def change_password(): """ Method to change the password for local auth users. """ form = forms.ChangePasswordForm() user_obj = pagure.lib.query.search_user( flask.g.session, username=flask.g.fas_user.username ) if not user_obj: flask.abort(404, description="User not found") if form.validate_on_submit(): try: password_checks = check_password( form.old_password.data, user_obj.password, seed=pagure.config.config.get("PASSWORD_SEED", None), ) except pagure.exceptions.PagureException as err: _log.exception(err) flask.flash( "Could not update your password, either user or password " "could not be checked", "error", ) return flask.redirect(flask.url_for("auth_login")) if password_checks: user_obj.password = generate_hashed_value(form.password.data) flask.g.session.add(user_obj) else: flask.flash( "Could not update your password, either user or password " "could not be checked", "error", ) return flask.redirect(flask.url_for("auth_login")) try: flask.g.session.commit() flask.flash("Password changed") except SQLAlchemyError: # pragma: no cover flask.g.session.rollback() flask.flash("Could not set the new password.", "error") _log.exception("Password change - Error setting new password.") return flask.redirect(flask.url_for("auth_login")) return flask.render_template("login/password_recover.html", form=form)
def change_password(): """ Method to change the password for local auth users. """ form = forms.ChangePasswordForm() user_obj = pagure.lib.query.search_user( flask.g.session, username=flask.g.fas_user.username ) if not user_obj: flask.abort(404, "User not found") if form.validate_on_submit(): try: password_checks = check_password( form.old_password.data, user_obj.password, seed=pagure.config.config.get("PASSWORD_SEED", None), ) except pagure.exceptions.PagureException as err: _log.exception(err) flask.flash( "Could not update your password, either user or password " "could not be checked", "error", ) return flask.redirect(flask.url_for("auth_login")) if password_checks: user_obj.password = generate_hashed_value(form.password.data) flask.g.session.add(user_obj) else: flask.flash( "Could not update your password, either user or password " "could not be checked", "error", ) return flask.redirect(flask.url_for("auth_login")) try: flask.g.session.commit() flask.flash("Password changed") except SQLAlchemyError: # pragma: no cover flask.g.session.rollback() flask.flash("Could not set the new password.", "error") _log.exception("Password change - Error setting new password.") return flask.redirect(flask.url_for("auth_login")) return flask.render_template("login/password_recover.html", form=form)
def change_password(): """ Method to change the password for local auth users. """ form = forms.ChangePasswordForm() user_obj = pagure.lib.search_user( SESSION, username=flask.g.fas_user.username) if not user_obj: flask.abort(404, 'User not found') if form.validate_on_submit(): try: password_checks = check_password( form.old_password.data, user_obj.password, seed=APP.config.get('PASSWORD_SEED', None)) except pagure.exceptions.PagureException as err: APP.logger.exception(err) flask.flash( 'Could not update your password, either user or password ' 'could not be checked', 'error') return flask.redirect(flask.url_for('auth_login')) if password_checks: user_obj.password = generate_hashed_value(form.password.data) SESSION.add(user_obj) else: flask.flash( 'Could not update your password, either user or password ' 'could not be checked', 'error') return flask.redirect(flask.url_for('auth_login')) try: SESSION.commit() flask.flash( 'Password changed') except SQLAlchemyError as err: # pragma: no cover SESSION.rollback() flask.flash('Could not set the new password.', 'error') APP.logger.debug( 'Password change - Error setting new password.') APP.logger.exception(err) return flask.redirect(flask.url_for('auth_login')) return flask.render_template( 'login/password_recover.html', form=form, )
def do_login(): """ Log the user in user. """ form = forms.LoginForm() next_url = flask.request.args.get('next_url') if not next_url or next_url == 'None': next_url = flask.url_for('index') if form.validate_on_submit(): username = form.username.data user_obj = pagure.lib.search_user(SESSION, username=username) if not user_obj: flask.flash('Username or password invalid.', 'error') return flask.redirect(flask.url_for('auth_login')) try: password_checks = check_password( form.password.data, user_obj.password, seed=APP.config.get('PASSWORD_SEED', None)) except pagure.exceptions.PagureException as err: APP.logger.exception(err) flask.flash('Username or password of invalid format.', 'error') return flask.redirect(flask.url_for('auth_login')) if not password_checks: flask.flash('Username or password invalid.', 'error') return flask.redirect(flask.url_for('auth_login')) elif user_obj.token: flask.flash( 'Invalid user, did you confirm the creation with the url ' 'provided by email?', 'error') return flask.redirect(flask.url_for('auth_login')) else: if not user_obj.password.startswith('$2$'): user_obj.password = generate_hashed_value(form.password.data) SESSION.add(user_obj) visit_key = pagure.lib.login.id_generator(40) now = datetime.datetime.utcnow() expiry = now + datetime.timedelta(days=30) session = model.PagureUserVisit( user_id=user_obj.id, user_ip=flask.request.remote_addr, visit_key=visit_key, expiry=expiry, ) SESSION.add(session) try: SESSION.commit() flask.g.fas_user = user_obj flask.g.fas_session_id = visit_key flask.g.fas_user.login_time = now flask.flash('Welcome %s' % user_obj.username) except SQLAlchemyError as err: # pragma: no cover flask.flash( 'Could not set the session in the db, ' 'please report this error to an admin', 'error') APP.logger.exception(err) return flask.redirect(next_url) else: flask.flash('Insufficient information provided', 'error') return flask.redirect(flask.url_for('auth_login'))
