def validate(self): """ Copy-pasted from flask_security and use the altered version of `verify_and_update_password`. """ if not super(LoginForm, self).validate(): return False self.user = _datastore.get_user(self.email.data) if self.user is None: self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False if not self.user.password: self.password.errors.append(get_message('PASSWORD_NOT_SET')[0]) return False if not verify_and_update_password(self.password.data, self.user): self.password.errors.append(get_message('INVALID_PASSWORD')[0]) return False if requires_confirmation(self.user): self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0]) return False if not self.user.is_active: self.email.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True
def validate(self): # Use super of LoginForm, not super of CustomLoginForm, since I # want to skip the LoginForm validate logic if not super(LoginForm, self).validate(): return False self.email.data = remove_null_caracters(self.email.data) self.user = _datastore.get_user(self.email.data) if self.user is None: self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False self.user.password = remove_null_caracters(self.user.password) if not self.user.password: self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False self.password.data = remove_null_caracters(self.password.data) if not verify_and_update_password(self.password.data, self.user): self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False # if requires_confirmation(self.user): # self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0]) # return False if not self.user.is_active: self.email.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True
def validate(self): if not super(ExtendedLoginForm, self).validate(): return False self.user = _datastore.get_user(self.username.data) if self.user is None: self.username.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False # class
def validate(self): from flask_security.utils import ( _datastore, get_message, hash_password, ) from flask_security.confirmable import requires_confirmation if not super(LoginForm, self).validate(): return False # try login using email self.user = _datastore.get_user(self.email.data) # if that didn't work try log in using the username if self.user is None: self.user = _datastore.get_user(self.username.data) if self.user is None: self.email.errors.append(get_message("USER_DOES_NOT_EXIST")[0]) # Reduce timing variation between existing and non-existing users hash_password(self.password.data) return False if not self.user.password: self.password.errors.append(get_message("PASSWORD_NOT_SET")[0]) # Reduce timing variation between existing and non-existing users hash_password(self.password.data) return False if not self.user.verify_and_update_password(self.password.data): self.password.errors.append(get_message("INVALID_PASSWORD")[0]) return False if requires_confirmation(self.user): self.email.errors.append(get_message("CONFIRMATION_REQUIRED")[0]) return False if not self.user.is_active: self.email.errors.append(get_message("DISABLED_ACCOUNT")[0]) return False return True
def validate(self): user_ip = request.headers.get('X-Forwarded-For', request.remote_addr) time_now = datetime.datetime.now() # Use super of LoginForm, not super of CustomLoginForm, since I # want to skip the LoginForm validate logic if not super(LoginForm, self).validate(): audit_logger.warning( f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}]" ) return False self.email.data = remove_null_caracters(self.email.data) self.user = _datastore.get_user(self.email.data) if self.user is None: audit_logger.warning( f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - " f"Reason: [Invalid Username]") self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False self.user.password = remove_null_caracters(self.user.password) if not self.user.password: audit_logger.warning( f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - " f"Reason: [Invalid Password]") self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False self.password.data = remove_null_caracters(self.password.data) if not verify_and_update_password(self.password.data, self.user): audit_logger.warning( f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - " f"Reason: [Invalid Password]") self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False # if requires_confirmation(self.user): # self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0]) # return False if not self.user.is_active: audit_logger.warning( f"Invalid Login - User [{self.email.data}] from IP [{user_ip}] at [{time_now}] - " f"Reason: [Disabled Account]") self.email.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True
def validate(self): self.user = _datastore.get_user(self.email.data) if self.user is None: self.email.validate(self) self.email.errors.append("User or password invalid.") return False if not verify_and_update_password(self.password.data, self.user): self.password.errors.append(get_message('INVALID_PASSWORD')[0]) return False if not self.user.password: self.password.errors.append(get_message('PASSWORD_NOT_SET')[0]) return False if requires_confirmation(self.user): self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0]) return False if not self.user.is_active: self.email.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True
def get_or_create_ldap_user(username): ldap = Ldap() if ldap.is_enabled(): username = standardize_username(username) ldap.login_nonpriv() ldap_user = ldap.search_username(username) if ldap_user is not None: user = _datastore.find_user( email=ldap_user['email']) or _datastore.find_user( username=ldap_user['username']) if not user: print('A') if current_app.config.get('LDAP_REQUIRE_EXISTING_USER', False): print('B') return None print('A') user = _datastore.create_user( email=ldap_user['email'], password=random_password(), ) user.email = ldap_user['email'] user.username = ldap_user['username'] user.first_name = ldap_user['given_name'] user.last_name = ldap_user['surname'] user.ldap_user = True db.session.add(user) db.session.commit() return _datastore.get_user(ldap_user['email'])
def validate(self): # Use super of LoginForm, not super of CustomLoginForm, since I # want to skip the LoginForm validate logic if not super(LoginForm, self).validate(): return False self.user = _datastore.get_user(self.email.data) if self.user is None: self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False if not self.user.password: self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False if not verify_and_update_password(self.password.data, self.user): self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0]) return False # if requires_confirmation(self.user): # self.email.errors.append(get_message('CONFIRMATION_REQUIRED')[0]) # return False if not self.user.is_active: self.email.errors.append(get_message('DISABLED_ACCOUNT')[0]) return False return True
def unique_username(form, field): if _datastore.get_user(field.data) is not None: msg = get_message("USERNAME_ALREADY_TAKEN", username=field.data)[0] raise ValidationError(msg)