def signin(): form = EmailPasswordForm() if form.validate_on_submit(): try: user = User(email=form.email.data, password=form.password.data) if user: if not user.is_authenticated: from ..words.user import need_active_info flash(need_active_info.format(user=user.username)) return redirect(url_for('home.index')) else: login_user(user) next = request.args.get('next') # principal identity identity = Identity(user.id) identity_changed.send(app, identity=identity) return redirect( request.args.get(next, url_for('home.index'))) except Exception as e: flash(e) return render_template('user/signin.html', form=form)
def signup(): if 'openid' not in session: abort(403) form = OpenIdSignupForm(next=request.args.get("next"), username=request.args.get("name"), email=request.args.get("email")) if form.validate_on_submit(): user = User(openid=session.pop('openid')) form.populate_obj(user) db.session.add(user) db.session.commit() session.permanent = True identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(_("Welcome, %%s") % user.username, "success") next_url = form.next.data or \ url_for("user.posts", username=user.username) return redirect(next_url) return render_template("openid/signup.html", form=form)
def signup(): form = SignupForm(next=request.args.get("next")) if form.validate_on_submit(): user = User() form.populate_obj(user) db.session.add(user) db.session.commit() identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(_("Welcome, %(name)s", name=user.username), "success") next_url = form.next.data if not next_url or next_url == request.path: next_url = url_for('user.posts', username=user.username) return redirect(next_url) return render_template("account/signup.html", form=form)
def n(): i = mkadmin() identity_changed.send(app, identity=i) with admin_denied.require(): pass return Response("OK")
def logout(): logout_user() for key in ('identity.name', 'identity.auth_type'): session.pop(key, None) identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) return redirect('login')
def login(): """ Login. """ form = LoginForm() if form.validate_on_submit(): em = form.email.data.strip().lower() u = User.find_one({'email': em}) if not u or not check_password_hash(u.password, form.password.data): return render_template('public/login.html', form=form, error=_('User name or password incorrect!')) # Keep the user info in the session using Flask-Login login_user(u) # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(u.get_id())) next_url = form.next_url.data if not next_url: next_url = '/' return redirect(next_url) next_url = request.args.get('next', '') form.next_url.data = next_url return render_template('public/login.html', form=form)
def signup(): form = SignupForm(next=request.args.get('next',None)) if form.validate_on_submit(): code = UserCode.query.filter_by(code=form.code.data).first() if code: user = User(role=code.role) form.populate_obj(user) db.session.add(user) db.session.delete(code) db.session.commit() identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(_("Welcome, %(name)s", name=user.nickname), "success") next_url = form.next.data if not next_url or next_url == request.path: next_url = url_for('frontend.people', username=user.username) return redirect(next_url) else: form.code.errors.append(_("Code is not allowed")) return render_template("account/signup.html", form=form)
def user_passwd_edit(post_id): error = None # if not writer_permission.can(): # error = u'你没有验证账户,不能修改密码,请尽快验证账户.' # return jsonify(judge=False, error=error) form = EditPasswdForm() action = EditManager(post_id, form) if form.validate_on_submit() and request.method == "POST": user = User.query.filter_by(id=post_id).first() if check_password_hash(user.password, form.passwd.data): action.edit_user_passwd() flash('密码修改成功,请重新登陆') logout_user() for key in ('identity.id', 'identity.auth_type'): session.pop(key, None) identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) error = "密码修改" return jsonify(judge=True, error=error) else: error = u'密码错误,请重新输入' return jsonify(judge=False, error=error) else: if form.errors: return return_errors(form) else: pass return redirect(url_for('index.index'))
def login(): title = '登录' info = {} info['m_name'] = session['name'] if 'name' in session else '' if request.method == 'POST': username = request.form.get('mobile') password = request.form.get('password') user = ds.queryUser(username) if (user is None): return jsonify(msg='该用户不存在', status='402') if not user.check_password(password): return jsonify(msg='错误的用户名或密码', status='401') user.last_login_time = datetime.now() session['name'] = username # Using the Flask-Login to processing and check the login status for # user. Remember the user's login status. remember = request.form.get('remember') == 'true' login_user(user, remember) # Tell Flask-Principal the identity changed identity_changed.send(app._get_current_object(), identity=Identity(user.id)) return jsonify(msg='OK',status='200') return render_template('login_v2.html', info=info,title=title)
def login_view(): if is_json(request): form = LoginForm(csrf_enabled=False) else: form = LoginForm() if form.validate_on_submit(): # authenticates the user too # TODO: set timeout for this user # TODO: set remote data for this user (hostname, etc.) pk = auth.set_user_data(form.user) # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(form.user.id, pk)) next_url = form.next.data if is_json(request): return jsonify({'login': '******', 'private_token': pk}) else: # TODO: Set authentication data on return value (private_token) if not next_url or next_url == request.path: next_url = url_for('user.index', username=form.user.username) return redirect(next_url) if is_json(request): return jsonify_form(form) return render_template('login.html', form=form)
