def selfcheck():
"""check status before every request"""
if app.specter.rpc is not None:
type(app.specter.rpc).counter = 0
if not app.specter.chain:
app.specter.check()
if app.config.get("LOGIN_DISABLED"):
app.login("admin")
def login():
""" login """
if request.method == "POST":
rate_limit()
auth = app.specter.config["auth"]
if auth["method"] == "none":
app.login("admin")
app.logger.info("AUDIT: Successfull Login no credentials")
return redirect_login(request)
if auth["method"] == "rpcpasswordaspin":
# TODO: check the password via RPC-call
if app.specter.rpc is None:
flash(
"We could not check your password, maybe Bitcoin Core is not running or not configured?",
"error",
)
app.logger.info("AUDIT: Failed to check password")
return (
render_template(
"login.jinja",
specter=app.specter,
data={"controller": "controller.login"},
),
401,
)
rpc = app.specter.rpc.clone()
rpc.password = request.form["password"]
if rpc.test_connection():
app.login("admin")
app.logger.info("AUDIT: Successfull Login via RPC-credentials")
return redirect_login(request)
elif auth["method"] == "usernamepassword":
# TODO: This way both "User" and "user" will pass as usernames, should there be strict check on that here? Or should we keep it like this?
username = request.form["username"]
password = request.form["password"]
user = app.specter.user_manager.get_user_by_username(username)
if user:
if verify_password(user.password, password):
app.login(user.id)
return redirect_login(request)
# Either invalid method or incorrect credentials
flash("Invalid username or password", "error")
app.logger.info("AUDIT: Invalid password login attempt")
return (
render_template(
"login.jinja",
specter=app.specter,
data={"controller": "controller.login"},
),
401,
)
else:
if app.config.get("LOGIN_DISABLED"):
app.login("admin")
return redirect("")
return render_template(
"login.jinja", specter=app.specter, data={"next": request.args.get("next")}
)
def login():
''' login '''
app.specter.check()
if request.method == 'POST':
# ToDo: check the password via RPC-call
if app.specter.cli is None:
flash(
"We could not check your password, maybe Bitcoin Core is not running or not configured?",
"error")
app.logger.info("AUDIT: Failed to check password")
return render_template('login.html',
specter=app.specter,
data={'controller':
'controller.login'}), 401
cli = app.specter.cli.clone()
print("Loggning in with" + request.form['password'])
cli.passwd = request.form['password']
if cli.test_connection():
app.login()
app.logger.info("AUDIT: Successfull Login via RPC-credentials")
flash('Logged in successfully.', "info")
if request.form.get('next') and request.form.get(
'next').startswith("http"):
response = redirect(request.form['next'])
else:
response = redirect(url_for('index'))
return response
else:
flash('Invalid username or password', "error")
app.logger.info("AUDIT: Invalid password login attempt")
return render_template('login.html',
specter=app.specter,
data={'controller':
'controller.login'}), 401
else:
if app.config.get('LOGIN_DISABLED'):
return redirect('/')
return render_template('login.html',
specter=app.specter,
data={'next': request.args.get('next')})
def login():
''' login '''
app.specter.check()
if request.method == 'POST':
if app.specter.config['auth'] == 'none':
app.login('admin')
app.logger.info("AUDIT: Successfull Login no credentials")
return redirect_login(request)
if app.specter.config['auth'] == 'rpcpasswordaspin':
# TODO: check the password via RPC-call
if app.specter.cli is None:
flash(
"We could not check your password, maybe Bitcoin Core is not running or not configured?",
"error")
app.logger.info("AUDIT: Failed to check password")
return render_template('login.jinja',
specter=app.specter,
data={'controller':
'controller.login'}), 401
cli = app.specter.cli.clone()
cli.passwd = request.form['password']
if cli.test_connection():
app.login('admin')
app.logger.info("AUDIT: Successfull Login via RPC-credentials")
return redirect_login(request)
elif app.specter.config['auth'] == 'usernamepassword':
# TODO: This way both "User" and "user" will pass as usernames, should there be strict check on that here? Or should we keep it like this?
username = request.form['username']
password = request.form['password']
user = User.get_user_by_name(app.specter, username)
if user:
if verify_password(user.password, password):
app.login(user.id)
return redirect_login(request)
# Either invalid method or incorrect credentials
flash('Invalid username or password', "error")
app.logger.info("AUDIT: Invalid password login attempt")
return render_template('login.jinja',
specter=app.specter,
data={'controller': 'controller.login'}), 401
else:
if app.config.get('LOGIN_DISABLED'):
app.login('admin')
return redirect('/')
return render_template('login.jinja',
specter=app.specter,
data={'next': request.args.get('next')})
def selfcheck():
"""check status before every request"""
if app.config.get('LOGIN_DISABLED'):
app.login('admin')
