def load_user():
# pylint: disable=too-many-return-statements,too-many-branches
# TODO: split into smaller functions
# continue for assets
if request.path.startswith("/static"):
return
# continue for logout page
if request.path == url_for("auth.logout"):
return
# continue for terms page
if request.path == url_for("auth.terms"):
return
if not is_authenticated():
g.user = None
return
log.debug("Loading user")
# Ignore all non-admin users during maintenance or restricted mode.
if (current_app.config["MAINTENANCE_MODE"]
or current_app.config["RESTRICT_LOGIN"]
and not current_app.config["IS_LOCAL"]) and not is_admin():
logout()
flash("Login restricted.", "danger")
return
# don't override existing user
if getattr(g, "user", None) is not None:
log.debug("Reusing existing user %s", g.user)
return
data = session["user_info"]
# Make sure old and incompatible sessions get dropped.
if "type" not in data.keys():
logout()
return
login_type = LoginType(data["type"])
if login_type in (LoginType.GOOGLE, LoginType.LOCAL):
login_id = data["email"]
picture = data.get("picture")
elif login_type == LoginType.GITHUB:
login_id = data["login"]
picture = data.get("avatar_url")
else:
log.error("Unsupported login type %r", login_type)
flash("Login unsupported.", "danger")
logout()
return
user = User.query.filter_by(login=login_id).one_or_none()
is_new = False
is_changed = False
if not user:
resp, invite_code = registration_required(login_id=login_id)
if resp is not None:
return resp
if "@" in login_id:
name, host = login_id.rsplit("@", 1)
log.info("Creating new user %s...%s@%s (%s)", name[0], name[-1],
host, login_type)
else:
name = login_id
log.info(
"Creating new user %s...%s (%s)",
login_id[:2],
login_id[-2:],
login_type,
)
user = User(
login=login_id,
full_name=data.get("name", name),
profile_picture=picture,
login_type=login_type,
)
is_new = True
if invite_code is not None:
session.pop("invite_code")
user.roles = invite_code.roles
user.invite_code = invite_code
invite_code.remaining_uses -= 1
if current_app.config["AUTO_ENABLE_INVITED_USERS"]:
user.enable()
db.session.add(invite_code)
else:
log.info("Updating user %s", user)
if "name" in data and not user.full_name:
user.full_name = data["name"]
is_changed = True
if picture and not user.profile_picture:
user.profile_picture = picture
is_changed = True
if user.login_type is None:
user.login_type = login_type
# update automatic roles
if is_new:
user.roles.append(get_or_create_role(PredefinedRoles.USER))
email = data.get("email")
if email in current_app.config["APPLICATION_ADMINS"]:
user.roles.append(get_or_create_role(PredefinedRoles.ADMIN))
user.roles.append(get_or_create_role(PredefinedRoles.REVIEWER))
if is_new:
user.state = UserState.ACTIVE
is_changed = True
elif email == "*****@*****.**":
user.roles.append(get_or_create_role(PredefinedRoles.REVIEWER))
is_changed = True
if is_changed or is_new:
log.info("Saving user %s", user)
db.session.add(user)
db.session.commit()
if user.is_blocked():
logout()
flash("Account blocked", "danger")
elif user.is_enabled():
g.user = user
log.debug("Loaded user %s", g.user)
if user.is_first_login():
user.enable()
db.session.add(user)
db.session.commit()
flash(
jinja2.Markup(
"Welcome to Vulncode-DB!<br>"
"Please take a look at your "
f'<a href="{url_for("profile.index")}">profile page</a> '
"to review your settings."),
"info",
)
else:
logout()
flash("Account not yet activated", "danger")
def load_user():
# continue for assets
if request.path.startswith('/static'):
return
# continue for logout page
if request.path == url_for('auth.logout'):
return
# continue for terms page
if request.path == url_for('auth.terms'):
return
if not is_authenticated():
g.user = None
return
log.debug('Loading user')
# Ignore all non-admin users during maintenance or restricted mode.
if (current_app.config["MAINTENANCE_MODE"]
or current_app.config['RESTRICT_LOGIN']
and not current_app.config['IS_LOCAL']) and not is_admin():
logout()
flash('Login restricted.', 'danger')
return
# don't override existing user
if getattr(g, 'user', None) is not None:
log.debug('Reusing existing user %s', g.user)
return
data = session["user_info"]
email = data["email"]
user = User.query.filter_by(email=email).one_or_none()
is_new = False
is_changed = False
if not user:
if not session.get('terms_accepted'):
log.warn('Terms not accepted yet')
request._authorized = True
return redirect(url_for('auth.terms'))
name, host = email.rsplit('@', 1)
log.info('Creating new user %s...%s@%s', name[0], name[-1], host)
user = User(email=email,
full_name=data.get("name", name),
profile_picture=data.get("picture"))
is_new = True
else:
log.info('Updating user %s', user)
if 'name' in data and user.full_name != data['name']:
user.full_name = data["name"]
is_changed = True
if 'picture' in data and user.profile_picture != data['picture']:
user.profile_picture = data["picture"]
is_changed = True
# update automatic roles
if is_new:
user.roles.append(get_or_create_role(PredefinedRoles.USER))
if email in current_app.config["APPLICATION_ADMINS"]:
user.roles.append(get_or_create_role(PredefinedRoles.ADMIN))
user.roles.append(get_or_create_role(PredefinedRoles.REVIEWER))
if is_new:
user.state = UserState.ACTIVE
is_changed = True
elif email == '*****@*****.**':
user.roles.append(get_or_create_role(PredefinedRoles.REVIEWER))
is_changed = True
if is_changed or is_new:
log.info('Saving user %s', user)
db.session.add(user)
db.session.commit()
if user.is_blocked():
logout()
flash('Account blocked', 'danger')
elif user.is_enabled():
g.user = user
log.debug('Loaded user %s', g.user)
else:
logout()
flash('Account not yet activated', 'danger')