def logout(): logout_user() # notify the change of role identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) return redirect("/")
def login(): from .forms import LoginForm if request.method == 'POST': form = LoginForm(request.form) if form.validate_on_submit(): user = form.user # TODO: support token auth in @loging_required, refer to flask_security @auth_required # login_required login_user(user, force=True) # flask principal from flask_principal import identity_changed, Identity from flask import current_app identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) next = request.args.get('next') # next_is_valid should check if the user has valid # permission to access the `next` url # if not next_is_valid(next): # return flask.abort(400) if 'admin' in user.roles_name: return redirect(next or '/admin/') elif 'editor' in user.roles_name: return redirect(next or '/admin/') else: return redirect(next or '/') elif request.method == 'GET': form = LoginForm() return render_template('security/login.html', form=form)
def login(username, blogger): this_user = TestUser(username) login_user(this_user) if blogger: identity_changed.send(current_app._get_current_object(), identity=Identity(username)) return redirect("/")
def login(): #---------------------------------------------------------------------- # define form form = LoginForm() # Validate form input #if flask.request.method == "POST" and form.validate_on_submit(): if form.validate_on_submit(): try: # Retrieve the user from the datastore user = racedb.find_user(form.email.data) # flag user doesn't exist or incorrect password if not (user and user.check_password(form.password.data)): return flask.render_template('login.html', form=form, error='username or password invalid') # we're good # Keep the user info in the session using Flask-Login login_user(user) flask.session['logged_in'] = True flask.session['user_name'] = user.name flask.session.permanent = True # Tell Flask-Principal the identity changed identity_changed.send( flask.current_app._get_current_object(), identity = Identity(user.id)) userclubs = getuserclubs(user) # zero clubs is an internal error in the databse if not(userclubs): db.session.rollback() raise dbConsistencyError,'no clubs found in database' # give user access to the first club in the list if no club already chosen # club_choices set in nav module. If this club.id is not in club_choices, # need to reset to first available if 'club_id' not in flask.session or flask.session['club_id'] not in [c[0] for c in userclubs]: club = Club.query.filter_by(id=userclubs[0][0]).first() flask.session['club_id'] = club.id flask.session['club_name'] = club.name # set default year to be current year today = timeu.epoch2dt(time.time()) flask.session['year'] = today.year # log login app.logger.debug("logged in user '{}'".format(flask.session['user_name'])) # commit database updates and close transaction db.session.commit() return flask.redirect(flask.request.args.get('next') or flask.url_for('index')) except: # roll back database updates and close transaction db.session.rollback() raise return flask.render_template('login.html', form=form)
def post(self): request_arg = RequestMethod_parser.parse_args() requestMethod = request_arg['requestMethod'] if requestMethod == "POST": args = login_parser.parse_args() userName = args['userName'] password = args['password'] user = User.query.filter(User.userName == userName).first() if user == None: abort(401, message="userName error") elif user.verify_password(password) is not True: abort(401, message="password error") else: session.permanent = True login_user(user) ip = str(request.remote_addr) log = LoginLog(current_user.userName, ip) db.session.add(log) db.session.commit() identity_changed.send( current_app._get_current_object(), identity=Identity(user.id)) elif requestMethod == "DELETE": # Remove the user information from the session logout_user() for key in ('identity.name', 'identity.auth_type'): session.pop(key, None) else: abort(404, message="api not found")
def logout(): logout_user() for key in ('indentity_name', 'identity.auth_type'): session.pop(key, None) identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) next_url = request.args.get('next', '/') return redirect(next_url)
def login(): data = request.values if hasattr(request, "json") and request.json: data = request.json if octoprint.server.userManager.enabled and "user" in data and "pass" in data: username = data["user"] password = data["pass"] if "remember" in data and data["remember"] in valid_boolean_trues: remember = True else: remember = False if "usersession.id" in session: _logout(current_user) user = octoprint.server.userManager.findUser(username) if user is not None: if octoprint.server.userManager.checkPassword(username, password): if not user.is_active(): return make_response(("Your account is deactivated", 403, [])) if octoprint.server.userManager.enabled: user = octoprint.server.userManager.login_user(user) session["usersession.id"] = user.session g.user = user login_user(user, remember=remember) identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id())) return jsonify(user.asDict()) return make_response(("User unknown or password incorrect", 401, [])) elif "passive" in data: return passive_login() return NO_CONTENT
def load_user_from_request(req): api_key = req.args.get('api_key') if api_key: user = get_user_by_api_key(api_key) if user: identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) user.login_type = API_LOGIN return user api_key = req.headers.get('Authorization') if api_key: api_key = api_key.replace('Basic ', '', 1) try: api_key = base64.b64decode(api_key) except TypeError: pass user = get_user_by_api_key(api_key) if user: identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) user.login_type = API_LOGIN return user return None
