def change_password():
"""View function which handles a change password request."""
has_error = False
form_class = _security.change_password_form
if request.json:
form = form_class(MultiDict(request.json))
else:
form = form_class()
if form.validate_on_submit():
try:
change_user_password(current_user, form.new_password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'SMTP Socket error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'SMTP error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(
u'Error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger'
)
has_error = True
if request.json is None and not has_error:
after_this_request(_commit)
do_flash(*get_message('PASSWORD_CHANGE'))
return redirect(get_url(_security.post_change_view) or
get_url(_security.post_login_view))
if request.json and not has_error:
form.user = current_user
return _render_json(form)
return _security.render_template(
config_value('CHANGE_PASSWORD_TEMPLATE'),
change_password_form=form,
**_ctx('change_password'))
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN'))
if expired:
do_flash(*get_message('PASSWORD_RESET_EXPIRED', email=user.email,
within=_security.reset_password_within))
if invalid or expired:
return redirect(url_for('browser.forgot_password'))
has_error = False
form = _security.reset_password_form()
if form.validate_on_submit():
try:
update_password(user, form.password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'SMTP Socket error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'SMTP error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'Error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
if not has_error:
after_this_request(_commit)
do_flash(*get_message('PASSWORD_RESET'))
login_user(user)
return redirect(get_url(_security.post_reset_view) or
get_url(_security.post_login_view))
return _security.render_template(
config_value('RESET_PASSWORD_TEMPLATE'),
reset_password_form=form,
reset_password_token=token,
**_ctx('reset_password'))
def change_password():
"""View function which handles a change password request."""
has_error = False
form_class = _security.change_password_form
if request.json:
form = form_class(MultiDict(request.json))
else:
form = form_class()
if form.validate_on_submit():
try:
change_user_password(current_user, form.new_password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(SMTP_SOCKET_ERROR).format(e), 'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(SMTP_ERROR).format(e), 'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(PASS_ERROR).format(e), 'danger')
has_error = True
if request.json is None and not has_error:
after_this_request(_commit)
do_flash(*get_message('PASSWORD_CHANGE'))
old_key = get_crypt_key()[1]
set_crypt_key(form.new_password.data, False)
from pgadmin.browser.server_groups.servers.utils \
import reencrpyt_server_passwords
reencrpyt_server_passwords(current_user.id, old_key,
form.new_password.data)
return redirect(
get_url(_security.post_change_view)
or get_url(_security.post_login_view))
if request.json and not has_error:
form.user = current_user
return default_render_json(form)
return _security.render_template(
config_value('CHANGE_PASSWORD_TEMPLATE'),
change_password_form=form,
**_ctx('change_password'))
def change_password():
"""View function which handles a change password request."""
has_error = False
form_class = _security.change_password_form
if request.json:
form = form_class(MultiDict(request.json))
else:
form = form_class()
if form.validate_on_submit():
try:
change_user_password(current_user, form.new_password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(u'SMTP Socket error: {}\n'
u'Your password has not been changed.').format(e),
'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(u'SMTP error: {}\n'
u'Your password has not been changed.').format(e),
'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(u'Error: {}\n'
u'Your password has not been changed.').format(e),
'danger')
has_error = True
if request.json is None and not has_error:
after_this_request(_commit)
do_flash(*get_message('PASSWORD_CHANGE'))
return redirect(
get_url(_security.post_change_view)
or get_url(_security.post_login_view))
if request.json and not has_error:
form.user = current_user
return _render_json(form)
return _security.render_template(
config_value('CHANGE_PASSWORD_TEMPLATE'),
change_password_form=form,
**_ctx('change_password'))
def query_ldap_user(self, identifier):
"""Get information about a user throught AD."""
con = self._get_ldap_con()
result = con.search(
search_base=config_value("LDAP_BASE_DN"),
search_filter=config_value("LDAP_SEARCH_FILTER").format(
identifier),
search_scope=ldap3.SUBTREE,
attributes=ldap3.ALL_ATTRIBUTES,
)
data = con.entries
self._close_ldap_con(con)
if result and data:
return (data[0].entry_dn, data[0])
raise LDAPExceptionError("User not found in LDAP")
def send_reset_password_instructions(user):
"""Sends the reset password instructions email for the specified user.
