def referral_login(email=None, password=None, remember=None, refer=None, *args, **kwargs): # pylint: disable=unused-argument """ This endpoint is the landing page for the logged-in user """ if email is None: email = request.form.get('email', None) if password is None: password = request.form.get('password', None) if remember is None: remember = request.form.get('remember', None) remember = remember in ['true', 'on'] if refer is None: refer = flask.request.args.get('next', request.form.get('next', None)) if refer in ['origin']: refer = request.referrer if refer is not None: if not _is_safe_url(refer): log.error('User gave insecure next URL: %r' % (refer,)) refer = None failure_refer = 'frontend.home' user = User.find(email=email, password=password) redirect = _url_for(failure_refer) if user is not None: if True not in [user.in_alpha, user.in_beta, user.is_staff, user.is_admin]: log.warning( 'User %r had a valid login, but is not a staff or beta member.', ) redirect = _url_for(failure_refer) else: status = login_user(user, remember=remember) if status: # User logged in organically. log.info( 'Logged in User (remember = %s): %r' % ( remember, user, ) ) create_session_oauth2_token() if refer is not None: log.info('Sending user to requested next: %r' % (refer,)) redirect = refer else: log.warning('Username or password unrecognized.') redirect = _url_for(failure_refer) else: log.warning('Username or password unrecognized.') redirect = _url_for(failure_refer) return flask.redirect(redirect)
def referral_logout(refer=None, *args, **kwargs): # pylint: disable=unused-argument """ This endpoint is the landing page for the logged-in user """ if refer is None: refer = flask.request.args.get('next', request.form.get('next', None)) if refer in ['origin']: refer = request.referrer if refer is not None: if not _is_safe_url(refer): log.error('User gave insecure next URL: %r' % (refer,)) refer = None # Delete the Oauth2 token for this session log.info('Logging out User: %r' % (current_user,)) delete_session_oauth2_token() logout_user() if refer is None: redirect = _url_for('frontend.home') else: redirect = refer return flask.redirect(redirect)
def user_login(email=None, password=None, remember=None, refer=None, *args, **kwargs): # pylint: disable=unused-argument """ This endpoint is the landing page for the logged-in user """ if email is None: email = request.form.get('email', None) if password is None: password = request.form.get('password', None) if remember is None: remember = request.form.get('remember', None) remember = remember in ['true', 'on'] if refer is None: refer = flask.request.args.get('next') if refer is not None: if not _is_safe_url(refer): refer = None failure_refer = 'backend.home' user = User.find(email=email, password=password) redirect = _url_for(failure_refer) if user is not None: if True not in [ user.in_alpha, user.in_beta, user.is_staff, user.is_admin ]: flash( 'Your login was correct, but Wildbook is in BETA at the moment and is invite-only.', 'danger', ) redirect = _url_for(failure_refer) else: status = login_user(user, remember=remember) if status: # User logged in organically. log.info('Logged in User (remember = %s): %r' % ( remember, user, )) flash('Logged in successfully.', 'success') create_session_oauth2_token() if refer is not None: redirect = refer else: flash( 'We could not log you in, most likely due to your account being disabled. Please speak to a staff member.', 'danger', ) redirect = _url_for(failure_refer) else: flash('Username or password unrecognized.', 'danger') redirect = _url_for(failure_refer) return flask.redirect(redirect)