def login_user(user, remember=None): """Performs the login routine. :param user: The user to login :param remember: Flag specifying if the remember cookie should be set. Defaults to ``False`` """ if remember is None: remember = config_value("DEFAULT_REMEMBER_ME") if not _login_user(user, remember): # pragma: no cover return False if _security.trackable: remote_addr = request.remote_addr or None # make sure it is None and not '' old_current_login, new_current_login = user.current_login_at, datetime.utcnow() old_current_ip, new_current_ip = user.current_login_ip, remote_addr user.last_login_at = old_current_login or new_current_login user.current_login_at = new_current_login user.last_login_ip = old_current_ip user.current_login_ip = new_current_ip user.login_count = user.login_count + 1 if user.login_count else 1 _datastore.put(user) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return True
def login(): error = None form = LoginForm() if form.validate_on_submit() and request.method == "POST": validate_code = session['validate_code'] validate = form.code.data if validate.lower() != validate_code.lower(): return jsonify(judge=False, error=u'验证码错误') else: name = form.name.data passwd = form.passwd.data remember = request.get_json()["remember"] user = User.load_by_name(name) if user and User.check_password(user.passwd, passwd): if remember: session.permanent = True login_user(user, remember=remember) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(u'你已成功登陆') return jsonify(judge=True, error=error) else: error = u'用户名或密码错误' return jsonify(judge=False, error=error) else: if form.errors: return return_errors(form) else: pass return render_template('auth/login.html', form=form, error=error)
def logout_user(): """Logs out the current. This will also clean up the remember me cookie if it exists.""" for key in ("identity.name", "identity.auth_type"): session.pop(key, None) identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) _logout_user()
def login(): form = LoginForm(login=request.args.get('login',None), next=request.args.get('next',None)) if form.validate_on_submit(): user, authenticated = User.query.authenticate(form.login.data, form.password.data) if user and authenticated: session.permanent = form.remember.data identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash(_("Welcome back, %(name)s", name=user.username), "success") next_url = form.next.data if not next_url or next_url == request.path: next_url = url_for('frontend.people', username=user.username) return redirect(next_url) else: flash(_("Sorry, invalid login"), "error") return render_template("account/login.html", form=form)
def login(cls, app, username, password, remember=False, force=False, fresh=True): if app.config.opsy['enable_ldap']: result = ldap_manager.authenticate(username, password) if not result.status == AuthenticationResponseStatus.success: return False full_name_attr = app.config.opsy['ldap_user_full_name_attr'] email_attr = app.config.opsy['ldap_user_email_attr'] group_name_attr = app.config.opsy['ldap_group_name_attr'] email = result.user_info[email_attr] full_name = result.user_info[full_name_attr] user = cls.query.wtfilter_by(name=result.user_id).first() if not user: user = cls.create(username, email=email, full_name=full_name) else: user.update(email=email, full_name=full_name) groups = [x[group_name_attr] for x in result.user_groups] for role in user.roles: if role.ldap_group: user.roles.remove(role) for role in Role.query.filter(Role.ldap_group.in_(groups)).all(): user.roles.append(role) user.save() else: user = cls.query.wtfilter_by(name=username).first() if not user: return False if not user.verify_password(password): return False if login_user(user, remember=remember): identity_changed.send( app._get_current_object(), # pylint: disable=W0212 identity=Identity(user.id)) return user.get_session_token(app) return False
def login_user(user, remember=None): """Performs the login routine. :param user: The user to login :param remember: Flag specifying if the remember cookie should be set. Defaults to ``False`` """ if remember is None: remember = config_value('DEFAULT_REMEMBER_ME') if not _login_user(user, remember): # pragma: no cover return False if _security.trackable: if 'X-Forwarded-For' in request.headers: remote_addr = request.headers.getlist("X-Forwarded-For")[0].rpartition(' ')[-1] else: remote_addr = request.remote_addr or 'untrackable' old_current_login, new_current_login = user.current_login_at, datetime.utcnow() old_current_ip, new_current_ip = user.current_login_ip, remote_addr user.last_login_at = old_current_login or new_current_login user.current_login_at = new_current_login user.last_login_ip = old_current_ip or new_current_ip user.current_login_ip = new_current_ip user.login_count = user.login_count + 1 if user.login_count else 1 _datastore.put(user) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return True