def do_login(): """ Log in the user. """ logout() form = forms.LoginForm() next_url = flask.request.form.get("next_url") if not next_url or next_url == "None": next_url = flask.url_for("ui_ns.index") if form.validate_on_submit(): username = form.username.data user_obj = pagure.lib.query.search_user(flask.g.session, username=username) if not user_obj: flask.flash("Username or password invalid.", "error") return flask.redirect(flask.url_for("auth_login")) try: password_checks = check_password( form.password.data, user_obj.password, seed=pagure.config.config.get("PASSWORD_SEED", None), ) except pagure.exceptions.PagureException as err: _log.exception(err) flask.flash("Username or password of invalid format.", "error") return flask.redirect(flask.url_for("auth_login")) if not password_checks: flask.flash("Username or password invalid.", "error") return flask.redirect(flask.url_for("auth_login")) elif user_obj.token: flask.flash( "Invalid user, did you confirm the creation with the url " "provided by email?", "error", ) return flask.redirect(flask.url_for("auth_login")) else: password = user_obj.password if not isinstance(password, six.text_type): password = password.decode("utf-8") if not password.startswith("$2$"): user_obj.password = generate_hashed_value(form.password.data) flask.g.session.add(user_obj) flask.g.session.flush() visit_key = pagure.lib.login.id_generator(40) now = datetime.datetime.utcnow() expiry = now + datetime.timedelta(days=30) session = model.PagureUserVisit( user_id=user_obj.id, user_ip=flask.request.remote_addr, visit_key=visit_key, expiry=expiry, ) flask.g.session.add(session) try: flask.g.session.commit() flask.g.fas_user = user_obj flask.g.fas_session_id = visit_key flask.g.fas_user.login_time = now flask.flash("Welcome %s" % user_obj.username) except SQLAlchemyError as err: # pragma: no cover flask.flash( "Could not set the session in the db, " "please report this error to an admin", "error", ) _log.exception(err) return flask.redirect(next_url) else: flask.flash("Insufficient information provided", "error") return flask.redirect(flask.url_for("auth_login"))
def do_login(): """ Log in the user. """ form = forms.LoginForm() next_url = flask.request.form.get('next_url') if not next_url or next_url == 'None': next_url = flask.url_for('index') if form.validate_on_submit(): username = form.username.data user_obj = pagure.lib.search_user(SESSION, username=username) if not user_obj: flask.flash('Username or password invalid.', 'error') return flask.redirect(flask.url_for('auth_login')) try: password_checks = check_password(form.password.data, user_obj.password, seed=APP.config.get( 'PASSWORD_SEED', None)) except pagure.exceptions.PagureException as err: _log.exception(err) flask.flash('Username or password of invalid format.', 'error') return flask.redirect(flask.url_for('auth_login')) if not password_checks: flask.flash('Username or password invalid.', 'error') return flask.redirect(flask.url_for('auth_login')) elif user_obj.token: flask.flash( 'Invalid user, did you confirm the creation with the url ' 'provided by email?', 'error') return flask.redirect(flask.url_for('auth_login')) else: if not user_obj.password.startswith('$2$'): user_obj.password = generate_hashed_value(form.password.data) SESSION.add(user_obj) visit_key = pagure.lib.login.id_generator(40) now = datetime.datetime.utcnow() expiry = now + datetime.timedelta(days=30) session = model.PagureUserVisit( user_id=user_obj.id, user_ip=flask.request.remote_addr, visit_key=visit_key, expiry=expiry, ) SESSION.add(session) try: SESSION.commit() flask.g.fas_user = user_obj flask.g.fas_session_id = visit_key flask.g.fas_user.login_time = now flask.flash('Welcome %s' % user_obj.username) except SQLAlchemyError as err: # pragma: no cover flask.flash( 'Could not set the session in the db, ' 'please report this error to an admin', 'error') _log.exception(err) return flask.redirect(next_url) else: flask.flash('Insufficient information provided', 'error') return flask.redirect(flask.url_for('auth_login'))
def do_login(): """ Log in the user. """ logout() form = forms.LoginForm() next_url = flask.request.form.get("next_url") if not next_url or next_url == "None": next_url = flask.url_for("ui_ns.index") if form.validate_on_submit(): username = form.username.data user_obj = pagure.lib.query.search_user( flask.g.session, username=username ) if not user_obj: flask.flash("Username or password invalid.", "error") return flask.redirect(flask.url_for("auth_login")) try: password_checks = check_password( form.password.data, user_obj.password, seed=pagure.config.config.get("PASSWORD_SEED", None), ) except pagure.exceptions.PagureException as err: _log.exception(err) flask.flash("Username or password of invalid format.", "error") return flask.redirect(flask.url_for("auth_login")) if not password_checks: flask.flash("Username or password invalid.", "error") return flask.redirect(flask.url_for("auth_login")) elif user_obj.token: flask.flash( "Invalid user, did you confirm the creation with the url " "provided by email?", "error", ) return flask.redirect(flask.url_for("auth_login")) else: password = user_obj.password if not isinstance(password, six.text_type): password = password.decode("utf-8") if not password.startswith("$2$"): user_obj.password = generate_hashed_value(form.password.data) flask.g.session.add(user_obj) flask.g.session.flush() visit_key = pagure.lib.login.id_generator(40) now = datetime.datetime.utcnow() expiry = now + datetime.timedelta(days=30) session = model.PagureUserVisit( user_id=user_obj.id, user_ip=flask.request.remote_addr, visit_key=visit_key, expiry=expiry, ) flask.g.session.add(session) try: flask.g.session.commit() flask.g.fas_user = user_obj flask.g.fas_session_id = visit_key flask.g.fas_user.login_time = now flask.flash("Welcome %s" % user_obj.username) except SQLAlchemyError as err: # pragma: no cover flask.flash( "Could not set the session in the db, " "please report this error to an admin", "error", ) _log.exception(err) return flask.redirect(next_url) else: flask.flash("Insufficient information provided", "error") return flask.redirect(flask.url_for("auth_login"))