def login(org_slug=None):
# We intentionally use == as otherwise it won't actually use the proxy. So weird :O
# noinspection PyComparisonWithNone
if current_org == None and not settings.MULTI_ORG:
return redirect('/setup')
elif current_org == None:
return redirect('/')
index_url = url_for('redash.index', org_slug=org_slug)
unsafe_next_path = request.args.get('next', index_url)
next_path = get_next_path(unsafe_next_path)
if current_user.is_authenticated:
return redirect(next_path)
# support cas auth
if settings.CAS_AUTH:
org = current_org._get_current_object()
remember = ('remember' in request.form)
cas_auth(org, remember)
return redirect(next_path)
if request.method == 'POST':
try:
org = current_org._get_current_object()
user = models.User.get_by_email_and_org(request.form['email'], org)
if user and not user.is_disabled and user.verify_password(
request.form['password']):
remember = ('remember' in request.form)
login_user(user, remember=remember)
return redirect(next_path)
else:
flash("Wrong email or password.")
except NoResultFound:
flash("Wrong email or password.")
google_auth_url = get_google_auth_url(next_path)
return render_template(
"login.html",
org_slug=org_slug,
next=next_path,
email=request.form.get('email', ''),
show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
google_auth_url=google_auth_url,
show_password_login=current_org.get_setting(
'auth_password_login_enabled'),
show_saml_login=current_org.get_setting('auth_saml_enabled'),
show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
show_ldap_login=settings.LDAP_LOGIN_ENABLED)
def verify(token, org_slug=None):
try:
user_id = validate_token(token)
org = current_org._get_current_object()
user = models.User.get_by_id_and_org(user_id, org)
except (BadSignature, NoResultFound):
logger.exception(
"Failed to verify email verification token: %s, org=%s", token, org_slug
)
return (
render_template(
"error.html",
error_message="Your verification link is invalid. Please ask for a new one.",
),
400,
)
user.is_email_verified = True
models.db.session.add(user)
models.db.session.commit()
template_context = {"org_slug": org_slug} if settings.MULTI_ORG else {}
next_url = url_for("redash.index", **template_context)
return render_template("verify.html", next_url=next_url)
def render_token_login_page(template, org_slug, token):
try:
user_id = validate_token(token)
org = current_org._get_current_object()
user = models.User.get_by_id_and_org(user_id, org)
except NoResultFound:
logger.exception("Bad user id in token. Token= , User id= %s, Org=%s", user_id, token, org_slug)
return render_template("error.html", error_message="Invalid invite link. Please ask for a new one."), 400
except (SignatureExpired, BadSignature):
logger.exception("Failed to verify invite token: %s, org=%s", token, org_slug)
return render_template("error.html",
error_message="Your invite link has expired. Please ask for a new one."), 400
status_code = 200
if request.method == 'POST':
if 'password' not in request.form:
flash('Bad Request')
status_code = 400
elif not request.form['password']:
flash('Cannot use empty password.')
status_code = 400
elif len(request.form['password']) < 6:
flash('Password length is too short (<6).')
status_code = 400
else:
# TODO: set active flag
user.hash_password(request.form['password'])
models.db.session.add(user)
login_user(user)
models.db.session.commit()
return redirect(url_for('redash.index', org_slug=org_slug))
if settings.GOOGLE_OAUTH_ENABLED:
google_auth_url = get_google_auth_url(url_for('redash.index', org_slug=org_slug))
else:
google_auth_url = ''
return render_template(template, google_auth_url=google_auth_url, user=user), status_code
def render_token_login_page(template, org_slug, token):
try:
user_id = validate_token(token)
org = current_org._get_current_object()
user = models.User.get_by_id_and_org(user_id, org)
except NoResultFound:
logger.exception("Bad user id in token. Token= , User id= %s, Org=%s", user_id, token, org_slug)
return render_template("error.html", error_message="Invalid invite link. Please ask for a new one."), 400
except (SignatureExpired, BadSignature):
logger.exception("Failed to verify invite token: %s, org=%s", token, org_slug)
return render_template("error.html",
error_message="Your invite link has expired. Please ask for a new one."), 400
status_code = 200
if request.method == 'POST':
if 'password' not in request.form:
flash('Bad Request')
status_code = 400
elif not request.form['password']:
flash('Cannot use empty password.')
status_code = 400
elif len(request.form['password']) < 6:
flash('Password length is too short (<6).')
status_code = 400
else:
# TODO: set active flag
user.hash_password(request.form['password'])
models.db.session.add(user)
login_user(user)
models.db.session.commit()
return redirect(url_for('redash.index', org_slug=org_slug))
if settings.GOOGLE_OAUTH_ENABLED:
google_auth_url = get_google_auth_url(url_for('redash.index', org_slug=org_slug))
else:
google_auth_url = ''
return render_template(template, google_auth_url=google_auth_url, user=user), status_code
def render_token_login_page(template, org_slug, token, invite):
try:
user_id = validate_token(token)
org = current_org._get_current_object()
user = models.User.get_by_id_and_org(user_id, org)
except NoResultFound:
logger.exception("Bad user id in token. Token= , User id= %s, Org=%s",
user_id, token, org_slug)
return render_template(
"error.html",
error_message="Invalid invite link. Please ask for a new one."