:param user: The user to send the instructions to
"""
token = generate_reset_password_token(user)
reset_link = frontend_url('reset-password', token=token)
print(f"[+] The security is {_security}")
if config_value('SEND_PASSWORD_RESET_EMAIL'):
send_mail(config_value('EMAIL_SUBJECT_PASSWORD_RESET'),
user.email,
'reset_instructions',
user=user,
reset_link=reset_link)
reset_password_instructions_sent.send(app._get_current_object(),
user=user,
token=token)
def send_reset_password_instructions(user):
"""Sends the reset password instructions email for the specified user.
:param user: The user to send the instructions to
"""
token = generate_reset_password_token(user)
url_data = urlparse(request.base_url)
reset_link = f"{url_data.scheme}://{url_data.netloc}/#resetpass/{token}/"
if config_value('SEND_PASSWORD_RESET_EMAIL'):
send_mail(config_value('EMAIL_SUBJECT_PASSWORD_RESET'),
user.email,
'reset_instructions',
user=user,
reset_link=reset_link)
reset_password_instructions_sent.send(app._get_current_object(),
user=user,
token=token)
def admin_login():
form_class = security.login_form
form = form_class(request.form)
if form.validate_on_submit():
login_user(form.user, remember=form.remember.data)
after_this_request(_commit)
return redirect(form.next.data or url_for('admin.index'))
return security.render_template(config_value('LOGIN_USER_TEMPLATE'),
login_user_form=form,
**_ctx('login'))
def send_mail(subject, recipients, template, language, **context):
"""Send an email via the Flask-Mail extension.
:param subject: Email subject
:param recipients: List of email recipients
:param template: The name of the email template
:param context: The context to render the template with
"""
sender = config_value('EMAIL_SENDER')
msg = Message(subject, sender=sender, recipients=recipients)
ctx = ('email', template, language)
if config_value('EMAIL_PLAINTEXT'):
msg.body = render_template('%s/%s_%s.txt' % ctx, **context)
# if config_value('EMAIL_HTML'):
# msg.html = render_template('%s/%s.html' % ctx, **context)
mail = current_app.extensions.get('mail')
mail.send(msg)
def validate(self):
"""Validate LDAP logins against AD."""
if not super(LDAPLoginForm, self).validate():
return False
if self.email.data.strip() == '':
self.email.errors.append(get_message('USERID_NOT_PROVIDED')[0])
return False
if self.password.data.strip() == '':
self.password.errors.append(
get_message('PASSWORD_NOT_PROVIDED')[0])
return False
try:
user_dn, ldap_data = _datastore.query_ldap_user(self.email.data)
if user_dn is None:
self.email.errors.append(get_message('USER_DOES_NOT_EXIST')[0])
return False
if not _datastore.verify_password(user_dn, self.password.data):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
ldap_email = ldap_data[config_value('LDAP_EMAIL_FIELDNAME')].value
password = encrypt_password(self.password.data)
if _datastore.find_user(email=ldap_email):
self.user = _datastore.get_user(ldap_email)
# note that this is being stored per user login
self.user.password = password
else:
self.user = _datastore.create_user(email=ldap_email,
password=password)
_datastore.commit()
except ldap3.LDAPExceptionError:
self.password.errors.append(get_message('LDAP_SERVER_DOWN')[0])
self.user = _datastore.get_user(self.email.data)
if not self.user.password:
self.password.errors.append(get_message('PASSWORD_NOT_SET')[0])
return False
if not verify_and_update_password(self.password.data, self.user):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
if requires_confirmation(self.user):
self.email.errors.append(
get_message('CONFIRMATION_REQUIRED')[0])
return False
if not self.user.is_active:
self.email.errors.append(get_message('DISABLED_ACCOUNT')[0])
return False
return True
def forgot_password():
"""View function that handles a forgotten password request."""
