def login_url_generation(app): PROTECTED = "http://localhost/protected" assert login_url("login", PROTECTED) == "/login?next=%2Fprotected" assert (login_url("https://auth.localhost/login", PROTECTED) == "https://auth.localhost/login?next=http%3A%2F%2Flocalhost%2Fprotected") assert (login_url("/login?affil=cgnu", PROTECTED) == "/login?affil=cgnu&next=%2Fprotected")
def login_url_generation(app): PROTECTED = "http://localhost/protected" assert login_url("login", PROTECTED) == "/login?next=%2Fprotected" assert ( login_url("https://auth.localhost/login", PROTECTED) == "https://auth.localhost/login?next=http%3A%2F%2Flocalhost%2Fprotected") assert (login_url("/login?affil=cgnu", PROTECTED) == "/login?affil=cgnu&next=%2Fprotected")
def test_login_url_generation(self): PROTECTED = "http://localhost/protected" self.assertEqual("/login?n=%2Fprotected", login_url("/login", PROTECTED, "n")) self.assertEqual("/login?next=%2Fprotected", login_url("/login", PROTECTED)) expected = "https://auth.localhost/login" + "?next=http%3A%2F%2Flocalhost%2Fprotected" self.assertEqual(expected, login_url("https://auth.localhost/login", PROTECTED)) self.assertEqual("/login?affil=cgnu&next=%2Fprotected", login_url("/login?affil=cgnu", PROTECTED))
def test_login_url_generation(self): PROTECTED = 'http://localhost/protected' self.assertEqual('/login?n=%2Fprotected', login_url('/login', PROTECTED, 'n')) self.assertEqual('/login?next=%2Fprotected', login_url('/login', PROTECTED)) expected = 'https://auth.localhost/login' + \ '?next=http%3A%2F%2Flocalhost%2Fprotected' self.assertEqual(expected, login_url('https://auth.localhost/login', PROTECTED)) self.assertEqual('/login?affil=cgnu&next=%2Fprotected', login_url('/login?affil=cgnu', PROTECTED))
def unauthorized_handler(): user_unauthorized.send( user_unauthorized.send(current_app._get_current_object())) url = URLObject(login_url(login_manager.login_view, request.url)) prev_param = make_next_param(url.without_query(), request.referrer or '/') return redirect( url.add_query_param('prev', prev_param).add_query_param('mode', 'action'))
def unauthorized_call(): #TODO: smellin code this should be in a utility best_match = request.accept_mimetypes.best_match(['application/json','text/html']) if request.mimetype =='application/json' or best_match == 'application/json': return abort(401,'Unauthorized call please provide the proper credentials' ) return redirect(login_url(login_manager.login_view, request.url))
def test_login_url_generation_with_view(self): app = Flask(__name__) login_manager = LoginManager() login_manager.init_app(app) @app.route("/login") def login(): return "" with app.test_request_context(): self.assertEqual("/login?next=%2Fprotected", login_url("login", "/protected"))
def decorated_view(*args, **kwargs): if not current_user.is_authenticated(): return current_app.login_manager.unauthorized() try: if current_user.is_admin(): return fn(*args, **kwargs) except AttributeError: pass user_unauthorized.send(current_app._get_current_object()) flash("Admin login required for this page","error") return redirect(login_url(current_app.login_manager.login_view,request.url))
def unauthorized_handler(cls): """ This is called when the user is required to log in. If the request is XHR, then a JSON message with the status code 401 is sent as response, else a redirect to the login page is returned. """ if request.is_xhr: rv = jsonify(message="Bad credentials") rv.status_code = 401 return rv return redirect(login_url(current_app.login_manager.login_view, request.url))
def test_login_url_generation_with_view(self): app = Flask(__name__) login_manager = LoginManager() login_manager.init_app(app) @app.route('/login') def login(): return '' with app.test_request_context(): self.assertEqual('/login?next=%2Fprotected', login_url('login', '/protected'))
def decorated_view(*args, **kwargs): if not current_user.is_authenticated(): return current_app.login_manager.unauthorized() try: if current_user.is_admin(): return fn(*args, **kwargs) except AttributeError: pass user_unauthorized.send(current_app._get_current_object()) flash("Admin login required for this page", "error") return redirect( login_url(current_app.login_manager.login_view, request.url))
def unauthorized_handler(cls): """ This is called when the user is required to log in. If the request is XHR, then a JSON message with the status code 401 is sent as response, else a redirect to the login page is returned. """ if request.is_xhr: rv = jsonify(message="Bad credentials") rv.status_code = 401 return rv return redirect( login_url(current_app.login_manager.login_view, request.url))
