token'):
session.pop(key, None)
# Tell Flask-Principal the user is anonymous
identity_changed.send(current_app, identity=AnonymousIdentity())
session_identity_loader()
if request.values.get('hid_logout'):
return redirect(conf.HUMANITARIAN_ID_AUTH_URI + '/logout')
return redirect(url_for('index'))