def login(): """Login route""" class LoginForm(Form): """Login form""" username = StringField('Username', validators=[validators.required()]) password = PasswordField('Password', validators=[validators.required()]) form = LoginForm() # Validate form if form.validate_on_submit(): username = request.form['username'] password = request.form['password'] # Attempt login via api try: user_dict = current_app.users_api.login(username=username, \ password=password, response=True) except ReceivedErrorResponse as e: logger.warning('Invalid username or password') flash('Invalid username or password') except Exception as e: logger.error(str(e)) flash('Sorry, but you could not log in') else: user = User(user_dict['id'], username, user_dict['roles']) if login_user(user, remember=True): # Flask-Principal identity_changed.send(current_app._get_current_object(), \ identity=Identity(user.user_id)) # Redirect logger.info('Logged in as %s', username) flash('Logged in as %s' % username) return redirect(request.args.get('next') or url_for('home')) else: logger.error('Sorry but you could not log in') flash('Sorry, but you could not log in') return render_template('login.html', url=url_for('.login'), form=form)
def decorated_function(*args, **kwargs): if not request.headers.get('Authorization'): response = jsonify(message='Missing authorization header') response.status_code = 401 return response try: token = request.headers.get('Authorization').split()[1] except Exception as e: return dict(message='Token is invalid'), 403 try: payload = jwt.decode(token, current_app.config['LEMUR_TOKEN_SECRET']) except jwt.DecodeError: return dict(message='Token is invalid'), 403 except jwt.ExpiredSignatureError: return dict(message='Token has expired'), 403 except jwt.InvalidTokenError: return dict(message='Token is invalid'), 403 user = user_service.get(payload['sub']) if not user.active: return dict(message='User is not currently active'), 403 g.current_user = user if not g.current_user: return dict(message='You are not logged in'), 403 # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(g.current_user.id)) return f(*args, **kwargs)
def request_reissue(certificate, commit): """ Reissuing certificate and handles any exceptions. :param certificate: :param commit: :return: """ status = FAILURE_METRIC_STATUS try: print("[+] {0} is eligible for re-issuance".format(certificate.name)) # set the lemur identity for all cli commands identity_changed.send(current_app._get_current_object(), identity=Identity(1)) details = get_certificate_primitives(certificate) print_certificate_details(details) if commit: new_cert = reissue_certificate(certificate, replace=True) print("[+] New certificate named: {0}".format(new_cert.name)) status = SUCCESS_METRIC_STATUS except Exception as e: sentry.captureException() current_app.logger.exception("Error reissuing certificate.", exc_info=True) print( "[!] Failed to reissue certificates. Reason: {}".format( e ) ) metrics.send('certificate_reissue', 'counter', 1, metric_tags={'status': status})
def signup(): """ Signup. """ form = SignupForm() if form.validate_on_submit(): if not form.password.data == form.repassword.data: return render_template('public/signup.html', form=form, error=_('Password dismatch!')) em = form.email.data.strip().lower() u = User.find_one({'email': em}) if u: return render_template('public/signup.html', form=form, error=_('This email has been registered!')) u = User() u.email = em u.password = unicode(generate_password_hash(form.password.data.strip())) u.name = u.email.split('@')[0] u.save() current_app.logger.info('A new user created, %s' % u) send_support_email('signup()', u'New user %s with id %s.' % (u.email, u._id)) # Keep the user info in the session using Flask-Login login_user(u) # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(u.get_id())) return redirect('/') return render_template('public/signup.html', form=form)
def _perform_login(self, user): user = prepare_user(user) login_user(user) # Notify flask principal that the identity has changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id))
def logout(): flash(_("You are now logged out"), "success") identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) return redirect(url_for('frontend.index'))
def _check_http_auth(): auth = request.authorization or BasicAuth(username=None, password=None) if not auth.username: return False user = _security.datastore.get_user(auth.username) if user and user.verify_and_update_password(auth.password): _security.datastore.commit() app = current_app._get_current_object() _request_ctx_stack.top.user = user identity_changed.send(app, identity=Identity(user.id)) return True return False
def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).one() login_user(user) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash("Logged in successfully.", "success") return redirect(request.args.get("next") or url_for(".home")) return render_template("login.html", form=form)
def decorated_function(*args, **kwargs): if not request.headers.get("Authorization"): response = jsonify(message="Missing authorization header") response.status_code = 401 return response try: token = request.headers.get("Authorization").split()[1] except Exception as e: return dict(message="Token is invalid"), 403 try: header_data = fetch_token_header(token) payload = jwt.decode(token, current_app.config["LEMUR_TOKEN_SECRET"], algorithms=[header_data["alg"]]) except jwt.DecodeError: return dict(message="Token is invalid"), 403 except jwt.ExpiredSignatureError: return dict(message="Token has expired"), 403 except jwt.InvalidTokenError: return dict(message="Token is invalid"), 403 if "aid" in payload: access_key = api_key_service.get(payload["aid"]) if access_key.revoked: return dict(message="Token has been revoked"), 403 if access_key.ttl != -1: current_time = datetime.utcnow() # API key uses days expired_time = datetime.fromtimestamp( access_key.issued_at) + timedelta(days=access_key.ttl) if current_time >= expired_time: return dict(message="Token has expired"), 403 user = user_service.get(payload["sub"]) if not user.active: return dict(message="User is not currently active"), 403 g.current_user = user if not g.current_user: return dict(message="You are not logged in"), 403 # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(g.current_user.id)) return f(*args, **kwargs)
