def reauth(): print login_fresh() if request.method == "POST": confirm_login() flash(u"Reauthenticated.") return redirect(request.args.get("next") or url_for("index")) return render_template("reauth.html")
def set_password(): """修改密码""" form = PasswordForm() if form.validate_on_submit(): data = form.data #获取数据 print('用户编号{}'.format(current_user.get_id())) user = User.query.get(current_user.get_id()) user.password = generate_password_hash(data['password']) db.session.commit() flash('修改成功') login_fresh() return redirect(url_for('home.login')) return render_template('/home/user/secret.html', form=form)
def login(): if g.user is not None and g.user.is_authenticated: login_fresh() return redirect(url_for('index')) form = LoginForm() if form.validate_on_submit(): # user = db.session.query(Users).filter(Users.email == form.email.data).first() user = Users.query.filter_by(email=form.email.data).first() if user is not None and user.verify_password(form.password.data): login_user(user, form.remeber.data) flash('登录成功.') return redirect(request.args.get('next') or url_for('index')) else: flash('邮箱或密码错误') return render_template('login.html', form=form)
def change_password(): user = None if current_user.is_authenticated: if not login_fresh(): return login_manager.needs_refresh() user = current_user elif 'activation_key' in request.values and 'email' in request.values: activation_key = request.values['activation_key'] email = request.values['email'] user = User.query.filter_by(activation_key=activation_key) \ .filter_by(email=email).first() if user is None: abort(403) form = ChangePasswordForm(activation_key=user.activation_key) if form.validate_on_submit(): user.password = form.password.data user.activation_key = None db.session.add(user) db.session.commit() flash("Your password has been changed, please log in again", "success") return redirect(url_for("frontend.login")) return render_template("frontend/change_password.html", form=form)
def login(): if current_user.is_authenticated and login_fresh(): return redirect(url_for("main.home")) form = LoginForm() picture = generate_header_picture() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data.lower()).first() if not form.validate_email(form.email): flash("Email does not exist. Please try again", "danger") elif not bcrypt.check_password_hash(user.password, form.password.data): flash("Incorrect password. Please try again", "danger") else: login_user(user, remember=form.remember.data) next_page = request.args.get('next') if next_page: return redirect(next_page) else: return redirect(url_for("main.home")) return render_template("login.html", form=form, picture=picture, current_login_type="personal account", needed_login_type="company")
def login_refresh() -> ResponseType: """ Show a form to refresh a user's login after their login has become stale. :return: The response for this view. """ if login_fresh(): return redirect(url_for('main.index')) form = LoginRefreshForm() if form.validate_on_submit(): user = User.refresh_login(form.password.data) if user: # Login refresh succeeded. flash(_('Welcome, %(name)s!', name=user.name)) next_page = get_next_page() return redirect(next_page) flash(_('Invalid password.'), 'error') return render_template('userprofile/login.html', title=_('Confirm Login'), form=form)
def user_preferences(user_id): if 'token' in flask.request.args: token = flask.request.args.get('token') data = verify_token(token, salt='password', secret_key=flask.current_app.config['SECRET_KEY']) if data is not None: return reset_password() else: # es ist egal, ob eingeloggt oder nicht return confirm_email() elif flask_login.current_user.is_authenticated: if user_id != flask_login.current_user.id: return flask.abort(403) else: if not flask_login.login_fresh(): # ensure only fresh sessions can edit preferences including passwords and api tokens return flask.redirect( flask.url_for('.refresh_sign_in', next=flask.url_for( '.user_preferences', user_id=flask_login.current_user.id))) # user eingeloggt, change preferences möglich user = flask_login.current_user return change_preferences(user, user_id) else: return flask.current_app.login_manager.unauthorized()
def change_password(): user = None if current_user.is_authenticated(): if not login_fresh(): return login_manager.needs_refresh() user = current_user elif 'activation_key' in request.values and 'email' in request.values: activation_key = request.values['activation_key'] email = request.values['email'] user = User.query.filter_by(activation_key=activation_key) \ .filter_by(email=email).first() if user is None: abort(403) form = ChangePasswordForm(activation_key=user.activation_key) if form.validate_on_submit(): user.password = form.password.data user.activation_key = None db.session.add(user) db.session.commit() flash(_("Su contrasena ha sido cambiada, favor vuelva a loguearse"), "success") return redirect(url_for("frontend.login")) return render_template("frontend/change_password.html", form=form)
