Esempio n. 1
0
def persona_login():
    # Must have the assertion.
    if 'assertion' not in request.form:
        abort(400)

    location = app.config['SERVER_NAME']
    if location is None:
        # Do a best guess effort of the localhost and port number.
        location = ':'.join(['localhost', str(app.config['SERVER_PORT'])])

    # Send the assertion to Mozilla's verifier service.
    assertion_info = {
        'assertion': request.form['assertion'],
        'audience': location,
    }
    r = requests.post('https://verifier.login.persona.org/verify',
                      data=assertion_info,
                      verify=True)
    if not r.ok:
        print('Failed to post to Persona.')
        abort(500)

    data = r.json()

    if data.get('status') == 'okay':
        user = app.user_storage.find_by_email(data['email'])
        if user is None:
            # Generate a password that the Persona user will not be told about.
            # This is to help prevent hackers from logging in using an empty
            # password hash of a Persona user.
            password = util.generate_password()
            pwhash = security.generate_password_hash(password)
            user = User(
                data['email'],  # Use the email as the username.
                data['email'],
                'persona',
                pwhash)
            app.user_storage.create(user)

        login_user(user)
        return jsonify({
            # Pass back whatever redirect was provided.
            'next': request.form.get('next')
        })
    else:
        abort(401)
Esempio n. 2
0
def persona_login():
    # Must have the assertion.
    if 'assertion' not in request.form:
        abort(400)

    location = app.config['SERVER_NAME']
    if location is None:
        # Do a best guess effort of the localhost and port number.
        location = ':'.join(['localhost', str(app.config['SERVER_PORT'])])

    # Send the assertion to Mozilla's verifier service.
    assertion_info = {
        'assertion': request.form['assertion'],
        'audience': location,
    }
    r = requests.post('https://verifier.login.persona.org/verify',
                      data=assertion_info, verify=True)
    if not r.ok:
        print('Failed to post to Persona.')
        abort(500)

    data = r.json()

    if data.get('status') == 'okay':
        user = app.user_storage.find_by_email(data['email'])
        if user is None:
            # Generate a password that the Persona user will not be told about.
            # This is to help prevent hackers from logging in using an empty
            # password hash of a Persona user.
            password = util.generate_password()
            pwhash = security.generate_password_hash(password)
            user = User(data['email'],  # Use the email as the username.
                        data['email'],
                        'persona',
                        pwhash)
            app.user_storage.create(user)

        login_user(user)
        return jsonify({
            # Pass back whatever redirect was provided.
            'next': request.form.get('next')
        })
    else:
        abort(401)
Esempio n. 3
0
def add_user():
    if current_user.name != app.config['ADMINISTRATOR']:
        flash('You don\'t have permission to do that.')
        return redirect(url_for('index'))

    form = AddUserForm()
    if form.validate_on_submit():
        password = util.generate_password()
        pwhash = security.generate_password_hash(password)
        user = User(form.username.data,
                    '',  # Email is not used.
                    'password',
                    pwhash)
        app.user_storage.create(user)
        return render_template('user_confirmation.html',
                               username=form.username.data,
                               password=password)

    return render_template('add_user.html', form=form)
Esempio n. 4
0
def add_user():
    if current_user.name != app.config['ADMINISTRATOR']:
        flash('You don\'t have permission to do that.')
        return redirect(url_for('index'))

    form = AddUserForm()
    if form.validate_on_submit():
        password = util.generate_password()
        pwhash = security.generate_password_hash(password)
        user = User(
            form.username.data,
            '',  # Email is not used.
            'password',
            pwhash)
        app.user_storage.create(user)
        return render_template('user_confirmation.html',
                               username=form.username.data,
                               password=password)

    return render_template('add_user.html', form=form)