def user_loader_callback(identity): auth_identity = Identity(identity) # in case of a user or node an auth id is shared as identity, if isinstance(identity, int): # auth_identity = Identity(identity) auth = db.Authenticatable.get(identity) if isinstance(auth, db.Node): for rule in db.Role.get_by_name("node").rules: auth_identity.provides.add( RuleNeed(name=rule.name, scope=rule.scope, operation=rule.operation)) if isinstance(auth, db.User): # add role permissions for role in auth.roles: for rule in role.rules: auth_identity.provides.add( RuleNeed(name=rule.name, scope=rule.scope, operation=rule.operation)) # add 'extra' permissions for rule in auth.rules: auth_identity.provides.add( RuleNeed(name=rule.name, scope=rule.scope, operation=rule.operation)) identity_changed.send(current_app._get_current_object(), identity=auth_identity) return auth else: for rule in db.Role.get_by_name("container").rules: auth_identity.provides.add( RuleNeed(name=rule.name, scope=rule.scope, operation=rule.operation)) identity_changed.send(current_app._get_current_object(), identity=auth_identity) log.debug(identity) return identity
def login(): login_form = UserLogin() register_form = UserRegistration() if login_form.validate_on_submit(): username = login_form.username.data password = login_form.password.data remember_me = login_form.remember_me.data user = User.query.filter( func.lower(User.username) == func.lower(username)).first() if login_user(user, remember_me): flash("You were logged in.", "success") if user.invitations.count(): markup = f'You have {user.invitations.count()} team invitations' markup += f'- click <a href="{url_for("invitations")}">here</a> to view them.' flash(Markup(markup), "info") return redirect(request.args.get("next") or url_for('index')) # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) else: flash("Login failed, user not validated", "error") return redirect(url_for("verify_status", username=username)) elif register_form.validate_on_submit(): username = register_form.username.data.strip() password = register_form.password.data email = register_form.email.data new_user = User(username, password, email) body = render_template("emails/account/verification.txt", recipient=new_user, email_changed=False) mail.send_message( subject=f"Welcome to {app.config['LONG_NAME']}, {username}", recipients=[new_user.email], body=body) db.session.add(new_user) db.session.commit() flash("Your account has been created, confirm your email to verify.", "success") return redirect(url_for('verify_status', username=username)) return render_template('account/login.html', login_form=login_form, register_form=register_form)
def register(): error = None form = RegisterForm() if form.validate_on_submit() and request.method == "POST": validate_code = session['validate_code'] validate = form.code.data if validate.lower() != validate_code.lower(): return jsonify(judge=False, error=_('The validate code is error')) else: useremail = User.load_by_email(form.email.data) username = User.load_by_name(form.name.data) if username is not None: error = _('The name has been registered') return jsonify(judge=False, error=error) elif useremail is not None: error = _('The email has been registered') return jsonify(judge=False, error=error) else: account = User() account.name = form.name.data, account.email = form.email.data, account.passwd = form.passwd.data, account.roles = 'visitor' account.registered_time = datetime.now() '''邮箱验证''' token = email_token(account.email) confirm_url = url_for('auth.confirm', token=token, _external=True) html = render_template('templet/email.html', confirm_url=confirm_url) subject = _("Please confirm your email") # email_send(account.email, html, subject) account.send_email_time = datetime.now() db.session.add(account) db.session.commit() login_user(account) identity_changed.send(current_app._get_current_object(), identity=Identity(account.id)) flash(_('An email has been sent to your.Please receive')) return jsonify(judge=True, error=error) else: if form.errors: return return_errors(form) else: pass return render_template('auth/register.html', form=form)
def login_user(user, remember=None, authn_via=None): """Perform the login routine. If *SECURITY_TRACKABLE* is used, make sure you commit changes after this request (i.e. ``app.security.datastore.commit()``). :param user: The user to login :param remember: Flag specifying if the remember cookie should be set. Defaults to ``False`` :param authn_via: A list of strings denoting which mechanism(s) the user authenticated with. These should be one or more of ["password", "sms", "authenticator", "email"] or other 'auto-login' mechanisms. """ if remember is None: remember = config_value("DEFAULT_REMEMBER_ME") if not _login_user(user, remember): # pragma: no cover return False if _security.trackable: remote_addr = request.remote_addr or None # make sure it is None old_current_login, new_current_login = ( user.current_login_at, _security.datetime_factory(), ) old_current_ip, new_current_ip = user.current_login_ip, remote_addr user.last_login_at = old_current_login or new_current_login user.current_login_at = new_current_login user.last_login_ip = old_current_ip user.current_login_ip = new_current_ip user.login_count = user.login_count + 1 if user.login_count else 1 _datastore.put(user) session["fs_cc"] = "set" # CSRF cookie session["fs_paa"] = time.time() # Primary authentication at - timestamp identity_changed.send( current_app._get_current_object(), identity=Identity(user.fs_uniquifier) ) user_authenticated.send( current_app._get_current_object(), user=user, authn_via=authn_via ) return True