has_error = False
form_class = _security.forgot_password_form
if request.json:
form = form_class(MultiDict(request.json))
else:
form = form_class()
if form.validate_on_submit():
try:
send_reset_password_instructions(form.user)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(u'SMTP Socket error: {}\n'
u'Your password has not been changed.').format(e),
'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(u'SMTP error: {}\n'
u'Your password has not been changed.').format(e),
'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(u'Error: {}\n'
u'Your password has not been changed.').format(e),
'danger')
has_error = True
if request.json is None and not has_error:
do_flash(*get_message('PASSWORD_RESET_REQUEST',
email=form.user.email))
if request.json and not has_error:
return _render_json(form, include_user=False)
return _security.render_template(
config_value('FORGOT_PASSWORD_TEMPLATE'),
forgot_password_form=form,
**_ctx('forgot_password'))
def forgot_password():
"""View function that handles a forgotten password request."""
has_error = False
form_class = _security.forgot_password_form
if request.json:
form = form_class(MultiDict(request.json))
else:
form = form_class()
if form.validate_on_submit():
try:
send_reset_password_instructions(form.user)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'SMTP Socket error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'SMTP error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(u'Error: {}\n'
u'Your password has not been changed.'
).format(e),
'danger')
has_error = True
if request.json is None and not has_error:
do_flash(*get_message('PASSWORD_RESET_REQUEST',
email=form.user.email))
if request.json and not has_error:
return _render_json(form, include_user=False)
return _security.render_template(
config_value('FORGOT_PASSWORD_TEMPLATE'),
forgot_password_form=form,
**_ctx('forgot_password'))
def register_user(**kwargs):
if kwargs.pop('random_password', False) or len(kwargs['password']) == 0:
kwargs['password'] = _randompassword()
# hash password so that we never store the original
kwargs['password'] = hash_password(kwargs['password'])
# pop ask_confirm value before kwargs is presented to create_user()
ask_confirm = kwargs.pop('ask_confirm', False)
# generate a User record and commit it
kwargs['active'] = True
roles = kwargs.get('roles', [])
roles_step1 = [db.session.query(Role).filter_by(name=r).first() for r in roles]
roles_step2 = [x for x in roles_step1 if x is not None]
kwargs['roles'] = roles_step2
kwargs['fs_uniquifier'] = uuid.uuid4().hex
user = User(**kwargs)
db.session.add(user)
db.session.commit()
# send confirmation email if we have been asked to
if ask_confirm:
confirmation_link, token = generate_confirmation_link(user)
do_flash(*get_message('CONFIRM_REGISTRATION', email=user.email))
user_registered.send(current_app._get_current_object(),
user=user, confirm_token=token)
if config_value('SEND_REGISTER_EMAIL'):
send_mail(config_value('EMAIL_SUBJECT_REGISTER'), user.email,
'welcome', user=user, confirmation_link=confirmation_link)
else:
user.confirmed_at = datetime.now()
db.session.commit()
return user
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN'))
if expired:
do_flash(*get_message('PASSWORD_RESET_EXPIRED', email=user.email,
within=_security.reset_password_within))
if invalid or expired:
return redirect(url_for('browser.forgot_password'))
has_error = False
form = _security.reset_password_form()
if form.validate_on_submit():
try:
update_password(user, form.password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(SMTP_SOCKET_ERROR).format(e),
'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(SMTP_ERROR).format(e),
'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(PASS_ERROR).format(e),
'danger')
has_error = True
if not has_error:
after_this_request(_commit)
do_flash(*get_message('PASSWORD_RESET'))
login_user(user)
return redirect(get_url(_security.post_reset_view) or
get_url(_security.post_login_view))
return _security.render_template(
config_value('RESET_PASSWORD_TEMPLATE'),
reset_password_form=form,
reset_password_token=token,
**_ctx('reset_password'))
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
if not self.next.data:
self.next.data = request.args.get("next", "")
self.remember.default = config_value("DEFAULT_REMEMBER_ME")
if (current_app.extensions["security"].recoverable
and not self.password.description):
html = Markup('<a href="{url}">{message}</a>'.format(
url=url_for_security("forgot_password"),
message=get_message("FORGOT_PASSWORD")[0],
))
self.password.description = html
self.requires_confirmation = False
def register_user(should_confirm, **kwargs):
confirmation_link, token = None, None
kwargs['password'] = encrypt_password(kwargs['password'])
user = user_datastore.create_user(**kwargs)
user_datastore.commit()
flash(gettext('User created successfully'))
if should_confirm:
confirmation_link, token = generate_confirmation_link(user)
do_flash(*get_message('CONFIRM_REGISTRATION', email=user.email))
send_mail(
config_value('EMAIL_SUBJECT_REGISTER'),
user.email, 'welcome', user=user, confirmation_link=confirmation_link)
user_registered.send(app, user=user, confirm_token=token)
def send_reset_password_instructions(user):
"""Sends the reset password instructions email for the specified user.
