def wrapper(*args, **kwargs):
auth = request.authorization
project_id = kwargs.get("project_id")
# Use Basic Auth
if auth and project_id and auth.username == project_id:
project = Project.query.get(auth.username)
if project and check_password_hash(project.password,
auth.password):
# The whole project object will be passed instead of project_id
kwargs.pop("project_id")
return f(*args, project=project, **kwargs)
else:
# Use Bearer token Auth
auth_header = request.headers.get("Authorization", "")
auth_token = ""
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
abort(401)
project_id = Project.verify_token(auth_token,
token_type="non_timed_token")
if auth_token and project_id:
project = Project.query.get(project_id)
if project:
kwargs.pop("project_id")
return f(*args, project=project, **kwargs)
abort(401)
def reset_password():
form = ResetPasswordForm()
token = request.args.get("token")
if not token:
return render_template("reset_password.html",
form=form,
error=_("No token provided"))
project_id = Project.verify_token(token)
if not project_id:
return render_template("reset_password.html",
form=form,
error=_("Invalid token"))
project = Project.query.get(project_id)
if not project:
return render_template("reset_password.html",
form=form,
error=_("Unknown project"))
if request.method == "POST" and form.validate():
project.password = generate_password_hash(form.password.data)
db.session.add(project)
db.session.commit()
flash(_("Password successfully reset."))
return redirect(url_for(".home"))
return render_template("reset_password.html", form=form)
def authenticate(project_id=None):
"""Authentication form"""
form = AuthenticationForm()
# Try to get project_id from token first
token = request.args.get("token")
if token:
project_id = Project.verify_token(token, token_type="non_timed_token")
token_auth = True
else:
if not form.id.data and request.args.get("project_id"):
form.id.data = request.args["project_id"]
project_id = form.id.data
token_auth = False
if project_id is None:
# User doesn't provide project identifier or a valid token
# return to authenticate form
msg = _("You either provided a bad token or no project identifier.")
form.errors["id"] = [msg]
return render_template("authenticate.html", form=form)
project = Project.query.get(project_id)
if not project:
# If the user tries to connect to an unexisting project, we will
# provide them with a link to the creation form.
return render_template(
"authenticate.html", form=form, create_project=project_id
)
# if credentials are already in session, redirect
if session.get(project_id):
setattr(g, "project", project)
return redirect(url_for(".list_bills"))
# else do form authentication or token authentication
is_post_auth = request.method == "POST" and form.validate()
if (
is_post_auth
and check_password_hash(project.password, form.password.data)
or token_auth
):
# maintain a list of visited projects
if "projects" not in session:
session["projects"] = []
# add the project on the top of the list
session["projects"].insert(0, (project_id, project.name))
session[project_id] = True
# Set session to permanent to make language choice persist
session.permanent = True
session.update()
setattr(g, "project", project)
return redirect(url_for(".list_bills"))
if is_post_auth and not check_password_hash(project.password, form.password.data):
msg = _("This private code is not the right one")
form.errors["password"] = [msg]
return render_template("authenticate.html", form=form)
def authenticate(project_id=None):
"""Authentication form"""
form = AuthenticationForm()
# Try to get project_id from token first
token = request.args.get('token')
if token:
project_id = Project.verify_token(token, token_type='non_timed_token')
token_auth = True
else:
if not form.id.data and request.args.get('project_id'):
form.id.data = request.args['project_id']
project_id = form.id.data
token_auth = False
if project_id is None:
# User doesn't provide project identifier or a valid token
# return to authenticate form
msg = _("You either provided a bad token or no project identifier.")
form.errors["id"] = [msg]
return render_template("authenticate.html", form=form)
project = Project.query.get(project_id)
if not project:
# If the user try to connect to an unexisting project, we will
# propose him a link to the creation form.
return render_template("authenticate.html", form=form, create_project=project_id)
# if credentials are already in session, redirect
if session.get(project_id):
setattr(g, 'project', project)
return redirect(url_for(".list_bills"))
# else do form authentication or token authentication
is_post_auth = request.method == "POST" and form.validate()
if is_post_auth and check_password_hash(project.password, form.password.data) or token_auth:
# maintain a list of visited projects
if "projects" not in session:
session["projects"] = []
# add the project on the top of the list
session["projects"].insert(0, (project_id, project.name))
session[project_id] = True
session.update()
setattr(g, 'project', project)
return redirect(url_for(".list_bills"))
if is_post_auth and not check_password_hash(project.password, form.password.data):
msg = _("This private code is not the right one")
form.errors['password'] = [msg]
return render_template("authenticate.html", form=form)
def reset_password():
form = ResetPasswordForm()
token = request.args.get('token')
if not token:
return render_template('reset_password.html', form=form, error=_("No token provided"))
project_id = Project.verify_token(token)
if not project_id:
return render_template('reset_password.html', form=form, error=_("Invalid token"))
project = Project.query.get(project_id)
if not project:
return render_template('reset_password.html', form=form, error=_("Unknown project"))
if request.method == "POST" and form.validate():
project.password = generate_password_hash(form.password.data)
db.session.add(project)
db.session.commit()
flash(_("Password successfully reset."))
return redirect(url_for(".home"))
return render_template('reset_password.html', form=form)