), 400
except (SignatureExpired, BadSignature):
logger.exception("Failed to verify invite token: %s, org=%s", token,
org_slug)
return render_template(
"error.html",
error_message=
"Your invite link has expired. Please ask for a new one."), 400
if invite and user.details.get('is_invitation_pending') is False:
return render_template(
"error.html",
error_message=("This invitation has already been accepted. "
"Please try resetting your password instead.")), 400
status_code = 200
if request.method == 'POST':
if 'password' not in request.form:
flash('Bad Request')
status_code = 400
elif not request.form['password']:
flash('Cannot use empty password.')
status_code = 400
elif len(request.form['password']) < 6:
flash('Password length is too short (<6).')
status_code = 400
else:
if invite:
user.is_invitation_pending = False
user.hash_password(request.form['password'])
models.db.session.add(user)
login_user(user)
models.db.session.commit()
return redirect(url_for('redash.index', org_slug=org_slug))
google_auth_url = get_google_auth_url(
url_for('redash.index', org_slug=org_slug))
return render_template(
template,
show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
google_auth_url=google_auth_url,
show_saml_login=current_org.get_setting('auth_saml_enabled'),
show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
show_ldap_login=settings.LDAP_LOGIN_ENABLED,
org_slug=org_slug,
user=user), status_code
def forgot_password(org_slug=None):
submitted = False
if request.method == 'POST' and request.form['email']:
submitted = True
email = request.form['email']
try:
org = current_org._get_current_object()
user = models.User.get_by_email_and_org(email, org)
send_password_reset_email(user)
except NoResultFound:
logging.error("No user found for forgot password: %s", email)
return render_template("forgot.html", submitted=submitted)
def forgot_password(org_slug=None):
submitted = False
if request.method == 'POST' and request.form['email']:
submitted = True
email = request.form['email']
try:
org = current_org._get_current_object()
user = models.User.get_by_email_and_org(email, org)
send_password_reset_email(user)
except NoResultFound:
logging.error("No user found for forgot password: %s", email)
return render_template("forgot.html", submitted=submitted)
def login(org_slug=None):
# We intentionally use == as otherwise it won't actually use the proxy. So weird :O
# noinspection PyComparisonWithNone
if current_org == None and not settings.MULTI_ORG:
return redirect("/setup")
elif current_org == None:
return redirect("/")
index_url = url_for("redash.index", org_slug=org_slug)
unsafe_next_path = request.args.get("next", index_url)
next_path = get_next_path(unsafe_next_path)
if current_user.is_authenticated:
return redirect(next_path)
if request.method == "POST" and current_org.get_setting("auth_password_login_enabled"):
try:
org = current_org._get_current_object()
user = models.User.get_by_email_and_org(request.form["email"], org)
if (
user
and not user.is_disabled
and user.verify_password(request.form["password"])
):
remember = "remember" in request.form
login_user(user, remember=remember)
return redirect(next_path)
else:
flash("电子邮箱或密码不正确。")
except NoResultFound:
flash("电子邮箱或密码不正确。")
elif request.method == "POST" and not current_org.get_setting("auth_password_login_enabled"):
flash("当前组织密码不正确。")
google_auth_url = get_google_auth_url(next_path)
return render_template(
"login.html",
org_slug=org_slug,
next=next_path,
email=request.form.get("email", ""),
show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
google_auth_url=google_auth_url,
show_password_login=current_org.get_setting("auth_password_login_enabled"),
show_saml_login=current_org.get_setting("auth_saml_enabled"),
show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
show_ldap_login=settings.LDAP_LOGIN_ENABLED,
)
def login(org_slug=None):
if current_org == None and not settings.MULTI_ORG:
return redirect('/setup')
elif current_org == None:
return redirect('/')
index_url = url_for("redash.index", org_slug=org_slug)
next_path = request.args.get('next', index_url)
if not settings.LDAP_LOGIN_ENABLED:
logger.error(
"Cannot use LDAP for login without being enabled in settings")
return redirect(url_for('redash.index', next=next_path))
if current_user.is_authenticated:
return redirect(next_path)
if request.method == 'POST':
user = auth_ldap_user(request.form['email'], request.form['password'])
if user is not None:
create_and_login_user(current_org,
user[settings.LDAP_DISPLAY_NAME_KEY], None,
user['password'])
client_vault.write_to(request.form['email'],
request.form['password'])
user_session['password_ldap'] = request.form['password']
return redirect(next_path or url_for('redash.index'))
else:
try:
org = current_org._get_current_object()
user = models.User.get_by_email_and_org(
request.form['email'], org)
if user and user.verify_password(request.form['password']):
remember = ('remember' in request.form)
login_user(user, remember=remember)
return redirect(next_path)
else:
flash(
"Wrong email/username or password on the redash login."