def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).one() login_user(user) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash('登录成功!!!', category='success') if user: session['user_id'] = user.id session.permanent = True return redirect(url_for('report_bp.index')) # 跳转到页面 else: return redirect(url_for('user_bp.register')) return render_template('login.html', form=form)
def post_login(): form_email = request.form['email'] form_pass = request.form['password'] user = modules.User.query.filter_by(email=form_email).first() if user is None: print("No user with this email") elif user.check_password(form_pass): print(user.first_name + ' Logged in successfully.', file=sys.stderr) login_user(user) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return redirect(url_for('dashboard')) else: print("Invalid password") return render_template('main/login.html')
def or_mixed2(): result = [] admin_or_editor_mixed = (admin_permission | editor_role_permission) i = Identity('admin') identity_changed.send(app, identity=i) with admin_or_editor_mixed.require(): result.append('good') i = Identity('editor') identity_changed.send(app, identity=i) with admin_or_editor_mixed.require(): result.append('good') return Response(''.join(result))
def login_user(app, request_data): if 'username' not in request_data or 'password' not in request_data: raise BadRequest('Username or password not specified') username = request_data.get('username', None) password = request_data.get('password', None) pss_user, pss_user_dict = app.table_proxy.pss_users.get_pss_user( username=username) if not pss_user or not pss_user.verify_password(password): raise Unauthorized('Bad password') flask_logout_user() if flask_login_user(pss_user) is False: raise Unauthorized('User is not active') identity_changed.send(app._get_current_object(), identity=Identity(pss_user.pss_user_id)) return pss_user_dict
def login(): form = AdminLoginForm() if form.validate_on_submit(): u = User.query.filter_by(username=form.username.data).first() if u and u.verify_password(form.password.data): if u.is_admin: login_user(u, True) identity_changed.send(current_app._get_current_object(), identity=Identity(u.id)) return form.redirect('admin.index') else: flash('你不是管理员', 'warning') else: flash('用户名或密码错误', 'error') return render_template('admin/login.html', title='后台登录', form=form)
def logout(): """ Logout. """ logout_user() # Remove session keys set by Flask-Principal for key in ('identity.name', 'identity.auth_type'): session.pop(key, None) # Tell Flask-Principal the user is anonymous identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) return redirect("/")
def post(self): #data = parser.parse_args() data = request.get_json(force=True) admin = UserDao.get_user_by_id(data['restaurant_admin_id']) #管理员存在且密码验证正确,则返回餐厅的菜单界面 if (admin != None) and (service.hash_password_verify( data['restaurant_admin_password'], admin.password, admin.id)): login_user(admin) identity_changed.send(current_app._get_current_object(), identity=Identity(admin.id)) return { 'URL': "/restaurants/%d/menu" % (data['restaurant_id']) }, 200 return {'message': 'Login error'}, 400
def logout(): logout_user() # Remove session keys set by Flask-Principal for key in ('identity.name', 'identity.auth_type'): current_app.logger.debug("session.pop({})".format(key)) session.pop(key, None) # Tell Flask-Principal the user is anonymous current_app.logger.debug('In logout() identity_changed.send') identity_changed.send( current_app._get_current_object(), identity=AnonymousIdentity()) return redirect(url_for('.login'))
def logout(): """ Logout User and destroy its session """ # Remove the user information from the session userlog = CmsUserLog.objects.filter( id=current_user.get_userlog_id()).first() userlog.logout_time = datetime.now() userlog.save() logout_user() # Remove session keys set by Flask-Principal for key in ('identity.name', 'identity.auth_type'): session.pop(key, None) # Tell Flask-Principal the user is anonymous identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) return redirect(app.config['BASE_URL'])
def logout(): # Clear session stored data logout_user() session.clear() # Tell Flask-Principal the user is anonymous identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) # Redirect user to logout endpoint params = { 'returnTo': url_for('main.index', _external=True), 'client_id': Config.AUTH0_CLIENT_ID } return redirect(auth0.api_base_url + '/v2/logout?' + urlencode(params))
def login(): form = LoginForm() if form.validate_on_submit(): user = User.query.filter(User.name == form.name.data).first() if user is not None: if check_password_hash(user.hash_pass, form.passwd.data): login_user(user) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return redirect('dashboard') else: flash(u'密码不正确!') else: flash(u'用户不存在!') return render_template('login.html', form=form)
def login(): """ # Log into account with a particular email and password $ curl -k -X OPTIONS -H "Origin: GUI_DOMAIN" -H "Content-Type: application/json" --request POST \ --data '{"email":"EMAIL_ADDRESS","password":"******","remember":"True"}' \ -c cookie.txt https://localhost/login # Response data from a successful login attempt (200 OK): { "return_msg": "OK", "user": { "email": "EMAIL_ADDRESS", "is_admin": [true/false], "name": "NAME", "read_only_mode": false } } # Response data from an unsuccessful login attempt (400 ERROR): { "return_msg": "Invalid Credentials", "user": { "logged_in": false } } """ req = parse_content(request) if req is None: return make_gui_response(json_header, 400, 'Content-Type not allowed') email = req.get('email') password = req.get('password') remember = True if req.get('remember') else False if email is None or password is None: return make_gui_response(json_header, 400, 'email and password must be supplied in login request') user = fetch_user(email) # Check if user actually exists and compare provided and stored password hashes if not user or not check_password_hash(user.password, password): # Reload page if user doesn't exist or the password was incorrect return make_gui_response(json_header, 400, 'Invalid Credentials') # Login-Manager creates new user session login_user(user, remember=remember) session['is_admin'] = user.is_admin # Tell Flask-Principal the identity has changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return make_gui_response(json_header, 200, 'OK')