:param user: The user to send the instructions to
"""
token = generate_reset_password_token(user)
reset_link = url_for('browser.reset_password', token=token,
_external=True)
send_mail(config_value('EMAIL_SUBJECT_PASSWORD_RESET'), user.email,
'reset_instructions',
user=user, reset_link=reset_link)
reset_password_instructions_sent.send(
current_app._get_current_object(),
user=user, token=token)
def send_reset_password_instructions(user):
"""Sends the reset password instructions email for the specified user.
:param user: The user to send the instructions to
"""
token = generate_reset_password_token(user)
reset_link = url_for('browser.reset_password', token=token,
_external=True)
send_mail(config_value('EMAIL_SUBJECT_PASSWORD_RESET'), user.email,
'reset_instructions',
user=user, reset_link=reset_link)
reset_password_instructions_sent.send(
current_app._get_current_object(),
user=user, token=token)
def send_notification_to_location(loan, item, location):
"""Send a notification to the location defined email.
:param loan: the loan to be parsed
:param item: the requested item
:param location: the location to inform
"""
if not location.get('send_notification', False) \
or not location.get('notification_email'):
return
template = 'email/others/location_notification.txt'
recipient = location.get('notification_email')
msg = TemplatedMessage(template_body=template,
sender=config_value('EMAIL_SENDER'),
recipients=[recipient],
ctx=_build_notification_email_context(
loan, item, location))
text = msg.body.split('\n')
msg.subject = text[0]
msg.body = '\n'.join(text[1:])
send_email.run(msg.__dict__)
def validate(self):
"""Validate LDAP logins against AD."""
if not super(LDAPLoginForm, self).validate():
return False
if self.email.data.strip() == '':
self.email.errors.append(get_message('USERID_NOT_PROVIDED')[0])
return False
if self.password.data.strip() == '':
self.password.errors.append(
get_message('PASSWORD_NOT_PROVIDED')[0])
return False
try:
# first we try authenticating against ldap
user_dn, ldap_data = _datastore.query_ldap_user(self.email.data)
if not _datastore.verify_password(user_dn, self.password.data):
self.password.errors.append(get_message('INVALID_PASSWORD')[0])
return False
ldap_email = ldap_data[config_value('LDAP_EMAIL_FIELDNAME')].value
password = encrypt_password(self.password.data)
if _datastore.find_user(email=ldap_email):
self.user = _datastore.get_user(ldap_email)
# note that this is being stored per user login
self.user.password = password
else:
self.user = _datastore.create_user(email=ldap_email,
password=password)
_datastore.commit()
except LDAPExceptionError:
self.email.errors.append(get_message('LDAP_SERVER_DOWN')[0])
return self._try_local_auth()
except UserNotFoundInLDAP:
return self._try_local_auth()
return True
def send_mail(self, data):
"""Send email."""