def decorated_view(*args, **kwargs): if not current_user.is_authenticated(): return redirect( login_url(current_app.config[LOGIN_VIEW_KEY], request.url)) if perm.can(): return fn(*args, **kwargs) logger.debug('Identity does not provide all of the ' 'following roles: %s' % [r for r in roles]) do_flash(FLASH_PERMISSIONS, 'error') return redirect(request.referrer or '/')
def forward_to_login(): try: # find the auth service location login_endpoint = 'http://' + service_location_by_name( auth_service_name()) # redirect the user to the endpoint with a way to redirect them back return redirect(login_url(login_endpoint, request.url)) # if the auth service does not exist except: # send an unauthorized error code abort(401)
def register_teaminvite(): tid, ip = setup_log_vars() lggr = setup_local_logger(tid, ip) MAM = MainModel(tid=tid, ip=ip) logout_user() if current_user.is_authenticated: # BUG: avispa_auth.teaminvite2 does not exist!! return redirect( url_for('avispa_auth.teaminvite2', h=request.args.get('h'), t=request.args.get('t'), k=request.args.get('k'), e=request.args.get('e'), _external=True, _scheme=URL_SCHEME)) else: result = MAM.select_user_doc_view('auth/userbyemail', request.args.get('e')) if result: flash( request.args.get('e') + " already exists. Please log in.", 'UI') a = url_for('avispa_auth.login', _external=True, _scheme=URL_SCHEME) b = url_for('avispa_auth.teaminvite2', h=request.args.get('h'), t=request.args.get('t'), k=request.args.get('k'), e=request.args.get('e'), _external=True, _scheme=URL_SCHEME) return redirect(login_url(a, b)) else: return redirect( url_for('avispa_auth.register_get', h=request.args.get('h'), t=request.args.get('t'), k=request.args.get('k'), e=request.args.get('e'), _external=True, _scheme=URL_SCHEME))
def login(): form = LoginForm(request.form) form_url = login_url('.login', request.args.get('next')) if request.method == 'POST' and form.validate(): user = User.query.filter(User.username == form.username.data).first() if user is None or not user.authenticate(form.password.data): flash('Wrong username or password') elif not login_user(user): flash('Sorry, this account is inactive.') else: flash('Hi {0}!'.format(user.username)) url = request.args.get('next') or DEFAULT_REDIRECT_TO return redirect(url) return render_template('auth/login.html', form=form, form_url=form_url)
def unauthorized(): if request.method == 'GET': flash('Please log in to access this page') return redirect(login_url('auth.login', request.url)) else: return dict(error=True, message="Please log in for access."), 403
def unauthorized(): flash('You need to sign in to access this page', 'danger') return redirect(login_url(url_for('login'), request.url))
def test_login_url_no_next_url(self): self.assertEqual(login_url("/foo"), "/foo")
def unauthorized(): if request.is_xhr or not _login_manager.login_view: abort(401) return redirect(login_url(_login_manager.login_view, request.url))
print(user.password) print(form.password.data) if user.password != form.password.data: return render_template('login.html', form=form, error="Wrong username or password") else: login_user(user) return redirect(url_for('index')) return render_template('login.html', form=form) login_url('/login') #Logout @app.route('/logout/') @login_required def logout(): logout_user() return redirect(url_for('login')) ''' Routes '''
def unauthorized_handler(): user_unauthorized.send(user_unauthorized.send(current_app._get_current_object())) url = URLObject(login_url(login_manager.login_view, request.url)) prev_param = make_next_param(url.without_query(), request.referrer or "/") return redirect(url.add_query_param("prev", prev_param).add_query_param("mode", "action"))
def decorated_view(*args, **kwargs): if app.login_manager._login_disabled: return func(*args, **kwargs) elif not current_user.is_authenticated(): return jsonify({'redirect': login_url(url_for('user.login'), request.url)}) return func(*args, **kwargs)
def login_url(self): return login_url(self.login_manager.login_view, request.url)
def test_login_url_no_next_url(self): self.assertEqual(login_url('/foo'), '/foo')
if form.validate_on_submit(): user = Advertiser.objects(email=form.email.data).first() print(user.password) print(form.password.data) if user.password != form.password.data: return render_template('login.html', form=form, error="Wrong username or password") else: login_user(user) return redirect(url_for('index')) return render_template('login.html', form=form) login_url('/login') #Logout @app.route('/logout/') @login_required def logout(): logout_user() return redirect(url_for('login')) ''' Routes ''' #Index @app.route('/')