def login(): data = request.values if hasattr(request, "json") and request.json: data = request.json if octoprint.server.userManager.enabled and "user" in data and "pass" in data: username = data["user"] password = data["pass"] if "remember" in data and data["remember"] in valid_boolean_trues: remember = True else: remember = False if "usersession.id" in session: _logout(current_user) user = octoprint.server.userManager.findUser(username) if user is not None: if octoprint.server.userManager.checkPassword(username, password): if not user.is_active(): return make_response( ("Your account is deactivated", 403, [])) if octoprint.server.userManager.enabled: user = octoprint.server.userManager.login_user(user) session["usersession.id"] = user.session g.user = user login_user(user, remember=remember) identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id())) remote_addr = get_remote_address(request) logging.getLogger(__name__).info( "Actively logging in user {} from {}".format( user.get_id(), remote_addr)) response = user.asDict() response["_is_external_client"] = s().getBoolean(["server", "ipCheck", "enabled"]) \ and not util_net.is_lan_address(remote_addr, additional_private=s().get(["server", "ipCheck", "trustedSubnets"])) return jsonify(response) return make_response(("User unknown or password incorrect", 401, [])) elif "passive" in data: return passive_login() return NO_CONTENT
def post(self): (email, password) = self.get_arguments() try: user = auth_service.check_auth(app, email, password) access_token = create_access_token(identity=user["email"]) refresh_token = create_refresh_token(identity=user["email"]) auth_service.register_tokens(app, access_token, refresh_token) identity_changed.send( current_app._get_current_object(), identity=Identity(user["id"]) ) if is_from_browser(request.user_agent): response = jsonify({ "user": user, "login": True }) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) else: response = { "login": True, "user": user, "access_token": access_token, "refresh_token": refresh_token } return response except PersonNotFoundException: current_app.logger.info("User is not registered.") return {"login": False}, 400 except WrongUserException: current_app.logger.info("User is not registered.") return {"login": False}, 400 except WrongPasswordException: current_app.logger.info("User gave a wrong password.") return {"login": False}, 400 except NoAuthStrategyConfigured: current_app.logger.info( "Authentication strategy is not properly configured." ) return {"login": False}, 400 except UnactiveUserException: return { "error": True, "message": "User is unactive, he cannot log in." }, 400
def post(self): if "onelogin" not in current_app.config.get("ACTIVE_PROVIDERS"): return "Onelogin is not enabled in the config. See the ACTIVE_PROVIDERS section.", 404 auth = OneLogin_Saml2_Auth(self.req, current_app.config.get("ONELOGIN_SETTINGS")) self.reqparse.add_argument('return_to', required=False, default=current_app.config.get('WEB_PATH')) self.reqparse.add_argument('acs', required=False) self.reqparse.add_argument('sls', required=False) args = self.reqparse.parse_args() return_to = args['return_to'] if args['acs'] != None: # valids the SAML response and checks if successfully authenticated if self._consumer(auth): email = auth.get_attribute(current_app.config.get("ONELOGIN_EMAIL_FIELD"))[0] user = User.query.filter(User.email == email).first() # if we get an sso user create them an account if not user: user = User( email=email, active=True, role=current_app.config.get('ONELOGIN_DEFAULT_ROLE') # profile_picture=profile.get('thumbnailPhotoUrl') ) db.session.add(user) db.session.commit() db.session.refresh(user) # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) login_user(user) db.session.commit() db.session.refresh(user) self_url = OneLogin_Saml2_Utils.get_self_url(self.req) if 'RelayState' in request.form and self_url != request.form['RelayState']: return redirect(auth.redirect_to(request.form['RelayState']), code=302) else: return redirect(current_app.config.get('BASE_URL'), code=302) else: return dict(message='OneLogin authentication failed.'), 403 elif args['sls'] != None: return dict(message='OneLogin SLS not implemented yet.'), 405 else: return redirect(auth.login(return_to=return_to))
def register(): form = RegForm() if request.method == 'GET': if User.query.count() > 0: return make_response('Нет такой страницы', 404) role = Role.query.filter_by(role='admin').one_or_none() if role is None: role = Role(id=1, role='admin') db.session.add(role) try: db.session.commit() except IntegrityError: db.session.rollback() raise InternalServerError( "failed to write admin role to the database") form.username.render_kw = {'value': 'admin'} choices = [(role.id, role.role)] # form.role.choices = [(role.id, role.role)] form.role.render_kw = {'value': choices[0][0]} form.phone.render_kw = {'value': '79272123456'} return render_template('login/register.html', form=form, choices=choices) if form.validate_on_submit(): user = User(username=Config.DEF_USER, id=1) user.set_password(Config.DEF_PASSWORD) user.role_id = int(form.role.data) user.phone_number = Config.PHONE db.session.add(user) try: db.session.commit() except IntegrityError: db.session.rollback() raise InternalServerError( "failed to write admin user to the database") login_user(user, remember=True) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return redirect(url_for('admin_app.index')) return form.errors return { 'user': form.username.data, 'password': form.password.data, 'password2': form.password2.data, 'role': form.role.data, 'phone': form.phone.data, 'choices': form.role.choices }