notification_type = data.get('notification_type')
language = data['loan']['patron']['communication_language']
template = 'email/{type}/{lang}'.format(type=notification_type,
lang=language)
recipient = data['loan']['patron']['email']
msg = TemplatedMessage(
# template_html='{template}.html'.format(template=template),
template_body='{template}.txt'.format(template=template),
sender=config_value('EMAIL_SENDER'),
recipients=[recipient],
ctx=data['loan'])
text = msg.body.split('\n')
msg.subject = text[0]
msg.body = '\n'.join(text[1:])
try:
send_email.run(msg.__dict__)
# TODO: investigate why delay does not work
# send_email.delay(msg.__dict__)
# current_app.extensions['mail'].send(msg)
except Exception as e:
raise (e)
def forgot_password():
"""View function that handles a forgotten password request."""
has_error = False
form_class = _security.forgot_password_form
if request.json:
form = form_class(MultiDict(request.json))
else:
form = form_class()
if form.validate_on_submit():
# Check the Authentication source of the User
user = User.query.filter_by(
email=form.data['email'],
auth_source=current_app.PGADMIN_DEFAULT_AUTH_SOURCE).first()
if user is None:
# If the user is not an internal user, raise the exception
flash(
gettext(
'Your account is authenticated using an '
'external {} source. '
'Please contact the administrators of this '
'service if you need to reset your password.').format(
form.user.auth_source), 'danger')
has_error = True
if not has_error:
try:
send_reset_password_instructions(form.user)
except SOCKETErrorException as e:
# Handle socket errors which are not
# covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(
u'SMTP Socket error: {}\n'
u'Your password has not been changed.').format(e),
'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError,
SMTPSenderRefused, SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(
u'SMTP error: {}\n'
u'Your password has not been changed.').format(e),
'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(
gettext(
u'Error: {}\n'
u'Your password has not been changed.').format(e),
'danger')
has_error = True
if request.json is None and not has_error:
do_flash(*get_message('PASSWORD_RESET_REQUEST',
email=form.user.email))
if request.json and not has_error:
return default_render_json(form, include_user=False)
return _security.render_template(
config_value('FORGOT_PASSWORD_TEMPLATE'),
forgot_password_form=form,
**_ctx('forgot_password'))
def validate(self):
"""Validate LDAP logins against AD."""
if not super(LDAPLoginForm, self).validate():
return False
if self.email.data.strip() == "":
self.email.errors.append(get_message("USERID_NOT_PROVIDED")[0])
return False
if self.password.data.strip() == "":
self.password.errors.append(get_message("PASSWORD_NOT_PROVIDED")[0])
return False
try:
admin_user = _datastore.get_user(1)
if self.email.data == admin_user.username:
current_app.artemis_logger.info("Super-user login")
return self._try_local_auth()
# first we try authenticating against ldap
user_dn, ldap_data = _datastore.query_ldap_user(self.email.data)
if not _datastore.verify_password(user_dn, self.password.data):
self.password.errors.append(get_message("INVALID_PASSWORD")[0])
return False
ldap_email = ldap_data[config_value("LDAP_EMAIL_FIELDNAME")].value
password = encrypt_password(self.password.data)
self.user = _datastore.find_user(email=ldap_email)
if self.user:
# note that this is being stored per user login
self.user.password = password
else:
self.user = _datastore.create_user(
username=ldap_email,
email=ldap_email,
password=password,
active=True,
)
# need to somehow decide what role they are
groups = config_value("LDAP_ADMIN_GROUPS")
field = ldap_data[config_value("LDAP_ADMIN_GROUPS_FIELDNAME")].values
if (
isinstance(field, str) and any([group == field for group in groups])
) or (
isinstance(field, list) and any([group in field for group in groups])
):
add_role = _datastore.find_role("admin")
remove_role = _datastore.find_role("user")
else:
add_role = _datastore.find_role("user")
remove_role = _datastore.find_role("admin")
_datastore.add_role_to_user(self.user, add_role)
_datastore.remove_role_from_user(self.user, remove_role)
_datastore.commit()
except LDAPKeyError:
current_app.artemis_logger.exception("")
self.email.errors.append("LDAP Key failure")
if self.user:
add_role = _datastore.find_role("user")
remove_role = _datastore.find_role("admin")
_datastore.add_role_to_user(self.user, add_role)
_datastore.remove_role_from_user(self.user, remove_role)
_datastore.commit()
return True
return False
except LDAPSocketOpenError:
current_app.artemis_logger.info("LDAP offline.. Trying local auth")
self.email.errors.append("LDAP Server offline")
return self._try_local_auth()
except LDAPExceptionError:
current_app.artemis_logger.exception("")
self.email.errors.append("LDAP Auth failed")
return False
return True
def reset_password(token):
"""View function that handles a reset password request."""