def get(self): if current_user.is_authenticated: user = current_user fresh = login_fresh() logger.info('User %s (%s) already authenticated. Fresh: %s', user.username, user.id, fresh) confirm_login() else: user = create_anonymous_user() login_user(user, remember=True) parsed_user = row_to_dict(user) response = jsonify({ 'user': { k: parsed_user[k] for k in ['anonymous', 'confirmed', 'email', 'id', 'username'] } }) response = set_cookies( response, { 'username': user.username, 'email': '', 'user_id': user.id, 'confirmed': False, 'anonymous': True }) return response
def modify_request(request_id): """Handles POST requests that modify :py:class:`~.models.Request`\s. Because of the numerous possible forms, this function bounces execution to a more specific function based on the form's "id\_" field. :param int request_id: the ID of the request. """ srp_request = Request.query.get_or_404(request_id) # Force fresh permissions if not login_fresh(): return login_manager.needs_refresh() if request.form['id_'] == 'modifier': return _add_modifier(srp_request) elif request.form['id_'] == 'payout': return _change_payout(srp_request) elif request.form['id_'] == 'action': return _add_action(srp_request) elif request.form['id_'] == 'void': return _void_modifier(srp_request) elif request.form['id_'] == 'details': return _change_details(srp_request) elif request.form['id_'] == 'note': return _add_note(srp_request) else: return abort(400)
def change_password(): user = None if current_user.is_authenticated(): if not login_fresh(): return login_manager.needs_refresh() user = current_user elif 'activation_key' in request.values and 'email' in request.values: activation_key = request.values['activation_key'] email = request.values['email'] user = User.query.filter_by(activation_key=activation_key) \ .filter_by(email=email).first() if user is None: abort(403) form = ChangePasswordForm(email=user.email, activation_key=user.activation_key) if form.validate_on_submit(): user.password = form.password.data user.activation_key = None db.session.add(user) db.session.commit() flash(_("Your password has been changed, please log in again"), "success") return redirect(url_for("user.login")) return render_template("user/change_password.html", user=user, form=form)
def refresh_login(): if current_user.is_authenticated and login_fresh(): next_page = get_next_page(request.args.get("next")) return redirect(next_page) prefered_webauthn = strtobool(request.args.get("webauthn", "false")) if prefered_webauthn: return render_template("webauthn/login_with_webauthn.html") form = RefreshLogin() user_id = current_user.get_id() database_id = User.get_database_id(user_id) user = User.query.filter_by(did=database_id).first() webauthn = Webauthn.query.filter_by(user_id=database_id).first() webauthn_enabled = webauthn.is_enabled if webauthn is not None else False if form.validate_on_submit(): if user.check_password(form.password.data): confirm_login() else: flash(_("Invalid password")) return redirect(url_for("auth.refresh_login")) next_page = get_next_page(request.args.get("next")) return redirect(next_page) return render_template( "auth/refresh_login.html", title=_("Refresh your session"), form=form, webauthn_enabled=webauthn_enabled, )
def decorated_view(*args, **kwargs): if usm._login_disabled: return func(*args, **kwargs) elif not current_user.is_authenticated: return func(*args, **kwargs) elif not login_fresh(): return func(*args, **kwargs) return abort(401)
def re_authenticate(): if login_fresh(): # How does this do ?? return redirect(url_for('main.index')) form = LoginForm() if form.validate_on_submit() and current_user.validate_password(form.password.data): confirm_login() # How does this do ?? return redirect_back() return render_template('auth/login.html', form=form)
def get(self): if not login_fresh(): if current_user.password is None: if current_app.discordAuth.authorized: confirm_login() return current_app.discordAuth.create_session() return render_template("auth/reauth.html", form=self.form()) return redirect_or_next(current_user.url)
def re_authenticated(): if login_fresh(): return redirect(url_for("main.index")) form = LoginForm() if form.validate_on_submit() and current_user.validate_password( form.password.data): confirm_login() return redirect_back() return render_template("auth/login.html", form=form)
def super_admin_can_check(): if hasattr(current_user, 'login') and (current_user.login in config.super_admin) \ and Permission(TypeNeed("normal_login")).can(): if login_fresh(): return True else: raise RequestRedirect(url_for('login', next=request.url)) else: return False
def estalogado(): if login_fresh(): return jsonify({ 'retorno': 'usuario logado', 'id_usuario': current_user.id }), 200 else: return jsonify({'retorno': 'usuario nao logado, ou sessao expirada'}), 422