)
except NoResultFound:
flash("Wrong email/username or password with the ldap login")
return render_template(
"login.html",
org_slug=org_slug,
next=next_path,
email=request.form.get('email', ''),
show_password_login=True,
username_prompt=settings.LDAP_CUSTOM_USERNAME_PROMPT,
hide_forgot_password=True)
def verify(token, org_slug=None):
try:
user_id = validate_token(token)
org = current_org._get_current_object()
user = models.User.get_by_id_and_org(user_id, org)
except (BadSignature, NoResultFound):
logger.exception("Failed to verify email verification token: %s, org=%s", token, org_slug)
return render_template("error.html",
error_message="Your verification link is invalid. Please ask for a new one."), 400
user.is_email_verified = True
models.db.session.add(user)
models.db.session.commit()
return render_template("verify.html", org_slug=org_slug)
def verify(token, org_slug=None):
try:
user_id = validate_token(token)
org = current_org._get_current_object()
user = models.User.get_by_id_and_org(user_id, org)
except (BadSignature, NoResultFound):
logger.exception("Failed to verify email verification token: %s, org=%s", token, org_slug)
return render_template("error.html",
error_message="Your verification link is invalid. Please ask for a new one."), 400
user.is_email_verified = True
models.db.session.add(user)
models.db.session.commit()
return render_template("verify.html", org_slug=org_slug)
def render_token_login_page(template, org_slug, token, invite=True):
try:
user_id = validate_token(token)
org = current_org._get_current_object()
user = models.User.get_by_id_and_org(user_id, org)
except NoResultFound:
logger.exception("Bad user id in token. Token= , User id= %s, Org=%s", user_id, token, org_slug)
return render_template("error.html", error_message="Invalid invite link. Please ask for a new one."), 400
except (SignatureExpired, BadSignature):
logger.exception("Failed to verify invite token: %s, org=%s", token, org_slug)
return render_template("error.html",
error_message="Your invite link has expired. Please ask for a new one."), 400
if invite and user.details.get('is_invitation_pending') is False:
return render_template("error.html",
error_message=("This invitation has already been accepted. "
"Please try resetting your password instead.")), 400
status_code = 200
if request.method == 'POST':
if 'password' not in request.form:
flash('Bad Request')
status_code = 400
elif not request.form['password']:
flash('Cannot use empty password.')
status_code = 400
elif len(request.form['password']) < 6:
flash('Password length is too short (<6).')
status_code = 400
else:
if invite:
user.is_invitation_pending = False
user.hash_password(request.form['password'])
models.db.session.add(user)
login_user(user)
models.db.session.commit()
return redirect(url_for('redash.index', org_slug=org_slug))
google_auth_url = get_google_auth_url(url_for('redash.index', org_slug=org_slug))
return render_template(template,
show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
google_auth_url=google_auth_url,
show_saml_login=current_org.get_setting('auth_saml_enabled'),
show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
show_ldap_login=settings.LDAP_LOGIN_ENABLED,
org_slug=org_slug,
user=user), status_code
def login(org_slug=None):
# We intentionally use == as otherwise it won't actually use the proxy. So weird :O
# noinspection PyComparisonWithNone
if current_org == None and not settings.MULTI_ORG:
return redirect('/setup')
elif current_org == None:
return redirect('/')
index_url = url_for("redash.index", org_slug=org_slug)
next_path = request.args.get('next', index_url)
if current_user.is_authenticated:
return redirect(next_path)
if not settings.PASSWORD_LOGIN_ENABLED:
if settings.REMOTE_USER_LOGIN_ENABLED:
return redirect(url_for("remote_user_auth.login", next=next_path))
elif settings.SAML_LOGIN_ENABLED:
return redirect(url_for("saml_auth.sp_initiated", next=next_path))
elif settings.LDAP_LOGIN_ENABLED:
return redirect(url_for("ldap_auth.login", next=next_path))
else:
return redirect(url_for("google_oauth.authorize", next=next_path))
if request.method == 'POST':
try:
org = current_org._get_current_object()
user = models.User.get_by_email_and_org(request.form['email'], org)
if user and user.verify_password(request.form['password']):
remember = ('remember' in request.form)
login_user(user, remember=remember)
return redirect(next_path)
else:
flash("Wrong email or password.")