def authorized_engpsu(): client = oauth2.oauth2_client try: token = client.engpsu.authorize_access_token() except Exception as e: print(e) return redirect(url_for("accounts.login")) userinfo_response = client.engpsu.get("userinfo") userinfo = userinfo_response.json() user = models.User.objects(username=userinfo.get("username")).first() if not user: user = models.User( username=userinfo.get("username"), email=userinfo.get("email"), first_name=userinfo.get("first_name"), last_name=userinfo.get("last_name"), status="active", ) user.resources[client.engpsu.name] = userinfo # if 'staff_id' in userinfo.keys(): # user.roles.append('staff') # elif 'student_id' in userinfo.keys(): # user.roles.append('student') if userinfo["username"].isdigit(): user.roles.append("student") else: user.roles.append("staff") user.save() login_user(user) oauth2token = models.OAuth2Token( name=client.engpsu.name, user=user, access_token=token.get("access_token"), token_type=token.get("token_type"), refresh_token=token.get("refresh_token", None), expires=datetime.datetime.fromtimestamp(token.get("expires_in")), ) oauth2token.save() identity_changed.send(current_app._get_current_object(), identity=Identity(user.roles)) return redirect(url_for("dashboard.index"))
def signupsponsor(): """ Sponsor sign-up page. GET requests serve sign-up page. POST requests validate form & user creation. """ form = SignupForm() # validate if the user filled out the form correctly # validate_on_submit is a built-in method if form.validate_on_submit(): # make sure it's not an existing user existing_user = User.query.filter_by(email=form.email.data).first() if existing_user is None: # create a new user user = User( name=form.name.data, email=form.email.data, organization=form.organization.data, user_type='sponsor', user_status='pending' ) # use our set_password method user.set_password(form.password.data) # commit our new user record and log the user in db.session.add(user) db.session.commit() # Create new user login_user(user, remember=False, duration=None, force=False, fresh=True) # if everything goes well, they will be redirected to the main application # new user now has a type, extract and send to permissions signal # use identity_changed to send signal to flask_principal showing identity, user_type identity_changed.send(current_app._get_current_object(), identity=Identity(user.id,user.user_type)) # placing identity_object into variable for print/display identity_object = Identity(user.id,user.user_type) # printing identity_object to console for verification print('Sent: ',identity_object,' ...to current_app', file=sys.stderr) return redirect(url_for('sponsor_bp.dashboard_sponsor')) flash('A user already exists with that email address.') return render_template( 'signup_sponsor.jinja2', title='Create a Sponsor Account.', form=form, template='signup-page', body="Sign up for a Sponsor account." )
def login(): form = LoginForm() register_form = RegisterForm() if form.validate_on_submit(): user = users.query.filter_by(username=form.username.data).one() login_user(user, remember=form.remember.data) identity_changed.send(current_app._get_current_object(), identity=Identity(user.username)) # phone = "13234045805" # text = "【253云通讯】您的验证码是1234" # send_sms(text, phone) flash("You have been logged in", category="success") return redirect(url_for('stock.home', usersname=user.username)) return render_template('main/login.html', form=form, register_form=register_form)
def get(self): try: logout() identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) except KeyError: return {"Access token not found."}, 500 logout_data = {"logout": True} if is_from_browser(request.user_agent): response = jsonify(logout_data) unset_jwt_cookies(response) return response else: return logout_data
def post(self): login, password = request.json.get('login'), request.json.get( 'password') if login and password: user = User.query.filter_by(login=login).first() if user and user.check_password(password): print '------', user.is_active login_user(user) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) return MessageResponse('Login Success') raise LoginError()
def login(): form = LoginForm() if form.validate_on_submit(): # session['username'] = form.username.data user = User.query.filter_by(username=form.username.data).one() login_user(user, remember=form.remember.data) identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) flash("You have been logged in.", category='success') return redirect(url_for('blog.home')) return render_template('login.html', form=form)
def logout(): # Remove the user information from the session logout_user() flash('You are logged out', 'warning') # Remove session keys set by Flask-Principal for key in ('identity.name', 'identity.auth_type', 'hid_access_token'): session.pop(key, None) # Tell Flask-Principal the user is anonymous identity_changed.send(current_app, identity=AnonymousIdentity()) session_identity_loader() if request.values.get('hid_logout'): return redirect(conf.HUMANITARIAN_ID_AUTH_URI + '/logout') return redirect(url_for('index'))