def enforce_user_freshness(): if current_user.is_authenticated and \ current_user.authmethod == self.name and \ login_fresh(): user = current_user._get_current_object() if user.seconds_valid <= 0: current_app.logger.debug( "Marking '{}' as stale".format(user)) login_user(user, fresh=False) self.session.token = user.token
def re_authenticate(): """处理非新鲜登录的重认证""" if login_fresh(): return redirect(url_for('blog.index')) form = LoginForm() if form.validate_on_submit() and current_user.validate_password(form.password.data): confirm_login() return redirect_back() return render_template('auth/signin.html', form=form)
def re_authenticate(): """当用户‘不新鲜’时访问带@fresh_login_required的视图时,重新认证""" if login_fresh(): return redirect(url_for('main.index')) form = LoginForm() if form.validate_on_submit() and current_user.validate_password( form.password.data): confirm_login() return redirect_back() return render_template('auth/login.html', form=form)
def re_authenticate(): if login_fresh(): return redirect(url_for('main.index')) form = ReLoginForm() if form.validate_on_submit(): if current_user.validate_password(form.password.data): confirm_login() return redirect_back() flash('密码错误, 请重新输入', 'warning') return render_template('auth/login.jinja2', form=form)
def enforce_user_freshness(): if current_user.is_authenticated and \ current_user.authmethod == self.name and \ login_fresh(): user = current_user._get_current_object() if user.seconds_valid <= 0: current_app.logger.debug("Marking '{}' as stale".format( user)) login_user(user, fresh=False) self.session.token = user.token
def re_authenticate(): if login_fresh(): flash('活跃用户不需要重新登录', 'info') return redirect(url_for('base')) form = LoginForm() if form.validate_on_submit() and current_user.validate_password( form.password.data): confirm_login() return redirect_back() return render_template('user/login.html', form=form)
def reauth(): """Reauthenticates a user.""" if not login_fresh(): form = ReauthForm(request.form) if form.validate_on_submit(): if current_user.check_password(form.password.data): confirm_login() flash(_("Reauthenticated."), "success") return redirect_or_next(current_user.url) flash(_("Wrong password."), "danger") return render_template("auth/reauth.html", form=form) return redirect(request.args.get("next") or current_user.url)
def login(): if request.method == 'GET': if flask_login.login_fresh(): return redirect(url_for('main')) else: return render_template('Login.html') else: name, ok = requestParse(request) if ok: nexturl = request.args.get('next') return redirect(nexturl or url_for('main')) else: return render_template('Login.html', error='Fail to Login')
def re_authenticate(): ''''对已经登录的用户重新认证,保持 “新鲜”。 类似 Github 等认证。对于一些敏感操作需要重新认证,例如修改密码。 ''' if login_fresh(): return redirect(url_for('main.index')) form = LoginForm() if form.validate_on_submit() and current_user.validate_password( form.password.data): confirm_login() return redirect_back() return render_template('auth/login.html', form=form)
def re_authenticate(): if login_fresh(): return redirect(url_for('front.index')) form = LoginForm() if form.validate_on_submit() and current_user.validate_password( form.password.data): confirm_login() log_user(content=render_template('logs/auth/login.html')) return redirect_back() return render_template('auth/login.html', form=form)
def re_authenticate(): """ 重新认证 """ logger.info('url = ' + str(request.url)) # 刷新 if login_fresh(): return redirect(url_for('main.index')) form = LoginForm() if form.validate_on_submit() and current_user.validate_password(form.password.data): confirm_login() return redirect_back() return render_template('auth/login.html', form=form)
def sign_in(): if current_user and current_user.is_authenticated: return redirect(url_for('main.choose_service')) form = LoginForm() if form.validate_on_submit(): user = user_api_client.get_user_by_email_or_none(form.email_address.data) user = _get_and_verify_user(user, form.password.data) if user and user.state == 'pending': return redirect(url_for('main.resend_email_verification')) if user and session.get('invited_user'): invited_user = session.get('invited_user') if user.email_address != invited_user['email_address']: flash("You can't accept an invite for another person.") session.pop('invited_user', None) abort(403) else: invite_api_client.accept_invite(invited_user['service'], invited_user['id']) if user: # Remember me login if not login_fresh() and \ not current_user.is_anonymous and \ current_user.id == user.id and \ user.is_active: confirm_login() services = service_api_client.get_active_services({'user_id': str(user.id)}).get('data', []) if (len(services) == 1): return redirect(url_for('main.service_dashboard', service_id=services[0]['id'])) else: return redirect(url_for('main.choose_service')) session['user_details'] = {"email": user.email_address, "id": user.id} if user.is_active: user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) if request.args.get('next'): return redirect(url_for('.two_factor', next=request.args.get('next'))) else: return redirect(url_for('.two_factor')) # Vague error message for login in case of user not known, locked, inactive or password not verified flash(Markup(( "The email address or password you entered is incorrect." " <a href={password_reset}>Forgot your password</a>?" ).format(password_reset=url_for('.forgot_password')) )) return render_template('views/signin.html', form=form)
