def login(client, faker, user=None):
if user is None:
user = faker.user_details()
db.session.add(user)
db.session.commit()
with client.session_transaction() as sess:
sess['user_id'] = user.id
sess['_fresh'] = True # https://flask-login.readthedocs.org/en/latest/#fresh-logins
# Some stuff is created on first request, so do that
client.get("/")
# Login for access to functions directly
login_user(user)
resp = client.get("/login")
soup = BeautifulSoup(resp.data, "html.parser")
crf_token = soup.find(
"input", {"name": "csrf_token"}, type="hidden", id="csrf_token"
)
data = dict(email=user.email, password=user.password)
if crf_token:
data["csrf_token"] = crf_token.get("value")
resp = client.post("/login", data=data, follow_redirects=True)
return _datastore.find_user(email=user.email)
def init_users():
if not get_system_user():
user = _datastore.create_user(
email='hal@discovery_one.uss',
username=SYSTEM_USER_NAME,
)
admin_email = current_app.config["ADMIN_EMAIL_ADDRESS"]
admin_username = current_app.config["ADMIN_USERNAME"]
if not _datastore.find_user(
email=admin_email) and not _datastore.find_user(
username=admin_username):
print('Creating administrator "{}"'.format(admin_email))
user = _datastore.create_user(
email=admin_email,
username=admin_username,
)
_datastore.add_role_to_user(user, get_admin_role())
db.session.commit()
def get_or_create_ldap_user(username):
ldap = Ldap()
if ldap.is_enabled():
username = standardize_username(username)
ldap.login_nonpriv()
ldap_user = ldap.search_username(username)
if ldap_user is not None:
user = _datastore.find_user(
email=ldap_user['email']) or _datastore.find_user(
username=ldap_user['username'])
if not user:
print('A')
if current_app.config.get('LDAP_REQUIRE_EXISTING_USER', False):
print('B')
return None
print('A')
user = _datastore.create_user(
email=ldap_user['email'],
password=random_password(),
)
user.email = ldap_user['email']
user.username = ldap_user['username']
user.first_name = ldap_user['given_name']
user.last_name = ldap_user['surname']
user.ldap_user = True
db.session.add(user)
db.session.commit()
return _datastore.get_user(ldap_user['email'])
def validate(self):
user_ip = request.headers.get('X-Forwarded-For', request.remote_addr)
time_now = datetime.datetime.now()
# Use super of LoginForm, not super of CustomLoginForm, since I
# want to skip the LoginForm validate logic
if not super(LoginForm, self).validate():
audit_logger.warning(
f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}]"
)
return False
self.email.data = remove_null_caracters(self.email.data)
self.user = _datastore.find_user(username=self.email.data)
if self.user is None:
audit_logger.warning(
f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - "
f"Reason: [Invalid Username]")
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
self.user.password = remove_null_caracters(self.user.password)
if not self.user.password:
audit_logger.warning(
f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - "
f"Reason: [Invalid Password]")
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
self.password.data = remove_null_caracters(self.password.data)
if not verify_and_update_password(self.password.data, self.user):
audit_logger.warning(
f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - "
f"Reason: [Invalid Password]")
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
# if requires_confirmation(self.user):
# self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0])
# return False
if not self.user.is_active:
audit_logger.warning(
f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - "
f"Reason: [Disabled Account]")
self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def get_admin_user():
result = _datastore.find_user(
email=current_app.config["ADMIN_EMAIL_ADDRESS"]
) or _datastore.find_user(username=current_app.config["ADMIN_USERNAME"])
return result
def get_system_user():
return _datastore.find_user(username=SYSTEM_USER_NAME)