expired, invalid, user = reset_password_token_status(token)
if invalid:
do_flash(*get_message('INVALID_RESET_PASSWORD_TOKEN'))
if expired:
do_flash(*get_message('PASSWORD_RESET_EXPIRED',
email=user.email,
within=_security.reset_password_within))
if invalid or expired:
return redirect(url_for('browser.forgot_password'))
has_error = False
form = _security.reset_password_form()
if form.validate_on_submit():
try:
update_password(user, form.password.data)
except SOCKETErrorException as e:
# Handle socket errors which are not covered by SMTPExceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(SMTP_SOCKET_ERROR).format(e), 'danger')
has_error = True
except (SMTPConnectError, SMTPResponseException,
SMTPServerDisconnected, SMTPDataError, SMTPHeloError,
SMTPException, SMTPAuthenticationError, SMTPSenderRefused,
SMTPRecipientsRefused) as e:
# Handle smtp specific exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(SMTP_ERROR).format(e), 'danger')
has_error = True
except Exception as e:
# Handle other exceptions.
logging.exception(str(e), exc_info=True)
flash(gettext(PASS_ERROR).format(e), 'danger')
has_error = True
if not has_error:
after_this_request(view_commit)
auth_obj = AuthSourceManager(form, [INTERNAL])
session['_auth_source_manager_obj'] = auth_obj.as_dict()
if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:
flash(
gettext('You successfully reset your password but'
' your account is locked. Please contact '
'the Administrator.'), 'warning')
return redirect(get_post_logout_redirect())
do_flash(*get_message('PASSWORD_RESET'))
login_user(user)
auth_obj = AuthSourceManager(form, [INTERNAL])
session['auth_source_manager'] = auth_obj.as_dict()
return redirect(
get_url(_security.post_reset_view)
or get_url(_security.post_login_view))
return _security.render_template(
config_value('RESET_PASSWORD_TEMPLATE'),
reset_password_form=form,
reset_password_token=token,
**_ctx('reset_password'))
def create_blueprint(app, name, import_name, **kwargs):
"""Creates the security extension blueprint"""
bp = Blueprint(name, import_name, **kwargs)
if config_value('PASSWORDLESS', app=app):
bp.route(config_value('LOGIN_URL', app=app),
methods=['GET', 'POST'],
endpoint='login')(send_login)
bp.route(config_value('LOGIN_URL', app=app) + '/<token>',
methods=['GET'],
endpoint='token_login')(token_login)
else:
bp.route(config_value('LOGIN_URL', app=app),
methods=['GET', 'POST'],
endpoint='login')(login)
bp.route(config_value('LOGOUT_URL', app=app),
endpoint='logout')(logout)
if config_value('REGISTERABLE', app=app):
bp.route(config_value('REGISTER_URL', app=app),
methods=['GET', 'POST'],
endpoint='register')(register)
if config_value('RECOVERABLE', app=app):
bp.route(config_value('RESET_URL', app=app),
methods=['GET', 'POST'],
endpoint='forgot_password')(forgot_password)
bp.route(config_value('RESET_URL', app=app) + '/<token>',
methods=['GET', 'POST'],
endpoint='reset_password')(reset_password)
if config_value('CONFIRMABLE', app=app):
bp.route(config_value('CONFIRM_URL', app=app),
methods=['GET', 'POST'],
endpoint='send_confirmation')(send_confirmation)
bp.route(config_value('CONFIRM_URL', app=app) + '/<token>',
methods=['GET', 'POST'],
endpoint='confirm_email')(confirm_email)
return bp