def sign_in(): if current_user and current_user.is_authenticated: return redirect(url_for('main.choose_service')) form = LoginForm() if form.validate_on_submit(): user = user_api_client.get_user_by_email_or_none(form.email_address.data) user = _get_and_verify_user(user, form.password.data) if user and user.state == 'pending': return redirect(url_for('main.resend_email_verification')) if user and session.get('invited_user'): invited_user = session.get('invited_user') if user.email_address != invited_user['email_address']: flash("You can't accept an invite for another person.") session.pop('invited_user', None) abort(403) else: invite_api_client.accept_invite(invited_user['service'], invited_user['id']) if user: # Remember me login if not login_fresh() and \ not current_user.is_anonymous and \ current_user.id == user.id and \ user.is_active: confirm_login() services = service_api_client.get_services({'user_id': str(user.id)}).get('data', []) if (len(services) == 1): return redirect(url_for('main.service_dashboard', service_id=services[0]['id'])) else: return redirect(url_for('main.choose_service')) session['user_details'] = {"email": user.email_address, "id": user.id} if user.is_active: user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) if request.args.get('next'): return redirect(url_for('.two_factor', next=request.args.get('next'))) else: return redirect(url_for('.two_factor')) # Vague error message for login in case of user not known, locked, inactive or password not verified flash(Markup(( "The email address or password you entered is incorrect." " <a href={password_reset}>Forgot your password</a>?" ).format(password_reset=url_for('.forgot_password')) )) return render_template('views/signin.html', form=form)
def delete(): if login_fresh() == True: try: error = None user = session['user_id'] with switch_collection(User, 'users') as toDel: User.objects(username=user).delete() logout_user() return 'User %s has been deleted' % user except DoesNotExist: raise BadRequest('User does not exist.') else: raise Unauthorized('Session is not fresh.')
def reauth(): """ Reauthenticates a user """ if not login_fresh(): form = ReauthForm(request.form) if form.validate_on_submit(): confirm_login() flash("Reauthenticated", "success") return redirect(request.args.get("next") or url_for("user.profile")) return render_template("auth/reauth.html", form=form) return redirect(request.args.get("next") or url_for("user.profile", username=current_user.username))
def reauth(): """ Reauthenticates a user """ if not login_fresh(): form = ReauthForm(request.form) if form.validate_on_submit(): confirm_login() flash(_("Reauthenticated."), "success") return redirect(request.args.get("next") or url_for("user.profile")) return render_template("auth/reauth.html", form=form) return redirect(request.args.get("next") or url_for("user.profile", username=current_user.username))
def get_request_details(request_id=None, srp_request=None): """Handles responding to all of the :py:class:`~.models.Request` detail functions. The various modifier functions all depend on this function to create the actual response content. Only one of the arguments is required. The ``srp_request`` argument is a conveniece to other functions calling this function that have already retrieved the request. :param int request_id: the ID of the request. :param srp_request: the request. :type srp_request: :py:class:`~.models.Request` """ if srp_request is None: srp_request = Request.query.get_or_404(request_id) # A user should always be able to access their own requests, but others # need fresh sessions. if current_user != srp_request.submitter and not login_fresh(): return login_manager.needs_refresh() # Different templates are used for different roles if current_user.has_permission(PermissionType.review, srp_request.division): template = 'request_review.html' elif current_user.has_permission(PermissionType.pay, srp_request.division): template = 'request_pay.html' elif current_user == srp_request.submitter or current_user.has_permission( PermissionType.audit): template = 'request_detail.html' else: abort(403) if request.is_json or request.is_xhr: return jsonify(**srp_request._json(True)) if request.is_xml: return xmlify('request.xml', srp_request=srp_request) return render_template( template, srp_request=srp_request, modifier_form=ModifierForm(formdata=None), payout_form=PayoutForm(formdata=None), action_form=ActionForm(formdata=None), void_form=VoidModifierForm(formdata=None), details_form=ChangeDetailsForm(formdata=None, obj=srp_request), note_form=AddNote(formdata=None), # TRANS: Title for the page showing the details about a single # TRANS: SRP request. title=gettext(u"Request #%(request_id)s", request_id=srp_request.id))