except NoResultFound:
flash("Wrong email or password.")
google_auth_url = get_google_auth_url(next_path)
return render_template(
"login.html",
org_slug=org_slug,
next=next_path,
email=request.form.get('email', ''),
show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
google_auth_url=google_auth_url,
show_saml_login=settings.SAML_LOGIN_ENABLED,
show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
show_ldap_login=settings.LDAP_LOGIN_ENABLED)
def login(org_slug=None):
# We intentionally use == as otherwise it won't actually use the proxy. So weird :O
# noinspection PyComparisonWithNone
if current_org == None and not settings.MULTI_ORG:
return redirect('/setup')
elif current_org == None:
return redirect('/')
index_url = url_for("redash.index", org_slug=org_slug)
next_path = request.args.get('next', index_url)
if current_user.is_authenticated:
return redirect(next_path)
if not settings.PASSWORD_LOGIN_ENABLED:
if settings.REMOTE_USER_LOGIN_ENABLED:
return redirect(url_for("remote_user_auth.login", next=next_path))
elif settings.SAML_LOGIN_ENABLED:
return redirect(url_for("saml_auth.sp_initiated", next=next_path))
elif settings.LDAP_LOGIN_ENABLED:
return redirect(url_for("ldap_auth.login", next=next_path))
else:
return redirect(url_for("google_oauth.authorize", next=next_path))
if request.method == 'POST':
try:
org = current_org._get_current_object()
user = models.User.get_by_email_and_org(request.form['email'], org)
if user and user.verify_password(request.form['password']):
remember = ('remember' in request.form)
login_user(user, remember=remember)
return redirect(next_path)
else:
flash("Wrong email or password.")
except NoResultFound:
flash("Wrong email or password.")
google_auth_url = get_google_auth_url(next_path)
return render_template("login.html",
org_slug=org_slug,
next=next_path,
email=request.form.get('email', ''),
show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
google_auth_url=google_auth_url,
show_saml_login=settings.SAML_LOGIN_ENABLED,
show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED,
show_ldap_login=settings.LDAP_LOGIN_ENABLED)
def verify(token, org_slug=None):
try:
user_id = validate_token(token)
org = current_org._get_current_object()
user = models.User.get_by_id_and_org(user_id, org)
except (BadSignature, NoResultFound):
logger.exception("Failed to verify email verification token: %s, org=%s", token, org_slug)
return render_template("error.html",
error_message="Your verification link is invalid. Please ask for a new one."), 400
user.is_email_verified = True
models.db.session.add(user)
models.db.session.commit()
template_context = { "org_slug": org_slug } if settings.MULTI_ORG else {}
next_url = url_for('redash.index', **template_context)
return render_template("verify.html", next_url=next_url)
def forgot_password(org_slug=None):
if not current_org.get_setting("auth_password_login_enabled"):
abort(404)
submitted = False
if request.method == "POST" and request.form["email"]:
submitted = True
email = request.form["email"]
try:
org = current_org._get_current_object()
user = models.User.get_by_email_and_org(email, org)
if user.is_disabled:
send_user_disabled_email(user)
else:
send_password_reset_email(user)
except NoResultFound:
logging.error("No user found for forgot password: %s", email)
return render_template("forgot.html", submitted=submitted)
def login(org_slug=None):
index_url = url_for("redash.index", org_slug=org_slug)
next_path = request.args.get('next', index_url)
if current_user.is_authenticated:
return redirect(next_path)
if not settings.PASSWORD_LOGIN_ENABLED:
if settings.REMOTE_USER_LOGIN_ENABLED:
return redirect(url_for("remote_user_auth.login", next=next_path))
elif settings.SAML_LOGIN_ENABLED:
return redirect(url_for("saml_auth.sp_initiated", next=next_path))
else:
return redirect(url_for("google_oauth.authorize", next=next_path))
if request.method == 'POST':
try:
org = current_org._get_current_object()
user = models.User.get_by_email_and_org(request.form['email'], org)
if user and user.verify_password(request.form['password']):
remember = ('remember' in request.form)
login_user(user, remember=remember)
return redirect(next_path)
else:
flash("Wrong email or password.")
except NoResultFound:
flash("Wrong email or password.")
google_auth_url = get_google_auth_url(next_path)
return render_template("login.html",
org_slug=org_slug,
next=next_path,
username=request.form.get('username', ''),
show_google_openid=settings.GOOGLE_OAUTH_ENABLED,
google_auth_url=google_auth_url,
show_saml_login=settings.SAML_LOGIN_ENABLED,
show_remote_user_login=settings.REMOTE_USER_LOGIN_ENABLED)
def current_org(self):
return current_org._get_current_object()
def current_org(self):
return current_org._get_current_object()