def get_request_details(request_id=None, srp_request=None): """Handles responding to all of the :py:class:`~.models.Request` detail functions. The various modifier functions all depend on this function to create the actual response content. Only one of the arguments is required. The ``srp_request`` argument is a conveniece to other functions calling this function that have already retrieved the request. :param int request_id: the ID of the request. :param srp_request: the request. :type srp_request: :py:class:`~.models.Request` """ if srp_request is None: srp_request = Request.query.get_or_404(request_id) # A user should always be able to access their own requests, but others # need fresh sessions. if current_user != srp_request.submitter and not login_fresh(): return login_manager.needs_refresh() # Different templates are used for different roles if current_user.has_permission(PermissionType.review, srp_request.division): template = 'request_review.html' elif current_user.has_permission(PermissionType.pay, srp_request.division): template = 'request_pay.html' elif current_user == srp_request.submitter or current_user.has_permission( PermissionType.audit): template = 'request_detail.html' else: abort(403) if request.is_json or request.is_xhr: return jsonify(srp_request._json(True)) if request.is_xml: return xmlify('request.xml', srp_request=srp_request) return render_template(template, srp_request=srp_request, modifier_form=ModifierForm(formdata=None), payout_form=PayoutForm(formdata=None), action_form=ActionForm(formdata=None), void_form=VoidModifierForm(formdata=None), details_form=ChangeDetailsForm(formdata=None, obj=srp_request), note_form=AddNote(formdata=None), # TRANS: Title for the page showing the details about a single # TRANS: SRP request. title=gettext(u"Request #%(request_id)s", request_id=srp_request.id))
def confirm_reset_password(): """ 确认密码 :return: """ if request.method == 'GET': if current_user.is_authenticated: if not login_fresh(): return login_manager.needs_refresh() user = current_user elif 'activation_key' in request.args and 'email' in request.args: activation_key = request.args.get('activation_key') email = request.args.get('email') user = User.objects( Q(account__activation_key=activation_key) & Q(account__email=email)).first() else: return Response('邮件已失效') form = ConfirmResetPasswordForm( activation_key=user.account.activation_key, email=user.account.email) return render_template('admin/user/confirm_reset_password.html', form=form) if request.method == 'POST': form = ConfirmResetPasswordForm() activation_key = form.activation_key.data email = form.email.data user = User.objects( Q(account__activation_key=activation_key) & Q(account__email=email)).first() # 修改密码成功 if form.validate_on_submit(): user.account.password = form.password.data user.account.activation_key = None user.save() flash( gettext('your password has been changed, please login again'), 'success') return render_template('admin/user/success_reset_password.html') # 修改密码失败 flash(gettext('fail, please confirm your password'), 'success') return render_template('admin/user/confirm_reset_password.html', form=form)
def login_refresh() -> str: """ Show a form to refresh a user's login after their login has become stale. :return: The HTML response. """ if login_fresh(): return redirect(url_for('main.index')) form = LoginRefreshForm() if form.validate_on_submit(): user = User.refresh_login(form.password.data) if user: # Login refresh succeeded. flash(_('Welcome, %(name)s!', name=user.name)) next_page = get_next_page() return redirect(next_page) flash(_('Invalid password.'), 'error') return render_template('userprofile/login.html', title=_('Confirm Login'), form=form)
def get(self): if not login_fresh(): return render_template("auth/reauth.html", form=self.form()) return redirect_or_next(current_user.url)
def is_authenticated(self): # To handle remember me token renewal if not login_fresh(): return False return super(User, self).is_authenticated
def check_fresh_login(): """Checks if the login is fresh for the current user, otherwise the user has to reauthenticate.""" if not login_fresh(): return current_app.login_manager.needs_refresh()
def is_accessible(self): return admin_perm.can() and login_fresh()
def test_login_user_not_fresh(self): with self.app.test_request_context(): result = login_user(notch, fresh=False) self.assertTrue(result) self.assertEqual(current_user.name, u'Notch') self.assertIs(login_fresh(), False)
def is_fresh(): return unicode(login_fresh())